Security :: Periodic Update Of Tripwire Policy File?
Jul 1, 2010
I have tripwire 2.4.1.2 running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file. The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.
View 1 Replies
ADVERTISEMENT
Jul 29, 2009
I have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.
Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )
Code:
View 2 Replies
View Related
May 14, 2009
Recently I decided to utilize an IDS system. So I installed Open Source Tripwire. Not that I am too worried about anyone gaining a successful foothold on my system. But I wanted to learn and experience this IDS system. And no, this is not a new server install but I have never seen anything that resembles illegal activity. My server is an installed CentOS 5.3 with SELinux in targeted mode.
Tripwire has brought to light some interesting things. Installation states to verify rpm packages using rpm -Va. I have found that many of my system binaries are not the same size as if I were to replace them via yum. Most of the binaries are like twice the size compared to a newly installed package, of the same version. I'm not sure what to make of this. These programs are the original installs (CentOS 5.1) and I keep the system up to date regularly via yum.
I wonder if perhaps these system files installed are perhaps different then individual package size installed via yum? I have a hard time believing this as a package is a package. The only other possibility that comes to mind is that nearly my entire system has been hacked with new system files, and in a way that has revealed and suggest nothing. I find that far fetched as I have run this server for some time now and I should think I would know a problem as not a morning goes by that I haven't review my logs, as they are emailed to me. Thoughts about the difference in file sizes? Those installed via CentOS DVD verses those installed via yum?
View 3 Replies
View Related
May 1, 2011
I am going to try to install Tripwire on my computer. I do not know why or how to configure Tripwire policy and configuration files.
View 1 Replies
View Related
Jul 11, 2010
I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:
- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?
- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?
- Would that be enough? Can I make that whole idea more secure in any way?
View 11 Replies
View Related
Mar 22, 2011
Quote:One of the new features in Firefox 4 that we are very excited about is Content Security Policy, which is a mechanism that works behind the scenes to prevent some of the more severe web-based attacks against users and websites.Firefox users don?t have to do anything in order to gain this protection. Simply install Firefox 4 and you will instantly receive all of the benefits that Content Security Policy has to offer. Easy!
View 1 Replies
View Related
Feb 1, 2010
I have in /etc/selinux/config:
Code:
SELINUX=enforcing
SELINUXTYPE=mls
Do I have MLS enabled? I can't use Selinux commands. I thought MLS is sort of package to Selinux. I fallowed this:
Code:
[code].....
View 3 Replies
View Related
Jan 5, 2010
FC12 with recent updates The bugzilla I reported is fixed in selinux 3.6.32-66 and I have 3.6.32-56. I refreshed the repositories and looked for 66 and it is not listed. Question - how often does the policy changes get posted to the repositories ? And are the repositories the normal place to get the latest and greatest ?
View 2 Replies
View Related
Jul 24, 2011
I need to change SELinux policy to permissive and then back to enforced for an installation. I understand that I should be able to do that through the SELinux Administration window accessed through System -> Administration ->SELinux Management. But I do not have any real sysadmin tools available in my Fedora 15 Gnome Gui interface. Am I missing something, or should I use some sort of similar command line tool to do this?
View 2 Replies
View Related
May 25, 2011
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
View 2 Replies
View Related
Jan 30, 2010
After a system update a couple of days back - which as far as I can remember included some xorg packages - neither of the policy files I have written for my keyboard, synaptics touchpad and mouse work.Below are the files and the Xorg log file.
99-x11-keyboard.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
[code]...
View 4 Replies
View Related
Nov 20, 2009
I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'
However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.
View 2 Replies
View Related
Oct 1, 2010
Today i was going through some of security guides written on linux .Under shadow file security following points were mentioned.1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.3)password for application Username should display * if username is not locked.4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.
Confusion for point 1 and 2:Now i m confused as why the encrypted password should be more than 14-25 characters.Also what rules to satisfy How to check it?Confusion for point 3 and 4:There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.How would i check whether they are actually locked or not.I m posting the output of /etc/shadow and /etc/passwd files for the account.
View 11 Replies
View Related
Jan 21, 2011
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies
View Related
Jul 2, 2010
I'm trying to install Tripwire, but everytime I run the apt-get command, I receive an error.
How do I fix this and get Tripwire installed?
EDIT: I'm getting the same error trying to install updates. I've never seen this error before and am not sure what could be causing this.
View 1 Replies
View Related
May 17, 2010
Can someone please tell me how to copy tripwire from my rh9 install and tranfer it to Fedora Core 5??
View 3 Replies
View Related
Jan 16, 2011
I have just created a periodic maintenance schedule for friends using Windows XP, covering tasks needing to be done weekly, monthly, semi-annually and annually. That set me to wondering what maintenance my Kubuntu system needs. What periodic maintenance do you do?
View 1 Replies
View Related
Apr 9, 2010
I am trying to make a periodic boundary condition type function, using an existing class given to me in lecture notes, but am having some trouble! Effectively, I am trying to make an array such that, for a point in any row of a 2D matrix ("Matrix(i,j)"), the command "next_i[i]" will return "(i+1)%L", where L is the number of data points in the row. This will enable me to select a point to the right of any point in the matrix: "Matrix(next[i],j)"
[Code]....
View 1 Replies
View Related
Mar 16, 2011
I recently upgraded my desktop to 11.4 and kde 4.6.1 My desktop has : VGA compatible controller: ATI Technologies Inc RS690 [Radeon X1200 Series] This is legacy ATI stuff, radeon driver loaded (as was in 11.3) and seems to be operating. I am getting a somewhat periodic (5 secs or so) flicker on the display, fast enough to be annoying but not fast enough to really affect anything.
I have seen several threads about short freezes, but realize that flicker and freeze might be a matter of speed and memory, etc. I tried suspending Desktop Effects, that may have reduced the frequency of the flicker but did not eliminate.
View 6 Replies
View Related
Jul 12, 2010
I have tripwire 2.4.1 up and running on one of our servers, and I am now in the process of configuring it to exclude some files and/or directories that are known to change periodically between integrity checks.
I did some reading on the subject, and one file that came up was the tw.config file. However, when I did a search for the file, there was no instance of it on the server. My next thought was to modify the tw.pol file, and I did try to list some files to be excluded. However, when I tried to update the policy, I got an error message which indicated the syntax that I entered within the tw.pol file was incorrect.
If the tw.config file does not exist, can I create it, and modify the tw.pol file to indicate where the file is located on the server?
View 1 Replies
View Related
Sep 1, 2010
I want to write a function that shall execute periodic. means if i set time 1 sec that function should execute in each 1 sec. let us call that function func1. But i dnt want to wait inside the func1 for that 1 sec. Meanwhile i want to run another function say func2 in background . some thing like less priority function. Whnever the time come to execute the periodic function func1 it has to go to func1 and then again in the waiting time , the second function func2 will resume. I wanted to know how to do it.. Can somebody tell me is it possible using signal in linux.
View 6 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Apr 14, 2010
How can I make the security applet stop showing an update for firefox 3.5.9? I have a more recent version installed from mozilla repo: firefox 3.6. The mozilla repo already has a higher priority (95 instead of 99), so I don't know what to do.
View 5 Replies
View Related
Apr 15, 2015
For months I've been experiencing periodic screen freezes in Debian Jessie. I've tried many ways to debug/fix it without any luck...
I'm running GNOME 3 in Debian Jessie...
Code: Select all$ gnome-shell --version
GNOME Shell 3.12.2
$ cat /etc/issue
Debian GNU/Linux 8
l
On a ThinkPad X60 with a SSD.
Code: Select all$ lspci | grep VGA
00:02.0 VGA compatible controller: Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller (rev 03)
My screen freezes periodically.
By freeze, I mean that the mouse can still move, but everything else behind it is frozen entirelyI can switch to a terminal with CTRL+ALT+F1, it's ... I guess... X or gnome-shell or something that's frozen? Not the whole OS thoughThese freezes last anywhere between 5 or 10 seconds and 3-5 minutesI can't predict when they will occur, but often, after a suspend/resume, they will start occuring much more frequently. Also, they often happen after I enter my password and press ENTER on the lock screen after a resume from suspend. But not exclusively -- they can happen at any other time when I'm doing pretty much anything in GNOME...
Things I've Tried...
When frozen, I've tried to CTRL+ALT+F1, login, and run gnome-shell --replace... [*[When frozen, I can successfully CTRL+ALT+F1 and run `service gdm restart`... with the obvious downside of losing everything I have open. But the screen responds immediately and I can log back in to GNOMEI tried running `Xorg -configure` to generate an /etc/X11/xorg.conf file to edit, but received an error about not being able to generate configuration for multiple screens or something (I can retry and provide the exact error if this is a useful direction to try) is it the gnome-shell freezing? Is it X? Is it a problem with the X driver I'm using?
View 4 Replies
View Related
Jun 13, 2011
From version 11.3 to 11.4 now often occurs after a problem has already become annoying! My computer connects to internet through a router and sometimes after about 4, 5 hours going through the browser so I cannot reach Google or someone else's server Skype only stays connected!
This is not a hardware problem occurs because even after changing the router and the computer problem remains! When this happens the router has access to the Internet and other computer via wifi can connect without a problem! How to figure out where the problem comes? I attach the output of dmesg:
Code:
[40285.897112] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=1c:6f:65:81:21:73:00:1e:65:90:c9:a6:08:00 SRC=192.168.1.102 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57753 DF PROTO=TCP SPT=44432 DPT=22 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A001F96780000000001030307)
I checked this code in google and found that a similar prolem had people from the version 10.3 but I do not remember then I had this problem occur examples of 11.3.
View 9 Replies
View Related
Jul 29, 2010
I have been having problems with Xserver crashes (goes into low graphics mode). On inspection of my .xsession-errors file, I get X IO fatal errors 5, 11 and/or 104. Somehow my computer is losing its connection with the xserver (connection reset by peer) What is causing this? Should I post a report to launchpad? This happened before and after a clean install and more often when I opened a full screen game (SDL or OpenGL) Here is my xsession errors after my last crash:
[Code]....
View 1 Replies
View Related
Jun 1, 2010
I am from India, and I tried to update my Ubuntu system today. Code: $sudo apt-get update The update failed because the connection to the India mirror timed out: Code: [URL] Could not connect to in.archive.ubuntu.com:80 (111.91.91.37). - connect (110: Connection timed out) I tried the update a few times, with the same result every time.
I had firestarter running at this time, and noticed that I would get new security events every time I tried an update. I checked the events list, and it turned out that the machine at the ip address 111.91.91.37 (the in.archive.ubuntu.com machine, to go by the above error message) had been trying to make connections to seemingly random ports on the machine every time I tried the update: see the attached screenshot. I then changed my repositories to the Main Server using Synaptic, and tried the update again (from the command-line). This time it worked without a hitch, and firestarter did not report any unwanted incoming connection. why is the India mirror trying to open connections that the Main server apparently does not need in order for me to do the update? Should I (we) be concerned?
View 3 Replies
View Related
Feb 11, 2011
I was running 10.04 LTS and had decided to stick to the LTS versions as I'm now running my machine as a server and don't want to be updating regularly.Every time I logged in via SSH I got a message telling me there where packages to update including a security update. So I did a search to find out how to perform an update on Ubuntu server from the command line.What I found was to do this:sudo apt-get updatesudo apt-get dist-upgradeAfter doing that I rebooted but now my machine gives me this message:
init: ureadahead-other main process (794) terminated with status 4Your disk drives are being checked for errors, this may take some timePress C to cancel all checks currently inprogressI'm not pressing C yet and leaving it alone to finish, but I noticed when the machine booted that one of the options for booting talked about Ubuntu 10.10, so I'm worried that I've updated from 10.04 LTS to 10.10 by accident?
View 8 Replies
View Related
Apr 23, 2010
Libnss3-1d
xulrunner-1.9.1
xulrunner-1.9.1-gnome support
After click on install updates and entering password, a message says "Some of the packages could not be retrieved from the server(s). Do you want to continue, ignoring these packages? Yes/No.
If I answer No, this message appears:
W: Failed to fetch http://security.ubuntu.com/ubuntu/po....10.1_i386.deb
404 Not Found [IP: 91.189.88.31 80]
If Yes, it tries to download but immediately:
W: Failed to fetch http://security.ubuntu.com/ubuntu/po....10.1_i386.deb
404 Not Found [IP: 91.189.88.31 80]
It has always installed the updates with no problems, until these 3 updates remain in pending installation status.
View 4 Replies
View Related
Jan 12, 2011
I keep noticing disk activity every roughly 1 to 3 seconds even though there is "nothing" going on. Of course, I run a number of "system" and "user" application packages - Apache2, MySQL, Browsers (Opera, IceWeasel), an SMB client and server, OpenOffice 3.0RC8 being the most prominent ones. I wonder what might be the cause for this constant disk activity which happens even when none of the applications do any noticeable work at all. Is there a way to determine the process that does those disk read/writes?
View 6 Replies
View Related
