لطفا منتظر باشید ...
Recipe 1.10 Printing the Latest Tripwire Report
1.10.1 Problem
You want to display the
results of the most recent integrity check.
1.10.2 Solution
#!/bin/sh
DIR=/var/lib/tripwire/report
HOST=`hostname -s`
LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
twprint --print-report --twrfile "$LAST_REPORT"
1.10.3 Discussion
Tripwire reports are stored in the location indicated by the
REPORTFILE variable in the Tripwire
configuration file. A common value is:
REPORTFILE = /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
The HOSTNAME variable contains the
hostname of your machine (big surprise), and
DATE is a numeric timestamp such as
20020409-040521 (April 9, 2002, at 4:05:21). So for host trippy , this report filename would be:
/var/lib/tripwire/report/trippy-20020409-040521.twr
When tripwire runs, it can optionally send reports
by email. This notification should not
be considered reliable since email can be suppressed, spoofed, or
otherwise compromised. Instead, get into the habit of examining the
reports yourself.The twprint program can print reports not only for
integrity checks but also for the Tripwire database. To do the
latter:
# twprint --print-dbfile --dbfile /var/lib/tripwire/`hostname -s`.twd
Tripwire(R) 2.3.0 Database
Database generated by: root
Database generated on: Mon Apr 1 22:33:52 2002
Database last updated on: Never
... contents follow ...
1.10.4 See Also
twprint(8).
