8 Nov

I found this old howto i wrote somewhere, thought i’d add it.

[if re-installing, you’ll need to delete /etc/site.key]

$> cd /etc/tripwire
$> ./ // will install

$> /usr/sbin/twadmin –create-polfile twpol.txt // will create a
policy files

[you can edit the twpol.txt policy file now, or wait until after the
next step
so you can see what is wrong with it]

$> /usr/sbin/tripwire –init // initialise the
policy file – this
// will show any
errors etc

[you should probably delete the twpol.txt file now – you can always
recreate it from
the encoded db as long as you know your password]

If the twpol.txt file does not exist, recreate it:

$> /usr/sbin/twadmin –print-polfile > /etc/tripwire/twpol.txt //
create readable policy file from encoded db

now edit twpol.txt to your liking

then create new database:

$> /usr/sbin/twadmin –create-polfile -S site.key /etc/tripwire/twpol.txt

then delete the old encoded db:

$> rm /var/lib/tripwire/imvs$.twd

recreate the encoded database from the new twpol.txt file

$> /usr/sbin/tripwire –init // recreate
encoded db

(To make sure changes took effect, run tripwire again –
/usr/sbin/tripwire –check)

Run tripwire

$> /usr/sbin/tripwire –check

UPGRADE POLICY (Required if tripwire caught anything)
If changes have been found, you can update your policy db in two ways:

$> /usr/sbin/tripwire –update –twrfile /var/lib/tripwire

or you can run a check interactively

$> /usr/sbin/tripwire –check –interactive


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: