Parsing policy file: /etc/tripwire/tw.pol *** Processing Unix File System *** Performing integrity check... Wrote report file: /var/lib/tripwire/report/server1-01.localdomain-20080311-173126.twr Tripwire(R) 2.3.0 Integrity Check Report Report generated by: root Report created on: Tue 11 Mar 2008 05:31:26 PM PST Database last updated on: Tue 04 Mar 2008 06:39:30 PM PST =============================================================================== Report Summary: =============================================================================== Host name: server1-01.localdomain Host IP address: 127.0.0.1 Host ID: None Policy file used: /etc/tripwire/tw.pol Configuration file used: /etc/tripwire/tw.cfg Database file used: /var/lib/tripwire/server1-01.localdomain.twd Command line used: tripwire --check =============================================================================== Rule Summary: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Invariant Directories 66 0 0 0 Temporary directories 33 0 0 0 Tripwire Data Files 100 0 0 0 Critical devices 100 0 0 0 * User binaries 66 0 0 10 Tripwire Binaries 100 0 0 0 * Libraries 66 0 0 2 * Operating System Utilities 100 0 0 42 Critical system boot files 100 0 0 0 * File System and Disk Administraton Programs 100 0 0 13 Kernel Administration Programs 100 0 0 0 * Networking Programs 100 0 0 1 * System Administration Programs 100 0 0 2 * Hardware and Device Control Programs 100 0 0 1 System Information Programs 100 0 0 0 Application Information Programs 100 0 0 0 Shell Related Programs 100 0 0 0 Critical Utility Sym-Links 100 0 0 0 * Shell Binaries 100 0 0 1 * Critical configuration files 100 4 2 2 * System boot changes 100 3 0 58 * OS executables and libraries 100 0 0 6 Security Control 100 0 0 0 Login Scripts 100 0 0 0 * Root config files 100 4 1 24 Total objects scanned: 31660 Total violations found: 176 =============================================================================== Object Summary: =============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Rule Name: User binaries (/usr/sbin) Severity Level: 66 ------------------------------------------------------------------------------- Modified: "/usr/sbin/vmware-checkvm" "/usr/sbin/vmware-guestd" "/usr/sbin/vmware-tools-upgrader" "/usr/sbin/vmware-vmdesched" ------------------------------------------------------------------------------- Rule Name: Libraries (/usr/lib) Severity Level: 66 ------------------------------------------------------------------------------- Modified: "/usr/lib/libvmGuestLib.so" "/usr/lib/libvmGuestLibJava.so" ------------------------------------------------------------------------------- Rule Name: User binaries (/usr/bin) Severity Level: 66 ------------------------------------------------------------------------------- Modified: "/usr/bin/vmware-hgfsclient" "/usr/bin/vmware-toolbox" "/usr/bin/vmware-tpvmlp" "/usr/bin/vmware-user" "/usr/bin/vmware-xferlogs" ------------------------------------------------------------------------------- Rule Name: User binaries (/sbin) Severity Level: 66 ------------------------------------------------------------------------------- Modified: "/sbin/mount.vmhgfs" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/log/pacct.1" "/var/log/.messages.swp" Modified: "/var/log/XFree86.0.log" "/var/log/XFree86.0.log.old" "/var/log/boot.log" "/var/log/boot.log.1" "/var/log/boot.log.2" "/var/log/boot.log.3" "/var/log/boot.log.4" "/var/log/cron" "/var/log/cron.1" "/var/log/cron.2" "/var/log/cron.3" "/var/log/cron.4" "/var/log/gdm/:0.log" "/var/log/gdm/:0.log.1" "/var/log/gdm/:0.log.2" "/var/log/gdm/:0.log.3" "/var/log/gdm/:0.log.4" "/var/log/ksyms.0" "/var/log/ksyms.1" "/var/log/ksyms.2" "/var/log/ksyms.3" "/var/log/ksyms.4" "/var/log/ksyms.5" "/var/log/ksyms.6" "/var/log/maillog" "/var/log/maillog.1" "/var/log/maillog.2" "/var/log/maillog.3" "/var/log/maillog.4" "/var/log/messages" "/var/log/messages.1" "/var/log/messages.2" "/var/log/messages.3" "/var/log/messages.4" "/var/log/pacct" "/var/log/rpmpkgs" "/var/log/rpmpkgs.1" "/var/log/rpmpkgs.2" "/var/log/rpmpkgs.3" "/var/log/rpmpkgs.4" "/var/log/secure" "/var/log/secure.1" "/var/log/secure.2" "/var/log/secure.3" "/var/log/secure.4" "/var/log/spooler" "/var/log/spooler.1" "/var/log/spooler.2" "/var/log/spooler.3" "/var/log/spooler.4" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/lock/subsys/ntpd" Modified: "/var/lock/subsys/local" "/var/lock/subsys/sm-client" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys/anacron) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/lock/subsys/anacron" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys/atd) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/lock/subsys/atd" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys/crond) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/lock/subsys/crond" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys/sendmail) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/lock/subsys/sendmail" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/lock/subsys/xfs) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/lock/subsys/xfs" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/sysconfig) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/etc/sysconfig/iptables.001" "/etc/sysconfig/iptables.002" Modified: "/etc/sysconfig/clock" "/etc/sysconfig/iptables" ------------------------------------------------------------------------------- Rule Name: Critical configuration files (/etc/rc.d) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/etc/rc.d/rc3.d/S58ntpd" "/etc/rc.d/rc5.d/S58ntpd" Removed: "/etc/rc.d/rc3.d/K74ntpd" "/etc/rc.d/rc5.d/K74ntpd" ------------------------------------------------------------------------------- Rule Name: OS executables and libraries (/bin) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/dumpkeys" "/bin/env" "/bin/kbd_mode" "/bin/link" "/bin/setfont" "/bin/unlink" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/chgrp) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/chgrp" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/chmod) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/chmod" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/chown) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/chown" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/cp) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/cp" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/cpio) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/cpio" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/mount) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mount" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/umount) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/umount" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/mkdir) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mkdir" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/mknod) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mknod" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/mktemp) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mktemp" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/rm) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/rm" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/rmdir) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/rmdir" ------------------------------------------------------------------------------- Rule Name: File System and Disk Administraton Programs (/bin/touch) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/touch" ------------------------------------------------------------------------------- Rule Name: Networking Programs (/bin/ping) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ping" ------------------------------------------------------------------------------- Rule Name: System Administration Programs (/bin/pwd) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/pwd" ------------------------------------------------------------------------------- Rule Name: System Administration Programs (/bin/uname) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/uname" ------------------------------------------------------------------------------- Rule Name: Hardware and Device Control Programs (/bin/setserial) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/setserial" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/arch) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/arch" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ash) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ash" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ash.static) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ash.static" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/basename) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/basename" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/cat) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/cat" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/cut) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/cut" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/date) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/date" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/dd) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/dd" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/df) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/df" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/dmesg) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/dmesg" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/doexec) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/doexec" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/echo) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/echo" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ed) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ed" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/false) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/false" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/gawk) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/gawk" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/gettext) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/gettext" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/grep) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/grep" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/gunzip) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/gunzip" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/gzip) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/gzip" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/hostname) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/hostname" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ipcalc) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ipcalc" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/kill) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/kill" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ln) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ln" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/loadkeys) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/loadkeys" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/ls) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/ls" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/mail) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mail" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/more) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/more" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/mt) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mt" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/mv) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/mv" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/netstat) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/netstat" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/nice) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/nice" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/pgawk) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/pgawk" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/rpm) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/rpm" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/sed) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/sed" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/sort) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/sort" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/stty) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/stty" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/sync) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/sync" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/tar) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/tar" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/true) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/true" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/usleep) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/usleep" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/vi) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/vi" ------------------------------------------------------------------------------- Rule Name: Operating System Utilities (/bin/zcat) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/zcat" ------------------------------------------------------------------------------- Rule Name: Shell Binaries (/bin/tcsh) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/bin/tcsh" ------------------------------------------------------------------------------- Rule Name: System boot changes (/dev/tty1) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/dev/tty1" ------------------------------------------------------------------------------- Rule Name: Root config files (/root) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/root/.metacity/sessions/1204929015-1173-3979953072.ms" "/root/tripwire.out" "/root/.xauthJyjJ7K" "/root/tripwire.incident" Removed: "/root/.xauthPnZN7p" Modified: "/root/.fonts.cache-1" "/root/.gconf/apps/nautilus/%gconf.xml" "/root/.gconf/apps/nautilus/preferences/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/clock_applet/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/clock_applet/prefs/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/pager_applet/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/pager_applet/prefs/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/tasklist_applet/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/tasklist_applet/prefs/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/applets/tray_applet/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/email_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/main_menu/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/presentations_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/print_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/spreadsheet_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/web_browser_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/objects/wordprocessor_launcher/%gconf.xml" "/root/.gconf/apps/panel/profiles/default/panels/bottom_panel/%gconf.xml" "/root/.gconf/desktop/gnome/applications/window_manager/%gconf.xml" "/root/.gconfd/saved_state" "/root/.gnome2/share/cursor-fonts/fonts.dir" "/root/.gnome2/share/fonts/fonts.dir" "/root/.tmpdirs/server1-01.localdomain" "/root/.viminfo" =============================================================================== Error Report: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- 1. File system error. Filename: /etc/tripwire/server01.localdomain-local.key No such file or directory ------------------------------------------------------------------------------- *** End of report *** Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. Integrity check complete.