June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
1.11. Updating the Database
Problem
Your latest Tripwire report contains discrepancies that tripwire should ignore in the future.
Solution
Update the Tripwire database relative to the most recent integrity check report:
#!/bin/sh DIR=/var/lib/tripwire/report HOST=`hostname -s` LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1` tripwire --update --twrfile "$LAST_REPORT"
Discussion
Updates are performed with respect to an integrity check report, not with respect to the current filesystem state. Therefore, if you’ve modified some files since the last check, you cannot simply run an update: you must run an integrity check first. Otherwise the update won’t take the changes into account, and the next integrity check will still flag them.
Updating is significantly faster than reinitializing the database. [Recipe 1.3]
See Also
tripwire(8).