Initializing The Database; Running An Integrity Check; Printing Reports - Red Hat LINUX 7.2 Reference Manual

174
Store the passphrases in a secure location. There is no way to decrypt a signed
file if you forget your passphrase. If you forget the passphrases, the files are
unusable and you will have to run the configuration script again, which also
reinitializes the Tripwire database.

11.7 Initializing the Database

When initializing its database, Tripwire builds a collection of filesystem objects based on the rules in
the policy file. This database serves as the baseline for integrity checks.
To initialize the Tripwire database, use the following command:
/usr/sbin/tripwire --init
This command can take several minutes to run.

11.8 Running an Integrity Check

When running an integrity check, Tripwire compares the current, actual filesystem objects with their
properties as recorded in its database. Violations are printed to standard output and saved in a report
file that can be accessed later by twprint. For more information on viewing Tripwire reports, see
Section 11.9, Printing Reports.
An email configuration option in the policy file even allows particular email addresses to be sent no-
tices when certain integrity violations occur. See Section 11.12, Tripwire and Email for instructions
on how to set this up.
To run an integrity check, use the following command:
/usr/sbin/tripwire --check
This command requires some time to run in most situations, depending upon the number of files to be
checked.

11.9 Printing Reports

The twprint -m r command will display the contents of a Tripwire report in clear text. You must
tell twprint which report file to display.
A twprint command for printing Tripwire reports looks similar to the following (all on one line):
Chapter 11:Installing and Configuring Tripwire
CAUTION