by Hi!
I'm running Tripwire 1.2 on a Solaris 2.5_x86 box. I am finding it
impossible to inform Tripwire that a file has changed.
Example: I recently added a user to the system. Therefore,
obviously, /etc/passwd and /etc/shadow changed (among other things).
I ran tripwire -interactive, and it told me about those changes. So
far, so good.
I acknowledged the changes, and asked tripwire to update its
database. It ran itself again automatically, like it is suppsed to,
feeding itself the "-update" option with all of the right arguments (I
presume). But it did *NOT* update the database. The old md5
signature is still there. What the heck? What's going on here? I
tried running tripwire manually from the command line, with "-update
/etc/passwd" as arguments. It *STILL* won't update the database.
What the heck am I doing wrong?
I know about the fact that tripwire writes its database to the
directory ./databases. I know about moving that file to the place
where tripwire expects to find its database. But I can manually
examine that file, and the md5 signature for the /etc/passwd file is
the *old* one!
Help!!11!
Thanks! :-)
--
------------------+--------------------------------------------
Mark K. Pettit | SpamGard(tm) in effect. To send me mail,
------------------+--------------------------------------------