Tripwire install on macOS

This is a bare-bones tutorial for installing Tripwire on the macOS. It is assumed that the person using this tutorial knows UNIX, the bash shell, how to unzip files and how to compile software. It is also assumed XCode is already installed and that you are the administrator with sudo privileges. If you don’t understand the preceding words, DON’T ATTEMPT THIS! STOP HERE!

Download from



Set passwords for key files:

sudo /usr/local/sbin/twadmin --generate-keys -L /usr/local/etc/${HOSTNAME}-local.key
sudo /usr/local/sbin/twadmin --generate-keys -S /usr/local/etc/site.key

Write policy file:

Download this sample policy file here. Modify it as needed. If you have users on other drives you will need to uncomment the line “/Volumes/ExtraDrive/Users” and change the drive name to your specific drive.

sudo /usr/local/sbin/twadmin --create-cfgfile -S /usr/local/etc/site.key /usr/local/etc/twcfg.txt
sudo /usr/local/sbin/twadmin --create-polfile -S /usr/local/etc/site.key /usr/local/etc/twpol.txt

Initialize database

sudo /usr/local/sbin/tripwire --init

Hourly check up as root: crontab -e

00 * * * * /usr/local/sbin/tripwire --check


00 * * * * /usr/local/sbin/tripwire --check | mail -s "Tripwire report for `uname -n` `date`"

Tripwire update database

sudo /usr/local/sbin/tripwire --update --twrfile /usr/local/lib/tripwire/report/{$HOSTNAME}-local.twr