\documentclass[11pt]{article} %Gummi|065|=) \title{\textbf{Setting up Tripwire with SSMTP}} \usepackage{graphicx} \usepackage{caption } \author{Steak Electronics} \date{06/4/19} \begin{document} %\maketitle \textbf{Setting up Tripwire with SSMTP} \vspace{0.2in} This document is best read printed out on paper. %\textbf{Todo} \section{Overview} Tripwire is intrusion detection software for GNU Linux \& BSD. Let's document how to set it up on a server with SSMTP configured for email notifications. \section{Steps} \subsection{Configuring Tripwire} First install Tripwire. This will depend on your package manager. The two examples I have will be either Gentoo, or Debian/Devuan. \begin{verbatim} apt-get install tripwire mailutils ssmtp OR emerge -av tripwire mailutils ssmtp \end{verbatim} \subsubsection{Devuan/Debian} Devuan will prompt you for a few things in an ncurses gui. Answer all of the defaults (yes for a site key, yes for a user key, etc...). Record your password. \footnote{For a full walkthrough of this process see this URL:https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604/ This process includes most, but not all of what you need to know.} I use the same password for both. \textbf{After install} Now, there's a trick we will use here. Normally, the guides will tell you to init, and then init again after the errors. However, we will try to skip that, if possible, to save time. Each init is about 2-3 minutes, so time can be avoided, if you know what configs you need. \begin{verbatim} when whitelisting, this is what needs to be commented out in devuan jessie/ascii Filename: /etc/rc.boot Filename: /root/mail Filename: /root/Mail Filename: /root/.xsession-errors Filename: /root/.xauth Filename: /root/.tcshrc Filename: /root/.sawfish Filename: /root/.pinerc Filename: /root/.mc Filename: /root/.gnome_private Filename: /root/.gnome-desktop Filename: /root/.gnome Filename: /root/.esd_auth Filename: /root/.elm Filename: /root/.cshrc Filename: /root/.bash_profile Filename: /root/.bash_logout Filename: /root/.amandahosts Filename: /root/.addressbook.lu Filename: /root/.addressbook Filename: /root/.Xresources Filename: /root/.Xauthority Filename: /root/.ICEauthority Filename: /proc/6136/fd/3 Filename: /proc/6136/fdinfo/3 Filename: /proc/6136/task/6136/fd/3 Filename: /proc/6136/task/6136/fdinfo/3 \end{verbatim} For proc, you simply whitelist the whole directory. \subsection{Configuring SSMTP} \end{document}