You have to edit the twpol.txt and twcfg.txt files and comment out everything that is in the report as missing. Then you have to re-initialze the database. There should be a quickstart.txt file in the /etc/tripwire directory. Then you can backup the /etc/tripwire and /var/lib/tripwire directories.
Leonard >>> [EMAIL PROTECTED] 03/30/03 19:18 PM >>> Any tripwire gurus out there? I have two tripwire related questions that I hope are easy enough to answer. I recently installed tripwire on a Redhat 7.0 webserver using an RPM file, and ran the twinstall.sh script. Then I ran the following commands to initialize the database and update the database. tripwire -m i tripwire -m u Why is it then, when I run ......... tripwire -m c It still flags as missing a bunch of files that don't, and never did, exist on the system. The "tw.pol" file and "localhost.localdomain.twd" appear to be binary files and not editable. How do you stop tripwire from trying to scan for files that don't exist on the system? Also, what is the best way to protect the tripwire files themselves in case the system were to ever be compromised? i.e. copy the important files to a secure server and replace them on the original server when you want to run tripwire? or copy them to a floppy disk? or ? And which files would need to have copies made of them? I would guess the tw.pol file and the *.twd files; is there any others? Thanks in advance PG -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list