On Sun, 2003-03-30 at 19:26, Leonard Miller wrote: > You have to edit the twpol.txt and twcfg.txt files and comment out > everything that is in the report as missing. Then you have to > re-initialze the database. There should be a quickstart.txt file in the > /etc/tripwire directory. Then you can backup the /etc/tripwire and > /var/lib/tripwire directories. > > Leonard > > >>> [EMAIL PROTECTED] 03/30/03 19:18 PM >>> > Any tripwire gurus out there? > > I have two tripwire related questions that I hope are easy enough to > answer. > > I recently installed tripwire on a Redhat 7.0 webserver using an RPM > file, and ran the twinstall.sh script. Then I ran the following commands > > to initialize the database and update the database. > > tripwire -m i > tripwire -m u > > Why is it then, when I run ......... > > tripwire -m c > > It still flags as missing a bunch of files that don't, and never did, > exist on the system. The "tw.pol" file and "localhost.localdomain.twd" > appear to be binary files and not editable. How do you stop tripwire > from trying to scan for files that don't exist on the system? > > Also, what is the best way to protect the tripwire files themselves in > case the system were to ever be compromised? i.e. copy the important > files to a secure server and replace them on the original server when > you want to run tripwire? or copy them to a floppy disk? or ? > > And which files would need to have copies made of them? I would guess > the tw.pol file and the *.twd files; is there any others? > > Thanks in advance > > PG
here is a perl script I wrote to clean up twpol.txt based on the packaes installed. http://www.elevating.com/bret/twpolclean.pl worked pretty good for me. Bret -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list