When SB handed me my server it had a CRON job running to check tripwire. When it runs the CRON it sends me an error saying...

**** Error: Tripwire database for server not found. ****
**** Run /etc/tripwire/twinstall.sh and/or tripwire --init. ****

I'm not very familiar with tripwire other than what little I have read about it and I have no clue how to resolve this issue.
I tried to run the twinstall.sh but it said it was a directory but when I went to open it as a directory it said there was no directory by that name.

-Derek

I eventually got mine working and think it is worth setting up to keep an eye on critical binary and configuration files.

I think I did the following.
cd /etc/tripwire
./twinstall.sh
/usr/sbin/tripwire --init

Tripwire will then ask you for some passwords to encrypt it's information.

The first time my tripwire ran after initialization it complained about a bunch of files it was configured to watch, but didn't actually exist. To fix that I had to go back and edit the config files generated by the twinstall.sh script in /etc/tripwire/twpol.txt

Eventually something on your system will change because you edited a config file or ran up2date. Tripwire will detect these changes and alert you to them. Since you know that it was changes you made it is safe to update the tripwire database by doing the following.

/usr/sbin/tripwire --update -a -r /var/lib/tripwire/report/<latest tripwire report filename>
(Exclude the -a if you want to do an interactive update.)

Hope this helps!
--Eric

Tripwire is a wonderful product. It helps me sleep at night knowing that my system is still secure. Now that I know how to use it, I'd never set up a server without it.

However....

If you don't yet know how to use it, it's not going to do you much good, and will likely just end up sending you a whole lotta email that you never even look at.

So, you're best bet right now is just disabling it. Do this:

as root:
chmod a-x /etc/cron.daily/tripwire-check


THEN, and here's the important part, learn how to properly use and configure tripwire. There's a good reference at

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tripwire.html

after that, turn checking back on:
chmod a+x /etc/cron.daily/tripwire-check