#!/bin/sh DIR=/var/lib/tripwire/report HOST=`hostname -s` LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1` twprint --print-report --twrfile "$LAST_REPORT"
Tripwire reports are stored in the location indicated by the
REPORTFILE
variable in the Tripwire
configuration file. A common value is:
REPORTFILE = /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
The HOSTNAME
variable contains the
hostname of your machine (big surprise), and
DATE
is a numeric timestamp such as
20020409-040521 (April 9, 2002, at 4:05:21). So for host trippy, this report filename would be:
/var/lib/tripwire/report/trippy-20020409-040521.twr |
When tripwire runs, it can optionally send reports by email. This notification should not be considered reliable since email can be suppressed, spoofed, or otherwise compromised. Instead, get into the habit of examining the reports yourself.
The twprint program can print reports not only for integrity checks but also for the Tripwire database. To do the latter:
# twprint --print-dbfile --dbfile /var/lib/tripwire/`hostname -s`.twd
Tripwire(R) 2.3.0 Database
Database generated by: root
Database generated on: Mon Apr 1 22:33:52 2002
Database last updated on: Never
... contents follow ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.