If changes have occured the subject line of the report will show the count of changed items, and the body will list them:-Date: Fri 31 May 2002 05:04:55 +0100 From: "Tripwire(R) 2.3.1.2"To: cs-duty-officer@ncl.ac.uk Subject: TWReport belsay.ncl.ac.uk 20020531050200 V:0 S:0 A:0 R:0 C:0
Until the system is fully deployed, these messages are for information only. If the list of changes becomes large, the internal database can be updated by running one of:-From: root@byerhope.ncl.ac.uk Date: Mon 10 Jun 2002 08:16:16 +0100 To: cs-duty-officer@ncl.ac.uk Subject: TWReport byerhope.ncl.ac.uk 20020610081515 V:112 S:100 A:73 R:0 C:39 Added: "/lib/modules/2.4.9/kernel/drivers/net/e1000.o" ... Added: "/root/e1000-4.1.7/SUMS" Modified: "/root"
If you do want to update the tripwire database, you will need its passphrase from the envelope in my top right hand drawer. Runningtripwire --check -I # on byerhope; or on the others... tripwire --check -c /home/staff1/ncrr/Tripwire/etc/tw.cfg -I -n -s
tripwire --check
as above without the
-I
option will giva a detailed
list of changes, which could be helpful in the event of suspected
problems.