Update Tripwire Policy

There are times where you want to update the tripwire policy after a system update. This section guides you on how to update the policy file (tw.pol).

Regenerate Policy File

Update Your Policy

Regenerate Database and Policy File

Delete Existing Database and Policy File

Sign The New Policy File

Initialize New Database Again

Test Run

Remove Plaintext Policy File

Regenerate Policy File

The first step is to regenerate the policy file. you can execute the following:

$ twadmin --print-polfile > twpol.txt

This regenerate the txpol.txt for your use.

Update Your Policy

Once done, you may update your policy file accordingly in the re-generated twpol.txt.

Regenerate Database and Policy File

Upon completions, you may now regenerate the policy file and database.

Delete Existing Database and Policy File

The first thing you need to do is to delete the database and policy file. This can be done using root account by:

$ rm /etc/tripwire/tw.pol

$ rm /var/lib/tripwire/<hostname>.twd

Sign The New Policy File

Once done, you can re-sign the twpol.txt file inside /etc/tripwire.

$ cd /etc/tripwire

$ twadmin --create-polfile --cfgfile tw.cfg --site-keyfile site.key twpol.txt

Initialize New Database Again

with tw.pol ready, you can reinitialize the database. This is done by:

$ tripwire --init

Test Run

With the new database ready, you can double check its function:

$ tripwire --check --email-report

Remove Plaintext Policy File

Lastly, you can remove the plaintext policy file.

$ rm twpol.txt

That's all for updating tripwire policy file.

Back to tripwire (Intrusion Detection Program)