It's not that bad. Remember the passphrase is not used as a password,
it is a key that is used to sign the database, config, and policy
files. It does not take that much effort to initialize the database or
sign the config and policy files when you want to change the keys.
I tought that passphrase was used to protect the key, not as a key?
Probably the hardest thing about using tripwire is getting the policy
setup correctly the first time. The default policy is pretty bad since
it usually includes many files that are not installed on a typical
system and the rules in place for the root account and for log files
require much adjustment.
I second that. The default RedHat policy file was horrible. Instead of checking for everything in /bin, /sbin, /etc and other important places (and having exceptions for few "special" files to keep noise low), it had lists of files to check. It generated tons of errors if you didn't had full distro installed, and it had gaping holes in files it hasn't checked (not to mention it was unable to detect addition of files).
If tripwire gets included into the distro again (and it should, there is still no good replacement for it), that default policy file should be built from the scratch.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
