我已经在 Tripwire 中创建了策略文件,并且还创建了如下所示的规则:
/opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M;
/usr/local/gtech/eseries/ -> $(SEC_CONFIG) +a+c+g+i+s+t+u+l+M ;
运行完整性检查后,输出应为a(Access timestamp),c (Inode timestamp (create/modify),g (File owner's group ID),i (Inode number),s (File size),t (time stamp),u (File owner's user ID),l(File is increasing in size (a "growing file"),M (MD5 hash value)。
我得到如下输出:
[root@xxsi1242 tripwire]# tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/xxsi1242.gtk.gtech.com-20131106-053812.twr
Open Source Tripwire(R) 2.4.1 Integrity Check Report
Report generated by: root
Report created on: Wed 06 Nov 2013 05:38:12 AM EST
Database last updated on: Wed 06 Nov 2013 05:31:17 AM EST
===============================================================================
Report Summary:
===============================================================================
Host name: xxsi1242.gtk.gtech.com
Host IP address: 156.24.65.171
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/xxsi1242.gtk.gtech.com.twd
Command line used: tripwire --check
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
* Tripwire Data Files 100 0 0 1
Tech Stack 100 0 0 0
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
* CLPS bins 100 0 0 2
CLPS Configuration files 100 0 0 0
ESCommon 100 0 0 0
Shell Binaries 100 0 0 0
OS executables and libraries 100 0 0 0
Security Control 100 0 0 0
ESCommon Configuration 100 0 0 0
(/etc/gtech/escommon)
Total objects scanned: 12358
Total violations found: 3
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/etc/tripwire/tw.pol)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/etc/tripwire/tw.pol"
-------------------------------------------------------------------------------
Rule Name: CLPS bins (/opt/jboss/server)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/opt/jboss/server/esapps1/data/hypersonic/localDB.lck"
"/opt/jboss/server/gis/data/hypersonic/localDB.lck"
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
笔记:
在输出中,我仅获取了已修改的文件。我需要详细的输出。但不幸的是,我没有得到我期望的结果。请帮助我进一步处理。
答案1
在命令行中添加“-v”以启用详细模式,是否可以输出您想要的信息?tripwire 报告文件 (*.twr) 是否包含您想要的信息?