tw.config does not iclude /boot
so kernel images will not be checked.
The twpol.txt in tripwire-2.3-53 includes /boot in the "Critical system boot
files" rule, and creating a file named /boot/newfile after the database is
created causes its existence to be flagged when the system is checked.