LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2013, 03:24 AM   #1
perusubbu
LQ Newbie
 
Registered: Sep 2013
Posts: 13

Rep: Reputation: Disabled
Tripwire help


Hi All,

I have created the rules in twpol.clps.txt(this is my tripwire policy file name.).Please find the rules which I have created in twpol.clps.txt stated below:

=================================================================

# opt tech stack
(
rulename = "Tech Stack ",
severity = $(SIG_HI)
)
{
/opt/java -> $(SEC_BIN) ;
/opt/jboss -> $(SEC_BIN) ;
/opt/ant -> $(SEC_BIN) ;
/opt/ibm-java-x86_64-sdk-6.0-9.2-> $(SEC_BIN) ;
/opt/jboss-eap-4.3-CP09 -> $(SEC_BIN) ;
!/opt/jboss-eap-4.3-CP09/esapps1/tmp ;
!/opt/jboss-eap-4.3-CP09/esapps2/tmp ;
!/opt/jboss-eap-4.3-CP09/gis/tmp ;
!/opt/jboss-eap-4.3-CP09/esapps1/data ;
!/opt/jboss-eap-4.3-CP09/esapps2/data ;
!/opt/jboss-eap-4.3-CP09/gis/data ;
!/opt/jboss-eap-4.3-CP09/esapps1/work ;
!/opt/jboss-eap-4.3-CP09/esapps2/work ;
!/opt/jboss-eap-4.3-CP09/gis/work ;
/opt/apache-ant-1.7.0 -> $(SEC_BIN) ;
}

#####################
# ESCommon
(
rulename = "ESCommon",
severity = $(SIG_HI)
)
{
/usr/local/gtech/eseries/escommon/bin -> $(SEC_BIN) ;
/usr/local/gtech/eseries/escommon/lib -> $(SEC_BIN) ;

}
# ESCommon
(
rulename = "ESCommon Configuration",
severity = $(SIG_HI)
)
{
/etc/gtech/escommon -> $(SEC_CONFIG) ;
}

#####################
# CLPS
# pwd
# Bins
(
rulename = "CLPS bins",
severity = $(SIG_HI)
)
{
/usr/local/gtech/espd/clps/ga-clpsreports/bin -> +p+n+s; $(SEC_BIN);
/usr/local/gtech/espd/clps/ga-clpsreports/lib -> +p+n+s; $(SEC_BIN) ;
/usr/local/gtech/pd/gis/gis-application/target/gis-application.ear -> +p+n+s; $(SEC_BIN) ;
/opt/jboss/server/gis/deploy/ -> +p+m+n+s; $(SEC_BIN) ;
/opt/jboss/server/gis/lib/ -> +p+m+n+s; $(SEC_BIN) ;
}

# Configuration
(
rulename = "CLPS Configuration files",
severity = $(SIG_HI)
)
{
/etc/gtech/mxadapter -> $(SEC_CONFIG) ;
/etc/gtech/ccadapters -> $(SEC_CONFIG) ;
/etc/gtech/ccinternetadapter > $(SEC_CONFIG) ;
/etc/gtech/ga-clpsadmin -> $(SEC_CONFIG) ;
/etc/gtech/ga-clpsreports ->$(SEC_CONFIG) ;
/usr/local/gtech/pd/gis/install/build-common.xml -> $(SEC_CONFIG) ;
/usr/local/gtech/pd/gis/install/build.xml -> $(SEC_CONFIG) ;
/opt/jboss/server/gis/env-config ->$(SEC_CONFIG) ;
/opt/jboss/server/gis/conf -> $(SEC_CONFIG) ;
/usr/local/gtech/eseries/ccadapters/bin/install/jbosssetup.xml -> $(SEC_CONFIG) ;
/usr/local/gtech/eseries/ccinternetadapter/bin/install/jbosssetup.xml -> $(SEC_CONFIG) ;
}

===========================================================

After performing the integrtity check report is not generated properly.I mean it is not scanning the files which I have mentioned in the twpol.clps.txt.

Please find the report which is mentioned below:

========================================================

[root@xxsi1242 tripwire]# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/xxsi1242.gtk.gtech.com-20130925-031456.twr


Open Source Tripwire(R) 2.4.1 Integrity Check Report

Report generated by: root
Report created on: Wed 25 Sep 2013 03:14:56 AM EDT
Database last updated on: Never

===============================================================================
Report Summary:
===============================================================================

Host name: xxsi1242.gtk.gtech.com
Host IP address: 156.24.65.171
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/xxsi1242.gtk.gtech.com.twd
Command line used: tripwire --check

===============================================================================
Rule Summary:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
CLPS 100 0 0 0
CLPS Configuration files 100 0 0 0

Total objects scanned: 523
Total violations found: 0

===============================================================================
Object Summary:
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

No violations.

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***
 
Old 09-25-2013, 04:23 AM   #2
perusubbu
LQ Newbie
 
Registered: Sep 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled
Tripwire Help

Hi All,

After performing the integrtity check in Tripwire, report is not generated properly.I mean it is not scanning the files.

Thx
Peru
 
Old 09-25-2013, 09:05 AM   #3
perusubbu
LQ Newbie
 
Registered: Sep 2013
Posts: 13

Original Poster
Rep: Reputation: Disabled
Tripwire help

Could any body please help me out the Tripwire file intergrity issue.

Thx
Rama
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire, where can I get it? linuxistan Linux - Networking 1 10-19-2004 11:12 PM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 06:52 PM
Tripwire MrJoshua Linux - Software 1 07-16-2003 10:33 AM
Tripwire pk21 Linux - Security 5 06-08-2003 10:43 AM
Tripwire? janderson622 Linux - Security 2 05-01-2001 01:33 PM


All times are GMT -5. The time now is 06:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration