Recipe 1.11 Updating the Database

1.11.1 Problem

Your latest Tripwire report contains discrepancies that tripwire should ignore in the future.

1.11.2 Solution

Update the Tripwire database relative to the most recent integrity check report:

#!/bin/sh
DIR=/var/lib/tripwire/report
HOST=`hostname -s`
LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
tripwire --update --twrfile "$LAST_REPORT"

1.11.3 Discussion

Updates are performed with respect to an integrity check report, not with respect to the current filesystem state. Therefore, if you've modified some files since the last check, you cannot simply run an update: you must run an integrity check first. Otherwise the update won't take the changes into account, and the next integrity check will still flag them.

Updating is significantly faster than reinitializing the database. [Recipe 1.3]

1.11.4 See Also

tripwire(8).

Chapter 1. System Snapshots with Tripwire

Recipe 1.1 Setting Up Tripwire

Recipe 1.2 Displaying the Policy and Configuration

Recipe 1.3 Modifying the Policy and Configuration

Recipe 1.4 Basic Integrity Checking

Recipe 1.5 Read-Only Integrity Checking

Recipe 1.6 Remote Integrity Checking

Recipe 1.7 Ultra-Paranoid Integrity Checking

Recipe 1.8 Expensive, Ultra-Paranoid Security Checking

Recipe 1.9 Automated Integrity Checking

Recipe 1.10 Printing the Latest Tripwire Report

Recipe 1.11 Updating the Database

Recipe 1.12 Adding Files to the Database

Recipe 1.13 Excluding Files from the Database

Recipe 1.14 Checking Windows VFAT Filesystems

Recipe 1.15 Verifying RPM-Installed Files

Recipe 1.16 Integrity Checking with rsync

Recipe 1.17 Integrity Checking Manually

Chapter 2. Firewalls with iptables and ipchains

Chapter 3. Network Access Control

Chapter 4. Authentication Techniques and Infrastructures

Chapter 5. Authorization Controls

Chapter 6. Protecting Outgoing Network Connections

Chapter 7. Protecting Files

Chapter 8. Protecting Email

Chapter 9. Testing and Monitoring