This is a bare-bones tutorial for installing Tripwire on the macOS. It is assumed that the person using this tutorial knows UNIX, the bash shell, how to unzip files and how to compile software. It is also assumed XCode is already installed and that you are the administrator with sudo privileges. If you don’t understand the preceding words, DON’T ATTEMPT THIS! STOP HERE!

Download from


cd tripwire-open-source-master
sudo ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/tripwire --mandir=/usr/local/share 
sudo make
sudo make install

Set passwords for key files:
If you didn’t set passwords during the make install step or forgot the password you set, you can still set them in this step.

sudo /usr/local/sbin/twadmin --generate-keys -L /usr/local/etc/tripwire/${HOSTNAME}-local.key
sudo /usr/local/sbin/twadmin --generate-keys -S /usr/local/etc/tripwire/site.key

Write policy file:

Download this sample policy file here. Modify it as needed. If you have users on other drives you will need to uncomment the line “/Volumes/ExtraDrive/Users” and change the drive name to your specific drive.

sudo  mkdir /etc/tripwire; sudo cp /usr/local/etc/tripwire/* /etc/tripwire
sudo /usr/local/sbin/twadmin --create-cfgfile -S /usr/local/etc/tripwire/site.key /usr/local/etc/tripwire/twcfg.txt
sudo /usr/local/sbin/twadmin --create-polfile -S /usr/local/etc/tripwire/site.key /usr/local/etc/tripwire/twpol.txt

Initialize database

sudo /usr/local/sbin/tripwire --init

Hourly check up as root: crontab -e

00 * * * * /usr/local/sbin/tripwire --check


00 * * * * /usr/local/sbin/tripwire --check | mail -s "Tripwire report for `uname -n` `date`"

Tripwire update database

sudo /usr/local/sbin/tripwire --update --twrfile /usr/local/lib/tripwire/report/{$HOSTNAME}-local.twr