Tripwire Report for meta.rocksclusters.org
logger: Tripwire: MD5 : f46a6d52869cc43db670602bb0d40595 /opt/tripwire/etc/tw.pol logger: Tripwire: MD5 : 5e0453e9c965d7279fbd377f42869522 /opt/tripwire/etc/tw.cfg logger: Tripwire: MD5 : d2d616799cb9caf55162bb2052b5f68c /opt/tripwire/bin/tripwire
logger: Tripwire: MD5 : b47f2f3fa94581cfc7bec0a916f865c8 /opt/tripwire/etc/tw.pol
logger: Tripwire: MD5 : 3a1b54a6175c3b2809b0e6e8fdd8d2ea /opt/tripwire/etc/tw.cfg
logger: Tripwire: MD5 : d2d616799cb9caf55162bb2052b5f68c /opt/tripwire/bin/tripwire
Note: Report is not encrypted.
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Sat Jan 3 04:02:38 2009
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: meta.rocksclusters.org
Host IP address: 198.202.88.135
Host ID: None
Policy file used: /opt/tripwire/etc/tw.pol
Configuration file used: /opt/tripwire/etc/tw.cfg
Database file used: /opt/tripwire/db/meta.rocksclusters.org.twd
Command line used: /opt/tripwire/bin/tripwire --check --cfgfile /opt/tripwire/etc/tw.cfg
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Critical devices 100 0 0 0
Tripwire Binaries 100 0 0 0
OS executables and libraries 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Operating System Utilities 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
Security Control 100 0 0 0
Login Scripts 100 0 0 0
* Critical configuration files 100 0 0 1
* System boot changes 100 65 11 69
User binaries 66 0 0 0
Kernel Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
Libraries 66 0 0 0
Critical system boot files 100 0 0 0
(/boot)
* Root config files 100 0 0 2
Total objects scanned: 26021
Total violations found: 148
===============================================================================
Object Detail:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Critical configuration files (/etc/fstab)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /etc/fstab
Property: Expected Observed
------------- ----------- -----------
* Modify Time Tue Jun 13 12:19:13 2006 Tue Oct 14 12:18:41 2008
-------------------------------------------------------------------------------
Rule Name: System boot changes (/lib/modules)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 9
----------------------------------------
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.alias
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212650 212646
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.ccwmap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212638 212604
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.dep
Property: Expected Observed
------------- ----------- -----------
* Inode Number 383011 212657
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.ieee1394map
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212644 212606
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.inputmap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212648 212644
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.isapnpmap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212646 212638
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.pcimap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212604 212591
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.symbols
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212657 212648
Modified object name: /lib/modules/2.6.9-22.ELsmp/modules.usbmap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 212606 212663
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/log)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 4880 4905
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/console)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/console
Property: Expected Observed
------------- ----------- -----------
* Inode Number 415 423
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/tty3)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/tty3
Property: Expected Observed
------------- ----------- -----------
* Inode Number 1537 1510
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/tty4)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/tty4
Property: Expected Observed
------------- ----------- -----------
* Inode Number 1538 1511
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/tty5)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/tty5
Property: Expected Observed
------------- ----------- -----------
* Inode Number 1539 1512
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/tty6)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/tty6
Property: Expected Observed
------------- ----------- -----------
* Inode Number 1540 1513
-------------------------------------------------------------------------------
Rule Name: System boot changes (/dev/initctl)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /dev/initctl
Property: Expected Observed
------------- ----------- -----------
* Inode Number 896 918
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 65
----------------------------------------
Added object name: /var/log/httpd/error_log.2
Added object name: /var/log/httpd/ssl_access_log.4
Added object name: /var/log/httpd/access_log.2
Added object name: /var/log/httpd/ssl_request_log.3
Added object name: /var/log/httpd/access_log.3
Added object name: /var/log/httpd/ssl_request_log.2
Added object name: /var/log/httpd/error_log.3
Added object name: /var/log/httpd/ssl_access_log.2
Added object name: /var/log/httpd/access_log.4
Added object name: /var/log/httpd/error_log.4
Added object name: /var/log/httpd/ssl_error_log.2
Added object name: /var/log/httpd/ssl_request_log.4
Added object name: /var/log/httpd/ssl_access_log.3
Added object name: /var/log/httpd/ssl_error_log.3
Added object name: /var/log/httpd/ssl_error_log.4
Added object name: /var/log/boot.log.2
Added object name: /var/log/spooler.3
Added object name: /var/log/boot.log.4
Added object name: /var/log/wtmp.1
Added object name: /var/log/mysqld.log.3
Added object name: /var/log/messages.4
Added object name: /var/log/cron.3
Added object name: /var/log/cron.4
Added object name: /var/log/sa/sar30
Added object name: /var/log/sa/sa29
Added object name: /var/log/sa/sar26
Added object name: /var/log/sa/sar31
Added object name: /var/log/sa/sar28
Added object name: /var/log/sa/sar02
Added object name: /var/log/sa/sa31
Added object name: /var/log/sa/sar25
Added object name: /var/log/sa/sa01
Added object name: /var/log/sa/sa26
Added object name: /var/log/sa/sa28
Added object name: /var/log/sa/sa30
Added object name: /var/log/sa/sa27
Added object name: /var/log/sa/sa03
Added object name: /var/log/sa/sar29
Added object name: /var/log/sa/sar01
Added object name: /var/log/sa/sa02
Added object name: /var/log/sa/sar27
Added object name: /var/log/secure.3
Added object name: /var/log/secure.2
Added object name: /var/log/snmpd.log.2
Added object name: /var/log/mysqld.log.4
Added object name: /var/log/messages.3
Added object name: /var/log/secure.4
Added object name: /var/log/rpmpkgs.2
Added object name: /var/log/messages.2
Added object name: /var/log/spooler.4
Added object name: /var/log/user.1
Added object name: /var/log/user.2
Added object name: /var/log/spooler.2
Added object name: /var/log/rpmpkgs.3
Added object name: /var/log/boot.log.3
Added object name: /var/log/maillog.4
Added object name: /var/log/user.3
Added object name: /var/log/maillog.3
Added object name: /var/log/maillog.2
Added object name: /var/log/snmpd.log.4
Added object name: /var/log/cron.2
Added object name: /var/log/snmpd.log.3
Added object name: /var/log/mysqld.log.2
Added object name: /var/log/rpmpkgs.4
Added object name: /var/log/user.4
----------------------------------------
Removed Objects: 11
----------------------------------------
Removed object name: /var/log/sa/sa06
Removed object name: /var/log/sa/sa07
Removed object name: /var/log/sa/sa08
Removed object name: /var/log/sa/sa09
Removed object name: /var/log/sa/sa13
Removed object name: /var/log/sa/sa14
Removed object name: /var/log/sa/sar05
Removed object name: /var/log/sa/sar06
Removed object name: /var/log/sa/sar07
Removed object name: /var/log/sa/sar08
Removed object name: /var/log/sa/sar13
----------------------------------------
Modified Objects: 28
----------------------------------------
Modified object name: /var/log/boot.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546596 546653
Modified object name: /var/log/boot.log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546549 546633
Modified object name: /var/log/cron
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546600 546730
Modified object name: /var/log/cron.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546551 546656
Modified object name: /var/log/httpd/access_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590600 590628
Modified object name: /var/log/httpd/access_log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590644 590618
Modified object name: /var/log/httpd/error_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590601 590608
Modified object name: /var/log/httpd/error_log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590596 590622
Modified object name: /var/log/httpd/ssl_access_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590602 590619
Modified object name: /var/log/httpd/ssl_access_log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590647 589573
Modified object name: /var/log/httpd/ssl_error_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590603 590617
Modified object name: /var/log/httpd/ssl_error_log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590649 590614
Modified object name: /var/log/httpd/ssl_request_log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590604 590620
Modified object name: /var/log/httpd/ssl_request_log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 590650 590599
Modified object name: /var/log/maillog.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 540952 546571
Modified object name: /var/log/messages.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546573 546574
Modified object name: /var/log/mysqld.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546580 546666
Modified object name: /var/log/mysqld.log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546645 546703
Modified object name: /var/log/rpmpkgs
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546584 546693
Modified object name: /var/log/rpmpkgs.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546725 546760
Modified object name: /var/log/secure
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546587 546596
Modified object name: /var/log/secure.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546575 546580
Modified object name: /var/log/snmpd.log
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546586 546725
Modified object name: /var/log/snmpd.log.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546668 546645
Modified object name: /var/log/spooler
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546594 546581
Modified object name: /var/log/spooler.1
Property: Expected Observed
------------- ----------- -----------
* Inode Number 543952 546584
Modified object name: /var/log/user
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546557 546857
Modified object name: /var/log/wtmp
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546693 546743
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/portmap)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/portmap
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546456 545636
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/nfslock)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/nfslock
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546491 546455
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/syslog)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/syslog
Property: Expected Observed
------------- ----------- -----------
* Inode Number 545660 545625
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/atd)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/atd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546612 546611
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/httpd)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/httpd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 544028 546599
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/autofs)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/autofs
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546568 546492
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/netfs)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/netfs
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546566 546491
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/xinetd)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------
Modified object name: /var/lock/subsys/xinetd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546585 546572
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/run)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 17
----------------------------------------
Modified object name: /var/run/acpid.socket
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546570 546549
Modified object name: /var/run/atd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546611 546609
Modified object name: /var/run/cups-config-daemon.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546620 546616
Modified object name: /var/run/dbus/system_bus_socket
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546613 546612
Modified object name: /var/run/haldaemon.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546628 546620
Modified object name: /var/run/httpd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 545636 546607
Modified object name: /var/run/irqbalance.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546455 545627
Modified object name: /var/run/klogd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 545627 544028
Modified object name: /var/run/messagebus.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546614 546613
Modified object name: /var/run/mysqld/mysqld.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546592 546591
Modified object name: /var/run/ntpd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546576 546590
Modified object name: /var/run/rpc.statd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546490 545660
Modified object name: /var/run/snmpd
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546606 546697
Modified object name: /var/run/sshd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546583 546570
Modified object name: /var/run/syslogd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 545625 540952
Modified object name: /var/run/xfs.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546609 546608
Modified object name: /var/run/xinetd.pid
Property: Expected Observed
------------- ----------- -----------
* Inode Number 546582 546569
-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 2
----------------------------------------
Modified object name: /root
Property: Expected Observed
------------- ----------- -----------
* Change Time Wed Jun 14 06:19:38 2006 Tue Oct 14 12:19:58 2008
Modified object name: /root/.Xauthority
Property: Expected Observed
------------- ----------- -----------
* Inode Number 383018 383014
* Change Time Wed Jun 14 06:19:38 2006 Wed Aug 29 17:23:16 2007
* CRC32 B+mXK3 BIvUSU
* MD5 DXrgQ1EWHfAE9xLAcbdygD BDWOC6jf+Wwaa9jH8PIP+L
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.