---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 203 · To run in interactive check mode, use the command: [root@deep /]# tripwire --check --interactive An email option exists with Tripwire and allows you to send email. This option will specifies that reports be emailed to the recipients designated in the policy file. · To run in integrity check mode and send email to the recipient, use the command: [root@deep /]# tripwire --check --email-report Updating the database after an integrity check If you have decided to use the “Integrity Check Mode” of Tripwire instead of it “Interactive Check Mode”, you must update the Tripwire database with the “Database Update Mode” feature. This update process allow you to saves time by updating the database without having to regenerate it and also enables selective updating, which cannot be done through regeneration. The syntax for database update mode is: [root@deep /]# tripwire { --update -r} · To update the database, use the command: [root@deep /]# tripwire --update -r /usr/TSS/report/deep.openarch.com-200001-021854.twr Where “-r” read the specified report file (deep.openarch.com-200001-021854.twr). This option is required since the REPORTFILE variable in the current configuration file uses $(DATE). NOTE: In Database Update Mode or Interactive Check Mode, Tripwire software displays the report in your terminal with a ballot box next to each policy violation. You can approve a change to the file system by leaving the “x” next to each policy violation or remove the “x” from the ballot box and the database will not be updated with the new value(s) for that object. After you exit the editor and provide the local pass phrase, Tripwire software will update and save your changes. Updating the policy file Some time you want to change the rules in your policy file to reflect a new files location or policy rules. A special command exists to make the work and update the database without requiring a complete re-initialization of the policy file. This can save a significant amount of time and preserves security by keeping the policy file synchronized with the database it uses. The syntax for policy update mode is: [root@deep /]# tripwire { --update-policy /path/to/new/policy/file} · To update the policy file, use the command: [root@deep /]# tripwire --update-policy /usr/TSS/policy/newtwpol.txt The policy Update mode runs with “--secure-mode high” option by default. You may encounter errors when running with this option if the file system has changed since the last database update, and if the changes still cause a violation in the new policy. After determining that all of the violations reported in high security mode are authorized, you can update the policy file in low security mode to solve this situation: · To update the policy file in low security mode, use the command: [root@deep /]# tripwire --update-policy --secure-mode low /usr/TSS/policy/newtwpol.txt