• Re: tripwire install

    From Bill Marcum@110:300/1.98 to On 2011-08-30, Matias on Tue Aug 30 22:32:41 2011
    On 2011-08-30, Matias <matias.364@gmail.com> wrote:
    1. version - Open Soure Tripwire(R) 2.4.1.2 built for i686-pc-linux-
    gnu
    2. I've built the database.
    3. If I run /usr/sbin/tripwire --check, tripwire output this message:
    ### Error: File could not be opened for writing.
    ### Filename: /var/lib/tripwire/report/`date +%y`/`date
    ### +%m`/aa.bbb.cc.dd-20110827-191059.twr
    ### No such file or directory
    ### Exiting...
    4. configuration file contents - twcfg.txt
    ROOT =/usr/sbin
    POLFILE =/etc/tripwire/tw.pol
    DBFILE =/usr/local/lib/tripwire/$(HOSTNAME).twd
    REPORTFILE =/var/lib/tripwire/report/`date +%y`/`date +%m`/ $(HOSTNAME)-$(DATE).twr
    SITEKEYFILE =/etc/tripwire/site.key
    LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key
    EDITOR =/bin/vi
    LATEPROMPTING =false
    LOOSEDIRECTORYCHECKING =false
    MAILNOVIOLATIONS =true
    EMAILREPORTLEVEL =3
    REPORTLEVEL =3
    MAILMETHOD =SENDMAIL
    5. What steps should I take to fix this?

    Make sure the directory /var/lib/tripwire/report/`date +%y`/`date +%m`
    exists. You could use a crontab to create these directories once a month
    before tripwire runs.

    thanks,
    M.


    --
    Practical people would be more practical if they would take a little
    more time for dreaming.
    -- J. P. McEvoy

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)
  • From Matias@110:300/1.98 to All on Tue Aug 30 15:56:23 2011
    1. version - Open Soure Tripwire(R) 2.4.1.2 built for i686-pc-linux-
    gnu
    2. I've built the database.
    3. If I run /usr/sbin/tripwire --check, tripwire output this message:
    ### Error: File could not be opened for writing.
    ### Filename: /var/lib/tripwire/report/`date +%y`/`date
    ### +%m`/aa.bbb.cc.dd-20110827-191059.twr
    ### No such file or directory
    ### Exiting...
    4. configuration file contents - twcfg.txt
    ROOT =/usr/sbin
    POLFILE =/etc/tripwire/tw.pol
    DBFILE =/usr/local/lib/tripwire/$(HOSTNAME).twd
    REPORTFILE =/var/lib/tripwire/report/`date +%y`/`date +%m`/ $(HOSTNAME)-$(DATE).twr
    SITEKEYFILE =/etc/tripwire/site.key
    LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key
    EDITOR =/bin/vi
    LATEPROMPTING =false
    LOOSEDIRECTORYCHECKING =false
    MAILNOVIOLATIONS =true
    EMAILREPORTLEVEL =3
    REPORTLEVEL =3
    MAILMETHOD =SENDMAIL
    5. What steps should I take to fix this?

    thanks,
    M.

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)
  • From Matias@110:300/1.98 to All on Wed Aug 31 02:38:12 2011
    OK, I just checked and the directory does exist.
    The owner is root. The permission on the directory is 755.
    The user is root.

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)
  • From David W. Hodgins@110:300/1.98 to On Tue, 30 Aug 2011 20:38:12 -0400, on Wed Aug 31 04:52:47 2011
    On Tue, 30 Aug 2011 20:38:12 -0400, Matias <matias.364@gmail.com> wrote:

    OK, I just checked and the directory does exist.
    The owner is root. The permission on the directory is 755.
    The user is root.

    In your prior article, you had
    REPORTFILE =/var/lib/tripwire/report/`date +%y`/`date +%m`/ $(HOSTNAME)-$(DATE).twr

    Note the uppercase HOSTNAME and DATE commands. Linux is case sensitive,
    those should be in lowercase.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)
  • From Matias@110:300/1.98 to All on Wed Aug 31 21:24:37 2011
    I did change the two variables to lowercase as Dave suggested.
    Then, when tried to make the config file I got:
    twadmin -m F --site-keyfile /usr/local/etc/site.key /etc/tripwire/
    twcfg.txt
    ### Error: Configuration file uses an undefined variable.
    ### hostname: Line number 4
    ### Exiting...

    m.

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)
  • From David W. Hodgins@110:300/1.98 to On Wed, 31 Aug 2011 15:24:37 -0400, on Wed Aug 31 23:34:03 2011
    On Wed, 31 Aug 2011 15:24:37 -0400, Matias <matias.364@gmail.com> wrote:

    I did change the two variables to lowercase as Dave suggested.
    Then, when tried to make the config file I got:
    twadmin -m F --site-keyfile /usr/local/etc/site.key /etc/tripwire/
    twcfg.txt
    ### Error: Configuration file uses an undefined variable.
    ### hostname: Line number 4
    ### Exiting...

    Sorry, my mistake. I was thinking of bash substitution, such as
    "echo $(hostname)", which executes the command hostname.

    Looking at tripwire-2.4.2.1/src/tw/configfile.cpp, the only values
    it accepts are $(HOSTNAME) and $(DATE), or using variables you
    define earlier in the config file. I see nothing there, or
    in /usr/local/share/man/man4/twconfig.4 indicating that it supports
    executing commands in backticks, so the config line

    REPORTFILE =/var/lib/tripwire/report/`date +%y`/`date +%m`/ $(HOSTNAME)-$(DATE).twr

    will result in it looking for a directory/file called '/var/lib/tripwire/report/`date +%y`/`date +%m`/localhost-20110831.twr' depending on the hostname settings, and the actual date of course.

    You can confirm this by running it under strace.

    You'll either have to create a cron job that updates the file with
    the correct year and month and signs the file, or give up keeping
    the reports in a separate directory, for each month/year.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

    --- FIDOGATE 4.4.10
    * Origin: FTN Gate on kofobbs.net (110:300/1.98)