License
Unknown
v0.0.7 · public · Published over 4 years ago
Sensu Tripwire is a collection of Sensu Assets, packaging up
Tripwire OSS
(version 2.4.3.7), making it easy to deploy an intrusion detection
system (IDS) to systems running the Sensu monitoring Agent.
The Tripwire assets are currently compiled for amd64 systems, on
Alpine Linux (3.9.5), CentOS (6 and 7), and Debian (Stretch). The
included wrapper shell scripts are opinionated and include Tripwire
policy that may be less than ideal for your systems. If you run into
issues using the assets, please open a GitHub
issue!
Initialize a Tripwire database.
tripwire-init.sh
Run a full system check (and initialize the database if missing).
tripwire-check.sh
Run a Tripwire check on a specific web application.
tripwire-check.sh /var/www/*
sensuctl asset add portertech/sensu-tripwire
If you're using an earlier version of sensuctl, you can find the asset on the Bonsai Asset Index.
Docker is required to build the Tripwire assets.
From the local path of the sensu-tripwire repository:
./build.sh
This project can be used in combination with the
sensu-plugins-tripwire
project.
Help (as of version 1.2.0).
Usage: check-tripwire.rb (options)
-b, --binary path/to/tripwire tripwire binary to use, in case you hide yours
-f path/to/configfile, Configuration to use for the check
--config-file
-c, --critical critical severity Tripwire severity greater than this is a critical error
-d path_or_url_to_database. if an http url is supplied the database will be retrieved prior to the check,
--database Database to use for the check
-P, --password PASSWORD Password to unlock the keyfile
-s, --site-key path/to/sitekey Site key used to decrypt the database that will be used in the validation
-w, --warn warning severity Tripwire severity greater than this is warning
Register the required assets.
sensuctl asset add portertech/sensu-tripwire
sensuctl asset add sensu/sensu-ruby-runtime
sensuctl asset add sensu-plugins/sensu-plugins-tripwire
Example Sensu check configuration.
type: CheckConfig
api_version: core/v2
metadata:
name: tripwire
spec:
command: check-tripwire.rb --binary tripwire.sh --config-file /tmp/tw/tw.cfg
interval: 30
runtime_assets:
- portertech/sensu-tripwire
- sensu-plugins/sensu-plugins-tripwire
- sensu/sensu-ruby-runtime
subscriptions:
- linux
publish: true
For more information about contributing to this plugin, see Contributing.
Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.
×