remy06
October 10th, 2008, 02:28 PM
Hi all
I just had tripwire installed via synaptic manager and followed the guide on this url to setup tripwire:
http://linuxgazette.net/106/odonovan.html
The setup was smooth.But when i tried running the command:
sudo tripwire --check
,I got this long list as shown below:
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
The object: "/lib/modules/2.6.24-19-generic/volatile" is on a different file system...ignoring.
The object: "/dev/.static/dev" is on a different file system...ignoring.
The object: "/dev/bus/usb/.usbfs" is on a different file system...ignoring.
The object: "/dev/pts" is on a different file system...ignoring.
The object: "/dev/shm" is on a different file system...ignoring.
### Warning: File system error.
### Filename: /proc/7703/fd/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/fdinfo/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/task/7703/fd/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/task/7703/fdinfo/3
### No such file or directory
### Continuing...
The object: "/proc/bus/usb" is on a different file system...ignoring.
Wrote report file: /var/lib/tripwire/report/localhost-20081005-213546.twr
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Sunday 05,October,2008 09:35:46 PM SGT
Database last updated on: Never
================================================== =============================
Report Summary:
================================================== =============================
Host name: localhost
Host IP address: 127.0.1.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/localhost.twd
Command line used: tripwire --check
================================================== =============================
Rule Summary:
================================================== =============================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Other binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
Other libraries 66 0 0 0
Root file-system executables 100 0 0 0
System boot changes 100 0 0 0
Root file-system libraries 100 0 0 0
(/lib)
Critical system boot files 100 0 0 0
* Other configuration files 66 0 0 1
(/etc)
Boot Scripts 100 0 0 0
Security Control 66 0 0 0
Root config files 100 0 0 0
* Devices & Kernel information 100 304 1002 0
Total objects scanned: 45358
Total violations found: 1307
================================================== =============================
Object Summary:
================================================== =============================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Other configuration files (/etc)
Severity Level: 66
-------------------------------------------------------------------------------
Modified:
"/etc/tripwire"
-------------------------------------------------------------------------------
Rule Name: Devices & Kernel information (/proc)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/proc/6161/fd/38"
"/proc/6161/task/6162/fd/38"
"/proc/6161/task/6162/fdinfo/38"
"/proc/6161/task/6163/fd/38"
"/proc/6161/task/6163/fdinfo/38"
"/proc/6161/task/6161/fd/38"
"/proc/6161/task/6161/fdinfo/38"
"/proc/6161/fdinfo/38"
.
. long list goes on...
.
Removed:
"/proc/6512"
"/proc/6512/root"
"/proc/6512/stat"
"/proc/6512/status"
"/proc/6512/fd"
"/proc/6512/fd/0"
"/proc/6512/fd/1"
"/proc/6512/fd/2"
"/proc/6512/fd/13"
.
. long list goes on..
.
================================================== =============================
Error Report:
================================================== =============================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
1. File system error.
Filename: /proc/7703/fd/3
No such file or directory
2. File system error.
Filename: /proc/7703/fdinfo/3
No such file or directory
3. File system error.
Filename: /proc/7703/task/7703/fd/3
No such file or directory
4. File system error.
Filename: /proc/7703/task/7703/fdinfo/3
No such file or directory
-------------------------------------------------------------------------------
*** End of report ***
it seems like there are various warnings/errors on /proc and the total number of violations found was significant as you can see from the report.
My questions are:
1)What are the warnings on /proc/7703 about?I noticed that after every reboot and running tripwire --check again,the report will generate more violations.Is it normal or how do i fix it?
2)How do i set it up to send me emails of violation reports?I will like to configure it to send reports to my yahoo email account.
Fyi,I am using ubuntu hardy desktop.
Any help is appreciated.
I just had tripwire installed via synaptic manager and followed the guide on this url to setup tripwire:
http://linuxgazette.net/106/odonovan.html
The setup was smooth.But when i tried running the command:
sudo tripwire --check
,I got this long list as shown below:
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
The object: "/lib/modules/2.6.24-19-generic/volatile" is on a different file system...ignoring.
The object: "/dev/.static/dev" is on a different file system...ignoring.
The object: "/dev/bus/usb/.usbfs" is on a different file system...ignoring.
The object: "/dev/pts" is on a different file system...ignoring.
The object: "/dev/shm" is on a different file system...ignoring.
### Warning: File system error.
### Filename: /proc/7703/fd/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/fdinfo/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/task/7703/fd/3
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/7703/task/7703/fdinfo/3
### No such file or directory
### Continuing...
The object: "/proc/bus/usb" is on a different file system...ignoring.
Wrote report file: /var/lib/tripwire/report/localhost-20081005-213546.twr
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Sunday 05,October,2008 09:35:46 PM SGT
Database last updated on: Never
================================================== =============================
Report Summary:
================================================== =============================
Host name: localhost
Host IP address: 127.0.1.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/localhost.twd
Command line used: tripwire --check
================================================== =============================
Rule Summary:
================================================== =============================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Other binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
Other libraries 66 0 0 0
Root file-system executables 100 0 0 0
System boot changes 100 0 0 0
Root file-system libraries 100 0 0 0
(/lib)
Critical system boot files 100 0 0 0
* Other configuration files 66 0 0 1
(/etc)
Boot Scripts 100 0 0 0
Security Control 66 0 0 0
Root config files 100 0 0 0
* Devices & Kernel information 100 304 1002 0
Total objects scanned: 45358
Total violations found: 1307
================================================== =============================
Object Summary:
================================================== =============================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Other configuration files (/etc)
Severity Level: 66
-------------------------------------------------------------------------------
Modified:
"/etc/tripwire"
-------------------------------------------------------------------------------
Rule Name: Devices & Kernel information (/proc)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/proc/6161/fd/38"
"/proc/6161/task/6162/fd/38"
"/proc/6161/task/6162/fdinfo/38"
"/proc/6161/task/6163/fd/38"
"/proc/6161/task/6163/fdinfo/38"
"/proc/6161/task/6161/fd/38"
"/proc/6161/task/6161/fdinfo/38"
"/proc/6161/fdinfo/38"
.
. long list goes on...
.
Removed:
"/proc/6512"
"/proc/6512/root"
"/proc/6512/stat"
"/proc/6512/status"
"/proc/6512/fd"
"/proc/6512/fd/0"
"/proc/6512/fd/1"
"/proc/6512/fd/2"
"/proc/6512/fd/13"
.
. long list goes on..
.
================================================== =============================
Error Report:
================================================== =============================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
1. File system error.
Filename: /proc/7703/fd/3
No such file or directory
2. File system error.
Filename: /proc/7703/fdinfo/3
No such file or directory
3. File system error.
Filename: /proc/7703/task/7703/fd/3
No such file or directory
4. File system error.
Filename: /proc/7703/task/7703/fdinfo/3
No such file or directory
-------------------------------------------------------------------------------
*** End of report ***
it seems like there are various warnings/errors on /proc and the total number of violations found was significant as you can see from the report.
My questions are:
1)What are the warnings on /proc/7703 about?I noticed that after every reboot and running tripwire --check again,the report will generate more violations.Is it normal or how do i fix it?
2)How do i set it up to send me emails of violation reports?I will like to configure it to send reports to my yahoo email account.
Fyi,I am using ubuntu hardy desktop.
Any help is appreciated.