Wiki

User Tools

Site Tools

Trace: remove_device_mapper_usage sender_policy_framework_spf cache_static_files_on_nginx install_mesa_utilities gl_mark_2 local_vs_global_functions two-pass_encoding ping_command_not_found glx-gears third_party_drivers
tripwire:verify_the_tripwire_configuration

This is an old revision of the document!

Tripwire - Verify the Tripwire Configuration

Check to see what the tripwire report looks like and if there are truly no warnings:

The basic syntax for a check is: 

sudo tripwire --check

You should see a report output to your screen specifying that there were no errors or changes found on your system. shows 

Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
The object: "/dev/hugepages" is on a different file system...ignoring.
The object: "/dev/mqueue" is on a different file system...ignoring.
The object: "/dev/shm" is on a different file system...ignoring.
The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
Wrote report file: /var/lib/tripwire/report/server1.sharewiz.net-20161126-110710.twr


Open Source Tripwire(R) 2.4.2.2 Integrity Check Report

Report generated by:          root
Report created on:            Sat 26 Nov 2016 11:07:10 GMT
Database last updated on:     Never

===============================================================================
Report Summary:
===============================================================================

Host name:                    server1.sharewiz.net
Host IP address:              192.168.1.2
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/server1.sharewiz.net.twd
Command line used:            tripwire --check 

===============================================================================
Rule Summary: 
===============================================================================

-------------------------------------------------------------------------------
  Section: Unix File System
-------------------------------------------------------------------------------

  Rule Name                       Severity Level    Added    Removed  Modified 
  ---------                       --------------    -----    -------  -------- 
  Other binaries                  66                0        0        0        
  Tripwire Binaries               100               0        0        0        
  Other libraries                 66                0        0        0        
  Root file-system executables    100               0        0        0        
  Tripwire Data Files             100               0        0        0        
* System boot changes             100               16       0        3        
  (/var/log)
  Root file-system libraries      100               0        0        0        
  (/lib)
  Critical system boot files      100               0        0        0        
  Other configuration files       66                0        0        0        
  (/etc)
  Boot Scripts                    100               0        0        0        
  Security Control                66                0        0        0        
  Root config files               100               0        0        0        
  Devices & Kernel information    100               0        0        0        
  Invariant Directories           66                0        0        0        

Total objects scanned:  121417
Total violations found:  19

===============================================================================
Object Summary: 
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------

Added:
"/var/log/psad/59.27.80.177"
"/var/log/psad/59.27.80.177/danger_level"
"/var/log/psad/59.27.80.177/192.168.1.2_email_alert"
"/var/log/psad/59.27.80.177/192.168.1.2_signatures"
"/var/log/psad/59.27.80.177/192.168.1.2_start_time"
"/var/log/psad/59.27.80.177/192.168.1.2_packet_ctr"
"/var/log/psad/59.27.80.177/email_ctr"
"/var/log/psad/59.27.80.177/59.27.80.177_whois"
"/var/log/psad/220.164.163.75"
"/var/log/psad/220.164.163.75/danger_level"
"/var/log/psad/220.164.163.75/192.168.1.2_email_alert"
"/var/log/psad/220.164.163.75/192.168.1.2_signatures"
"/var/log/psad/220.164.163.75/192.168.1.2_start_time"
"/var/log/psad/220.164.163.75/192.168.1.2_packet_ctr"
"/var/log/psad/220.164.163.75/email_ctr"
"/var/log/psad/220.164.163.75/220.164.163.75_whois"

Modified:
"/var/log/psad"
"/var/log/psad/top_ports"
"/var/log/psad/top_sigs"

===============================================================================
Error Report: 
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***

Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
tripwire/verify_the_tripwire_configuration.1480158626.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki