File: tripwire.rules

package info (click to toggle)
prelude-lml-rules 5.2.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, forky, sid, trixie
  • size: 1,032 kB
  • sloc: perl: 27; makefile: 2
file content (114 lines) | stat: -rw-r--r-- 4,891 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
#FULLNAME: Tripwire
#VERSION: 1.0
#DESCRIPTION: Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

#####
#
# Copyright (C) 2004 G Ramon Gomez <gene at gomezbrothers dot com>
# Based on rules originally submitted by David Maciejak on behalf of
# Exaprotect Technology
# All Rights Reserved
#
# This file is part of the Prelude-LML program.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#####

#DESCRIPTION:Integrity check ran successfully without warnings
#CATEGORY:Integrity
#LOG:Jan 22 11:32:26 host tripwire[5265]: Integrity Check Complete: /usr/local/tripwire/tfs/report/host-.twr TWReport host 20040122113203 V:0 S:0 A:0 R:0 C:0 L:0 M:0 H:0
regex=(\S+) TWReport \S+ \d+ V:0; \
 classification.text=Integrity Check OK; \
 id=3400; \
 revision=2; \
 analyzer(0).name=Tripwire; \
 analyzer(0).manufacturer=Tripwire, Inc.; \
 analyzer(0).class=Integrity Checker; \
 assessment.impact.severity=low; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Integrity check ran successfully without warnings; \
 target(0).decoy=no; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Report file; \
 additional_data(0).data=$1; \
 last

#DESCRIPTION:Integrity check ran successfully, warning file(s) added
#CATEGORY:Integrity
#LOG:Jan 22 11:32:26 host tripwire[5265]: Integrity Check Complete: /usr/local/tripwire/tfs/report/host-.twr TWReport host 20040122113203 V:91 S:100 A:51 R:0 C:40 L:0 M:8 H:83
regex=(\S+) TWReport \S+ \d+ V:\d+ S:\d+ A:(?!0)(\d+); \
 classification.text=Integrity Check Warning: file(s) added; \
 id=3401; \
 revision=2; \
 analyzer(0).name=Tripwire; \
 analyzer(0).manufacturer=Tripwire, Inc.; \
 analyzer(0).class=Integrity Checker; \
 assessment.impact.severity=low; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Integrity check ran successfully, warning: $2 file(s) added; \
 target(0).decoy=no; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Report file; \
 additional_data(0).data=$1; \
 additional_data(1).type=integer; \
 additional_data(1).meaning=Files added; \
 additional_data(1).data=$2

#DESCRIPTION:Integrity check ran successfully, warning file(s) removed
#CATEGORY:Integrity
#LOG:Jan 22 11:32:26 host tripwire[5265]: Integrity Check Complete: /usr/local/tripwire/tfs/report/host-.twr TWReport host 20040122113203 V:91 S:100 A:51 R:42 C:40 L:0 M:8 H:83
regex=(\S+) TWReport \S+ \d+ V:\d+ S:\d+ A:\d+ R:(?!0)(\d+); \
 classification.text=Integrity Check Warning: file(s) removed; \
 id=3402; \
 revision=2; \
 analyzer(0).name=Tripwire; \
 analyzer(0).manufacturer=Tripwire, Inc.; \
 analyzer(0).class=Integrity Checker; \
 assessment.impact.severity=high; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Integrity check ran successfully, warning: $2 file(s) removed; \
 target(0).decoy=no; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Report file; \
 additional_data(0).data=$1; \
 additional_data(1).type=integer; \
 additional_data(1).meaning=Files deleted; \
 additional_data(1).data=$2

#DESCRIPTION:Integrity check ran successfully, warning file(s) modified
#CATEGORY:Integrity
#LOG:Jan 22 11:32:26 host tripwire[5265]: Integrity Check Complete: /usr/local/tripwire/tfs/report/host-.twr TWReport host 20040122113203 V:91 S:100 A:51 R:42 C:40 L:0 M:8 H:83
regex=(\S+) TWReport \S+ \d+ V:\d+ S:\d+ A:\d+ R:\d+ C:(?!0)(\d+); \
 classification.text=Integrity Check Warning: file(s) modified; \
 id=3403; \
 revision=2; \
 analyzer(0).name=Tripwire; \
 analyzer(0).manufacturer=Tripwire, Inc.; \
 analyzer(0).class=Integrity Checker; \
 assessment.impact.severity=medium; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Integrity check ran, warning: $2 files modified; \
 target(0).decoy=no; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Report file; \
 additional_data(0).data=$1; \
 additional_data(1).type=integer; \
 additional_data(1).meaning=Files modified; \
 additional_data(1).data=$2