Differences

This shows you the differences between two versions of the page.

--- tripwire:verify_the_tripwire_configuration [2016/11/26 11:10] – created peter
+++ tripwire:verify_the_tripwire_configuration [2019/12/04 21:55] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Tripwire - Verify the Tripwire Configuration ======
-Check to see what the tripwire report looks like and if there are truly no warnings:
-The basic syntax for a check is:
-<code bash>
-sudo tripwire --check
-</code>
-You should see a report output to your screen specifying that there were no errors or changes found on your system.
-shows
-<code>
-Parsing policy file: /etc/tripwire/tw.pol
-*** Processing Unix File System ***
-Performing integrity check...
-The object: "/dev/hugepages" is on a different file system...ignoring.
-The object: "/dev/mqueue" is on a different file system...ignoring.
-The object: "/dev/shm" is on a different file system...ignoring.
-The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
-Wrote report file: /var/lib/tripwire/report/server1.sharewiz.net-20161126-110710.twr
-Open Source Tripwire(R) 2.4.2.2 Integrity Check Report
-Report generated by:          root
-Report created on:            Sat 26 Nov 2016 11:07:10 GMT
-Database last updated on:     Never
-===============================================================================
-Report Summary:
-===============================================================================
-Host name:                    server1.sharewiz.net
-Host IP address:              192.168.1.2
-Host ID:                      None
-Policy file used:             /etc/tripwire/tw.pol
-Configuration file used:      /etc/tripwire/tw.cfg
-Database file used:           /var/lib/tripwire/server1.sharewiz.net.twd
-Command line used:            tripwire --check
-===============================================================================
-Rule Summary:
-===============================================================================
--------------------------------------------------------------------------------
-  Section: Unix File System
--------------------------------------------------------------------------------
-  Rule Name                       Severity Level    Added    Removed  Modified
-  ---------                       --------------    -----    -------  --------
-  Other binaries                  66                0        0        0
-  Tripwire Binaries               100               0        0        0
-  Other libraries                 66                0        0        0
-  Root file-system executables    100               0        0        0
-  Tripwire Data Files             100               0        0        0
-* System boot changes             100               16       0        3
-  (/var/log)
-  Root file-system libraries      100               0        0        0
-  (/lib)
-  Critical system boot files      100               0        0        0
-  Other configuration files       66                0        0        0
-  (/etc)
-  Boot Scripts                    100               0        0        0
-  Security Control                66                0        0        0
-  Root config files               100               0        0        0
-  Devices & Kernel information    100               0        0        0
-  Invariant Directories           66                0        0        0
-Total objects scanned:  121417
-Total violations found:  19
-===============================================================================
-Object Summary:
-===============================================================================
--------------------------------------------------------------------------------
-# Section: Unix File System
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
-Rule Name: System boot changes (/var/log)
-Severity Level: 100
--------------------------------------------------------------------------------
-Added:
-"/var/log/psad/59.27.80.177"
-"/var/log/psad/59.27.80.177/danger_level"
-"/var/log/psad/59.27.80.177/192.168.1.2_email_alert"
-"/var/log/psad/59.27.80.177/192.168.1.2_signatures"
-"/var/log/psad/59.27.80.177/192.168.1.2_start_time"
-"/var/log/psad/59.27.80.177/192.168.1.2_packet_ctr"
-"/var/log/psad/59.27.80.177/email_ctr"
-"/var/log/psad/59.27.80.177/59.27.80.177_whois"
-"/var/log/psad/220.164.163.75"
-"/var/log/psad/220.164.163.75/danger_level"
-"/var/log/psad/220.164.163.75/192.168.1.2_email_alert"
-"/var/log/psad/220.164.163.75/192.168.1.2_signatures"
-"/var/log/psad/220.164.163.75/192.168.1.2_start_time"
-"/var/log/psad/220.164.163.75/192.168.1.2_packet_ctr"
-"/var/log/psad/220.164.163.75/email_ctr"
-"/var/log/psad/220.164.163.75/220.164.163.75_whois"
-Modified:
-"/var/log/psad"
-"/var/log/psad/top_ports"
-"/var/log/psad/top_sigs"
-===============================================================================
-Error Report:
-===============================================================================
-No Errors
--------------------------------------------------------------------------------
-*** End of report ***
-Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
-trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
-for details use --version. This is free software which may be redistributed
-or modified only under certain conditions; see COPYING for details.
-All rights reserved.
-Integrity check complete.
-</code>