LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Tripwire help (https://www.linuxquestions.org/questions/linux-newbie-8/tripwire-help-4175478444/)

perusubbu 09-25-2013 02:24 AM
Tripwire help
 
Hi All,

I have created the rules in twpol.clps.txt(this is my tripwire policy file name.).Please find the rules which I have created in twpol.clps.txt stated below:

=================================================================

# opt tech stack
(
rulename = "Tech Stack ",
severity = $(SIG_HI)
)
{
/opt/java -> $(SEC_BIN) ;
/opt/jboss -> $(SEC_BIN) ;
/opt/ant -> $(SEC_BIN) ;
/opt/ibm-java-x86_64-sdk-6.0-9.2-> $(SEC_BIN) ;
/opt/jboss-eap-4.3-CP09 -> $(SEC_BIN) ;
!/opt/jboss-eap-4.3-CP09/esapps1/tmp ;
!/opt/jboss-eap-4.3-CP09/esapps2/tmp ;
!/opt/jboss-eap-4.3-CP09/gis/tmp ;
!/opt/jboss-eap-4.3-CP09/esapps1/data ;
!/opt/jboss-eap-4.3-CP09/esapps2/data ;
!/opt/jboss-eap-4.3-CP09/gis/data ;
!/opt/jboss-eap-4.3-CP09/esapps1/work ;
!/opt/jboss-eap-4.3-CP09/esapps2/work ;
!/opt/jboss-eap-4.3-CP09/gis/work ;
/opt/apache-ant-1.7.0 -> $(SEC_BIN) ;
}

#####################
# ESCommon
(
rulename = "ESCommon",
severity = $(SIG_HI)
)
{
/usr/local/gtech/eseries/escommon/bin -> $(SEC_BIN) ;
/usr/local/gtech/eseries/escommon/lib -> $(SEC_BIN) ;

}
# ESCommon
(
rulename = "ESCommon Configuration",
severity = $(SIG_HI)
)
{
/etc/gtech/escommon -> $(SEC_CONFIG) ;
}

#####################
# CLPS
# pwd
# Bins
(
rulename = "CLPS bins",
severity = $(SIG_HI)
)
{
/usr/local/gtech/espd/clps/ga-clpsreports/bin -> +p+n+s; $(SEC_BIN);
/usr/local/gtech/espd/clps/ga-clpsreports/lib -> +p+n+s; $(SEC_BIN) ;
/usr/local/gtech/pd/gis/gis-application/target/gis-application.ear -> +p+n+s; $(SEC_BIN) ;
/opt/jboss/server/gis/deploy/ -> +p+m+n+s; $(SEC_BIN) ;
/opt/jboss/server/gis/lib/ -> +p+m+n+s; $(SEC_BIN) ;
}

# Configuration
(
rulename = "CLPS Configuration files",
severity = $(SIG_HI)
)
{
/etc/gtech/mxadapter -> $(SEC_CONFIG) ;
/etc/gtech/ccadapters -> $(SEC_CONFIG) ;
/etc/gtech/ccinternetadapter > $(SEC_CONFIG) ;
/etc/gtech/ga-clpsadmin -> $(SEC_CONFIG) ;
/etc/gtech/ga-clpsreports ->$(SEC_CONFIG) ;
/usr/local/gtech/pd/gis/install/build-common.xml -> $(SEC_CONFIG) ;
/usr/local/gtech/pd/gis/install/build.xml -> $(SEC_CONFIG) ;
/opt/jboss/server/gis/env-config ->$(SEC_CONFIG) ;
/opt/jboss/server/gis/conf -> $(SEC_CONFIG) ;
/usr/local/gtech/eseries/ccadapters/bin/install/jbosssetup.xml -> $(SEC_CONFIG) ;
/usr/local/gtech/eseries/ccinternetadapter/bin/install/jbosssetup.xml -> $(SEC_CONFIG) ;
}

===========================================================

After performing the integrtity check report is not generated properly.I mean it is not scanning the files which I have mentioned in the twpol.clps.txt.

Please find the report which is mentioned below:

========================================================

[root@xxsi1242 tripwire]# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/xxsi1242.gtk.gtech.com-20130925-031456.twr


Open Source Tripwire(R) 2.4.1 Integrity Check Report

Report generated by: root
Report created on: Wed 25 Sep 2013 03:14:56 AM EDT
Database last updated on: Never

===============================================================================
Report Summary:
===============================================================================

Host name: xxsi1242.gtk.gtech.com
Host IP address: 156.24.65.171
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/xxsi1242.gtk.gtech.com.twd
Command line used: tripwire --check

===============================================================================
Rule Summary:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
CLPS 100 0 0 0
CLPS Configuration files 100 0 0 0

Total objects scanned: 523
Total violations found: 0

===============================================================================
Object Summary:
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

No violations.

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***

perusubbu 09-25-2013 03:23 AM
Tripwire Help
 
Hi All,

After performing the integrtity check in Tripwire, report is not generated properly.I mean it is not scanning the files.

Thx
Peru

perusubbu 09-25-2013 08:05 AM
Tripwire help
 
Could any body please help me out the Tripwire file intergrity issue.

Thx
Rama


All times are GMT -5. The time now is 12:30 AM.