I want to only check /dev directory and not the contents, so I changed
Then running tripwire in any mode results in segment fault. e.g.
[root@hypatia /root]# tripwire -update /etc
### Phase 1: Reading configuration file
### Phase 2: Generating file list
[root@hypatia /root]# tripwire -q
If I change it back the way it was, all is OK.
John S. Weber
Center for Computational Mathematics
University of Colorado at Denver
Phone: (303)556-5394 Fax: (303)556-8550
I ran into the same problem, for the same reason. The default tw.config
in the tripwire RPM should have looser checks on a number of files that change
in a multiuser environment, like
Apparently,there's a script twdb_check.pl that needs to be run if the tw.config
file changes. I've seen a message to this effect towards the end of tripwire
-initialize runs. But the script isn't included with the Tripwire RPM :-(.
The easiest workaround I've found is to install tripwire with rpm --noscripts,
(to prevent the automatic tripwire -initialize that happens on installation),
and the edit the tw.config file and run tripwire -initialize manually.
If I could figure out how to unpack a src rpm, modify it, and repack it, I'd
submit a fix.
I tried the workaround (rpm -Uvh --noscripts), but I still get a segment fault
when I manually initialize (tripwire -initialize). Previously, I had tried
deleting the /var/spool/tripwire DB file and reinitializing (also get segment
fault), but I'm not sure if this is any different than gibson.edu's
workaround. I'm still only changing the the /dev entry as per my above message.
Once again it seems to be OK if I restore /etc/tw.config to the RPM default
I rebuilt a package for our RHCE folks without any initializing, and it worked
for them. I suppose the moral of the story is not to initialize in the spec
file, I'll leave that for the user to do. Check rawhide in a bit to see a change