Differences

This shows you the differences between two versions of the page.

--- tripwire:verify_the_tripwire_configuration [2016/11/26 11:37] – peter
+++ tripwire:verify_the_tripwire_configuration [2019/12/04 21:55] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Tripwire - Verify the Tripwire Configuration ======
-Check to see what the tripwire report looks like and if there are truly no warnings:
-The basic syntax for a check is:
-<code bash>
-sudo tripwire --check
-</code>
-You should see a report output to your screen specifying that there were no errors or changes found on your system.
-shows
-<code>
-Parsing policy file: /etc/tripwire/tw.pol
-*** Processing Unix File System ***
-Performing integrity check...
-The object: "/dev/hugepages" is on a different file system...ignoring.
-The object: "/dev/mqueue" is on a different file system...ignoring.
-The object: "/dev/shm" is on a different file system...ignoring.
-The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
-Wrote report file: /var/lib/tripwire/report/server1.sharewiz.net-20161126-110710.twr
-Open Source Tripwire(R) 2.4.2.2 Integrity Check Report
-Report generated by:          root
-Report created on:            Sat 26 Nov 2016 11:07:10 GMT
-Database last updated on:     Never
-===============================================================================
-Report Summary:
-===============================================================================
-Host name:                    server1.sharewiz.net
-Host IP address:              192.168.1.2
-Host ID:                      None
-Policy file used:             /etc/tripwire/tw.pol
-Configuration file used:      /etc/tripwire/tw.cfg
-Database file used:           /var/lib/tripwire/server1.sharewiz.net.twd
-Command line used:            tripwire --check
-===============================================================================
-Rule Summary:
-===============================================================================
--------------------------------------------------------------------------------
-  Section: Unix File System
--------------------------------------------------------------------------------
-  Rule Name                       Severity Level    Added    Removed  Modified
-  ---------                       --------------    -----    -------  --------
-  Other binaries                  66                0        0        0
-  Tripwire Binaries               100               0        0        0
-  Other libraries                 66                0        0        0
-  Root file-system executables    100               0        0        0
-  Tripwire Data Files             100               0        0        0
-* System boot changes             100               16       0        3
-  (/var/log)
-  Root file-system libraries      100               0        0        0
-  (/lib)
-  Critical system boot files      100               0        0        0
-  Other configuration files       66                0        0        0
-  (/etc)
-  Boot Scripts                    100               0        0        0
-  Security Control                66                0        0        0
-  Root config files               100               0        0        0
-  Devices & Kernel information    100               0        0        0
-  Invariant Directories           66                0        0        0
-Total objects scanned:  121417
-Total violations found:  19
-===============================================================================
-Object Summary:
-===============================================================================
--------------------------------------------------------------------------------
-# Section: Unix File System
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
-Rule Name: System boot changes (/var/log)
-Severity Level: 100
--------------------------------------------------------------------------------
-Added:
-"/var/log/psad/59.27.80.177"
-"/var/log/psad/59.27.80.177/danger_level"
-"/var/log/psad/59.27.80.177/192.168.1.2_email_alert"
-"/var/log/psad/59.27.80.177/192.168.1.2_signatures"
-"/var/log/psad/59.27.80.177/192.168.1.2_start_time"
-"/var/log/psad/59.27.80.177/192.168.1.2_packet_ctr"
-"/var/log/psad/59.27.80.177/email_ctr"
-"/var/log/psad/59.27.80.177/59.27.80.177_whois"
-"/var/log/psad/220.164.163.75"
-"/var/log/psad/220.164.163.75/danger_level"
-"/var/log/psad/220.164.163.75/192.168.1.2_email_alert"
-"/var/log/psad/220.164.163.75/192.168.1.2_signatures"
-"/var/log/psad/220.164.163.75/192.168.1.2_start_time"
-"/var/log/psad/220.164.163.75/192.168.1.2_packet_ctr"
-"/var/log/psad/220.164.163.75/email_ctr"
-"/var/log/psad/220.164.163.75/220.164.163.75_whois"
-Modified:
-"/var/log/psad"
-"/var/log/psad/top_ports"
-"/var/log/psad/top_sigs"
-===============================================================================
-Error Report:
-===============================================================================
-No Errors
--------------------------------------------------------------------------------
-*** End of report ***
-Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
-trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
-for details use --version. This is free software which may be redistributed
-or modified only under certain conditions; see COPYING for details.
-All rights reserved.
-Integrity check complete.
-</code>
-Notice the following lines near the top of the report.  These indicate that tripwire is not monitoring these, so it would be best to update the Tripwire configuration by including these missing objects.
-<code>
-The object: "/dev/hugepages" is on a different file system...ignoring.
-The object: "/dev/mqueue" is on a different file system...ignoring.
-The object: "/dev/shm" is on a different file system...ignoring.
-The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
-</code>