You have to edit the twpol.txt and twcfg.txt files and comment out
everything that is in the report as missing. Then you have to
re-initialze the database. There should be a quickstart.txt file in the
/etc/tripwire directory. Then you can backup the /etc/tripwire and
/var/lib/tripwire directories.
Leonard
>>> [EMAIL PROTECTED] 03/30/03 19:18 PM >>>
Any tripwire gurus out there?
I have two tripwire related questions that I hope are easy enough to
answer.
I recently installed tripwire on a Redhat 7.0 webserver using an RPM
file, and ran the twinstall.sh script. Then I ran the following commands
to initialize the database and update the database.
tripwire -m i
tripwire -m u
Why is it then, when I run .........
tripwire -m c
It still flags as missing a bunch of files that don't, and never did,
exist on the system. The "tw.pol" file and "localhost.localdomain.twd"
appear to be binary files and not editable. How do you stop tripwire
from trying to scan for files that don't exist on the system?
Also, what is the best way to protect the tripwire files themselves in
case the system were to ever be compromised? i.e. copy the important
files to a secure server and replace them on the original server when
you want to run tripwire? or copy them to a floppy disk? or ?
And which files would need to have copies made of them? I would guess
the tw.pol file and the *.twd files; is there any others?
Thanks in advance
PG
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
