7632 – tripwire segment faults if I change /etc/tw.config from package default.

Bug 7632 - tripwire segment faults if I change /etc/tw.config from package default.

Summary: tripwire segment faults if I change /etc/tw.config from package default.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Powertools
Classification:	Retired
Component:	tripwire
Sub Component:
Version:	6.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Powers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-12-06 17:55 UTC by trouble
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2000-01-13 01:28:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description trouble 1999-12-06 17:55:20 UTC

I want to only check /dev directory and not the contents, so I changed

#=/dev @@DIRM
/dev @@DEVM
 to
=/dev @@DIRM
#/dev @@DEVM

Then running tripwire in any mode results in segment fault. e.g.

[root@hypatia /root]# tripwire -update /etc
### Phase 1:   Reading configuration file
### Phase 2:   Generating file list
Segmentation fault
[root@hypatia /root]# tripwire -q
Segmentation fault

If I change it back the way it was, all is OK.

John S. Weber

System Administrator
Center for Computational Mathematics
University of Colorado at Denver
Phone: (303)556-5394 Fax: (303)556-8550
jweber.edu
http://www-math.cudenver.edu/~jweber

Comment 1 John F. Gibson 1999-12-13 18:41:59 UTC

I ran into the same problem, for the same reason. The default tw.config
in the tripwire RPM should have looser checks on a number of files that change
in a multiuser environment, like

 !/etc/X11/xdm/authdir/
 !/etc/issue
 !/etc/ssh_random_seed
 !/etc/ntp/drift
 !/etc/mtab
 =/dev @@DIRM


Apparently,there's a script twdb_check.pl that needs to be run if the tw.config
file changes.  I've seen a message to this effect towards the end of tripwire
-initialize runs. But the script isn't included with the Tripwire RPM :-(.

The easiest workaround I've found is to install tripwire with rpm --noscripts,
(to prevent the automatic tripwire -initialize that happens on installation),
and the edit the tw.config file and run tripwire -initialize manually.

If I could figure out how to unpack a src rpm, modify it, and repack it, I'd
submit a fix.

John

Comment 2 trouble 1999-12-13 19:15:59 UTC

I tried the workaround (rpm -Uvh --noscripts), but I still get a segment fault
when I manually initialize (tripwire -initialize). Previously, I had tried
deleting the /var/spool/tripwire DB file and reinitializing (also get segment
fault), but I'm not sure if this is any different than gibson.edu's
workaround. I'm still only changing the the /dev entry as per my above message.
Once again it seems to be OK if I restore /etc/tw.config to the RPM default
version.

John Weber

Comment 3 Tim Powers 2000-01-13 01:28:59 UTC

I rebuilt a package for our RHCE folks without any initializing, and it worked
for them. I suppose the moral of the story is not to initialize in the spec
file, I'll leave that for the user to do. Check rawhide in a bit to see a change
for this.

Tim

Note You need to log in before you can comment on or make changes to this bug.