Tripwire --check errors..what to do?
Hello,
I have installed the base version of tripwire, which came with a RH9.0 book I purchased last week. I must admit I am at work and left my sheet with the various vrns, but hopefully someone can guide me I apologize since that might be helpful in answering.. My problem is a LOOONG list of errors when running the --init or one of the other options like --check. I am fairly confident several of them should not be commented out based on the man but how about the rest. Please forgive me for the long list, but if you could rvw it and let me know which ones I can safely ignore/comment out from the twpol.txt Here goes:(The first is as listed in the output. I will only list the filename for the other entries for space sake..) 1. File system error. Filename: /root/.esd_auth No such file or directory Filename: /usr/sbin/fixrmtab Filename: /sbin/accton Filename: /sbin/busybox Filename: /sbin/busybox.anaconda Filename: /sbin/fsck.minix Filename: /sbin/mkfs.bfs Filename: /sbin/mkfs.minix Filename: /sbin/update Filename: /sbin/adjtimex Filename: /sbin/sndconfig Filename: /sbin/dhcpcd Filename: /sbin/iptables Filename: /sbin/ipchains Filename: /sbin/ipchains-restore Filename: /sbin/ipchains-save Filename: /sbin/ipfwadm Filename: /sbin/ipvsadm Filename: /sbin/ipvsadm-restore Filename: /sbin/ipvsadm-save Filename: /sbin/mgetty Filename: /sbin/vgetty Filename: /sbin/cbq Filename: /sbin/shapecfg Filename: /sbin/sash Filename: /sbin/ipfwadm-wrapper Filename: /sbin/mount.ncp Filename: /sbin/mount.ncpfs Filename: /sbin/raidhotgenerateerror Filename: /var/lock/subsys/ipchains Filename: /var/lock/subsys/iptables Filename: /var/lock/subsys/ipvsadm Filename: /var/lock/subsys/ypbind Filename: /var/lock/subsys/amd Filename: /var/lock/subsys/arpwatch Filename: /var/lock/subsys/autofs Filename: /var/lock/subsys/bcm Filename: /var/lock/subsys/bgpd Filename: /var/lock/subsys/bootparamd Filename: /var/lock/subsys/canna Filename: /var/lock/subsys/cWnn Filename: /var/lock/subsys/firewall Filename: /var/lock/subsys/freeWnn Filename: /var/lock/subsys/gated Filename: /var/lock/subsys/httpd Filename: /var/lock/subsys/identd Filename: /var/lock/subsys/innd Filename: /var/lock/subsys/irda Filename: /var/lock/subsys/iscsi Filename: /var/lock/subsys/kadmin Filename: /var/lock/subsys/kprop Filename: /var/lock/subsys/krb Filename: /var/lock/subsys/krbkdc Filename: /var/lock/subsys/kWnn Filename: /var/lock/subsys/ldap Filename: /var/lock/subsys/linuxconf Filename: /var/lock/subsys/lpd Filename: /var/lock/subsys/mcserv Filename: /var/lock/subsys/mysqld Filename: /var/lock/subsys/named Filename: /var/lock/subsys/nfs Filename: /var/lock/subsys/nscd Filename: /var/lock/subsys/ntpd Filename: /var/lock/subsys/ospfd Filename: /var/lock/subsys/ospfd Filename: /var/lock/subsys/pcmcia Filename: /var/lock/subsys/postgresql Filename: /var/lock/subsys/pxe Filename: /var/lock/subsys/radvd Filename: /var/lock/subsys/rarpd Filename: /var/lock/subsys/reconfig Filename: /var/lock/subsys/rhnsd Filename: /var/lock/subsys/ripd Filename: /var/lock/subsys/ripngd Filename: /var/lock/subsys/routed Filename: /var/lock/subsys/rstatd Filename: /var/lock/subsys/rusersd Filename: /var/lock/subsys/rwalld Filename: /var/lock/subsys/rwhod Filename: /var/lock/subsys/smb Filename: /var/lock/subsys/snmpd Filename: /var/lock/subsys/squid Filename: /var/lock/subsys/tux Filename: /var/lock/subsys/tWnn Filename: /var/lock/subsys/ups Filename: /var/lock/subsys/vncserver Filename: /var/lock/subsys/wine Filename: /var/lock/subsys/xfs Filename: /var/lock/subsys/yppasswdd Filename: /var/lock/subsys/ypserv Filename: /var/lock/subsys/ypxfrd Filename: /var/lock/subsys/zebra Filename: /etc/named.conf Filename: /etc/tripwire/localhost-local.key Filename: /etc/sysconfig/network-scripts/ifdown-cipcb Filename: /etc/sysconfig/network-scripts/ifup-cipcb Filename: /bin/sfxload Filename: /bin/aumix-minimal Filename: /bin/gawk-.. Filename: /bin/gettext Filename: /bin/zsh Filename: /bin/zsh-.. Filename: /bin/ksh Thank you very much in advance!! R |
The problem is that the policy file you have been given is out of date. The policy file that ships ships with Tripwire is pretty good for a RH9 box, but unfortunately its not very good for modern distros. I'd suggest you checkout tripwire-portable. Its based on the (now unmaintained) Tripwire source and is easier to use on modern distros. The default policy file is much better than the one that ships with tripwire, although its a bit open ended (i.e. it cheks too many things) and can result in some obnoxious warnings, so it will still need to be tweaked.
|
Quote:
Is there a better app which can do the same as tripwire since, if I understood, tw is 'done'.. Thanks, Raymond |
Quote:
|
All times are GMT -5. The time now is 06:45 AM. |