Update Tripwire Policy
There are times where you want to update the tripwire policy after a system update. This section guides you on how to update the policy file (tw.pol
).
Regenerate Policy File
The first step is to regenerate the policy file. you can execute the following:
$ twadmin --print-polfile > twpol.txt
This regenerate the txpol.txt
for your use.
Update Your Policy
Once done, you may update your policy file accordingly in the re-generated twpol.txt
.
Regenerate Database and Policy File
Upon completions, you may now regenerate the policy file and database.
Delete Existing Database and Policy File
The first thing you need to do is to delete the database and policy file. This can be done using root account by:
$ rm /etc/tripwire/tw.pol
$ rm /var/lib/tripwire/<hostname>.twd
Sign The New Policy File
Once done, you can re-sign the twpol.txt
file inside /etc/tripwire
.
$ cd /etc/tripwire
$ twadmin --create-polfile --cfgfile tw.cfg --site-keyfile site.key twpol.txt
Initialize New Database Again
with tw.pol
ready, you can reinitialize the database. This is done by:
$ tripwire --init
Test Run
With the new database ready, you can double check its function:
$ tripwire --check --email-report
Remove Plaintext Policy File
Lastly, you can remove the plaintext policy file.
$ rm twpol.txt
That's all for updating tripwire policy file.