Red Hat LINUX 7.2 Reference Manual page 175

Section 11.9:Printing Reports
/usr/sbin/twprint -m r --twrfile
/var/lib/tripwire/report/ <name> .twr
The -m r option in the command tells twprint to decode a Tripwire report. The --twrfile
option tells twprint to use a specific Tripwire report file.
The name of the Tripwire report that you want to see includes the name of the host that Tripwire
checked to generate the report, plus the creation date and time. You can review previously saved
reports at any time. Simply type ls /var/lib/tripwire/report to see a list of Tripwire
reports.
Tripwire reports can be rather lengthy, depending upon the number of violations found or errors gen-
erated. A sample report starts off like this:
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by:
Report created on:
Database last updated on:
=======================================================================
Report Summary:
=======================================================================
Host name:
Host IP address:
Host ID:
Policy file used:
Configuration file used:
Database file used:
Command line used:
=======================================================================
Rule Summary:
=======================================================================
-----------------------------------------------------------------------
Section: Unix File System
-----------------------------------------------------------------------
Rule Name
---------
Invariant Directories
Temporary directories
* Tripwire Data Files
Critical devices
User binaries
Tripwire Binaries
root
Fri Jan 12 04:04:42 2001
Tue Jan 9 16:19:34 2001
some.host.com
10.0.0.1
None
/etc/tripwire/tw.pol
/etc/tripwire/tw.cfg
/var/lib/tripwire/some.host.com.twd
/usr/sbin/tripwire --check
Severity Level
--------------
69
33
100
100
69
100
Added Removed
----- -------
0 0
0 0
1 0
0 0
0 0
0 0
175
Modified
--------
0
0
0
0
0
0