Web page hosting, cheap domain name & website promotion services
  

 Home
Red Hat Linux 7.2: The Official Red Hat Linux Reference Guide
PrevChapter 11. Installing and Configuring TripwireNext

Printing Reports

The twprint -m r command will display the contents of a Tripwire report in clear text. You must tell twprint which report file to display.

A twprint command for printing Tripwire reports looks similar to the following (all on one line): 

/usr/sbin/twprint -m r --twrfile
          /var/lib/tripwire/report/<name>.twr

The -m r option in the command tells twprint to decode a Tripwire report. The --twrfile option tells twprint to use a specific Tripwire report file.

The name of the Tripwire report that you want to see includes the name of the host that Tripwire checked to generate the report, plus the creation date and time. You can review previously saved reports at any time. Simply type ls /var/lib/tripwire/report to see a list of Tripwire reports.

Tripwire reports can be rather lengthy, depending upon the number of violations found or errors generated. A sample report starts off like this: 

Tripwire(R) 2.3.0 Integrity Check Report

Report generated by:          root
Report created on:            Fri Jan 12 04:04:42 2001
Database last updated on:     Tue Jan  9 16:19:34 2001

=======================================================================
Report Summary:
=======================================================================
Host name:                    some.host.com
Host IP address:              10.0.0.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/some.host.com.twd
Command line used:            /usr/sbin/tripwire --check 

=======================================================================
Rule Summary: 
=======================================================================
-----------------------------------------------------------------------
Section: Unix File System
-----------------------------------------------------------------------
  Rule Name                Severity Level    Added    Removed  Modified
  ---------                --------------    -----    -------  -------- 
  Invariant Directories    69                0        0        0        
  Temporary directories    33                0        0        0        
* Tripwire Data Files      100               1        0        0        
  Critical devices         100               0        0        0        
  User binaries            69                0        0        0        
  Tripwire Binaries        100               0        0        0

Using twprint to View the Tripwire Database

You can also use twprint to view the entire database or information about selected files in the Tripwire database. This is useful for seeing just how much information Tripwire is tracking on your system.

To view the entire Tripwire database, type this command: 

/usr/sbin/twprint -m d --print-dbfile | less

This command will generate a large amount of output, with the first few lines appearing similar to this: 

Tripwire(R) 2.3.0 Database

Database generated by:        root
Database generated on:        Tue Jan  9 13:56:42 2001
Database last updated on:     Tue Jan  9 16:19:34 2001

=================================================================
Database Summary: 
=================================================================
Host name:                    some.host.com
Host IP address:              10.0.0.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/some.host.com.twd
Command line used:            /usr/sbin/tripwire --init 

=================================================================
Object Summary: 
=================================================================
-----------------------------------------------------------------
# Section: Unix File System
-----------------------------------------------------------------
     Mode        UID          Size       Modify Time
     ------      ----------   ---------- ----------
 /
     drwxr-xr-x  root (0)     XXX        XXXXXXXXXXXXXXXXX
 /bin
     drwxr-xr-x  root (0)     4096       Mon Jan  8 08:20:45 2001
 /bin/arch
     -rwxr-xr-x  root (0)     2844       Tue Dec 12 05:51:35 2000
 /bin/ash
     -rwxr-xr-x  root (0)     64860      Thu Dec  7 22:35:05 2000
 /bin/ash.static
     -rwxr-xr-x  root (0)     405576     Thu Dec  7 22:35:05 2000

To see information about a particular file that Tripwire is tracking, such as /etc/hosts, type a different twprint command: 

/usr/sbin/twprint -m d --print-dbfile /etc/hosts

The result will look similar to this: 

Object name:  /etc/hosts

Property:               Value:                      
-------------           -----------                 
Object Type             Regular File                
Device Number           773                         
Inode Number            216991                      
Mode                    -rw-r--r--                  
Num Links               1                           
UID                     root (0)                    
GID                     root (0)

See the twprint man page for other options.

PrevHomeNext
Running an Integrity CheckUpUpdating the Database after an Integrity Check
 

 

 

 

Buy Cheap domains and domain register |  Cheap domain registration and transfer 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 

 
Quotes: The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.