email notification

  • Hi, I was wondering if there was a way to setup email notification.

    If I run tripwire from a cron-script with the --email-report option I get an email every time it is run.  I don't like to have to read all these emails, especially for the number of systems I manage.

    However, if I merely run tripwire --check, despite the fact that I have an (emailto="") rule surrounding a test file in my tripwire policy, tripwire does not email me about the changes to these files.  I could
    parse tripwire's report with my own script and email myself if I detect a change, but I would think tripwire would have an easier way to do this.

    Does anyone know of any?

    Please let me know if you do.


    Rohit Kumar Mehta

    • Ron Forrester
      Ron Forrester

      Yeah, you need to pass -M on the command line for the integrity check.


      • Tim Shephard
        Tim Shephard

        I go tripwire --check -M  

        That doesn't work.  I get an email even if I have 0 violations.

        Here is my col file:

        ROOT                   =/usr/sbin
        POLFILE                =/etc/tripwire/tw.pol
        DBFILE                 =/var/lib/tripwire/$(HOSTNAME).twd
        REPORTFILE             =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
        SITEKEYFILE            =/etc/tripwire/site.key
        LOCALKEYFILE           =/etc/tripwire/$(HOSTNAME)-local.key
        EDITOR                 =/bin/vi
        LATEPROMPTING          =false
        MAILNOVIOLATIONS       =true
        EMAILREPORTLEVEL       =3
        REPORTLEVEL            =3
        MAILMETHOD             =SENDMAIL
        SYSLOGREPORTING        =false
        MAILPROGRAM            =/usr/sbin/sendmail -oi -t

        • Ron Forrester
          Ron Forrester

          You see that line in your configuration file that looks like this:

             MAILNOVIOLATIONS =true

          that is doing what it says it's doing, namely emailing you a report even when you have no violations :-)

          Set that to false, and you'll only get an email when there are violations.