logger: Tripwire: MD5 : 43d015eaf9589f1e5e87dda7fd6c0b00 /opt/tripwire/etc/tw.pol
logger: Tripwire: MD5 : fd4c4af9a148c6795a5de297f91fc9d9 /opt/tripwire/etc/tw.cfg
logger: Tripwire: MD5 : 261c45019bb42c9ef9e61639720b16a8 /opt/tripwire/bin/tripwire
Note: Report is not encrypted.
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Fri Jan 6 04:02:25 2006
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: rocks-52.sdsc.edu
Host IP address: 198.202.88.52
Host ID: None
Policy file used: /opt/tripwire/etc/tw.pol
Configuration file used: /opt/tripwire/etc/tw.cfg
Database file used: /opt/tripwire/db/rocks-52.sdsc.edu.twd
Command line used: /opt/tripwire/bin/tripwire --check --cfgfile /opt/tripwire/etc/tw.cfg
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
* Tripwire Data Files 100 1 0 0
Critical devices 100 0 0 0
Tripwire Binaries 100 0 0 0
OS executables and libraries 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Operating System Utilities 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
* Security Control 100 0 0 3
Login Scripts 100 0 0 0
* Critical configuration files 100 0 1 4
* System boot changes 100 63 1 17
* User binaries 66 3 0 1
Kernel Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
* Libraries 66 4 0 1
Critical system boot files 100 0 0 0
(/boot)
* Root config files 100 81 0 1
Total objects scanned: 26981
Total violations found: 181
===============================================================================
Object Detail:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/opt/tripwire/db)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /opt/tripwire/db/rocks-52.sdsc.edu.twd
-------------------------------------------------------------------------------
Rule Name: Security Control (/etc/group)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/group
Property: Expected Observed
------------- ----------- -----------
* Inode Number 510344 509971
* Size 607 1254
* Modify Time Tue Dec 13 10:56:04 2005 Fri Dec 16 11:37:43 2005
* Change Time Tue Dec 13 10:56:04 2005 Fri Dec 16 11:37:43 2005
* CRC32 B6unq/ Dto+5J
* MD5 CvCOooDPxRgKZo6RUiUc9T BvgQs23+wrmvpGbiUfLlB/
-------------------------------------------------------------------------------
Rule Name: Security Control (/etc/security)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /etc/security/ca/ca.serial
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 10:49:22 2005 Tue Dec 13 19:26:36 2005
* Change Time Tue Dec 13 10:49:22 2005 Tue Dec 13 19:26:36 2005
* CRC32 Dg1W63 AnWLh3
* MD5 BysqyQ9/P/B1qTfWvo/D3D BztMIOWY1rSV3nUVrU6i/c
Modified object name: /etc/security/ca/new-certs
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 10:49:20 2005 Tue Dec 13 19:26:36 2005
* Change Time Tue Dec 13 10:49:21 2005 Tue Dec 13 19:26:36 2005
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/rc.d)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Removed Objects: 1
----------------------------------------
Removed object name: /etc/rc.d/rocksconfig.d/post-99-tripwire
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/rc.d/rocksconfig.d
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 10:59:00 2005 Tue Dec 13 11:01:56 2005
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/sysconfig)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /etc/sysconfig
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 10:49:42 2005 Tue Dec 13 21:01:05 2005
Modified object name: /etc/sysconfig/iptables
Property: Expected Observed
------------- ----------- -----------
* Inode Number 509971 510429
* Size 1057 1055
* Modify Time Tue Dec 13 10:49:23 2005 Tue Dec 13 21:01:03 2005
* CRC32 DuL6gP CIa/qU
* MD5 C0X3/8Qa2o2WugKfzRvJzs DqefhsaGBTER3yoHL6ktqX
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/group-)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/group-
Property: Expected Observed
------------- ----------- -----------
* Size 593 1239
* Modify Time Tue Dec 13 10:49:18 2005 Wed Dec 14 12:40:58 2005
* CRC32 CulqO3 A8Tu4j
* MD5 DrXH7wKWwu0pNZLG7mvfxK A3NwxjryKsZj/uEq946TQ7
-------------------------------------------------------------------------------
Rule Name: User binaries (/usr/bin)
Severity Level: 66
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 3
----------------------------------------
Added object name: /usr/bin/texi2dvi
Added object name: /usr/bin/makeinfo
Added object name: /usr/bin/texindex
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /usr/bin
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 11:00:49 2005 Mon Dec 19 04:02:44 2005
-------------------------------------------------------------------------------
Rule Name: Libraries (/usr/lib)
Severity Level: 66
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 4
----------------------------------------
Added object name: /usr/lib/libgd.so
Added object name: /usr/lib/libaudit.a
Added object name: /usr/lib/libgd.a
Added object name: /usr/lib/libaudit.so
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /usr/lib
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Dec 13 11:00:45 2005 Wed Dec 28 04:02:31 2005
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 63
----------------------------------------
Added object name: /var/log/httpd/error_log.1
Added object name: /var/log/httpd/access_log.1
Added object name: /var/log/httpd/ssl_request_log.1
Added object name: /var/log/httpd/ssl_access_log.3
Added object name: /var/log/httpd/access_log.2
Added object name: /var/log/httpd/error_log.2
Added object name: /var/log/httpd/ssl_access_log.2
Added object name: /var/log/httpd/ssl_request_log.2
Added object name: /var/log/httpd/ssl_error_log.3
Added object name: /var/log/httpd/error_log.3
Added object name: /var/log/httpd/ssl_request_log.3
Added object name: /var/log/httpd/ssl_error_log.2
Added object name: /var/log/httpd/access_log.3
Added object name: /var/log/httpd/ssl_error_log.1
Added object name: /var/log/httpd/ssl_access_log.1
Added object name: /var/log/cups/error_log.1
Added object name: /var/log/sa/sar04
Added object name: /var/log/sa/sar31
Added object name: /var/log/sa/sar03
Added object name: /var/log/sa/sar30
Added object name: /var/log/sa/sa31
Added object name: /var/log/sa/sa03
Added object name: /var/log/sa/sa05
Added object name: /var/log/sa/sar29
Added object name: /var/log/sa/sa29
Added object name: /var/log/sa/sa02
Added object name: /var/log/sa/sar01
Added object name: /var/log/sa/sa01
Added object name: /var/log/sa/sar02
Added object name: /var/log/sa/sa04
Added object name: /var/log/sa/sar28
Added object name: /var/log/sa/sa30
Added object name: /var/log/sa/sa06
Added object name: /var/log/sa/sar05
Added object name: /var/log/spooler.3
Added object name: /var/log/maillog.3
Added object name: /var/log/boot.log.2
Added object name: /var/log/rpmpkgs
Added object name: /var/log/spooler.1
Added object name: /var/log/messages.2
Added object name: /var/log/rpmpkgs.3
Added object name: /var/log/secure.3
Added object name: /var/log/messages.3
Added object name: /var/log/secure.1
Added object name: /var/log/mysqld.log.3
Added object name: /var/log/cron.3
Added object name: /var/log/mysqld.log.2
Added object name: /var/log/wtmp.1
Added object name: /var/log/snmpd.log.1
Added object name: /var/log/rpmpkgs.2
Added object name: /var/log/maillog.2
Added object name: /var/log/cron.1
Added object name: /var/log/mysqld.log.1
Added object name: /var/log/boot.log.3
Added object name: /var/log/cron.2
Added object name: /var/log/snmpd.log.3
Added object name: /var/log/spooler.2
Added object name: /var/log/boot.log.1
Added object name: /var/log/rpmpkgs.1
Added object name: /var/log/snmpd.log.2
Added object name: /var/log/maillog.1
Added object name: /var/log/secure.2
Added object name: /var/log/messages.1
----------------------------------------
Removed Objects: 1
----------------------------------------
Removed object name: /var/log/sa/sa13
----------------------------------------
Modified Objects: 15
----------------------------------------
Modified object name: /var/log/boot.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 476452 476677
Modified object name: /var/log/cron
Property: Expected Observed
------------- ----------- -----------
* Inode Number 476455 476678
Modified object name: /var/log/cups/error_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 491956 497690
Modified object name: /var/log/httpd/access_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 497685 498630
Modified object name: /var/log/httpd/error_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 497683 498631
Modified object name: /var/log/httpd/ssl_access_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 497686 498632
Modified object name: /var/log/httpd/ssl_error_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 497684 498633
Modified object name: /var/log/httpd/ssl_request_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 497687 498634
Modified object name: /var/log/maillog
Property: Expected Observed
------------- ----------- -----------
* Inode Number 474654 476675
Modified object name: /var/log/messages
Property: Expected Observed
------------- ----------- -----------
* Inode Number 474652 476670
Modified object name: /var/log/mysqld.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 475273 476662
Modified object name: /var/log/secure
Property: Expected Observed
------------- ----------- -----------
* Inode Number 474653 476674
Modified object name: /var/log/snmpd.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 476484 476673
Modified object name: /var/log/spooler
Property: Expected Observed
------------- ----------- -----------
* Inode Number 474655 476676
Modified object name: /var/log/wtmp
Property: Expected Observed
------------- ----------- -----------
* Inode Number 475395 476679
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/run)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /var/run/dhcpd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 476276 476500
Modified object name: /var/run/snmpd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 476487 476680
-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 76
----------------------------------------
Added object name: /root/BUILD
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/Makefile
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/install-sh
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/config.sub
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/mkinstalldirs
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/config.guess
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-ssl-utils.pl
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/configure
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/grid-security.conf.02c4bb32
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/02c4bb32.signing_policy
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/Makefile.am
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/02c4bb32.0
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/globus_automake_pre_top
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/globus-ssl.conf
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/missing
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/Makefile.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-gsi.pl
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-ssl-utils.02c4bb32
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/grid-security-config.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/config.log
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-ssl-utils-sh-scripts.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/globus_automake_post_top
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/ltconfig
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/config.cache
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/aclocal.m4
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/grid-cert-request-config.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/bootstrap
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/ltmain.sh
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/globus_automake_pre
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-ssl-utils-sh-scripts
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/configure.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-ssl-utils
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/setup-gsi
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/Makefile
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/Makefile.am
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/Makefile.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_src.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_rtl.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_doc.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_data.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_pgm_static.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_pgm.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_pgm.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_rtl.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_doc.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/master.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_src.gpt.in
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_dev.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_pgm_static.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/pkg_data_noflavor_dev.gpt
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/pkgdata/noflavor_data.filelist
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/globus_automake_post
Added object name: /root/BUILD/globus_simple_ca_02c4bb32_setup-0.18/config.status
Added object name: /root/build.log
Added object name: /root/.rnd
Added object name: /root/.mysql_history
Added object name: /root/.globus
Added object name: /root/.globus/simpleCA
Added object name: /root/.globus/simpleCA/serial
Added object name: /root/.globus/simpleCA/index.txt
Added object name: /root/.globus/simpleCA/crl
Added object name: /root/.globus/simpleCA/private
Added object name: /root/.globus/simpleCA/private/cakey.pem
Added object name: /root/.globus/simpleCA/globus_simple_ca_02c4bb32_setup-0.18.tar.gz
Added object name: /root/.globus/simpleCA/newcerts
Added object name: /root/.globus/simpleCA/newcerts/01.pem
Added object name: /root/.globus/simpleCA/newcerts/02.pem
Added object name: /root/.globus/simpleCA/index.txt.attr
Added object name: /root/.globus/simpleCA/grid-ca-ssl.conf
Added object name: /root/.globus/simpleCA/serial.old
Added object name: /root/.globus/simpleCA/certs
Added object name: /root/.globus/simpleCA/cacert.pem
Added object name: /root/.globus/simpleCA/index.txt.attr.old
Added object name: /root/.globus/simpleCA/index.txt.old
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /root
Property: Expected Observed
------------- ----------- -----------
* Num Links 10 12
* Change Time Tue Dec 13 10:49:58 2005 Mon Dec 19 21:48:05 2005
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.bash_history)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.bash_history
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.ssh)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.ssh/known_hosts
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.ssh/authorized_keys)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.ssh/authorized_keys
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.ssh/id_rsa)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.ssh/id_rsa
-------------------------------------------------------------------------------
Rule Name: Root config files (/root/.ssh/id_rsa.pub)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 1
----------------------------------------
Added object name: /root/.ssh/id_rsa.pub
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.