Forgot to copy the ml.
[EMAIL PROTECTED] ("Mike Vanecek") writes:
> However, if I run find /var/lib/tripwire/report -daystart -type f -mtime -90
> -mtime +29 | xargs -r rm from a terminal, no interactive prompt occurs.
>
> I have read the xargs man, but did not see anything about xargs overridin
-- Original Message ---
From: Tony Nugent <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Sat, 08 Feb 2003 20:10:08 +1000
Subject: Re: Tripwire reports
> On Sat Feb 08 2003 at 10:38, Michael Schwendt wrote:
>
> > On Fri, 7 Feb 2003 20:22:30 -0600,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 08 Feb 2003 20:10:08 +1000, Tony Nugent wrote:
> On Sat Feb 08 2003 at 10:38, Michael Schwendt wrote:
>
> > On Fri, 7 Feb 2003 20:22:30 -0600, Mike Vanecek wrote:
> >
> > > After a while, tripwire reports will start to build up in
> > > /var
On Sat Feb 08 2003 at 10:38, Michael Schwendt wrote:
> On Fri, 7 Feb 2003 20:22:30 -0600, Mike Vanecek wrote:
>
> > After a while, tripwire reports will start to build up in
> > /var/lib/tripwire/report/. Does anyone have a crontab script or other scheme
> > for removing the old ones on a period
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 7 Feb 2003 20:22:30 -0600, Mike Vanecek wrote:
> After a while, tripwire reports will start to build up in
> /var/lib/tripwire/report/. Does anyone have a crontab script or other scheme
> for removing the old ones on a periodic basis?
man fi
xedtmp" > twpol.txt.fixed
> cp twpol.txt.fixed tmp.fixed
> ls -al $fixedtmp
> ls -al $fixed
> # echo $2
> done
>
> I believe the problem is that
>
> sed "s/.*$line/# &/" "$2" > twpol.txt.fixed
>
> this line overwrote the fixed
t; <[EMAIL PROTECTED]>
Sent: Fri, 24 Jan 2003 13:23:09 +0800
Subject: RE: Tripwire
> I have a redhat server which runs tripwire but was giving me the long list
of missing files in every report. After reading this thread I thought it would
be a good idea to implement the script written by Chris,
is a script that will only be run once per machine it didnt
seem worth worrying too much about efficiency.
I would have used the Perl script also submitted but as it was sent as an attachment
and I get the list in digest format I couldn't (easily) get it.
I ran the shell script and now
-- Original Message ---
From: Chris Cuevas <[EMAIL PROTECTED]>
To: "RedHat 8.0 list" <[EMAIL PROTECTED]>
Sent: 16 Jan 2003 10:38:11 -0500
Subject: Re: Tripwire
> Sent this yesterday not sure why it didn't get posted. Here it is
> again.
>
>
-- Original Message ---
From: Michael Schwendt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Thu, 16 Jan 2003 11:26:48 +0100
Subject: Re: Tripwire
> On Tue, 14 Jan 2003 16:10:33 -0600, Mike Vanecek wrote:
>
> > After doing putting in emailto = root in
-- Original Message ---
From: James Francis <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Sent: Wed, 15 Jan 2003 11:28:12 -0500
Subject: RE: Tripwire
> Mike Vanecek wrote:
> >>> Does a simpler method of corr
Sent this yesterday not sure why it didn't get posted. Here it is
again.
Mike,
I agree there should be a simpler method. After doing the same
for about the first ten systems I set up I decided to write a script to
do all the leg work for me. Here is my twhelp.sh script that should
make
I have this idea I am thinking of using for deploying Tripwire on our
servers. Newly installed servers (I always start from scratch) will never
have all the files included in the policy file since it assumes everything
is installed (I on the other hand do custom installs to minimize disk space
a
Randy Kelsoe wrote:
Michael Fratoni wrote:
I do not understand what to do?? I have looked at the man pages and I
am still confused.
Please explain further.
[snip]
I'd be thrilled if someone proves me wrong... ;)
- -- - -Michael
Sorry, Michael. I see the same behavior that you do. Wish it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 14 Jan 2003 16:10:33 -0600, Mike Vanecek wrote:
> After doing putting in emailto = root in a dozen places in twpol.txt,
> running the twinstall.sh script, and doing a tripwire -m c, not
> surprisingly I get a report of about 150 file exception
Michael Fratoni wrote:
I do not understand what to do?? I have looked at the man pages and I
am still confused.
Please explain further.
The above method will update the database for changed files (violations)
only. To the best of my knowledge, it is not possible to deal with the
file system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 15 January 2003 07:30 pm, Tom Diehl wrote:
> On Wed, 15 Jan 2003, James Francis wrote:
> > Go to your /var/lib/tripwire/report directory. Do a ls -lrt. The
> > last file displayed is the latest tripwire report. Do a tripwire
> > --updat
On Wed, 15 Jan 2003, James Francis wrote:
> Go to your /var/lib/tripwire/report directory. Do a ls -lrt. The last file
> displayed is the latest tripwire report. Do a tripwire --update --twrfile
> where filename is the file from the listing. After a few
> seconds, the exceptions will be broug
Mike Vanecek wrote:
> -- Original Message ---
> From: Michael Fratoni <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Sent: Tue, 14 Jan 2003 21:18:26 -0500
> Subject: Re: Tripwire
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
&g
-- Original Message ---
From: Michael Fratoni <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Tue, 14 Jan 2003 21:18:26 -0500
Subject: Re: Tripwire
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tuesday 14 January 2003 05:10 pm, Mike Vanecek wrot
-- Original Message ---
From: Michael Fratoni <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Tue, 14 Jan 2003 21:18:26 -0500
Subject: Re: Tripwire
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tuesday 14 January 2003 05:10 pm, Mike Vanecek wrot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 14 January 2003 05:10 pm, Mike Vanecek wrote:
> After doing putting in emailto = root in a dozen places in twpol.txt,
> running the twinstall.sh script, and doing a tripwire -m c, not
> surprisingly I get a report of about 150 file exception
1 PM
Please respond to psyche-list
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
cc:
Subject:RE: tripwire reports won't print with twprint...
[EMAIL PROTECTED] wrote:
> James Francis <[EMAIL PROTECTED]>
> Sent by: [E
[EMAIL PROTECTED] wrote:
> James Francis <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 01/09/2003 03:47 PM
> Please respond to psyche-list
>
>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> cc: Subject:
James Francis <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/09/2003 03:47 PM
Please respond to psyche-list
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
cc:
Subject:RE: tripwire reports won't print with twprint...
[EMAIL PROTECTED] wrote:
> I've set up and configured tripwire, successfully initialized the
> database and now want to view the report file. Below is the excerpt
> from the RH8 documentation...
>
> The /usr/sbin/twprint command is used to view encrypted Tripwire
> reports and databases.
> Viewing
26 matches
Mail list logo
