HPE Community
Operating System - HP-UX
1832666 Members
3133 Online
110043 Solutions
New Discussion

Re: Tripwire not sending out emails

 
Chetan_5
Frequent Advisor

‎12-05-2008 08:03 AM

‎12-05-2008 08:03 AM

Tripwire not sending out emails

Have installed Tripwire from the Internet Express suite in a HP-UX v3 environment. I have created the config and policy files and its detecting the changes to files. But it wont send out an email.
I did the email test and it was successful. This is what my policy looks like
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
MAILTO = root ;

(
rulename = "Critical configuration files",
severity = $(SIG_HI),
emailto = $(MAILTO)
)
{
/etc/cron -> $(SEC_BIN) ;
/etc/default/cron -> $(SEC_BIN) ;
/etc/default -> $(SEC_BIN) ;
/etc/fstab -> $(SEC_BIN) ;
/etc/sbtab -> $(SEC_BIN) ;
/etc/fsdb -> $(SEC_BIN) ;
/etc/group -> $(SEC_BIN) ; # changes should be infrequent
/etc/protocols -> $(SEC_BIN) ;
/etc/services -> $(SEC_BIN) ;
/etc/services.window -> $(SEC_BIN) ;
/etc/rc.config.d/ -> $(SEC_BIN) ;
/etc/passwd -> $(SEC_CONFIG) ;
/etc/rpc -> $(SEC_BIN) ;
/etc/conf -> $(SEC_BIN) ;
/etc/sam -> $(SEC_BIN) ;
/etc/sam/custom -> $(SEC_BIN) ;
/etc/opt/samba/smb.conf -> $(SEC_CONFIG) ;
/etc/nsswitch.compat -> $(SEC_BIN) ;
/etc/nsswitch.hp_defaults -> $(SEC_BIN) ;
/etc/hosts -> $(SEC_CONFIG) ;
/etc/inittab -> $(SEC_CONFIG) ;
/etc/resolv.conf -> $(SEC_CONFIG) ;
/etc/syslog.conf -> $(SEC_CONFIG) ;
/etc/networks -> $(SEC_CONFIG) ;
}

Dont know where else to look. I saw one other post here with the same issue, but no resolution. Any ideas ?
0 Kudos
Reply
3 REPLIES 3
Chetan_5
Frequent Advisor

‎12-05-2008 11:01 AM

‎12-05-2008 11:01 AM

Re: Tripwire not sending out emails

OK. I put the integrity check in cron and got the email. Weird it doesnt work on the command line.

So now the report that I get is basically the full tripwire report, without a subject. It would be nice if you could tailor the email alert.
0 Kudos
Reply
VK2COT
Honored Contributor

‎12-07-2008 01:30 AM

‎12-07-2008 01:30 AM

Re: Tripwire not sending out emails

Hello,

Simple solution that works well:

a) Run the test as follows:

# tripwire --check | mail -s "`date '+%Y-%m-%d' | awk '{print}'` Tripwire Report" mysefl@mydomain.dom

b) From memory, the other solution involves
changing the config from:

MAILMETHOD =SENDMAIL
SYSLOGREPORTING =false
MAILPROGRAM =/usr/sbin/sendmail -oi -t

To, for example:

MAILMETHOD =SENDMAIL
SYSLOGREPORTING =false
MAILPROGRAM =/bin/mail

Recompile the configs, and then
run:

# tripwire --check -M

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
VK2COT
Honored Contributor

‎12-07-2008 01:36 AM

‎12-07-2008 01:36 AM

Re: Tripwire not sending out emails

One more comment. The option b) works fine.
Do not forget to add the following option
into the policy file:

Original line:

severity = $(SIG_HI)

New line:
severity = $(SIG_HI), emailto=user@mydomain.dom

Here is the Subject: line in the email
report by default:

Subject: TWReport myhost.mydomain.dom 20081207201230 V:74 S:100 A:0 R:0
C:74

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.