Recipe 1.10 Printing the Latest Tripwire Report
1.10.1 ProblemYou want to display the results of the most recent integrity check. 1.10.2 Solution#!/bin/sh DIR=/var/lib/tripwire/report HOST=`hostname -s` LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1` twprint --print-report --twrfile "$LAST_REPORT" 1.10.3 DiscussionTripwire reports are stored in the location indicated by the REPORTFILE variable in the Tripwire configuration file. A common value is: REPORTFILE = /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr The HOSTNAME variable contains the hostname of your machine (big surprise), and DATE is a numeric timestamp such as 20020409-040521 (April 9, 2002, at 4:05:21). So for host trippy, this report filename would be:
When tripwire runs, it can optionally send reports by email. This notification should not be considered reliable since email can be suppressed, spoofed, or otherwise compromised. Instead, get into the habit of examining the reports yourself. The twprint program can print reports not only for integrity checks but also for the Tripwire database. To do the latter: # twprint --print-dbfile --dbfile /var/lib/tripwire/`hostname -s`.twd Tripwire(R) 2.3.0 Database Database generated by: root Database generated on: Mon Apr 1 22:33:52 2002 Database last updated on: Never ... contents follow ... 1.10.4 See Alsotwprint(8). |
EAN: 2147483647
Pages: 247