-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 30 March 2003 07:16 pm, Paul Greene wrote: > Any tripwire gurus out there? > > I have two tripwire related questions that I hope are easy enough to > answer. > > I recently installed tripwire on a Redhat 7.0 webserver using an RPM > file, and ran the twinstall.sh script. Then I ran the following > commands to initialize the database and update the database. > > tripwire -m i > tripwire -m u > > Why is it then, when I run ......... > > tripwire -m c > > It still flags as missing a bunch of files that don't, and never did, > exist on the system. The "tw.pol" file and "localhost.localdomain.twd" > appear to be binary files and not editable. How do you stop tripwire > from trying to scan for files that don't exist on the system?
You have to manually edit /etc/tripwire/twpol.txt and remove the files listed that do not exist on your machine. A script you may find useful for this purpose was posted here a few months ago. https://listman.redhat.com/pipermail/redhat-list/2003-January/166584.html You'll then have to convince tripwire to accept the changes. This will generate a new tw.pol file (encrypted) and accept the changes into the database. Here is the command and output (pulled from one of my old posts) This sets the security policy to low, and will report changes, but still update the policy. The default is high security. # tripwire -m p -Z low /etc/tripwire/twpol.txt Parsing policy file: /etc/tripwire/twpol.txt Please enter your local passphrase: Please enter your site passphrase: ======== Policy Update: Processing section Unix File System. ======== Step 1: Gathering information for the new policy. ======== Step 2: Updating the database with new objects. ======== Step 3: Pruning unneeded objects from the database. Wrote policy file: /etc/tripwire/tw.pol Wrote database file: /var/lib/tripwire/tuxfan.twd # rm -f /etc/tripwire/*.txt ##(No need to leave text versions of config and policy files around) > Also, what is the best way to protect the tripwire files themselves in > case the system were to ever be compromised? i.e. copy the important > files to a secure server and replace them on the original server when > you want to run tripwire? or copy them to a floppy disk? or ? Removable media or write protected media would be safest I suppose. I leave mine on the machine and just compare them to known good backups. > And which files would need to have copies made of them? I would guess > the tw.pol file and the *.twd files; is there any others? Plus tw.cfg as well as your site and local keys. - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.{2,3}|8.0 in 8M of RAM: http://www.rule-project.org/ - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+h6ENn/07WoAb/SsRAgc8AJ0ZFRXvECKF/Ac9i6YMO3wykQVXKACgl7Av Rkgi2Zl3PSLV+f6HL86RWbw= =+a3q -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
