Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 19. TripwireNext

19.7. Updating the Tripwire Database

If you run an integrity check and Tripwire finds violations, you will first need to determine whether the violations discovered are actual security breaches or the product of authorized modifications. If you recently installed an application or edited critical system files, Tripwire will correctly report integrity check violations. In this case, you should update your Tripwire database so those changes are no longer reported as violations. However, if unauthorized changes are made to system files that generate integrity check violations, then you should restore the original file from a backup, reinstall the program, or, if the breach is severe enough, completely reinstall the operating system.

To update the Tripwire database so it accepts valid policy violations, Tripwire first cross-references a report file against the database and then integrates into it valid violations from the report file. When updating the database, be sure to use the most recent report.

Use the following command to update the Tripwire database, where name is the name of the most recent report file: 

/usr/sbin/tripwire --update --twrfile /var/lib/tripwire/report/<name>.twr

Tripwire will display the report file using the default text editor specified on the EDITOR line of the Tripwire configuration file. This gives you an opportunity to deselect files you do not wish to update in the Tripwire database.

ImportantImportant
 

It is important that you change only authorized integrity violations in the database.

All proposed updates to the Tripwire database start with an [x] before the file name, similar to the following example: 

Added:
[x] "/usr/sbin/longrun"

Modified:
[x] "/usr/sbin"
[x] "/usr/sbin/cpqarrayd"

If you want to specifically exclude a valid violation from being added to the Tripwire database, remove the x.

To edit files in the default text editor, vi, type i and press [Enter] to enter insert mode and make any necessary changes. When finished, press the [Esc] key, type :wq, and press [Enter].

After the editor closes, enter your local password and the database will be rebuilt and signed.

After a new Tripwire database is written, the newly authorized integrity violations will no longer show up as warnings.

PrevHomeNext
Examining Tripwire ReportsUpUpdating the Tripwire Policy File
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.