I have two tripwire related questions that I hope are easy enough to answer.
I recently installed tripwire on a Redhat 7.0 webserver using an RPM file, and ran the twinstall.sh script. Then I ran the following commands to initialize the database and update the database.
tripwire -m i tripwire -m u
Why is it then, when I run .........
tripwire -m c
It still flags as missing a bunch of files that don't, and never did, exist on the system. The "tw.pol" file and "localhost.localdomain.twd" appear to be binary files and not editable. How do you stop tripwire from trying to scan for files that don't exist on the system?
Also, what is the best way to protect the tripwire files themselves in case the system were to ever be compromised? i.e. copy the important files to a secure server and replace them on the original server when you want to run tripwire? or copy them to a floppy disk? or ?
And which files would need to have copies made of them? I would guess the tw.pol file and the *.twd files; is there any others?
Thanks in advance
PG
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
