Bug 7632

Summary: tripwire segment faults if I change /etc/tw.config from package default.
Product: [Retired] Red Hat Powertools Reporter: trouble
Component: tripwireAssignee: Tim Powers <timp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-01-13 01:28:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description trouble 1999-12-06 17:55:20 UTC 
I want to only check /dev directory and not the contents, so I changed

#=/dev @@DIRM
/dev @@DEVM
 to
=/dev @@DIRM
#/dev @@DEVM

Then running tripwire in any mode results in segment fault. e.g.

[root@hypatia /root]# tripwire -update /etc
### Phase 1:   Reading configuration file
### Phase 2:   Generating file list
Segmentation fault
[root@hypatia /root]# tripwire -q
Segmentation fault

If I change it back the way it was, all is OK.

John S. Weber

System Administrator
Center for Computational Mathematics
University of Colorado at Denver
Phone: (303)556-5394 Fax: (303)556-8550
jweber.edu
http://www-math.cudenver.edu/~jweber
Comment 1 John F. Gibson 1999-12-13 18:41:59 UTC 
I ran into the same problem, for the same reason. The default tw.config
in the tripwire RPM should have looser checks on a number of files that change
in a multiuser environment, like

 !/etc/X11/xdm/authdir/
 !/etc/issue
 !/etc/ssh_random_seed
 !/etc/ntp/drift
 !/etc/mtab
 =/dev @@DIRM


Apparently,there's a script twdb_check.pl that needs to be run if the tw.config
file changes.  I've seen a message to this effect towards the end of tripwire
-initialize runs. But the script isn't included with the Tripwire RPM :-(.

The easiest workaround I've found is to install tripwire with rpm --noscripts,
(to prevent the automatic tripwire -initialize that happens on installation),
and the edit the tw.config file and run tripwire -initialize manually.

If I could figure out how to unpack a src rpm, modify it, and repack it, I'd
submit a fix.

John
Comment 2 trouble 1999-12-13 19:15:59 UTC 
I tried the workaround (rpm -Uvh --noscripts), but I still get a segment fault
when I manually initialize (tripwire -initialize). Previously, I had tried
deleting the /var/spool/tripwire DB file and reinitializing (also get segment
fault), but I'm not sure if this is any different than gibson.edu's
workaround. I'm still only changing the the /dev entry as per my above message.
Once again it seems to be OK if I restore /etc/tw.config to the RPM default
version.

John Weber
Comment 3 Tim Powers 2000-01-13 01:28:59 UTC 
I rebuilt a package for our RHCE folks without any initializing, and it worked
for them. I suppose the moral of the story is not to initialize in the spec
file, I'll leave that for the user to do. Check rawhide in a bit to see a change
for this.

Tim