You can specify how Tripwire checks your
system by modifying the Tripwire policy file
(twpol.txt). Modifying the policy file to your
particular system configuration increases the usefulness of
Tripwire reports by minimizing false alerts
for files or programs you aren't using but
Tripwire is still reporting as altered or
missing.
Locate the default policy file at
/etc/tripwire/twpol.txt. An example policy file
(located at
/usr/share/doc/tripwire-<version-number>/policyguide.txt)
is included to help you learn the policy language. Read the example policy
file for instructions on how to edit the default policy file.
If you modify the policy file immediately after installing the
tripwire package, be sure to type
/etc/tripwire/twinstall.sh to run the configuration
script. This script signs the modified policy file and renames it to
tw.pol. This is the active policy file used by the
tripwire program when it executes.
If you modify the sample policy file after running the configuration
script, see the section called Updating the Policy File for instructions
on signing it to make the required tw.pol file.
