<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.16.3"> <TITLE>Re: [F8] Tripwire</TITLE> </HEAD> <BODY> <BR> On Fri, 2008-02-08 at 09:18 -0800, Todd Zullinger wrote:<BR> <BLOCKQUOTE TYPE=CITE> <FONT SIZE="2"><FONT COLOR="#000000">Daniel B. Thurman wrote:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> I have downloaded and tried out Tripwire and I noticed:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> /etc/cron.daily/tripwire-check:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> **** Error: Tripwire database for gold.cdkkt.com not found. ****</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> **** Run /etc/tripwire/twinstall.sh and/or tripwire --init. ****</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> Ok, I searched for: twinstall.sh using find, it does not exist.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> I went into /etc, then:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> cp twcfg.txt tw.cfg</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> cp twpol.txt te.pol</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> Ran: tripwire --init</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> =========================</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> ### Error: Invalid input stream format.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> ### </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> ### File: /etc/tripwire/tw.cfg</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> ### Configuration file could not be read.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> ### Exiting...</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> =========================</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> What's wrong?</FONT></FONT><BR> <BR> <FONT SIZE="2"><FONT COLOR="#000000">Did you checkout /usr/share/doc/tripwire-2.4.1.2/README.Fedora? That</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">has some specific info for using tripwire as installed by the Fedora</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">packages. It also points you to the Tripwire policy guide for other</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">post installation details. Perhaps you're jumping the gun on running</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">the tripwire --init?</FONT></FONT><BR> <BR> <FONT SIZE="2"><FONT COLOR="#000000">The cron output seems like it should be modified to point new users to</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">the README.Fedora file rather than mentioning an install script that</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">does not exist. File a bug perhaps?</FONT></FONT><BR> <BR> </BLOCKQUOTE> <BR> Thanks for pointing me to the doc source - I forgot to look there!<BR> The information is very clear and concise, other than the cron message.<BR> <BR> Dan </BODY> </HTML>