Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.7 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

TRIPWIRE(8)		    System Manager's Manual		   TRIPWIRE(8)

NAME
       tripwire	- a file integrity checker for UNIX-like systems

SYNOPSIS
       tripwire	{ -m i | --init	} [ options... ]
       tripwire	{ -m c | --check } [ options...	]
	    [ object1 [	object2... ]]
       tripwire	{ -m u | --update } [ options... ]
       tripwire	{ -m p | --update-policy } [ options...	]
	    policyfile.txt
       tripwire	{ -m t | --test	} [ options... ]

DESCRIPTION
   Database Initialization Mode
       Running	tripwire  in  Database Initialization mode is typically	one of
       the first steps in setting up Tripwire  for  regular  operation.	  This
       mode  creates  a	 baseline  database  in	 the location specified	by the
       DBFILE variable in the Tripwire configuration file.   The  database  is
       essentially  a  snapshot	of the objects residing	on the system.	During
       later Tripwire integrity	checks,	this database serves as	the basis  for
       comparison.

       When  run  in  Database	Initialization mode, tripwire reads the	policy
       file, generates a database based	on its contents, and then cryptograph-
       ically signs the	resulting database.  Options can  be  entered  on  the
       command	line to	specify	which policy, configuration, and key files are
       used to create the database.  The filename  for	the  database  can  be
       specified  as  well.   If  no options are specified, the	default	values
       from the	current	configuration file are used.

   Integrity Checking Mode
       After building the Tripwire database, the next step is typically	to run
       tripwire	in Integrity Checking mode.  This mode scans  the  system  for
       violations,  as	specified  in  the policy file.	 Using the policy file
       rules, Tripwire will compare the	 state	of  the	 current  file	system
       against the initial baseline database.  An integrity checking report is
       printed	to  stdout  and	 is  saved  in	the  location specified	by the
       REPORTFILE setting in the Tripwire configuration	file.

       The generated report describes each policy file	violation  in  detail,
       depending on whether the	specified file system object was added,	delet-
       ed, or changed.	Each report item lists the properties of the object as
       it  currently  resides on the file system, and, if appropriate, the old
       value stored in the database.  If there	are  differences  between  the
       database	 and  the current system, the administrator can	either fix the
       problem by replacing the	current	file with the correct file  (e.g.,  an
       intruder	 replaced  /bin/login),	 or update the database	to reflect the
       new file	(e.g., a fellow	system administrator installed a  new  version
       of /usr/local/bin/emacs).  The (-I or --interactive) option launches an
       editor  that allows the user to update the database quickly.  The Data-
       base Update mode	of tripwire can	also be	used.

   Database Update Mode
       Running tripwire	in Database Update mode	allows any differences between
       the database and	the current system to be reconciled.  This  will  pre-
       vent  the violation from	showing	up in future reports.  If the reported
       change is unexpected and	potentially malicious, then the	 changed  file
       should be replaced with the original version.  If there is a valid rea-
       son  for	 the change, the database must be changed to match the current
       files.

       In Database Update mode,	the items to be	changed	 are  specified	 in  a
       "ballot	box"  in  the  plain text report that is launched in an	editor
       program.	 The entries to	be updated are specified by  leaving  the  "x"
       next  to	 each  policy  violation.  After the user exits	the editor and
       provides	the correct local passphrase, tripwire will update  the	 data-
       base.   Options	to control this	operation include the (-Z or --secure-
       mode) and (-a or	--accept-all) flags.

   Policy Update Mode
       Policy update mode is used by tripwire to change	or update  the	policy
       file and	to synchronize an earlier database with	new policy file	infor-
       mation.	 The filename of the new clear text version of the policy file
       is specified on the command line.  The new policy file is  compared  to
       the  existing version, and the database is updated according to the new
       policy rules.  Any changes in the database  since  the  last  integrity
       check  will  be detected	and reported.  How these violations are	inter-
       preted depends on the security mode specified with the (-Z or --secure-
       mode) option.  In high security mode (the default), Tripwire will print
       a list of violations and	exit without making changes to	the  database.
       In low security mode, the violations are	still reported,	but changes to
       the database are	made automatically.

       Because	the  policy  and database files	are binary-encoded and crypto-
       graphically signed, the user will be prompted for the  site  and	 local
       passphrases  to change the policy settings.  After the database is suc-
       cessfully updated, the database and policy  files  are  re-encoded  and
       signed.

   Test	Mode
       Test  mode is used to check the operation of the	Tripwire email notifi-
       cation system. When run in this mode, Tripwire will use the email noti-
       fication	settings specified in the configuration	file to	 send  a  test
       email  message. If MAILMETHOD is	set to SMTP, the SMTPHOST and SMTPPORT
       values will be used to send email.  If MAILMETHOD is set	 to  SENDMAIL,
       the  MAILPROGRAM	 value will be used.  If email notification is working
       correctly, the address specified	on the command line will  receive  the
       following message:

	    To:	user@domain.com
	    From: user <user@domain.com>
	    Subject: Test email	message	from Tripwire

	    If you receive this	message, email notification
	    from Tripwire is working correctly.

       Test  mode  only	 tests email notification for the address specified on
       the command-line, and does not check for	errors in the syntax used with
       the emailto attribute in	the policy file.

OPTIONS
   Database Initialization mode:
	   -m i		   --init
	   -v		   --verbose
	   -s		   --silent, --quiet
	   -c cfgfile	   --cfgfile cfgfile
	   -p polfile	   --polfile polfile
	   -d database	   --dbfile database
	   -S sitekey	   --site-keyfile sitekey
	   -L localkey	   --local-keyfile localkey
	   -P passphrase   --local-passphrase passphrase
	   -e		   --no-encryption

       -m i, --init
	      Mode selector.

       -v, --verbose
	      Verbose output mode.  Mutually exclusive with (-s).

       -s, --silent, --quiet
	      Silent output mode.  Mutually exclusive with (-v).

       -c cfgfile, --cfgfile cfgfile
	      Use the specified	configuration file.

       -p polfile, --polfile polfile
	      Use the specified	policy file.

       -d database, --dbfile database
	      Write to the specified database file.

       -S sitekey, --site-keyfile sitekey
	      Use the specified	site key file to read  the  configuration  and
	      policy files.

       -L localkey, --local-keyfile localkey
	      Use the specified	local key file to write	the new	database file.
	      Mutually exclusive with (-e).

       -P passphrase, --local-passphrase passphrase
	      Specifies	 passphrase  to	be used	with local key to sign the new
	      database.	 Mutually exclusive with (-e).

       -e, --no-encryption
	      Do not sign the database being stored.  The database  file  will
	      still  be	 compressed  and will not be human-readable.  Mutually
	      exclusive	with (-L) and (-P).

______________________________________________________________________________

   Integrity Checking mode:
	   -m c			 --check
	   -I			 --interactive
	   -v			 --verbose
	   -s			 --silent, --quiet
	   -c cfgfile		 --cfgfile cfgfile
	   -p polfile		 --polfile polfile
	   -d database		 --dbfile database
	   -r report		 --twrfile report
	   -S sitekey		 --site-keyfile	sitekey
	   -L localkey		 --local-keyfile localkey
	   -P passphrase	 --local-passphrase passphrase
	   -n			 --no-tty-output
	   -V editor		 --visual editor
	   -E			 --signed-report
	   -i list		 --ignore list
	   -l {	level |	name }	 --severity { level | name }
	   -R rule		 --rule-name rule
	   -x section		 --section section
	   -M			 --email-report
	   -t {	0|1|2|3|4 }	 --email-report-level {	0|1|2|3|4 }
	   -h			 --hexadecimal
	   [ object1 [ object2... ]]

       -m c, --check
	      Mode selector.

       -I, --interactive
	      At the end of integrity checking,	the resulting report is	opened
	      in an editor where database updates can be easily	specified  us-
	      ing the ballot boxes included in the report.

       -v, --verbose
	      Verbose output mode.  Mutually exclusive with (-s).

       -s, --silent, --quiet
	      Silent output mode.  Mutually exclusive with (-v).

       -c cfgfile, --cfgfile cfgfile
	      Use the specified	configuration file.

       -p polfile, --polfile polfile
	      Use the specified	policy file.

       -d database, --dbfile database
	      Use the specified	database file.

       -r report, --twrfile report
	      Write the	specified report file.

       -S sitekey, --site-keyfile sitekey
	      Use  the	specified  site	key file to read the configuration and
	      policy files.

       -L localkey, --local-keyfile localkey
	      Use the specified	local key file to read the database file  and,
	      if (-E) is specified, to write the report	file.

       -P passphrase, --local-passphrase passphrase
	      Specifies	passphrase to be used with local key to	sign the data-
	      base  when  (-I)	is  used,  and to sign the report when (-E) is
	      used.  Valid only	with (-I) or (-E).

       -n, --no-tty-output
	      Suppress the report from being printed at	the console.

       -V editor, --visual editor
	      Use the specified	editor to edit the update ballot boxes.	 Mean-
	      ingful only with (-I).

       -E, --signed-report
	      Specifies	that the  Tripwire  report  will  be  signed.	If  no
	      passphrase  is  specified	 on  the  command  line, tripwire will
	      prompt for the local passphrase.

       -i list,	--ignore list
	      Do not compute or	compare	the properties specified in list.  Any
	      of the letter codes (abcdgimnprstulCHMS) specified in  property-
	      masks can	be excluded.  Use of this option overrides information
	      from  the	policy file.  The format to be used for	list is	a dou-
	      ble-quoted,  comma-delimited  list  of  properties   (e.g. --ig-
	      nore "p,c,m").

       -l { level | name }, --severity { level | name }
	      Check  only  policy rules	with severity greater than or equal to
	      the given	level.	The level may be specified as a	number or as a
	      name.  Severity names are	defined	as follows:
		   Low		33
		   Medium	66
		   High	       100
	      Mutually exclusive with (-R).

       -R rule,	--rule-name rule
	      Check only the specified policy rule.  Mutually  exclusive  with
	      (-l).

       -x section, --section section
	      Only  check  the	rules  in  the specified section of the	policy
	      file.  For Tripwire 2.4, FS is the only meaningful argument  for
	      this flag.

       -M, --email-report
	      Specifies	that reports be	emailed	to the recipient(s) designated
	      in the policy file.

       -t level, --email-report-level level
	      Specifies	 the  detail  level  of	 email reports,	overriding the
	      EMAILREPORTLEVEL variable	in the configuration file. level  must
	      be a number from 0 to 4.	Valid only with	(-M).

       -h, --hexadecimal
	      Display hash values as hexadecimal in email reports

       [ object1 [ object2... ]]
	      List  of files and directories that should be integrity checked.
	      Default is all files.  If	files are specified for	checking,  the
	      --severity and --rule-name options will be ignored.

______________________________________________________________________________

   Database Update mode:
	   -m u		       --update
	   -v		       --verbose
	   -s		       --silent, --quiet
	   -c cfgfile	       --cfgfile cfgfile
	   -p polfile	       --polfile polfile
	   -d database	       --dbfile	database
	   -r report	       --twrfile report
	   -S sitekey	       --site-keyfile sitekey
	   -L localkey	       --local-keyfile localkey
	   -P passphrase       --local-passphrase passphrase
	   -V editor	       --visual	editor
	   -a		       --accept-all
	   -Z {	low | high }   --secure-mode { low | high }

       -m u, --update
	      Mode selector.

       -v, --verbose
	      Verbose output mode.  Mutually exclusive with (-s).

       -s, --silent, --quiet
	      Silent output mode.  Mutually exclusive with (-v).

       -c cfgfile, --cfgfile cfgfile
	      Use the specified	configuration file.

       -p polfile, --polfile polfile
	      Use the specified	policy file.

       -d database, --dbfile database
	      Update the specified database file.

       -r report, --twrfile report
	      Read the specified report	file.

       -S sitekey, --site-keyfile sitekey
	      Use  the	specified  site	key file to read the configuration and
	      policy files.

       -L localkey, --local-keyfile localkey
	      Use the specified	local key file to read the database  file  and
	      report file, and to re-write the database	file.

       -P passphrase, --local-passphrase passphrase
	      Specifies	passphrase to be used with local key to	sign the data-
	      base.

       -V editor, --visual editor
	      Use the specified	editor to edit the update ballot boxes.	 Mutu-
	      ally exclusive with (-a).

       -a, --accept-all
	      Specifies	 that  all  the	entries	in the report file are updated
	      without prompting.  Mutually exclusive with (-V).

       -Z { low	| high }, --secure-mode	{ low |	high }
	      Specifies	the security level, which affects how  certain	condi-
	      tions are	handled	when inconsistent information is found between
	      the report file and the current database:

	      High:  In	high security mode, if a file does not match the prop-
	      erties  in  the report file, Tripwire reports the	differences as
	      warnings,	and exits without changing the database.

	      Low:  In low security  mode,  inconsistencies  are  reported  as
	      warnings,	but the	changes	are still made to the database.

______________________________________________________________________________

   Policy Update mode:
	   -m p		       --update-policy
	   -v		       --verbose
	   -s		       --silent, --quiet
	   -c cfgfile	       --cfgfile cfgfile
	   -p polfile	       --polfile polfile
	   -d database	       --dbfile	database
	   -S sitekey	       --site-keyfile sitekey
	   -L localkey	       --local-keyfile localkey
	   -P passphrase       --local-passphrase passphrase
	   -Q passphrase       --site-passphrase passphrase
	   -Z {	low | high }   --secure-mode { low | high }
	   policyfile.txt

       -m p, --update-policy
	      Mode selector.

       -v, --verbose
	      Verbose output mode.  Mutually exclusive with (-s).

       -s, --silent, --quiet
	      Silent output mode.  Mutually exclusive with (-v).

       -c cfgfile, --cfgfile cfgfile
	      Use the specified	configuration file.

       -p polfile, --polfile polfile
	      Write the	specified policy file.

       -d database, --dbfile database
	      Use the specified	database file.

       -S sitekey, --site-keyfile sitekey
	      Use  the specified site key file to read the configuration file,
	      and read and write the policy file.

       -L localkey, --local-keyfile localkey
	      Use the specified	local key file to read and write the  database
	      file.

       -P passphrase, --local-passphrase passphrase
	      Specifies	passphrase to be used with local key to	sign the data-
	      base.

       -Q passphrase, --site-passphrase	passphrase
	      Specifies	 passphrase  to	 be used with site key to sign the new
	      policy file.

       -Z { low	| high }, --secure-mode	{ low |	high }
	      Specifies	the security level, which affects how  certain	condi-
	      tions  are  handled  when	the existing filesystem	does not match
	      the database information.	 Since the database  produced  at  the
	      end of a policy update becomes the baseline for future integrity
	      checks,  this  consistency-checking  ensures that	no substantive
	      filesystem changes have occurred since the last integrity	check.

	      High:  In	high security mode, if a file on the  filesystem  does
	      not  match the properties	in the database	file, Tripwire reports
	      the differences as warnings,  and	 exits	without	 changing  the
	      database or the policy file.

	      Low:   In	 low  security	mode,  inconsistencies are reported as
	      warnings,	but the	changes	are still made	to  the	 database  and
	      policy file.

       policyfile.txt
	      Specifies	 the  text policy file that will become	the new	policy
	      file.

______________________________________________________________________________

   Test	mode:
	   -m t			--test
	   -e user@domain.com	--email	user@domain.com

       -m t, --test
	      Mode selector.

       -e user@domain.com, --email user@domain.com
	      Use the specified	email address.	This parameter	must  be  sup-
	      plied when test mode is used. Only one address may be specified.

EXIT STATUS
   Integrity Checking Mode
       tripwire	 exits	0 if no	changes	are detected. Otherwise	the exit value
       is a bit	mask:

       1 At least one file or directory	has been added.

       2 At least one file or directory	has been modified.

       4 At least one file or directory	has been modified.

       8 Error(s) occurred during the check.

   All Other Modes
       tripwire	exits 0	on success, 8 on error.

VERSION	INFORMATION
       This man	page describes tripwire	version	2.4

AUTHORS
       Tripwire, Inc.

COPYING	PERMISSIONS
       Permission is granted to	make and distribute verbatim  copies  of  this
       man  page  provided the copyright notice	and this permission notice are
       preserved on all	copies.

       Permission is granted to	copy and distribute modified versions of  this
       man  page  under	the conditions for verbatim copying, provided that the
       entire resulting	derived	work is	distributed under the terms of a  per-
       mission notice identical	to this	one.

       Permission  is  granted to copy and distribute translations of this man
       page into another language, under the  above  conditions	 for  modified
       versions,  except that this permission notice may be stated in a	trans-
       lation approved by Tripwire, Inc.

       Copyright 2000-2019 Tripwire, Inc. Tripwire is a	 registered  trademark
       of  Tripwire, Inc. in the United	States and other countries. All	rights
       reserved.

SEE ALSO
       twintro(8), twadmin(8),	twprint(8),  siggen(8),	 twconfig(4),  twpoli-
       cy(4), twfiles(5)

       The Design and Implementation of	Tripwire: A UNIX File Integrity	Check-
       er  by  Gene  Kim  and  Eugene  Spafford.  Purdue Technical Report CSD-
       TR-93-071.

Open Source Tripwire 2.4	  04 Jan 2018			   TRIPWIRE(8)

---

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | VERSION INFORMATION | AUTHORS | COPYING PERMISSIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tripwire&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact