A site for solving at least some of your technical problems...
A site for solving at least some of your technical problems...
Once in a while, I update my policy file because tripwire tends to checks EVERYTHING and many things are being updated on a constant basis (such as the letsencrypt files which appear under /etc/letsencrypt/..., which should use /var/lib/letsencrypt/..., but I digress here...)
So as a result I have to update the file and to do so I edit my twpol.txt file and then run the following three commands to update the database:
sudo twadmin --create-polfile --cfgfile tw.cfg --site-keyfile site.key twpol.txt sudo rm /var/lib/tripwire/hostname.twd sudo tripwire --init
The <hostname> is generally your hostname, it can be changed. Do a list of the directory if you'd like to see what your file is named.
Note: these commands are used to completely reset your tripwire database (hence the rm command and then the --init option). Below I have a command to do an update but that does not always work, so it's practical to have a way to reset the database from scratch.
A while back, as I was trying to remove some annoying entries in my Tripwire policy, I started getting errors. The first time I did not pay close attention, but the next day the policy had not changed! So I looked at it closer and noticed that if a file changed since the last update, then tripwire refuses to update the policy. That is, if the secure mode is set to high.
So to update my tripwire policy I was running:
sudo tripwire -m p -p /etc/tripwire/tw.pol \ --secure-mode low /etc/tripwire/twpol.txt
which now (at least since 13.04, maybe in 12.10?) means the secure mode is left alone and is marked as being high by default.
All you have to do is drop the security level to low as in:
sudo tripwire -m p -p /etc/tripwire/tw.pol \ --secure-mode low /etc/tripwire/twpol.txt
Note that you should then verify that only files that are expected to change (i.e. cups files, your twpol.txt file, maybe the .twpot.txt.swp file if you use gvim) appear in the output.
For example, I just changed the twpol.txt file (duh!) and I get this warning (would be an error with the secure mode set to high):
### Object name: Conflicting properties for object /etc/tripwire/twpol.txt ### > Size ### > Modify Time ### > CRC32 ### > MD5 ### Continuing...
Assuming that phase 1 worled, you will now see the following few lines:
======== Step 2: Updating the database with new objects. ======== Step 3: Pruning unneeded objects from the database. Wrote policy file: /etc/tripwire/tw.pol Wrote database file: /var/lib/tripwire/<hostname>.twd
The "Wrote ..." lines is what proves that it worked. On failure you do not see those two lines, instead you get the following:
======== Step 2: Updating the database with new objects. ======== Step 3: Pruning unneeded objects from the database. Policy update failed; policy and database files were not altered.