LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-09-2012, 10:17 AM   #1
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Rep: Reputation: 21
Tripwire check with error messages related to proc


I have setup the tripwire database and have ran the tripwire --check to get rid of errors in the twpol.txt file however 4 errors remain related to the proc and there is no option to comment out specific proc directories:

tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
.....................................................
"/proc/4901/loginuid"
"/proc/4901/sessionid"
"/proc/4901/coredump_filter"

===============================================================================
Error Report:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

1. File system error.
Filename: /proc/4915/fd/3
No such file or directory
2. File system error.
Filename: /proc/4915/fdinfo/3
No such file or directory
3. File system error.
Filename: /proc/4915/task/4915/fd/3
No such file or directory
4. File system error.
Filename: /proc/4915/task/4915/fdinfo/3
No such file or directory

-------------------------------------------------------------------------------
*** End of report ***

In the twpol.txt file:

# Critical devices
#
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev -> $(Device) ;
/proc -> $(Device) ;
}

How can I remove the proc error messages?
It seems the only way to resolve this is comment out /proc!

Last edited by shayno90; 03-09-2012 at 10:29 AM.
 
Old 03-09-2012, 11:22 AM   #2
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
I resolved it by copying the specified /proc directories to monitor from this link and uncommenting /proc:
http://www.faqs.org/docs/securing/chap17sec139.html

append to under the section:
#/proc -> $(Device) ;
/proc/sys -> $(Device) ;
/proc/cpuinfo -> $(Device) ;
/proc/modules -> $(Device) ;
..........
}

Make sure to comment out these 2 directories on the template as they don't exist on Ubuntu 10.04 according to tripwire:
#/proc/ide
#/proc/ksyms

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***
 
1 members found this post helpful.
Old 03-09-2012, 06:00 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,120

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Thank you for sharing your solution!
 
  


Reply

Tags
check, error, policy, proc, tripwire


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire: errors on integrity check and email test not working... BlackHawk Linux - Security 6 06-01-2011 01:32 AM
More efficient way to obtain process-related information: ps or /proc ? Black_Light Programming 5 12-06-2009 03:22 PM
/proc/pid/status , is the data related to all the threads of the process...... linuxdoniv Programming 2 08-06-2008 11:51 PM
Tripwire --check errors..what to do? ir0nmdn Linux - Security 3 10-20-2005 08:48 AM
strange missing _g_xxx error messages related to glib2 laimis Linux - Software 0 11-15-2004 07:09 AM


All times are GMT -5. The time now is 03:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration