Description:

Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).

When Tripwire is initially set up, it creates a database that records
certain file information. Then when it is run, it compares a
designated set of files and directories to the information stored in
the database. Added or deleted files are flagged and reported, as are
any files that have changed from their previously recorded state in
the database. When Tripwire is run against system files on a regular
basis, any file changes will be spotted when Tripwire is run.
Tripwire will report the changes, which will give system
administrators a clue that they need to enact damage control measures
immediately if certain files have been altered.

Extra-paranoid Tripwire users will set it up to run once a week and
e-mail the results to themselves. Then if the e-mails stop coming,
you'll know someone has gotten to the Tripwire program...

After installing this package, you should run "/etc/tripwire/twinstall.sh"
to generate cryptographic keys, and "tripwire --init" to initialize the
database.