Checking and Updating Tripwire
Assuming you already have tripwire installed, here are the basic commands used for checking up on the status of your machine.
Check system integrity
This is usually run as a cronjob, but can also be run manually.
sudo tripwire --check
Update tripwire database
This should be done anytime the system is updated, software is installed or removed, or configuration files are changed. Otherwise, if something changes how will you know if it is your change or someone elses changes?
sudo tripwire --update --twrfile /var/lib/tripwire/report/previous_report.twr
Modifying and updating policy and configuration files
You should not keep plain text copies of your tripwire policy or configuration files laying around. The information in them is stored inside tripwire, and the files themselves can be recreated at any time with the following commands.
twadmin --print-cfgfile > twcfg.txt
twadmin --print-polfile > twpol.txt
To update tripwire, simply make changes to these files, and then reencrypt them.
twadmin --create-cfgfile -S site.key twcfg.txt
twadmin --create-polfile -S site.key twpol.txt
Since the configuration file does not not alter any Tripwire policies or files tracked by the application, it is not necessary to regenerate the Tripwire database.