Ubuntu 8.04

Does tripwire have a config file that can schedule integrity checks, or do I have to do it from a cron job?

Have a look at this howto:

http://www.alwanza.com/howto/linux/tripwire.html

It should answer your questions.

JIm

Thanks but it only tells me to "Perform updates regularly (determine your schedule)".

I'm just trying to determine if there is some tripwire setting that does this, or if you need a cronjob. It seems like they would have build something like this into tripwire.

There is a cron job installed when you install tripwire, at least the 64bit version. Look in /etc/cron.daily
there should be a file called tripwire, it is set to run daily and email you the results.

Jim

Yes you are correct. I was reading tripwire's email strategy and it said it send one email for every rule that was broken. I'd rather have one email sent with the full report, so I'll make a script for that.

I built this off of the tripwire daily cron script. I'm trying to check the number of violations.

There's a problem when $tripResult is instantiated with the tripwire report- it doesn't have any newline characters.

This causes grep to not get the line with the number of violations, it just gets the entire report.



#!/bin/sh -e

tripwire=/usr/sbin/tripwire

[ -x $tripwire ] || exit 0

umask 027

tripResult=$($tripwire --check --quiet)

tripViolations=$(echo $tripResult | grep "Total violations found" | awk '{print $4}')

exit 0

I learned that shell variables always remove redundant white space, but is there any way to make them accept the original string without removing redundant white space?