Thanks to everyone who responded earlier with locations of the RPM bits. In thanks, here's a step-by-step of how I got things working. 6 minute response by two separate people shows this is a thriving community. rad. This how-to covers my current method for installing Tripwire 2.3 on our CentOS servers. It's working great, feel free to clarify/ comment on the steps if you see something mis-stated. 1. Get the RPM, done from the /tmp directory: wget http://centos.karan.org/el4/extras/stable/i386/RPMS/tripwire-2.3.1-21.i386.rpm (would be nice to have an MD5 checksum to verify this package is secure) 2. Install the Tripwire RPM: rpm -ivh tripwire-2.3.1-21.i386.rpm 3. Configure your two tw files: cd /etc/tripwire vi twcfg.txt MAILMETHOD =SMTP SMTPHOST =yourhost (fqdn wasn't required in mine, but might be for you) This basically sets up delivery of mail reports for you, it works in concert with twpol.txt's per-item alert entries. Your needs may be different, but I have a central host that manages mail for this kind of thing. vi twpol.txt enter your email address where required, it usually looks like this: rulename = "Tripwire Binaries", severity = $(SIG_HI), emailto = yourname@xxxxxxxxxxxxxx Beware, if there's a line _immediately_below it, put a comma at the end of your email address or you'll get syntax errors. Most of these chunks don't, but line 990 does. There are a million entries, so use search/replace or sed if you want to save time. 4. Create the Site Key for this box. /usr/sbin/tripwire-setup-keyfiles (Enter a pass phrase). 5. Make a config file that will work with this specific key: twadmin --create-cfgfile --site-keyfile /etc/tripwire/site.key twcfg.txt 6. Edit the Tripwire Policy file for any last changes, just a re-check of what you did, maybe lessen the severity for example of something you know isn't a big deal. 7. Invoke the policy file to work on this instance of Tripwire: twadmin --create-polfile twpol.txt 8. Initialize the Tripwire Database: tripwire ?init (If you see errors that mention files not found, comment them out of the twpol.txt file and rerun step 7 command, and the above tripwire --init). 9. Testing it out at the command line: tripwire --check ?interactive Rad, it works. 10. Go and check out your /etc/cron.daily for a file called twipwire-check, should be dated April 27, 2005, I think TW puts it there. I think this just runs by default, will know tomorrow. Basically this is a jump in the right direction, good luck, feel free to comment, and thanks to the list for the help on locating the tool, as well as the recommendations on the other similar tools. -karlski _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos