I have a redhat server which runs tripwire but was giving me the long list of missing files in every report. After reading this thread I thought it would be a good idea to implement the script written by Chris, BUT I found that as posted it only updated the policy with the LAST line of missing files. The section for line in `cat tmp.fix2` do sed "s/.*$line/# &/" "$2" > twpol.txt.fixed done replaces twpol.txt.fixed each time through the loop. I replaced this with for line in `cat tmp.fix2` do echo "s/.*$line/# &/" >> tmp.fix3 # create a list of substitutions for sed to perform done sed -f tmp.fix3 "$2" > twpol.txt.fixed # Run sed commenting out ALL missing files from the list rm -rf tmp.fix3 I know this could have been done when te tmp.fix2 file was created but this was easier for me to write and as it is a script that will only be run once per machine it didnt seem worth worrying too much about efficiency. I would have used the Perl script also submitted but as it was sent as an attachment and I get the list in digest format I couldn't (easily) get it. I ran the shell script and now my tripwire reports 0 errors ! > > Subject: Re: Tripwire > From: Chris Cuevas <fclcac@nersp.nerdc.ufl.edu> > To: "RedHat 8.0 list" <psyche-list@redhat.com> > Date: 16 Jan 2003 10:38:11 -0500 > Reply-To: psyche-list@redhat.com > Sent this yesterday not sure why it didn't get posted. Here it is > again. > Mike, > I agree there should be a simpler method. After doing the same > for about the first ten systems I set up I decided to write a > script to > do all the leg work for me. Here is my twhelp.sh script that should > make life much simpler for you. Hope this helps out. Any comments or > ideas for improvement are welcome. > #! /bin/bash > # > # twhelp.sh > # > ############################################################# > # # > # Christopher Cuevas # > # fclcac@nersp.nerdc.ufl.edu # > # Nov. 13th 2002 # > # Florida Center for Library Automation # > # http://www.fcla.edu # > # # > # twhelp will comment out lines from a twpol.txt file when # > # supplied with a twreport_file and the path to twpol.txt # > # and create a twpol.txt.fixed file # > # # > # usage: twhelp twreport_file path_to_twpol.txt # > # # > ############################################################# > E_NOARGS=65 > E_ARGERROR=66 > if [ $# -eq 0 ] > then > echo "Usage: `basename $0` twreport_file path/to/twpol.txt" >&2 > # Error message to stderr > exit $E_ARGERROR > fi > # Test for correct file type > type=`eval file $1 | awk '{ print $2 }'` > # "file $1" echos file type... > # then awk removes all but the second field > # the result is fed into the variable "type" and compared to > "correct_type" > correct_type="ASCII" > if [ "$type" != "$correct_type" ] > then > echo > echo "This script only works on non executable ascii files." > echo > fi > cat "$1" | grep Filename: | awk -F: '{ print $2 }' > tmp.fix1 > # awk through the twreport file and create a tmp.fix1 file > # with all paths to files that are not on the system > sed 's/\//\\\//g' tmp.fix1 > tmp.fix2 > # add a \ in front of the path so sed will comment it out correctly > # output this to tmp.fix2 > for line in `cat tmp.fix2` > do > sed "s/.*$line/# &/" "$2" > twpol.txt.fixed > done > # comment out lines from twpol.txt and create twpol.txt.fixed > rm -rf tmp.fix1 > rm -rf tmp.fix2 > # clean up the tmp.fix files > exit 0 > On Tue, 2003-01-14 at 18:06, psyche-list-request@redhat.com wrote: > > 12. Tripwire (Mike Vanecek) > > -- __--__-- > > > > Message: 12 > > From: "Mike Vanecek" <rh_lists@mm-vanecek.com> > > To: psyche-list@redhat.com > > Subject: Tripwire > > Date: Tue, 14 Jan 2003 16:10:33 -0600 > > Reply-To: psyche-list@redhat.com > > > > After doing putting in emailto = root in a dozen places in > twpol.txt, > running > > the twinstall.sh script, and doing a tripwire -m c, not > surprisingly I > get a > > report of about 150 file exceptions. I just hate the > thought of going > through > > and manually editing (commenting out) those exceptions in the > twpol.txt file > > and updating. I have tried the -I option, read the doco 4 times, and > searched > > google and tripwire.org for information. > > > > Does a simpler method of correcting the twpol.txt file > exist than just > sitting > > down with the exception report and manually editing. What a pain! > > > > Thanks, Mike. > > > > > > > -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
