#62 Tripwire ignores -S (--site-key) parameter in --create-cfgfile mode
Open Source Tripwire(R) 2.4.2.2.2 built for x86_64-unknown-linux-gnu
I'm attempting to create the encrypted configuration file after changing the default site-key location from /etc/tripwire/site.key to /media/cdrom/config/site.key. I am attempting to change this location because the Tripwire manual states explicitly that the encrypted files (configuration and policy) and key should be moved to read-only media once created.
The problem I observe is that the -S (--site-keyfile) switch seems to have no effect in the following command:
# twadmin --create-cfgfile --site-keyfile /etc/tripwire/site.key /etc/tripwire/twcfg.txt
`### Error: File could not be opened.
Filename: /media/cdrom/config/site.key
No such file or directory
Exiting...`
The site-key location that Tripwire is trying to use is the location that is defined in /etc/tripwire/twcfg.txt. This key does not exist yet (I'm intending to move it there once I encrypt this configuration file).
Why is Tripwire trying to use any site-key other than the one I specified with --site-keyfile in the above command? Logically, it makes no sense to use the site-key that is defined in the file that I'm trying to encrypt!
Or am I missing something?
I should note that I was able to work around this quite easily by copying the file to the (incorrectly) expected location, e.g.,
cp /etc/tripwire/site.key /media/cdrom/config/site.key, before attempting to encrypt the configuration file.