Understanding Tripwire Logs

nick

12/24/22, 11:55 PM

I'm new to the world of managing my own web server so have been trying to keep up with the best conventions.

Tripwire is set to run every day and the findings are e-mailed to me. To be honest, when files are listed modified/added/removed I'm not sure if its some normal system process (like log files being updated) or something fishy is going on.

Could someone point me in the right direction to some reference material, or maybe take a look at some of my recent logs and tell me if anything looks suspicious?

This is an extract of my latest Tripwire report of what I was most confused about. I never edited any of these.

Modified:
"/sbin"
"/sbin/halt"
"/sbin/init"
"/sbin/poweroff"
"/sbin/reboot"
"/sbin/runlevel"
"/sbin/shutdown"
"/sbin/telinit"
"/sbin/udevadm"

Thanks so much!

0 + 2

logging

tripwire

ubuntu-18.04

Michael Hampton

12/25/22, 6:30 AM

Did you update your system?

nick

12/25/22, 11:46 PM

@MichaelHampton after updating I accepted all the detected changes in Tripwire, this log is a few days after the latest updates were installed

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Understanding Tripwire Logs

TH: ทำความเข้าใจบันทึก Tripwire

RO: Înțelegerea jurnalelor Tripwire

RU: Журналы Tripwire

VI: Hiểu Nhật ký Tripwire

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.