I have a redhat server which runs tripwire but was giving me the long list of missing 
files in every report. After reading this thread I thought it would be a good idea to 
implement the script written by Chris, BUT I found that as posted it only updated the 
policy with the LAST line of missing files. 

The section 

 for line in `cat tmp.fix2`
 sed "s/.*$line/# &/" "$2" > twpol.txt.fixed

replaces twpol.txt.fixed each time through the loop. 

I replaced this with 

for line in `cat tmp.fix2`
  echo  "s/.*$line/# &/" >> tmp.fix3
  # create a list of substitutions for sed to perform

sed -f tmp.fix3 "$2" > twpol.txt.fixed
# Run sed commenting out ALL missing files from the list 
rm -rf tmp.fix3

I know this could have been done when te tmp.fix2 file was created but this was easier 
for me to write and as it is a script that will only be run once per machine it didnt 
seem worth worrying too much about efficiency. 

I would have used the Perl script also submitted but as it was sent as an attachment 
and I get the list in digest format I couldn't (easily) get it. 

I ran the shell script and now my tripwire reports 0 errors !

> Subject: Re: Tripwire
> From: Chris Cuevas <[EMAIL PROTECTED]>
> To: "RedHat 8.0 list" <[EMAIL PROTECTED]>
> Date: 16 Jan 2003 10:38:11 -0500
> Sent this yesterday not sure why it didn't get posted. Here it is
> again.
> Mike,
> I agree there should be a simpler method. After doing the same
> for about the first ten systems I set up I decided to write a 
> script to
> do all the leg work for me. Here is my twhelp.sh script that should
> make life much simpler for you. Hope this helps out. Any comments or
> ideas for improvement are welcome.
> #! /bin/bash
> #
> # twhelp.sh
> #
> #############################################################
> # #
> # Christopher Cuevas #
> # Nov. 13th 2002 #
> # Florida Center for Library Automation #
> # http://www.fcla.edu #
> # #
> # twhelp will comment out lines from a twpol.txt file when #
> # supplied with a twreport_file and the path to twpol.txt #
> # and create a twpol.txt.fixed file #
> # #
> # usage: twhelp twreport_file path_to_twpol.txt #
> # #
> #############################################################
> if [ $# -eq 0 ]
> then
> echo "Usage: `basename $0` twreport_file path/to/twpol.txt" >&2 
> # Error message to stderr
> exit $E_ARGERROR
> fi
> # Test for correct file type
> type=`eval file $1 | awk '{ print $2 }'`
> # "file $1" echos file type...
> # then awk removes all but the second field
> # the result is fed into the variable "type" and compared to
> "correct_type"
> correct_type="ASCII"
> if [ "$type" != "$correct_type" ]
> then
> echo
> echo "This script only works on non executable ascii files."
> echo
> fi
> cat "$1" | grep Filename: | awk -F: '{ print $2 }' > tmp.fix1
> # awk through the twreport file and create a tmp.fix1 file 
> # with all paths to files that are not on the system
> sed 's/\//\\\//g' tmp.fix1 > tmp.fix2
> # add a \ in front of the path so sed will comment it out correctly
> # output this to tmp.fix2 
> for line in `cat tmp.fix2`
> do
> sed "s/.*$line/# &/" "$2" > twpol.txt.fixed
> done
> # comment out lines from twpol.txt and create twpol.txt.fixed
> rm -rf tmp.fix1
> rm -rf tmp.fix2
> # clean up the tmp.fix files
> exit 0
> On Tue, 2003-01-14 at 18:06, [EMAIL PROTECTED] wrote:
> > 12. Tripwire (Mike Vanecek)
> > -- __--__-- 
> > 
> > Message: 12
> > From: "Mike Vanecek" <[EMAIL PROTECTED]>
> > Subject: Tripwire
> > Date: Tue, 14 Jan 2003 16:10:33 -0600
> > 
> > After doing putting in emailto = root in a dozen places in 
> twpol.txt,
> running
> > the twinstall.sh script, and doing a tripwire -m c, not 
> surprisingly I
> get a
> > report of about 150 file exceptions. I just hate the 
> thought of going
> through
> > and manually editing (commenting out) those exceptions in the
> twpol.txt file
> > and updating. I have tried the -I option, read the doco 4 times, and
> searched
> > google and tripwire.org for information.
> > 
> > Does a simpler method of correcting the twpol.txt file 
> exist than just
> sitting
> > down with the exception report and manually editing. What a pain!
> > 
> > Thanks, Mike.
> > 
> > 
> > 

Psyche-list mailing list

Reply via email to