By default the Tripwire RPM adds a shell script called tripwire-check to the /etc/cron.daily/ directory. This will automatically run an integrity check once per day.
You can, however, run a Tripwire integrity check at any time by typing the following command:
/usr/sbin/tripwire --check |
During an integrity check, Tripwire compares the current state of file system objects with the properties recorded in its database. Violations are printed to the screen and an encrypted copy of the report is created in /var/lib/tripwire/report/. You can view the report using the twprint command as outlined in the Section called Viewing Tripwire Reports.
If you would like to receive an email when certain types of integrity violations occur, you can configure this in the policy file. See the Section called Tripwire and Email for instructions on how to set up and test this feature.