Recipe 1.11 Updating the Database

1.11.1 Problem

Your latest Tripwire report contains discrepancies that tripwire should ignore in the future.

1.11.2 Solution

Update the Tripwire database relative to the most recent integrity check report:

#!/bin/sh
DIR=/var/lib/tripwire/report
HOST=`hostname -s`
LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
tripwire --update --twrfile "$LAST_REPORT"

1.11.3 Discussion

Updates are performed with respect to an integrity check report, not with respect to the current filesystem state. Therefore, if you've modified some files since the last check, you cannot simply run an update: you must run an integrity check first. Otherwise the update won't take the changes into account, and the next integrity check will still flag them.

Updating is significantly faster than reinitializing the database. [Recipe 1.3]

1.11.4 See Also

tripwire(8).