Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tripwire - emailto

Status
Not open for further replies.
nix45

nix45

MIS
Nov 21, 2002
478
US
I have Tripwire 2.3 up and running on a Red Hat server. I'm having one small issue, the 'emailto' option in the policy file doesn't email me when there are errors during an integrity check.

In my policy file, tw.pol, I have entry's that look similar to this...

(
rulename = "Critical System Directories",
severity = $(SIG_HI),
emailto = root@foo.org;chris@foo.net
)
{
/bin -> $(SEC_CRIT) ;
/sbin -> $(SEC_CRIT) ;


When I run an integrity check with "tripwire --check", it doesn't email me anything. I am able to send email using the tripwire email test --> "tripwire --test --email root@foo.org".


Thanks,
Chris
 
Sort by date Sort by votes
...before anyone asks for it....

[root@flux root]# twadmin --print-cfgfile
...removed a few unrelated lines...
MAILNOVIOLATIONS =true
EMAILREPORTLEVEL =3
REPORTLEVEL =3
MAILMETHOD =SENDMAIL
SYSLOGREPORTING =false
MAILPROGRAM =/usr/sbin/sendmail -oi -t

I'm running Postfix, not Sendmail. The test Tripwire messages work fine (tripwire --test --email root@foo.org).


Chris
 
Upvote 0 Downvote

Maybe it's the severity level?? I don't know tripwire though...

Cheers Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

butchrecon
  • Locked
  • Question
Tripwire. Any Ideas?
Replies
10
Views
55
butchrecon
butchrecon
capitano
  • Locked
  • Question
How do I view a tripwire report file?
Replies
2
Views
178
krischrist
krischrist

Part and Inventory Search

Sponsor

Back
Top