Chapter 11. Tripwire
153
Important
It is important that you change only authorized integrity violations in the database.
All proposed updates to the Tripwire database start with an
[x]
before the file name, similar to the
following example:
Added:
[x] "/usr/sbin/longrun"
Modified:
[x] "/usr/sbin"
[x] "/usr/sbin/cpqarrayd"
If you want to specifically exclude a valid violation from being added to the Tripwire database, remove
the
x
. To accept any files with an
x
beside them as changes.
To edit files in the default text editor,
vi
, type
i
and press [Enter] to enter insert mode and make any
necessary changes. When finished press the [Esc] key, type
:wq
, and press [Enter].
After the editor closes, enter your local password and the database will be rebuilt and signed.
After a new Tripwire database is written, the newly authorized integrity violations will no longer show
up as warnings.
11.8. Updating the Tripwire Policy File
If you want to change the files Tripwire records in its database, change email configuration, or modify
the severity at which certain violations are reported, you need to edit your Tripwire policy file.
First, make whatever changes are necessary to the sample policy file
/etc/tripwire/twpol.txt
.
If you deleted this file (as you should whenever you are finished configuring Tripwire), you can re 
generate it by issuing the following command:
twadmin   print polfile > /etc/tripwire/twpol.txt
A common change to this policy file is to comment out any files that do not exist on your system
so that they will not generate a
file not found
error in your Tripwire reports. For example, if
your system does not have a
/etc/smb.conf
file, you can tell Tripwire not to try to look for it by
commenting out its line in
twpol.txt
with the
#
character as in the following example:
#
/etc/smb.conf
 > $(SEC_CONFIG) ;
Next, you must generate a new, signed
/etc/tripwire/tw.pol
file and generate an updated
database file based on this policy information. Assuming
/etc/tripwire/twpol.txt
is the edited
policy file, use this command:
/usr/sbin/twadmin   create polfile  S site.key /etc/tripwire/twpol.txt
You will be asked for the site password. Then, the
twpol.txt
file will be encrypted and signed.
It is important that you update the Tripwire database after creating a new
/etc/tripwire/tw.pol
file. The most reliable way to accomplish this is to delete your current Tripwire database and create a
new database using the new policy file.
If your Tripwire database file is named
bob.domain.com.twd
, type this command:
rm /var/lib/tripwire/bob.domain.com.twd






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved