![]() |
If Tripwire detects any database changes or security violations when it runs the integrity check, it generates a report, located in /var/lib/tripwire/report.
Changes to monitored files should be expected. File changes, additions, or deletions that are not expected could indicate a compromised system. Review the Tripwire report and investigate each file identified. If the change is not expected, take corrective action.