On Wed, Oct 06, 2004 at 10:56:53AM -0400, Noah Meyerhans wrote:
> On Wed, Oct 06, 2004 at 02:53:19PM +0100, Dale Amon wrote:
> > I've been running tripwire on a particular server
> > for some years and finally got annoyed at skimming through
> > the large reports, so I began an update... After 24 hours
> > I thought it was hung and killed it. I restarted it
> > with verbose and found that it is indeed working. And
> > just for the hell of it, I've left it running to see
> > how long it would take.
>
> Which version of tripwire is this? It sounds like behavior I'd expect
> to see with the ancient ancient ancient version that we shipped prior to
> woody (there is no tripwire in woody), but I've never seen anything like
> that with tripwire 2+.
>
> How did you perform this update? The "right way" to do it is to do
> 'tripwire -m u <reportfile>', which doesn't actually look at the
> filesystem at all but simply merges the filesystem data contained in the
> report into the database.
>
> noah
>
I usually do this:
tripwire --update -V emacs -Z high -r /var/lib/tripwire/report/<host>-<date>-<time>.twr
but the second run through I had already looked over the
file so I did this:
tripwire -v -a -r /var/lib/tripwire/report/<host>-<date>-<time>.twr
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature