logger: Tripwire: MD5 : 413fcf09f7d0a356aa350532fdb3b923 /opt/tripwire/etc/tw.pol
logger: Tripwire: MD5 : 769c0308bcbf747a11f9011f4207dd1e /opt/tripwire/etc/tw.cfg
logger: Tripwire: MD5 : 5c6ed847d2eb3050ced52d6fc68c7cca /opt/tripwire/sbin/tripwire
Note: Report is not encrypted.
Open Source Tripwire(R) 2.4.1 Integrity Check Report
Report generated by: root
Report created on: Tue 05 May 2009 07:43:23 PM EDT
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: bpg.utoledo.edu
Host IP address: 136.247.200.15
Host ID: None
Policy file used: /opt/tripwire/etc/tw.pol
Configuration file used: /opt/tripwire/etc/tw.cfg
Database file used: /opt/tripwire/db/bpg.utoledo.edu.twd
Command line used: /opt/tripwire/sbin/tripwire --check --cfgfile /opt/tripwire/etc/tw.cfg
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
* Tripwire Data Files 100 1 0 0
Critical devices 100 0 0 0
Tripwire Binaries 100 0 0 0
User binaries 66 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Kernel Administration Programs 100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
Critical Utility Sym-Links 100 0 0 0
* Security Control 100 0 0 3
Login Scripts 100 0 0 0
* Critical configuration files 100 0 1 5
* System boot changes 100 2 0 0
OS executables and libraries 100 0 0 0
Operating System Utilities 100 0 0 0
Shell Binaries 100 0 0 0
Libraries 66 0 0 0
Critical system boot files 100 0 0 0
(/boot)
* Root config files 100 1 0 3
Total objects scanned: 24706
Total violations found: 16
===============================================================================
Object Detail:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/opt/tripwire/db)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /opt/tripwire/db/bpg.utoledo.edu.twd
-------------------------------------------------------------------------------
Rule Name: Security Control (/etc/group)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/group
Property: Expected Observed
------------- ----------- -----------
* Size 863 1153
* Modify Time Tue 05 May 2009 06:35:05 PM EDT
Tue 05 May 2009 06:41:21 PM EDT
* Change Time Tue 05 May 2009 06:35:05 PM EDT
Tue 05 May 2009 06:41:21 PM EDT
* CRC32 Bs7ht/ CB55gW
* MD5 AN46QNL/+e+84mSvS1nwLy AVM1qpSbtJRS2SRZHM0Vzb
-------------------------------------------------------------------------------
Rule Name: Security Control (/etc/security)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /etc/security/ca/ca.serial
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue 05 May 2009 06:21:25 PM EDT
Tue 05 May 2009 07:42:58 PM EDT
* Change Time Tue 05 May 2009 06:21:25 PM EDT
Tue 05 May 2009 07:42:58 PM EDT
* CRC32 Dg1W63 C1alBy
* MD5 BysqyQ9/P/B1qTfWvo/D3D D5px/t6BfPYwQ5TEo56FkN
Modified object name: /etc/security/ca/new-certs
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue 05 May 2009 06:21:23 PM EDT
Tue 05 May 2009 07:42:58 PM EDT
* Change Time Tue 05 May 2009 06:21:24 PM EDT
Tue 05 May 2009 07:42:58 PM EDT
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/httpd/conf)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /etc/httpd/conf
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue 05 May 2009 06:21:30 PM EDT
Tue 05 May 2009 07:32:27 PM EDT
Modified object name: /etc/httpd/conf/httpd.conf
Property: Expected Observed
------------- ----------- -----------
* Size 33752 34146
* Modify Time Tue 05 May 2009 06:20:31 PM EDT
Tue 05 May 2009 07:32:26 PM EDT
* CRC32 DBxl3h CtJkQl
* MD5 AyUN4M08Mbmptd/irSzg6v CjrJnHGleumibmxi9UnIHH
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/rc.d)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Removed Objects: 1
----------------------------------------
Removed object name: /etc/rc.d/rocksconfig.d/post-99-tripwire
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/rc.d/rocksconfig.d
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue 05 May 2009 06:31:38 PM EDT
Tue 05 May 2009 06:36:43 PM EDT
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/group-)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/group-
Property: Expected Observed
------------- ----------- -----------
* Size 855 1126
* Modify Time Tue 05 May 2009 06:34:58 PM EDT
Tue 05 May 2009 06:41:09 PM EDT
* CRC32 ANx+93 ALNixG
* MD5 DLN/MT7LNL+4VzwKuleYRR DiIw6wlZEhACuuRBlBPQv0
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/passwd)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/passwd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 1086514 1086507
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 2
----------------------------------------
Added object name: /var/log/httpd/suexec.log
Added object name: /var/log/rpmpkgs
-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 3
----------------------------------------
Modified object name: /root
Property: Expected Observed
------------- ----------- -----------
* Change Time Tue 05 May 2009 06:26:09 PM EDT
Tue 05 May 2009 06:54:33 PM EDT
Modified object name: /root/.gconfd
Property: Expected Observed
------------- ----------- -----------
* Change Time Tue 05 May 2009 06:26:48 PM EDT
Tue 05 May 2009 06:46:18 PM EDT
Modified object name: /root/.gconfd/saved_state
Property: Expected Observed
------------- ----------- -----------
* Inode Number 3786262 3786308
* Change Time Tue 05 May 2009 06:26:48 PM EDT
Tue 05 May 2009 06:46:18 PM EDT
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.bash_history)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.bash_history
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.