Help with setting up Tripwire?

[dareys]

emiller12345,

Just as a footnote. I did get a message in my inbox indicating that someone else had replied to the thread, namely DangerTux.

However, I did not receive an email indicating that you had responded. I almost missed it. And that would have been a shame. See what I mean? I am positively convinced of hacking, and I have documented conclusively in this thread.

And yes, my network is totally hacked. I know it. I leave BS files around for the hackers. I will try to secure it ASAP. New years eve sounds like a good time to try it. LOL.

In the meantime, I have enouch information to continue setting up Tripwire, thanks to DangerTux. If it works.Last night, it failed at the very last step. I suspect a disk space issue, but will investigate and try again.

Many thanks for your support. I wish you and our colleauges a healthy and prosperous 2012.

Jean-Pierre

emiller12345,

Thank you for the response. I know that my network is compromised. Yes, it is a week WEP key protection, and I have been trying to reset the modem, configure the firewall, shut down access to certain sites and ports, as well as change the WEP key. And yes, I have not been able to afford the downtime...

So, as soon as I can I wiill do what you indicate. Thank you and happy holidays.

Jean-Pierre

[Dangertux]

emiller12345,

Just as a footnote. I did get a message in my inbox indicating that someone else had replied to the thread, namely DangerTux.

However, I did not receive an email indicating that you had responded. I almost missed it. And that would have been a shame. See what I mean? I am positively convinced of hacking, and I have documented conclusively in this thread.

And yes, my network is totally hacked. I know it. I leave BS files around for the hackers. I will try to secure it ASAP. New years eve sounds like a good time to try it. LOL.

In the meantime, I have enouch information to continue setting up Tripwire, thanks to DangerTux. If it works.Last night, it failed at the very last step. I suspect a disk space issue, but will investigate and try again.

Many thanks for your support. I wish you and our colleauges a healthy and prosperous 2012.

Jean-Pierre

Jean-Pierre what was the error message given in the last step?

[dareys]

DangerTux,

There was no error. The following command failed on the next to last step, in other words the following command:

sudo tripwire --init

I had several issues.

Initially, I typed in an incorrect password. The ironic thing is that I was prompted to create passwords twice during the previous installation steps, that I entered each one twice as usual to make sure that I got things right, and that I made them both the same, because I figured I was just testing.

So, no possibility that I might be typing the wrong password... I learned to always use the same one when installing and learning a new product, to avoid exactly this kind of problem...

Then on the next to last step, which I indicate above, the error was:

$ sudo tripwire --init
### Error: Config file site key mismatch.
### The config file "/etc/tripwire/tw.cfg" is not encrypted with the current
### keyfile "/etc/tripwire/site.key".
### Exiting...

What is the issue, I don't know. Like I complained earlier in this thread password issues plague me, in spite that in my support role at JPMChase I had to remember dozens of them, and that in the two years I was there, never forgot one. The issues I had at 3:00 AM where when they expired!

Also, I have indicated that characters are inserted into what I type, and that the text of my emails when I send them is not the same as what I get back when I copy myself.... Anyway, enough rambling. Thank you for your help.

Jean-Pierre

[Dangertux]

DangerTux,

There was no error. The following command failed on the next to last step, in other words the following command:

sudo tripwire --init

I had several issues.

Initially, I typed in an incorrect password. The ironic thing is that I was prompted to create passwords twice during the previous installation steps, that I entered each one twice as usual to make sure that I got things right, and that I made them both the same, because I figured I was just testing.

So, no possibility that I might be typing the wrong password... I learned to always use the same one when installing and learning a new product, to avoid exactly this kind of problem...

Then on the next to last step, which I indicate above, the error was:

$ sudo tripwire --init
### Error: Config file site key mismatch.
### The config file "/etc/tripwire/tw.cfg" is not encrypted with the current
### keyfile "/etc/tripwire/site.key".
### Exiting...

What is the issue, I don't know. Like I complained earlier in this thread password issues plague me, in spite that in my support role at JPMChase I had to remember dozens of them, and that in the two years I was there, never forgot one. The issues I had at 3:00 AM where when they expired!

Also, I have indicated that characters are inserted into what I type, and that the text of my emails when I send them is not the same as what I get back when I copy myself.... Anyway, enough rambling. Thank you for your help.

Jean-Pierre

That error means you encrypted your cfg files wrong, not at all or with the wrong keys. In my opinion slow down, take it easy and read carefully what you're doing each step of the way. Or go fast and copy paste, I ran it through a VM as I was doing it and copy/pasta'd verbatim so it should work in it's default state.

[dareys]

DangerTux,

I tried the procedure you outlined yesterday as soon as I read the message, went fast, using cut and paste, and got the described results. I will try it again the same way, but more slowly. As you stated, it should work verbatim.

Doing it slower, is what I should do once I am protected and want to understand exactly what is going on and learn about it.

BTW, I am still running the installation with the security that is configured by default, hence not a lot. With Tripwire, I want to make sure that the system files have not been tampered with. Because that was the most difficult problem to track on Windows XP.

Anyway, I just tried it again, and this time the installation fails at a different point. E.g.

sudo twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt

sudo twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt
### Error: File could not be opened.
### Filename: /etc/tripwire/twcfg.txt
### No such file or directory
### Exiting...

Jean-Pierre

That error means you encrypted your cfg files wrong, not at all or with the wrong keys. In my opinion slow down, take it easy and read carefully what you're doing each step of the way. Or go fast and copy paste, I ran it through a VM as I was doing it and copy/pasta'd verbatim so it should work in it's default state.

[Dangertux]

DangerTux,

I tried the procedure you outlined yesterday as soon as I read the message, went fast, using cut and paste, and got the described results. I will try it again the same way, but more slowly. As you stated, it should work verbatim.

Doing it slower, is what I should do once I am protected and want to understand exactly what is going on and learn about it.

BTW, I am still running the installation with the security that is configured by default, hence not a lot. With Tripwire, I want to make sure that the system files have not been tampered with. Because that was the most difficult problem to track on Windows XP.

Anyway, I just tried it again, and this time the installation fails at a different point. E.g.

sudo twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt

sudo twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt
### Error: File could not be opened.
### Filename: /etc/tripwire/twcfg.txt
### No such file or directory
### Exiting...

Jean-Pierre

If you're going to restart the install you need to

Code:

sudo apt-get remove --purge tripwire
sudo apt-get install tripwire

Remember in step 4 you deleted those txt files. So they will not be there if you just repeat the steps, they are generated at install time. I would recommend choosing yes to allow automatic generation of site/db key at install time if you're having trouble. That's why I put the last part as optional.

Hope this helps.

[dareys]

If you're going to restart the install you need to

Code:

sudo apt-get remove --purge tripwire
sudo apt-get install tripwire

Remember in step 4 you deleted those txt files. So they will not be there if you just repeat the steps, they are generated at install time. I would recommend choosing yes to allow automatic generation of site/db key at install time if you're having trouble. That's why I put the last part as optional.

Hope this helps.

Dangertux,

It has been a while since my last communication. I hope that you will get this response. In the end, I have been using Gufw as a firewall, and I have not had time to configure Tripwire. Too distracted by other things. However, I can tell you this. The hacking, well documented above, has been pervasive and relentless for years.Firewall or not...

Since my last communication, I have absolute and overwhelming proof. For the record, Google, "Beini". A program written in China, but I am sure there are many others like it. It allows you to break the WEP, WPA, and WPA2 encryption of any WiFi connection within reach. Available for dowload for free, or on the streets of Mexico for about $5.00 USD.

A great article about this was published in the Reforma newspaper in Mexico on January 17th 2012, written by Rodolfo Gonzalez blowing the lid on the story. I reasearched it, and tested things out. I was able to crack my WEP encryption in five minutes flat. I tried another couple of WEP networks, owned by friends, just to verify it, and sure enough, it works.

The issue is, over 90% of all networks here are WEP encrypted even if the moden allows for WPA2-PSK encryption. Go figure why. And people here steal everything... Anyway, I am not into stealing anyone's internet, I just want my communications and privacy back.

I am now trying to change the encryption of my connection, enable firewall on it and on my machine, and hope that I don't already have a keylogger embedded in my kernel.

Thank you for the help.

Jean-PIerre

P.S. As far as Tripwire, I will give it the time it deserves ASAP, and will probably come back to this forum with more
questions.

[cryptotheslow]

Hi,

Just a couple of ideas that sprang to mind reading through this.

1. Even if just as a temporary experiment - why not disable the wireless ability of your router entirely and connect using Cat5 ethernet cable? That would preclude anyone outside your physical environment snooping on your LAN traffic.

2. You mention "another user" using your router. Do you absolutely trust this person? Maybe they are snooping your cookies off the LAN and messing with your various accounts as a "joke".

3. Always use secure https pages for any site that requires any kind of login.

4. If funds allow - consider subscribing to a VPN provider and use that to route all your internet traffic.

5. I haven't used it in a long while, but when I did, I regularly had problems with Yahoo mail black-holing mail as spam and random non (or much delayed) delivery of mail both in and outbound. I didn't use it for long so no idea if those were just temporary problems at the time or actually indicative of how the service is.

[dareys]

Hi,

Just a couple of ideas that sprang to mind reading through this.

1. Even if just as a temporary experiment - why not disable the wireless ability of your router entirely and connect using Cat5 ethernet cable? That would preclude anyone outside your physical environment snooping on your LAN traffic.

2. You mention "another user" using your router. Do you absolutely trust this person? Maybe they are snooping your cookies off the LAN and messing with your various accounts as a "joke".

3. Always use secure https pages for any site that requires any kind of login.

4. If funds allow - consider subscribing to a VPN provider and use that to route all your internet traffic.

5. I haven't used it in a long while, but when I did, I regularly had problems with Yahoo mail black-holing mail as spam and random non (or much delayed) delivery of mail both in and outbound. I didn't use it for long so no idea if those were just temporary problems at the time or actually indicative of how the service is.

cryptotheslow,

Thank you for the response.

1. My landlady is an independent Lawyer, and very unpredictable. Your suggestion is great, but following it might create
a disruption of her network "access" you know what I mean? Murphy might strike at any time and
I don't need trouble.I just have to plan it for when she is away for a few days and we negotiate it. Thanks for the tip.

2. My landlady is the? other user. Do you absolutely trust anybody? For certain things yes. Otherwise, she seems
innocent enough, being a lawyer and not very computer savy. But I really don't know her, or her motivations, or
what she or any of the people being able to hack the ridiculous WEP key might want to do to pre-empt me or why.

But yes, you are right. Somebody might be doing what you say, just for fun. or just to make my life miserable. Well, it
is not fun to me, and has been disrupting my communications, jobs and relationships for years.

3. Of course. Including access to my own router, when I can configure it successfully in this daisy chain mode.

4. Funds are an issue because of the fact that contracts have to be signed for a period of time longer than I am willing
to garantee or without having the proper backing. I am not a local here. This is an issue that I am aware is bitting me
and one I foresaw long ago when I moved into the area. The inability to secure my own space has been my downfall.

5. Yes, sometimes I find things in my SPAM folder that are there randomly. I also believe that emails are hugely
delayed sometimes. I sometimes respond to invitation declinations by saying, I never got the invitation, only to
find it in my inbox later.

Thank you very much for your feedback.

Jean-Pierre