Installation guide
Chapter 11. Tripwire 155
Since the configuration file does not not alter any Tripwire policies or files tracked by the application,
it is not necessary to regenerate the Tripwire database.
11.10. Tripwire File Location Reference
Before working with Tripwire, you should know where important files for the application are located.
Tripwire stores its files in a variety of places depending on their role.
• Within the /usr/sbin/ directory you will find the following programs:
• tripwire
• twadmin
• twprint
• Within the /etc/tripwire/ directory you will find the following files:
• twinstall.sh — The initialization script for Tripwire.
• twcfg.txt — The sample configuration file supplied by the Tripwire RPM.
• tw.cfg — The signed configuration file created by the twinstall.sh script.
• twpol.txt — The sample policy file supplied by the Tripwire RPM.
• tw.pol — The signed policy file created by the twinstall.sh script.
• Key Files — The local and site keys created by the twinstall.sh script which end with a .key
file extension.
• After running the twinstall.sh installation script you will find the following files in the
/var/lib/tripwire/ directory:
• The Tripwire Database — The database of your system’s files which has a .twd file extension.
• Tripwire Reports — The report/ directory is where Tripwire reports are stored.
The next section explains more about the roles these files play in the Tripwire system.
11.10.1. Tripwire Components
The following describes in more detail the roles the listed in the previous section play in the Tripwire
system.
/etc/tripwire/tw.cfg
This is the encrypted Tripwire configuration file which stores system-specific information,
such as the location of Tripwire data files. The twinstall.sh installer script and twadmin
command generates this file using the information in the text version of the configuration file,
/etc/tripwire/twcfg.txt.
After running the the installation script, the system administrator can change parameters by edit-
ing /etc/tripwire/twcfg.txt and regenerating a signed copy of the tw.cfg file using the
twadmin command. See Section 11.9 for more information on how to do this.