Print

Printing reports

About this task

If Tripwire detects any database changes or security violations when it runs the integrity check, it generates a report, located in /var/lib/tripwire/report.

Procedure

To print a report, type the command twprint -m r --twrfile /var/lib/tripwire/report/<filename>.twr.

Changes to monitored files should be expected. File changes, additions, or deletions that are not expected could indicate a compromised system. Review the Tripwire report and investigate each file identified. If the change is not expected, take corrective action.