Skip to main content.

2002-Dec-05

View tripwrite config file with: "twadmin --print-cfgfile". And view the policy with: "twadmin --print-polfile".

A report can be viewed like:

twprint --print-report --twrfile secure.ocsonline.com-20021125-040442.twr
(Where the reports are in /var/lib/tripwire/report.)

The tripwire database can be viewed with "twprint --print-dbfile". (Mine had 731920 lines.)

You can update the database by using the report you want to use. This is so it won't report certain violations.

tripwire --update --twrfile secure.ocsonline.com-20021205-040411.twr
This opens the editor. Then you remove the "x" in the box for files (or directories or rules) to change. For example:
[x] "/usr/bin/news.daily"
After you save and exit, it may ask for your local passphrase. And then write a new database file. (The old one is backed up to .bak.)

Or if you just want to edit the policy itself, edit /etc/tripwire/twpol.txt. Then you generate a new policy (in a database format):

twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt
Then the tripwire database (.twd) file needs to be updated. This can be done by moving it out of the way and creating a new one, like:
mv /var/lib/tripwire/hostname.twd{,.old}
tripwire --init
The tripwire configuration file is resigned with:
twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt
Using up2date on Red Hat Linux 8.0 system. First time using up2date it prompts for some configuration settings, like debug, storageDir, serverURL, retrieveSource, etc. (This is like using --configure option.)

Then, it needs the Red Hat public key for GPG:

rpm --import /usr/share/rhn/RPM-GPG-KEY
(File was already installed.)

Then when you run up2date, it wants you to sign up. It has some console interface. It gives a privacy notice.

Alternatives to up2date: apt-get (for RPMs), yum, NRH-up2date. A list of many is at http://www.rpm.org/software/updaters/ .