Tripwire 2.3 on RedHat Advanced Server 3

Nathaniel Hall halln at otc.edu
Wed Jul 21 15:18:24 UTC 2004 

I am attempting to setup Tripwire 2.3 on RedHat Advanced Server 3.  My goal
is to have two separate configurations that will allow me to use one
database to compare to since Tripwire was setup and another that will update
nightly.  These will have different passphrases for security and will reside
in different directories, i.e tw-daily and tw-base.

 

I have my config files set correctly and am able to run ./twinstall.sh.  I
then run the command:

 

tripwire --init -v -c /etc/tripwire/tw-daily/tw-daily.cfg -p
/etc/tripwire/tw-daily/tw-daily.pol -d
/etc/tripwire/tw-daily/tripwire-daily.twd -S
/etc/tripwire/tw-daily/site-daily.key -L
/etc/tripwire/tw-daily/tripwire-local-daily.key

 

and I get the following:

 

Tripwire(R) 2.3.0.47 for Linux

            

Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered

trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;

for details use --version. This is free software which may be redistributed

or modified only under certain conditions; see COPYING for details.

All rights reserved.

Opening configuration file: /etc/tripwire/tw-daily/tw-daily.cfg

This file is encrypted.

            

Opening key file: /etc/tripwire/tw-daily/site-daily.key

Opening key file: /etc/tripwire/tw-daily/tripwire-local-daily.key

Please enter your local passphrase: 

Opening key file: /etc/tripwire/tw-daily/site-daily.key

Opening policy file: /etc/tripwire/tw-daily/tw-daily.pol

This file is encrypted.

Parsing policy file: /etc/tripwire/tw-daily/tw-daily.pol

Generating the database...

*** Processing Unix File System ***

Processing:  /

--- Generating information for: /

Software interrupt forced exit: Segmentation Fault

[root at tripwire tw-daily]#

 

Does anybody know what would cause the Software interrupt?  I Googled for
the error and saw that Tripwire hates files that are not owned by a user or
group, so I ran:

 

[root at tripwire root]# find / -nogroup -nouser -print

 

The only file I get is:

 

find: /proc/1926/fd/4: No such file or directory

 

My config is setup to only check certain directories in the /proc directory,
and this is not one of them.

 

Any ideas?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~

Nathaniel Hall

Intrusion Detection and Firewall Technician

 

Ozarks Technical Community College -- Office of Computer Networking

417-799-0552

More information about the redhat-list mailing list