[OT] Tripwire passphrase
Scot L. Harris
webid at cfl.rr.com
Tue Dec 14 04:50:02 UTC 2004
On Mon, 2004-12-13 at 10:42, Aleksandar Milivojevic wrote:
> Scot L. Harris wrote:
> > I believe the only thing you can do is establish a new site and local
> > key file with a new passphrase. In the past I have just created a new
> > local and site key then re-initialized the database. I believe you can
> > still look at the old reports that were generated.
>
> Thanks. I was affraid that will be the only solution :-(
It's not that bad. Remember the passphrase is not used as a password,
it is a key that is used to sign the database, config, and policy
files. It does not take that much effort to initialize the database or
sign the config and policy files when you want to change the keys.
And it is a good thing to change the keys occasionally.
Probably the hardest thing about using tripwire is getting the policy
setup correctly the first time. The default policy is pretty bad since
it usually includes many files that are not installed on a typical
system and the rules in place for the root account and for log files
require much adjustment.
--
Scot L. Harris
webid at cfl.rr.com
Bo Derek ruined my life!
More information about the fedora-list
mailing list