Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 19. TripwireNext

19.6. Examining Tripwire Reports

The /usr/sbin/twprint command is used to view encrypted Tripwire reports and databases.

19.6.1. Viewing Tripwire Reports

The twprint -m r command will display the contents of a Tripwire report in clear text. You must, however, tell twprint which report file to display.

A twprint command for printing Tripwire reports looks similar to the following: 

/usr/sbin/twprint -m r --twrfile /var/lib/tripwire/report/<name>.twr

The -m r option in the command directs twprint to decode a Tripwire report. The --twrfile option directs twprint to use a specific Tripwire report file.

The name of the Tripwire report that you want to see includes the name of the host that Tripwire checked to generate the report, plus the creation date and time. You can review previously saved reports at any time. Simply type ls /var/lib/tripwire/report to see a list of Tripwire reports.

Tripwire reports can be rather lengthy, depending upon the number of violations found or errors generated. A sample report starts off like this: 

Tripwire(R) 2.3.0 Integrity Check Report

Report generated by:          root
Report created on:            Fri Jan 12 04:04:42 2001
Database last updated on:     Tue Jan  9 16:19:34 2001

=======================================================================
Report Summary:
=======================================================================
Host name:                    some.host.com
Host IP address:              10.0.0.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/some.host.com.twd
Command line used:            /usr/sbin/tripwire --check 

=======================================================================
Rule Summary: 
=======================================================================
-----------------------------------------------------------------------
Section: Unix File System
-----------------------------------------------------------------------
  Rule Name                Severity Level    Added    Removed  Modified
  ---------                --------------    -----    -------  -------- 
  Invariant Directories    69                0        0        0        
  Temporary directories    33                0        0        0        
* Tripwire Data Files      100               1        0        0        
  Critical devices         100               0        0        0        
  User binaries            69                0        0        0        
  Tripwire Binaries        100               0        0        0

19.6.2. View Tripwire Databases

You can also use twprint to view the entire database or information about selected files in the Tripwire database. This is useful for seeing just how much information Tripwire is tracking on your system.

To view the entire Tripwire database, type this command: 

/usr/sbin/twprint -m d --print-dbfile | less

This command will generate a large amount of output, with the first few lines appearing similar to this: 

Tripwire(R) 2.3.0 Database

Database generated by:        root
Database generated on:        Tue Jan  9 13:56:42 2001
Database last updated on:     Tue Jan  9 16:19:34 2001

=================================================================
Database Summary: 
=================================================================
Host name:                    some.host.com
Host IP address:              10.0.0.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/some.host.com.twd
Command line used:            /usr/sbin/tripwire --init 

=================================================================
Object Summary: 
=================================================================
-----------------------------------------------------------------
# Section: Unix File System
-----------------------------------------------------------------
     Mode        UID          Size       Modify Time
     ------      ----------   ---------- ----------
 /
     drwxr-xr-x  root (0)     XXX        XXXXXXXXXXXXXXXXX
 /bin
     drwxr-xr-x  root (0)     4096       Mon Jan  8 08:20:45 2001
 /bin/arch
     -rwxr-xr-x  root (0)     2844       Tue Dec 12 05:51:35 2000
 /bin/ash
     -rwxr-xr-x  root (0)     64860      Thu Dec  7 22:35:05 2000
 /bin/ash.static
     -rwxr-xr-x  root (0)     405576     Thu Dec  7 22:35:05 2000

To see information about a particular file that Tripwire is tracking, such as /etc/hosts, use the following command: 

/usr/sbin/twprint -m d --print-dbfile /etc/hosts

The result will look similar to this: 

Object name:  /etc/hosts

Property:               Value:                      
-------------           -----------                 
Object Type             Regular File                
Device Number           773                         
Inode Number            216991                      
Mode                    -rw-r--r--                  
Num Links               1                           
UID                     root (0)                    
GID                     root (0)

See man page for twprint for more options.

PrevHomeNext
Running an Integrity CheckUpUpdating the Tripwire Database
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.