Red Hat Reset Tripwire Database

Tripwire can be a great tool but when it's not working.  It's like any other tool, mostly useless.  I ran into this situation recently where the server had stopped sending out notifications.  Part of the cause for this was that the tripwire updates could no longer run because the local passphrase was unknown and erroring out.  As a result, the only way to get around this is to regenerate the key files and reinitialize the tripware database.

So, this is a set of simple instructions on how to perform this task on a Red Hat Enterprise Linux (3.9 to be exact) system.

1) Enter the config directory.
    cd /etc/tripwire

2) Rename config and key files just in case you do need them later.  Do this for all key files, some systems will have several.
    mv tw.cfg tw.cfg.DATE
    mv site.key site.key.DATE
    mv servername-local.key servername-local.key.DATE

3) Generate new key files.  Do this for all key files, some systems will have several.
    twadmin -m G –site-keyfile site.key
    twadmin -m G –local-keyfile servername-local.key

4) Generate new config file.
     twadmin –create-cfgfile -S site.key twcfg.txt

5) Generate new policy file.
    twadmin –create-polfile -S site.key twpol.txt

6) Generate tripwire database.
    tripwire –init

7) Run a check.
    tripwire –check

If the check comes back with a screen giving you information that's great news!  At this point your tripwire config should be reset and everything should be operating as expected.

Cheers!