LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-18-2005, 04:49 PM   #1
ir0nmdn
LQ Newbie
 
Registered: Nov 2004
Posts: 2

Rep: Reputation: 0
Question Tripwire --check errors..what to do?


Hello,

I have installed the base version of tripwire, which came with a RH9.0 book I purchased last week. I must admit I am at work and left my sheet with the various vrns, but hopefully someone can guide me I apologize since that might be helpful in answering..

My problem is a LOOONG list of errors when running the --init or one of the other options like --check. I am fairly confident several of them should not be commented out based on the man but how about the rest. Please forgive me for the long list, but if you could rvw it and let me know which ones I can safely ignore/comment out from the twpol.txt

Here goesThe first is as listed in the output. I will only list the filename for the other entries for space sake..)

1. File system error.
Filename: /root/.esd_auth
No such file or directory

Filename: /usr/sbin/fixrmtab
Filename: /sbin/accton
Filename: /sbin/busybox
Filename: /sbin/busybox.anaconda
Filename: /sbin/fsck.minix
Filename: /sbin/mkfs.bfs
Filename: /sbin/mkfs.minix
Filename: /sbin/update
Filename: /sbin/adjtimex
Filename: /sbin/sndconfig
Filename: /sbin/dhcpcd
Filename: /sbin/iptables
Filename: /sbin/ipchains
Filename: /sbin/ipchains-restore
Filename: /sbin/ipchains-save
Filename: /sbin/ipfwadm
Filename: /sbin/ipvsadm
Filename: /sbin/ipvsadm-restore
Filename: /sbin/ipvsadm-save
Filename: /sbin/mgetty
Filename: /sbin/vgetty
Filename: /sbin/cbq
Filename: /sbin/shapecfg
Filename: /sbin/sash
Filename: /sbin/ipfwadm-wrapper
Filename: /sbin/mount.ncp
Filename: /sbin/mount.ncpfs
Filename: /sbin/raidhotgenerateerror
Filename: /var/lock/subsys/ipchains
Filename: /var/lock/subsys/iptables
Filename: /var/lock/subsys/ipvsadm
Filename: /var/lock/subsys/ypbind
Filename: /var/lock/subsys/amd
Filename: /var/lock/subsys/arpwatch
Filename: /var/lock/subsys/autofs
Filename: /var/lock/subsys/bcm
Filename: /var/lock/subsys/bgpd
Filename: /var/lock/subsys/bootparamd
Filename: /var/lock/subsys/canna
Filename: /var/lock/subsys/cWnn
Filename: /var/lock/subsys/firewall
Filename: /var/lock/subsys/freeWnn
Filename: /var/lock/subsys/gated
Filename: /var/lock/subsys/httpd
Filename: /var/lock/subsys/identd
Filename: /var/lock/subsys/innd
Filename: /var/lock/subsys/irda
Filename: /var/lock/subsys/iscsi
Filename: /var/lock/subsys/kadmin
Filename: /var/lock/subsys/kprop
Filename: /var/lock/subsys/krb
Filename: /var/lock/subsys/krbkdc
Filename: /var/lock/subsys/kWnn
Filename: /var/lock/subsys/ldap
Filename: /var/lock/subsys/linuxconf
Filename: /var/lock/subsys/lpd
Filename: /var/lock/subsys/mcserv
Filename: /var/lock/subsys/mysqld
Filename: /var/lock/subsys/named
Filename: /var/lock/subsys/nfs
Filename: /var/lock/subsys/nscd
Filename: /var/lock/subsys/ntpd
Filename: /var/lock/subsys/ospfd
Filename: /var/lock/subsys/ospfd
Filename: /var/lock/subsys/pcmcia
Filename: /var/lock/subsys/postgresql
Filename: /var/lock/subsys/pxe
Filename: /var/lock/subsys/radvd
Filename: /var/lock/subsys/rarpd
Filename: /var/lock/subsys/reconfig
Filename: /var/lock/subsys/rhnsd
Filename: /var/lock/subsys/ripd
Filename: /var/lock/subsys/ripngd
Filename: /var/lock/subsys/routed
Filename: /var/lock/subsys/rstatd
Filename: /var/lock/subsys/rusersd
Filename: /var/lock/subsys/rwalld
Filename: /var/lock/subsys/rwhod
Filename: /var/lock/subsys/smb
Filename: /var/lock/subsys/snmpd
Filename: /var/lock/subsys/squid
Filename: /var/lock/subsys/tux
Filename: /var/lock/subsys/tWnn
Filename: /var/lock/subsys/ups
Filename: /var/lock/subsys/vncserver
Filename: /var/lock/subsys/wine
Filename: /var/lock/subsys/xfs
Filename: /var/lock/subsys/yppasswdd
Filename: /var/lock/subsys/ypserv
Filename: /var/lock/subsys/ypxfrd
Filename: /var/lock/subsys/zebra
Filename: /etc/named.conf
Filename: /etc/tripwire/localhost-local.key
Filename: /etc/sysconfig/network-scripts/ifdown-cipcb
Filename: /etc/sysconfig/network-scripts/ifup-cipcb
Filename: /bin/sfxload
Filename: /bin/aumix-minimal
Filename: /bin/gawk-..
Filename: /bin/gettext
Filename: /bin/zsh
Filename: /bin/zsh-..
Filename: /bin/ksh


Thank you very much in advance!!

R
 
Old 10-19-2005, 10:33 AM   #2
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
The problem is that the policy file you have been given is out of date. The policy file that ships ships with Tripwire is pretty good for a RH9 box, but unfortunately its not very good for modern distros. I'd suggest you checkout tripwire-portable. Its based on the (now unmaintained) Tripwire source and is easier to use on modern distros. The default policy file is much better than the one that ships with tripwire, although its a bit open ended (i.e. it cheks too many things) and can result in some obnoxious warnings, so it will still need to be tweaked.
 
Old 10-20-2005, 09:43 AM   #3
ir0nmdn
LQ Newbie
 
Registered: Nov 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by TruckStuff
The problem is that the policy file you have been given is out of date. The policy file that ships ships with Tripwire is pretty good for a RH9 box, but unfortunately its not very good for modern distros. I'd suggest you checkout tripwire-portable. Its based on the (now unmaintained) Tripwire source and is easier to use on modern distros. The default policy file is much better than the one that ships with tripwire, although its a bit open ended (i.e. it cheks too many things) and can result in some obnoxious warnings, so it will still need to be tweaked.
Ok let me check. I ran in to a bigger issue trying to resolve the db device busy error while running the rebuilddb for rpm. I had to reinstall since everything I kept on adding referred to another dependency.. uuurggh..

Is there a better app which can do the same as tripwire since, if I understood, tw is 'done'..

Thanks,
Raymond
 
Old 10-20-2005, 09:48 AM   #4
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Quote:
Originally posted by ir0nmdn
Is there a better app which can do the same as tripwire since, if I understood, tw is 'done'..
I wouldn't call tripwire "done," especially since so much of it depends on the policy files. But, yes, there are other file integrity checkers out there. Look in the Security references thread at the top of this forum.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Check for physical errors on /dev/hda? Waerner Linux - Newbie 5 10-28-2005 10:54 AM
Partition Check Errors nrunge Linux - Newbie 1 11-07-2003 01:30 PM
how to check linux for I/O errors ? cccc Linux - General 3 09-11-2003 06:49 PM
How to check file system for errors? subzero0 Mandriva 19 09-02-2003 08:52 PM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 06:52 PM


All times are GMT -5. The time now is 12:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration