Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name


v0.0.7 · public · Published over 4 years ago

README
Asset Definition
Release Notes
Release Assets

Sensu Tripwire

Bonsai Asset Badge

Table of Contents

Overview

Sensu Tripwire is a collection of Sensu Assets, packaging up
Tripwire OSS
(version 2.4.3.7), making it easy to deploy an intrusion detection
system (IDS) to systems running the Sensu monitoring Agent.

The Tripwire assets are currently compiled for amd64 systems, on
Alpine Linux (3.9.5), CentOS (6 and 7), and Debian (Stretch). The
included wrapper shell scripts are opinionated and include Tripwire
policy that may be less than ideal for your systems. If you run into
issues using the assets, please open a GitHub
issue
!

Usage examples

Initialize a Tripwire database.

tripwire-init.sh

Run a full system check (and initialize the database if missing).

tripwire-check.sh

Run a Tripwire check on a specific web application.

tripwire-check.sh /var/www/*

Configuration

Asset registration

sensuctl asset add portertech/sensu-tripwire

If you're using an earlier version of sensuctl, you can find the asset on the Bonsai Asset Index.

Building Tripwire Assets

Docker is required to build the Tripwire assets.

From the local path of the sensu-tripwire repository:

./build.sh

Additional notes

This project can be used in combination with the
sensu-plugins-tripwire
project
.

Help (as of version 1.2.0).

Usage: check-tripwire.rb (options)
    -b, --binary path/to/tripwire    tripwire binary to use, in case you hide yours
    -f path/to/configfile,           Configuration to use for the check
        --config-file
    -c, --critical critical severity Tripwire severity greater than this is a critical error
    -d path_or_url_to_database. if an http url is supplied the database will be retrieved prior to the check,
        --database                   Database to use for the check
    -P, --password PASSWORD          Password to unlock the keyfile
    -s, --site-key path/to/sitekey   Site key used to decrypt the database that will be used in the validation
    -w, --warn warning severity      Tripwire severity greater than this is warning

Register the required assets.

sensuctl asset add portertech/sensu-tripwire
sensuctl asset add sensu/sensu-ruby-runtime
sensuctl asset add sensu-plugins/sensu-plugins-tripwire

Example Sensu check configuration.

type: CheckConfig
api_version: core/v2
metadata:
  name: tripwire
spec:
  command: check-tripwire.rb --binary tripwire.sh --config-file /tmp/tw/tw.cfg
  interval: 30
  runtime_assets:
  - portertech/sensu-tripwire
  - sensu-plugins/sensu-plugins-tripwire
  - sensu/sensu-ruby-runtime
  subscriptions:
  - linux
  publish: true

Contributing

For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github

Download

×

Either download the source code:

Download Source

Or download the asset definition: