I´m at a Debian 4 with tripwire 2.3.1.2 installed. The software is working well except about these:

I add new directory rules to track and the tripwire does the tracking of the directory and the files, but if I add or modify any parameter of an existing directory rule when I type "tripwire --update-policy /path/to/policy/file" I received a big FAILED, I can only update the policy rules if I add or modify a directory rule, I´m not understanding what´s happening.

I checked out the parameters and variables to config a rule, I tested many of them but acording to my tests I thinking there´s no way to track the user who removed a file or directory. Does anybody know any rule to track this?

Thank´s...

If you're using default values for everything and you've made some modifications to your policy text file twpol.txt, you can update the policy with:
Because it uses --secure-mode low, make sure you're confident about the box's security since it ignores changes to files made since the last update.

As far as tracking who changed files/directories goes, I don't think you can do it in tripwire - you'll need something else to do that.

Thank You Very Much !!!
The command worked very well...
About tracking the user who removed a file or directory, do you know any software capable to do this?