LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-06-2013, 05:56 AM   #1
perusubbu
LQ Newbie
 
Registered: Sep 2013
Posts: 13

Rep: Reputation: Disabled
Tripwire Issue


Dear All,

I have created the ploicy file in Tripwire and also I have created the rules as well mentioned below:

/opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M;

/usr/local/gtech/eseries/ -> $(SEC_CONFIG) +a+c+g+i+s+t+u+l+M ;


After running the integrity check the output should be a(Access timestamp),c (Inode timestamp (create/modify),g (File owner's group ID),i (Inode number),s (File size),t (time stamp),u (File owner's user ID),l(File is increasing in size (a "growing file"),M (MD5 hash value).Iam getting the output as below:

=======================================================

[root@xxsi1242 tripwire]# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/xxsi1242.gtk.gtech.com-20131106-053812.twr


Open Source Tripwire(R) 2.4.1 Integrity Check Report

Report generated by: root
Report created on: Wed 06 Nov 2013 05:38:12 AM EST
Database last updated on: Wed 06 Nov 2013 05:31:17 AM EST

===============================================================================
Report Summary:
===============================================================================

Host name: xxsi1242.gtk.gtech.com
Host IP address: 156.24.65.171
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/xxsi1242.gtk.gtech.com.twd
Command line used: tripwire --check

===============================================================================
Rule Summary:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
* Tripwire Data Files 100 0 0 1
Tech Stack 100 0 0 0
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
* CLPS bins 100 0 0 2
CLPS Configuration files 100 0 0 0
ESCommon 100 0 0 0
Shell Binaries 100 0 0 0
OS executables and libraries 100 0 0 0
Security Control 100 0 0 0
ESCommon Configuration 100 0 0 0
(/etc/gtech/escommon)

Total objects scanned: 12358
Total violations found: 3

===============================================================================
Object Summary:
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/etc/tripwire/tw.pol)
Severity Level: 100
-------------------------------------------------------------------------------

Modified:
"/etc/tripwire/tw.pol"

-------------------------------------------------------------------------------
Rule Name: CLPS bins (/opt/jboss/server)
Severity Level: 100
-------------------------------------------------------------------------------

Modified:
"/opt/jboss/server/esapps1/data/hypersonic/localDB.lck"
"/opt/jboss/server/gis/data/hypersonic/localDB.lck"

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***

Note:

Iam getting the output only the files which are modifyed.I need the detail output for this.But unfortunately iam not getting as expected.Please help me to proced further.

Thx
Rama
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tripwire issue perusubbu Linux - Newbie 3 09-27-2013 01:34 PM
Tripwire help perusubbu Linux - Newbie 2 09-25-2013 09:05 AM
Tripwire Obie Linux - Security 2 09-23-2004 05:22 PM
I need tripwire help Darkangel90 Slackware 2 04-22-2004 02:15 AM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 06:52 PM


All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration