Tripwire on SuSE 9.0??
When are the tripwire packages for 9.0 going to be fixed? I don't want to sound like a broken record here, but it's been a good three months since 9.0 was released and tripwire is still broken. Tripwire isn't an optional package, but an absolute requirement for a production server. I'm one of the people that bought 9.0 after RedHat went berserk a couple of months ago. Overall, I've been quite satisfied; my desktop and the test server have hummed along wonderfully. But when basic security tools are still unavailable months after release, I'm beginning question my decision. Is this sort of thing typical for SuSE releases? Are you guys going down RedHat's route of telling anyone with a small business server to pay you hundreds of dollars for an "enterprise server" version or take a flying leap? If so, please tell me now so I don't waste any more time and switch to debian. I'm sorry to be so blunt, but this is a serious matter, and after being bitten by Red Hat, I'm already on edge.
-----Original Message----- From: suse@rio.vg [mailto:suse@rio.vg] Sent: 09 January 2004 14:25 To: suse-security@suse.com Subject: [suse-security] Tripwire on SuSE 9.0??
When are the tripwire packages for 9.0 going to be fixed?
I don't want to sound like a broken record here, but it's been a good three months since 9.0 was released and tripwire is still broken. Tripwire isn't an optional package, but an absolute requirement for a production server.
I've taken the route of using AIDE for the time being. The biggest differences I can see between the two are: 1. AIDE's reporting isn't as nice. 2. AIDE doesn't have the signed database, but as you'd probably put it on an unwritable area anyway this shouldn't hurt. See http://www.fbunet.de/aide.shtml for a discussion on the differences. If you know anything drastically wrong with using AIDE, please tell me! Tom.
If you know anything drastically wrong with using AIDE, please tell me!
Not having been maintained in years isn't in its favour. I've had it segfault continually in some situations but didn't work out exactly what the situations are, but suspect it has some thing to do with I/O errors on a file it tries to check, this covers both files with are opened exclusively by another process and those which contain an unreadable disk block. If there are indeed a few checks missing after some fopen() or fread() calls, it seems to me that the software hasn't quite reached majurity for a security app. Other than that I never found a fault with it. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Thanks to Philippe Vogel, who pointed out to me that the reason tripwire doesn't work in 9.0 is due to gcc 3.x, I figured out that there is no reason why the tripwire that was shipped with suse 8.2 shouldn't work. ftp://ftp.suse.com/pub/suse/i386/8.2/suse/i586/tripwire-2.3.1-25.i586.rpm This installs and appears to work perfectly on a Suse 9.0 system. Why the Suse people don't simply copy the above into the 9.0 tree is quite beyond me, but for anyone that wants to use tripwire, there's the solution. I'll bring my cluebat to suse booth at Linux Expo later this month, perhaps that will help...
suse@rio.vg schrieb:
Thanks to Philippe Vogel, who pointed out to me that the reason tripwire doesn't work in 9.0 is due to gcc 3.x, I figured out that there is no reason why the tripwire that was shipped with suse 8.2 shouldn't work.
ftp://ftp.suse.com/pub/suse/i386/8.2/suse/i586/tripwire-2.3.1-25.i586.rpm
This installs and appears to work perfectly on a Suse 9.0 system. Why the Suse people don't simply copy the above into the 9.0 tree is quite beyond me, but for anyone that wants to use tripwire, there's the solution. I'll bring my cluebat to suse booth at Linux Expo later this month, perhaps that will help...
Hi *, searching a little bit...because rpm -U tripwire-2.3.1-25.i586.rpm package tripwire-2.3.1-94 (which is newer than tripwire-2.3.1-25) is already installed i found this here: ftp://ftp.suse.com/pub/suse/i386/9.0/suse/i586/tripwire-2.3.1-98.i586.rpm but i got still an error: arcos:/etc/tripwire # twadmin --create-cfgfile -S site.key twcfg.txt Please enter your site passphrase: Software interrupt forced exit: Segmentation Fault Abort Where can i get a working tripwire? tripwire-2.3.1-2.tar.gz from tripwire.org also do not work on Suse 9.0 regards Andreas
Quoting Andreas Ernst
searching a little bit...because
rpm -U tripwire-2.3.1-25.i586.rpm package tripwire-2.3.1-94 (which is newer than tripwire-2.3.1-25) is already installed
i found this here:
ftp://ftp.suse.com/pub/suse/i386/9.0/suse/i586/tripwire-2.3.1-98.i586.rpm
but i got still an error:
arcos:/etc/tripwire # twadmin --create-cfgfile -S site.key twcfg.txt Please enter your site passphrase: Software interrupt forced exit: Segmentation Fault Abort
Where can i get a working tripwire?
tripwire-2.3.1-2.tar.gz from tripwire.org also do not work on Suse 9.0
First: rpm -e tripwire (to get rid of the 9.0 installation of tripwire) Then: rpm -ivh tripwire-2.3.1-25.i586.rpm (which is obtained from the 8.2 tree) You should then be able to set it up based on the instructions in /usr/share/doc/packages/tripwire/README.SuSE I've set this up on three 9.0 machines already, no problems.
suse@rio.vg wrote:
First: rpm -e tripwire (to get rid of the 9.0 installation of tripwire)
Then: rpm -ivh tripwire-2.3.1-25.i586.rpm (which is obtained from the 8.2 tree)
You should then be able to set it up based on the instructions in /usr/share/doc/packages/tripwire/README.SuSE
I've set this up on three 9.0 machines already, no problems.
I'll second that. I'm using the 8.2 version on a 9.0 test computer without any problems.
participants (5)
-
Andreas Ernst
-
Avtar Gill
-
suse@rio.vg
-
Tom Knight
-
Volker Kuhlmann