HPE Community
Operating System - HP-UX
1756707 Members
2363 Online
108852 Solutions
New Discussion юеВ

TripWire Config Woes!

 
SOLVED
Go to solution
Alzhy
Honored Contributor

тАО12-28-2006 02:59 AM

тАО12-28-2006 02:59 AM

TripWire Config Woes!

Using:

ixTripwire A.08.00-2.4.0.1 Security and Data integrity tool

Here's what I've done so far:

1.) Used the provided twcfg.txt and twpol.txt. Only changes were to HOSTNAME in twcfg.txt and and 'emailto = "mymail@domain.com"' entry in twpol.txt to the "Critical configuratiomn files" rule.

2.) Ran "/opt/iexpress/tripwire/sbin/twinstall.sh" but errors out with:

Signing policy file...
### Error: Severity value outside of allowable limits.
### 100emailto: Line number 777
### Exiting...
The policy file was not altered.
Error: signing of policy file failed.

Step 4. should have been:

tripwire --init


Step 5. should have been:

tripwire --check


.... etc...


Any clue as to the issue with twinstall.sh and the emailto line?

Thanks!
Hakuna Matata.
0 Kudos
Reply
6 REPLIES 6
Alzhy
Honored Contributor

тАО12-28-2006 03:15 AM

тАО12-28-2006 03:15 AM

Re: TripWire Config Woes!

Ok, my bad.. I was missing a comma in the prceding line where I inserted my emailto line.

(
rulename = "Critical Files"
severity = $(SIG_HI),
emailto = "joker@mydom.com"
)

Hakuna Matata.
0 Kudos
Reply
spex
Honored Contributor

тАО12-28-2006 03:18 AM

тАО12-28-2006 03:18 AM

Solution

Re: TripWire Config Woes!

Hi Nelson,

Some examples of valid syntax for twcfg.txt and twpol.txt are here:
http://www.akadia.com/services/tripwire.html

PCS
Reply
Alzhy
Honored Contributor

тАО12-28-2006 03:18 AM

тАО12-28-2006 03:18 AM

Re: TripWire Config Woes!

Step 3 Now has this:

[ /opt/iexpress/tripwire/etc ]
root@testsrv # tripwire --init
### Error: File could not be opened.
### Filename: /opt/iexpress/tripwire/etc/skoda-local.key
### No such file or directory
### Exiting...


Any clues? Are my steps above correct?
Hakuna Matata.
0 Kudos
Reply
Tony Berry
Valued Contributor

тАО12-28-2006 04:09 AM

тАО12-28-2006 04:09 AM

Re: TripWire Config Woes!

> ### Error: File could not be opened.
> ### Filename:
> /opt/iexpress/tripwire/etc/skoda-local.key
> ### No such file or directory
> ### Exiting...

That error is usually a bug (as far as I can tell) in Tripwire. There is probably a file in ./etc named local.key and that is the file it is looking for. Apparently the ${HOSTNAME} variable isn't getting used correctly in the twcfg.txt file or something. The easiest way to correct it is to create a link (ln -s local.key skoda-local.key) or change your twcfg.txt to just use local.key (which is what I did). I didn't really see the need to distinguish between hostnames on a single system.
Unix is boss.
Reply
Steven E. Protter
Exalted Contributor

тАО12-28-2006 04:10 AM

тАО12-28-2006 04:10 AM

Re: TripWire Config Woes!

Shalom Nelson,

I thought there was as step:

tripwire --initdb

Maybe I'm remembering incorrectly.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tony Berry
Valued Contributor

тАО12-28-2006 05:32 AM

тАО12-28-2006 05:32 AM

Re: TripWire Config Woes!

As an addendum to my earlier post:

I did some more research into the local keyfile naming "bug". It turns out that the twinstall.sh script is the culprit. It redefines (thereby overriding) the twcfg.txt setting for the path and filename. Therefore, any changes to make to the local keyfile name/path need to (also) be done on line 42 of the twinstall.sh script.
Unix is boss.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.