需要 Tripwire 帮助

需要 Tripwire 帮助

我已经在 Tripwire 中创建了策略文件,并且还创建了如下所示的规则:

/opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M;

/usr/local/gtech/eseries/ -> $(SEC_CONFIG) +a+c+g+i+s+t+u+l+M ;

运行完整性检查后,输出应为a(Access timestamp),c (Inode timestamp (create/modify),g (File owner's group ID),i (Inode number),s (File size),t (time stamp),u (File owner's user ID),l(File is increasing in size (a "growing file"),M (MD5 hash value)

我得到如下输出:

[root@xxsi1242 tripwire]# tripwire --check
 Parsing policy file: /etc/tripwire/tw.pol
 *** Processing Unix File System ***
 Performing integrity check...
 Wrote report file: /var/lib/tripwire/report/xxsi1242.gtk.gtech.com-20131106-053812.twr


Open Source Tripwire(R) 2.4.1 Integrity Check Report

Report generated by: root
 Report created on: Wed 06 Nov 2013 05:38:12 AM EST
 Database last updated on: Wed 06 Nov 2013 05:31:17 AM EST

===============================================================================
 Report Summary:
 ===============================================================================

Host name: xxsi1242.gtk.gtech.com
 Host IP address: 156.24.65.171
 Host ID: None
 Policy file used: /etc/tripwire/tw.pol
 Configuration file used: /etc/tripwire/tw.cfg
 Database file used: /var/lib/tripwire/xxsi1242.gtk.gtech.com.twd
 Command line used: tripwire --check

===============================================================================
 Rule Summary:
 ===============================================================================

-------------------------------------------------------------------------------
 Section: Unix File System
 -------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified
 --------- -------------- ----- ------- --------
 Invariant Directories 66 0 0 0
 Temporary directories 33 0 0 0
 * Tripwire Data Files 100 0 0 1
 Tech Stack 100 0 0 0
 User binaries 66 0 0 0
 Tripwire Binaries 100 0 0 0
 * CLPS bins 100 0 0 2
 CLPS Configuration files 100 0 0 0
 ESCommon 100 0 0 0
 Shell Binaries 100 0 0 0
 OS executables and libraries 100 0 0 0
 Security Control 100 0 0 0
 ESCommon Configuration 100 0 0 0
 (/etc/gtech/escommon)

Total objects scanned: 12358
 Total violations found: 3

===============================================================================
 Object Summary:
 ===============================================================================

-------------------------------------------------------------------------------
 # Section: Unix File System
 -------------------------------------------------------------------------------

-------------------------------------------------------------------------------
 Rule Name: Tripwire Data Files (/etc/tripwire/tw.pol)
 Severity Level: 100
 -------------------------------------------------------------------------------

Modified:
 "/etc/tripwire/tw.pol"

-------------------------------------------------------------------------------
 Rule Name: CLPS bins (/opt/jboss/server)
 Severity Level: 100
 -------------------------------------------------------------------------------

Modified:
 "/opt/jboss/server/esapps1/data/hypersonic/localDB.lck"
 "/opt/jboss/server/gis/data/hypersonic/localDB.lck"

===============================================================================
 Error Report:
 ===============================================================================

No Errors

-------------------------------------------------------------------------------
 *** End of report ***

笔记:

在输出中,我仅获取了已修改的文件。我需要详细的输出。但不幸的是,我没有得到我期望的结果。请帮助我进一步处理。

答案1

在命令行中添加“-v”以启用详细模式,是否可以输出您想要的信息?tripwire 报告文件 (*.twr) 是否包含您想要的信息?

相关内容