Bug 7632 - tripwire segment faults if I change /etc/tw.config from package default.
Summary: tripwire segment faults if I change /etc/tw.config from package default.
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: tripwire
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-12-06 17:55 UTC by trouble
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-01-13 01:28:58 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description trouble 1999-12-06 17:55:20 UTC 
I want to only check /dev directory and not the contents, so I changed

#=/dev @@DIRM
/dev @@DEVM
 to
=/dev @@DIRM
#/dev @@DEVM

Then running tripwire in any mode results in segment fault. e.g.

[root@hypatia /root]# tripwire -update /etc
### Phase 1:   Reading configuration file
### Phase 2:   Generating file list
Segmentation fault
[root@hypatia /root]# tripwire -q
Segmentation fault

If I change it back the way it was, all is OK.

John S. Weber

System Administrator
Center for Computational Mathematics
University of Colorado at Denver
Phone: (303)556-5394 Fax: (303)556-8550
jweber@math.cudenver.edu
http://www-math.cudenver.edu/~jweber
Comment 1 John F. Gibson 1999-12-13 18:41:59 UTC 
I ran into the same problem, for the same reason. The default tw.config
in the tripwire RPM should have looser checks on a number of files that change
in a multiuser environment, like

 !/etc/X11/xdm/authdir/
 !/etc/issue
 !/etc/ssh_random_seed
 !/etc/ntp/drift
 !/etc/mtab
 =/dev @@DIRM


Apparently,there's a script twdb_check.pl that needs to be run if the tw.config
file changes.  I've seen a message to this effect towards the end of tripwire
-initialize runs. But the script isn't included with the Tripwire RPM :-(.

The easiest workaround I've found is to install tripwire with rpm --noscripts,
(to prevent the automatic tripwire -initialize that happens on installation),
and the edit the tw.config file and run tripwire -initialize manually.

If I could figure out how to unpack a src rpm, modify it, and repack it, I'd
submit a fix.

John
Comment 2 trouble 1999-12-13 19:15:59 UTC 
I tried the workaround (rpm -Uvh --noscripts), but I still get a segment fault
when I manually initialize (tripwire -initialize). Previously, I had tried
deleting the /var/spool/tripwire DB file and reinitializing (also get segment
fault), but I'm not sure if this is any different than gibson@mae.cornell.edu's
workaround. I'm still only changing the the /dev entry as per my above message.
Once again it seems to be OK if I restore /etc/tw.config to the RPM default
version.

John Weber
Comment 3 Tim Powers 2000-01-13 01:28:59 UTC 
I rebuilt a package for our RHCE folks without any initializing, and it worked
for them. I suppose the moral of the story is not to initialize in the spec
file, I'll leave that for the user to do. Check rawhide in a bit to see a change
for this.

Tim
Note You need to log in before you can comment on or make changes to this bug.