Tripwire: tripwire –update -Z low says Error: File could not be opened

tripwire

When i scan my system with tripwire and try to update after with

tripwire --update -Z low

i get the error:

### Error: File could not be opened.
### Filename: /var/lib/tripwire/report/nesystem-20101217-212722.twr
### No such file or directory
### Exiting...

What's the reason?

Best Answer

tripwire --update requires a particular (usually the most recent) tripwire output file to operate on. When you last ran tripwire --check it will have created a report file; if you want to update from that, find the name of that report file (usually the most recent creation in /var/lib/tripwire/report) and do

tripwire --update -Z low -r /var/lib/tripwire/report/THATFILE

If you're using the most recent tripwire output file, -Z low is often not required, and I think it's generally a good idea to omit it: if there have been any further changes since the report was generated, you want to know about them, and resolve them manually.

If you must have a fast workaround, you could put something like this in your .bashrc file (assuming you're using bash):

alias triplast="tripwire --update -r `ls -1rt /var/lib/tripwire/report|tail -1`"

which will run tripwire in update mode on the most recent entry in the reports directory.

Related Solutions

Linux – Should tripwire be entering /proc

I found this post on LinuxQuestions.

Modify so only intreresting parts of proc will be examined

# /proc -> $(Device) ;
/proc/sys -> $(Device) ;
/proc/cpuinfo -> $(Device) ;
/proc/modules -> $(Device) ;

Simple application level file integrity monitoring & Intrusion detection (IDS)

Perhaps you can try AIDE (http://aide.sourceforge.net/), and create a rule that will only monitor *php/cgi/pl files.

Best Answer

Related Solutions

Linux – Should tripwire be entering /proc

Simple application level file integrity monitoring & Intrusion detection (IDS)

Related Topic