Have activated tripwire on several servers now, all are generating their reports daily as expected but on all servers when I try to issue a tripwire --update or tripwire --update -a to update the database they fail with the following message. [root@testserv report]# /usr/sbin/tripwire --update -a ### Error: File could not be opened. ### Filename: /var/lib/tripwire/report/testserv.iul.net-20010203-125754.twr ### No such file or directory ### Exiting... The filename mentioned in the error always differs from any of the report files which are in the /var/lib/tripwire/report directory (insofar as the portion of the filename which in the example above is 125754).
The report filename is generated using the date and time when it was created. Do you have a similarly named file there, or is it just completely wrong?
Yes, that directory contains a whole pile of reports... one every day (as generated by the daily cron job). In the case of the example above I ran a report manually with tripwire --check immediately prior to running the tripwire --update I mention above... the report file it generated and which is in the directory was testsrv.iul.net-20010203-124037.twr
It looks like the RH version of tripwire was coded to use the current date instead of the date of the last report: # date;tripwire --update Thu Feb 8 08:55:25 CST 2001 ### Error: File could not be opened. ### Filename: /var/lib/tripwire/report/workstation-20010208-085525.twr ### No such file or directory ### Exiting... Notice, the seconds exactly matches the date, I do have a whole slew of tripwire reports, last one dated 085101. When I manually specify the last report with: tripwire --update -r /var/lib/tripwire/report/workstation-20010208-085101.twr etc., all works.
Deferring for future investigation.
Since tripwire hasn't been shipped in so long, and these versions aren't supported, so I'm closing the bugs.