Tripwire(R) 2.3.0 Integrity Check Report Report generated by: root Report created on: Mon 01 Apr 2002 12:07:04 PM EST Database last updated on: Fri 22 Mar 2002 11:42:50 PM EST =============================================================================== Report Summary: =============================================================================== Host name: Host IP address: x.x.x.x Host ID: Policy file used: /etc/tripwire/tw.pol Configuration file used: /etc/tripwire/tw.cfg Database file used: /var/lib/tripwire/localhost.twd Command line used: /usr/sbin/tripwire --check =============================================================================== Rule Summary: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Invariant Directories 66 0 0 0 Temporary directories 33 0 0 0 Tripwire Data Files 100 0 0 0 Critical devices 100 0 0 0 * User binaries 66 11 0 10 Tripwire Binaries 100 0 0 0 * Critical configuration files 100 0 0 4 * Libraries 66 1 0 1 Shell Binaries 100 0 0 0 File System and Disk Administraton Programs 100 0 0 0 Kernel Administration Programs 100 0 0 0 * Networking Programs 100 0 0 1 System Administration Programs 100 0 0 0 Hardware and Device Control Programs 100 0 0 0 System Information Programs 100 0 0 0 Application Information Programs 100 0 0 0 Shell Releated Programs 100 0 0 0 Critical Utility Sym-Links 100 0 0 0 Critical system boot files 100 0 0 0 * System boot changes 100 21 0 12 * OS executables and libraries 100 2 0 1 Security Control 100 0 0 0 Login Scripts 100 0 0 0 * Operating System Utilities 100 0 0 2 * Root config files 100 2 0 1 Total objects scanned: 8086 Total violations found: 71 =============================================================================== Object Summary: =============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Rule Name: User binaries (/usr/sbin) Severity Level: 66 ------------------------------------------------------------------------------- Added: "/usr/sbin/in.rexedcs" Modified: "/usr/sbin" "/usr/sbin/syslogd" "/usr/sbin/tcpd" ------------------------------------------------------------------------------- Rule Name: Libraries (/usr/lib) Severity Level: 66 ------------------------------------------------------------------------------- Added: "/usr/lib/perl5/man/whatis" Modified: "/usr/lib/perl5/man" ------------------------------------------------------------------------------- Rule Name: User binaries (/usr/bin) Severity Level: 66 ------------------------------------------------------------------------------- Added: "/usr/bin/ct" "/usr/bin/xw" "/usr/bin/xwho" "/usr/bin/xlocate" "/usr/bin/make-ssh-host-key" "/usr/bin/ssh" "/usr/bin/ssh-add" "/usr/bin/ssh-agent" "/usr/bin/ssh-askpass" "/usr/bin/ssh-keygen" Modified: "/usr/bin" "/usr/bin/crontab" "/usr/bin/locate" "/usr/bin/top" "/usr/bin/w" "/usr/bin/who" ------------------------------------------------------------------------------- Rule Name: User binaries (/sbin) Severity Level: 66 ------------------------------------------------------------------------------- Modified: "/sbin" ------------------------------------------------------------------------------- Rule Name: Networking Programs (/sbin/ifconfig) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/sbin/ifconfig" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/log/httpd/access_log.1" "/var/log/httpd/error_log.1" "/var/log/httpd/access_log.2" "/var/log/httpd/error_log.2" "/var/log/messages.1" "/var/log/secure.1" "/var/log/maillog.1" "/var/log/spooler.1" "/var/log/boot.log.1" "/var/log/cron.1" "/var/log/xferlog.1" "/var/log/messages.2" "/var/log/secure.2" "/var/log/maillog.2" "/var/log/spooler.2" "/var/log/boot.log.2" "/var/log/cron.2" "/var/log/xferlog.2" "/var/log/netconf.log.1" "/var/log/wtmp.1" Modified: "/var/log/boot.log" "/var/log/cron" "/var/log/httpd/access_log" "/var/log/httpd/error_log" "/var/log/maillog" "/var/log/messages" "/var/log/netconf.log" "/var/log/secure" "/var/log/spooler" "/var/log/wtmp" "/var/log/xferlog" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/run) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/run/sshd.pid" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/hosts.allow) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/etc/hosts.allow" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/hosts.deny) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/etc/hosts.deny" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/rc.d) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/etc/rc.d/rc.sysinit" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/passwd) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/etc/passwd" ------------------------------------------------------------------------------- Rule Name: OS executables and libraries (/bin) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/bin/xnet" "/bin/xps" Modified: "/bin" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/netstat) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/netstat" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ps) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ps" ------------------------------------------------------------------------------- Rule Name: System boot changes (/dev/log) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/dev/log" ------------------------------------------------------------------------------- Rule Name: Root config files (/root) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/root/mbox" "/root/.net" Modified: "/root"