Update the Tripwire database relative to the most recent integrity check report:
#!/bin/sh DIR=/var/lib/tripwire/report HOST=`hostname -s` LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1` tripwire --update --twrfile "$LAST_REPORT"
Updates are performed with respect to an integrity check report, not with respect to the current filesystem state. Therefore, if you’ve modified some files since the last check, you cannot simply run an update: you must run an integrity check first. Otherwise the update won’t take the changes into account, and the next integrity check will still flag them.
Updating is significantly faster than reinitializing the database. [Recipe 1.3]
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
