LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Tripwire check with error messages related to proc
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-09-2012, 10:17 AM   #1
shayno90
Member
 
Registered: Oct 2009
Distribution: Windows10 Linux Mint NST Kali CentOS
Posts: 203
Blog Entries: 3

Rep: Reputation: 24
Tripwire check with error messages related to proc

I have setup the tripwire database and have ran the tripwire --check to get rid of errors in the twpol.txt file however 4 errors remain related to the proc and there is no option to comment out specific proc directories:

tripwire --check
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
.....................................................
"/proc/4901/loginuid"
"/proc/4901/sessionid"
"/proc/4901/coredump_filter"

===============================================================================
Error Report:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

1. File system error.
Filename: /proc/4915/fd/3
No such file or directory
2. File system error.
Filename: /proc/4915/fdinfo/3
No such file or directory
3. File system error.
Filename: /proc/4915/task/4915/fd/3
No such file or directory
4. File system error.
Filename: /proc/4915/task/4915/fdinfo/3
No such file or directory

-------------------------------------------------------------------------------
*** End of report ***

In the twpol.txt file:

# Critical devices
#
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev -> $(Device) ;
/proc -> $(Device) ;
}

How can I remove the proc error messages?
It seems the only way to resolve this is comment out /proc!
Last edited by shayno90; 03-09-2012 at 10:29 AM.
 
Old 03-09-2012, 11:22 AM   #2
shayno90
Member
 
Registered: Oct 2009
Distribution: Windows10 Linux Mint NST Kali CentOS
Posts: 203

Original Poster
Blog Entries: 3

Rep: Reputation: 24
I resolved it by copying the specified /proc directories to monitor from this link and uncommenting /proc:
http://www.faqs.org/docs/securing/chap17sec139.html

append to under the section:
#/proc -> $(Device) ;
/proc/sys -> $(Device) ;
/proc/cpuinfo -> $(Device) ;
/proc/modules -> $(Device) ;
..........
}

Make sure to comment out these 2 directories on the template as they don't exist on Ubuntu 10.04 according to tripwire:
#/proc/ide
#/proc/ksyms

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***
 
1 members found this post helpful.
Old 03-09-2012, 06:00 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Thank you for sharing your solution!
 
  


Reply

Tags
check, error, policy, proc, tripwire



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire: errors on integrity check and email test not working... BlackHawk Linux - Security 6 06-01-2011 01:32 AM
More efficient way to obtain process-related information: ps or /proc ? Black_Light Programming 5 12-06-2009 03:22 PM
/proc/pid/status , is the data related to all the threads of the process...... linuxdoniv Programming 2 08-06-2008 11:51 PM
Tripwire --check errors..what to do? ir0nmdn Linux - Security 3 10-20-2005 08:48 AM
strange missing _g_xxx error messages related to glib2 laimis Linux - Software 0 11-15-2004 07:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:07 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration