2002-Dec-05
View tripwrite config file with: "twadmin --print-cfgfile". And view the policy with: "twadmin --print-polfile".A report can be viewed like:
twprint --print-report --twrfile secure.ocsonline.com-20021125-040442.twr(Where the reports are in /var/lib/tripwire/report.)
The tripwire database can be viewed with "twprint --print-dbfile". (Mine had 731920 lines.)
You can update the database by using the report you want to use. This is so it won't report certain violations.
tripwire --update --twrfile secure.ocsonline.com-20021205-040411.twrThis opens the editor. Then you remove the "x" in the box for files (or directories or rules) to change. For example:
[x] "/usr/bin/news.daily"After you save and exit, it may ask for your local passphrase. And then write a new database file. (The old one is backed up to .bak.)
Or if you just want to edit the policy itself, edit /etc/tripwire/twpol.txt. Then you generate a new policy (in a database format):
twadmin --create-polfile -S site.key /etc/tripwire/twpol.txtThen the tripwire database (.twd) file needs to be updated. This can be done by moving it out of the way and creating a new one, like:
mv /var/lib/tripwire/hostname.twd{,.old}
tripwire --init
The tripwire configuration file is resigned with:
twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txtUsing up2date on Red Hat Linux 8.0 system. First time using up2date it prompts for some configuration settings, like debug, storageDir, serverURL, retrieveSource, etc. (This is like using --configure option.)
Then, it needs the Red Hat public key for GPG:
rpm --import /usr/share/rhn/RPM-GPG-KEY(File was already installed.)
Then when you run up2date, it wants you to sign up. It has some console interface. It gives a privacy notice.
Alternatives to up2date: apt-get (for RPMs), yum, NRH-up2date. A list of many is at http://www.rpm.org/software/updaters/ .