1.3.1 ProblemYou want to change the set of files and directories that tripwire examines, or change tripwire's default behavior. 1.3.2 SolutionExtract the policy and configuration to plaintext files: [Recipe 1.2] # cd /etc/tripwire # twadmin --print-polfile > twpol.txt # twadmin --print-cfgfile > twcfg.txt Modify the policy file twpol.txt and/or the configuration file twcfg.txt with any text editor. Then re-sign the modified files: [Recipe 1.1] # twadmin --create-cfgfile --cfgfile /etc/tripwire/tw.cfg \ --site-keyfile site_key etc/tripwire/twcfg.txt # twadmin --create-polfile --cfgfile /etc/tripwire/tw.cfg \ --site-keyfile site_key etc/tripwire/twpol.txt and reinitialize the database: [Recipe 1.1] # tripwire --init # rm twcfg.txt twpol.txt 1.3.3 DiscussionThis is much like setting up Tripwire from scratch [Recipe 1.1], except our existing, cryptographically-signed policy and configuration files are first converted to plaintext. [Recipe 1.2] You'll want to modify the policy if tripwire complains that a file does not exist: ### Error: File could not be opened. Edit the policy file and remove or comment out the reference to this file if it does not exist on your system. Then re-sign the policy file. You don't need to follow this procedure if you're simply updating the database after an integrity check [Recipe 1.11], only if you've modified the policy or configuration. 1.3.4 See Alsotwadmin(8), tripwire(8). |