Hi, I want to automate my tripwire log reporting through email but having it send me an email every tem minutes even when it hasn't found anything is a bit annoying. What I want ot do is parse through the viplation statistics and of any of them are greater than 0, THEN email it. Here is an attachement of my script as such and a tripwire report
thanks . -- Mat Harris OpenGPG Public Key ID: CC14DD34 [EMAIL PROTECTED] matthewh.genestate.i989.net
#!/usr/bin/perl
system("/usr/sbin/tripwire --check -r /tmp/tripwire-report.txt");
@report = `cat /tmp/tripwire-report.txt`;
@rules = ("Invariant Directories",
"Temporary directories",
"Tripwire Data Files",
"Critical devices",
"User binaries",
"Tripwire Binaries",
"Critical configuration files",
"Libraries",
"Operating System Utilities",
"Critical system boot files",
"File System and Disk Administraton Programs",
"Kernel Administration Programs",
"Networking Programs",
"System Administration Programs",
"Hardware and Device Control Programs",
"System Information Programs",
"Application Information Programs",
"Shell Related Programs",
"Critical Utility Sym-Links",
"Shell Binaries",
"System boot changes",
"OS executables and libraries",
"Security Control",
"Login Scripts",
"Root config files");
$sendmail=0;
foreach $reports(@report){
foreach $rule(@rules){
if($reports =~ m/$rule/){
($rule,$severity,$added,$removed,$modified) = split(/\s{2,}/);
if($added > 0 || $removed > 0 || $modified > 0){
$sendmail=1;
}
}
}
}
if($sendmail ne 0){
open (MAIL,"|/usr/lib/sendmail -t -i" || die "Couldn't open sendmail, $!\n");
print MAIL "To: <root>\n";
print MAIL "From: tripwire daemon\n";
print MAIL "Subject: Tripwire Alert\n\n";
print MAIL "@report\n";
close MAIL;
}
msg28984/bin00000.bin
Description: PGP Key 0xCC14DD34.
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/maiden.genestate.com-20020811-211008.twr
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Sun 11 Aug 2002 21:10:08 BST
Database last updated on: Sun 11 Aug 2002 15:04:24 BST
===============================================================================
Report Summary:
===============================================================================
Host name: maiden.genestate.com
Host IP address: 127.0.0.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/maiden.genestate.com.twd
Command line used: tripwire --check
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
Tripwire Data Files 100 0 0 0
Critical devices 100 0 0 0
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
Critical configuration files 100 0 0 0
Libraries 66 0 0 0
Operating System Utilities 100 0 0 0
Critical system boot files 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Kernel Administration Programs 100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
Shell Related Programs 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
System boot changes 100 0 0 0
OS executables and libraries 100 0 0 0
Security Control 100 0 0 0
Login Scripts 100 0 0 0
Root config files 100 0 0 0
Total objects scanned: 44416
Total violations found: 0
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
No violations.
===============================================================================
Error Report:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
1. File system error.
Filename: /etc/tripwire/localhost-local.key
No such file or directory
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
msg28984/pgp00000.pgp
Description: PGP signature
