I'm trying to install Tripwire, but everytime I run the apt-get command, I receive an error.
How do I fix this and get Tripwire installed?
EDIT: I'm getting the same error trying to install updates. I've never seen this error before and am not sure what could be causing this.
Can someone please tell me how to copy tripwire from my rh9 install and tranfer it to Fedora Core 5??
View 3 Replies View RelatedI am going to try to install Tripwire on my computer. I do not know why or how to configure Tripwire policy and configuration files.
View 1 Replies View RelatedI have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.
Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )
Code:
I have tripwire 2.4.1 up and running on one of our servers, and I am now in the process of configuring it to exclude some files and/or directories that are known to change periodically between integrity checks.
I did some reading on the subject, and one file that came up was the tw.config file. However, when I did a search for the file, there was no instance of it on the server. My next thought was to modify the tw.pol file, and I did try to list some files to be excluded. However, when I tried to update the policy, I got an error message which indicated the syntax that I entered within the tw.pol file was incorrect.
If the tw.config file does not exist, can I create it, and modify the tw.pol file to indicate where the file is located on the server?
I have tripwire 2.4.1.2 running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file. The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.
View 1 Replies View RelatedI have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:
- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?
- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?
- Would that be enough? Can I make that whole idea more secure in any way?
Recently I decided to utilize an IDS system. So I installed Open Source Tripwire. Not that I am too worried about anyone gaining a successful foothold on my system. But I wanted to learn and experience this IDS system. And no, this is not a new server install but I have never seen anything that resembles illegal activity. My server is an installed CentOS 5.3 with SELinux in targeted mode.
Tripwire has brought to light some interesting things. Installation states to verify rpm packages using rpm -Va. I have found that many of my system binaries are not the same size as if I were to replace them via yum. Most of the binaries are like twice the size compared to a newly installed package, of the same version. I'm not sure what to make of this. These programs are the original installs (CentOS 5.1) and I keep the system up to date regularly via yum.
I wonder if perhaps these system files installed are perhaps different then individual package size installed via yum? I have a hard time believing this as a package is a package. The only other possibility that comes to mind is that nearly my entire system has been hacked with new system files, and in a way that has revealed and suggest nothing. I find that far fetched as I have run this server for some time now and I should think I would know a problem as not a morning goes by that I haven't review my logs, as they are emailed to me. Thoughts about the difference in file sizes? Those installed via CentOS DVD verses those installed via yum?
I have been asked to investigate some of our servers that run tripwire 2.3.0 on Red Hat Linux Advanced Server release 2.1AS (Pensacola)
We have the reports emailed to us using cron and twprint -m r -r report -t 4, it has been growing steadily and today it was 9mb It seems the database records go back to before 2004 and are being compared against today's files.
I really need to be informed what needs to be done to tripwire to keep it serviced through cron. I have tried to google this but could not find any information that seemed to answer my questions.
Looking at the following guide url step 6 talks about "Updating the Database after an Integrity Check" using
Code:
# tripwire --update --twrfile /var/lib/tripwire/report/<name>.twr Should I be using this command or should I be re-creating the db every month or so and using the #tripwire -init?
Extract from report -
Quote:
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed
Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
code....
I need to understand how to change the expected to the observed so the db will be up to date.
I would also like some of the rules explained:What does removed and added mean? Is it removed as it has not changed and added if it finds a new one that has?
Code:
-------------------------------------------------------------------------------
Rule Name: System boot changes (/lib/modules)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 3075
----------------------------------------
code....
I have tripwire enterprise (not open source) agent running on one of my rhel4.8 web servers (I have actually tried with two servers with same results). The agent is a simple install rpm bin file and appears to be running as it should and the server for tripwire enterprise is set up accordingly. A windows tripwire enterprise agent is also on a windows machine that works perfectly well. But I cannot seem to get the tripwire server to talk to the agent on the red hat machine.
I can connect to port 9898 on the server, but the agent who also talks over the same port doesn't appear to be responding to the server on this port. There are no iptables set up to block the requests, there is no firewall set up (disabled) . Network team can see the packet requests being sent over the routers fine... So can't see why there would be a problem. So i reverted to the use of net cat.
Nc -l 9898 (on the agent machine)
Telnet <agent> 9898
But I get connection refused. Is there anything I could be missing here? Redhat is not my Linux of preference and it may be something obvious!
planning a takeover installation of Debian stable (Squeeze) on an old desktop machine. I have the installation CD #1. I want to install Tripwire early in the process as recommended by Tripwire documentation.
The Debian reference is excellent, as is the latest installation guide I have seen, but neither appear to cover the issue of how to ensure that Tripwire is installed, configured, and first snapshot taken early in the installation process.link to up-to-date document discussing this in the context of Debian Squeeze?
I tried to install suse 11.3 but every time the system shut down in the install process it never finish
I think that the FAN does not work
I have an Acer Aspire 5720z
Tried to install Gnome after the minimal server (console based) install.I would like to install a graphical GUI now What to do? wich packages? tried zypper gnome-desktop (or something similar) but it wasn't enough.
View 3 Replies View RelatedIf I install the factory release now, can I easily convert my system to a normal 11.3 point release later, after 11.3 is out? If so, how would I do it? (11.2 has an issue that affects me. It's fixed in 11.3 already, so I have to use 11.3 if I'm going to use openSUSE.)
View 4 Replies View RelatedIn /var/log/warn I can see :Code:Jul 18 19:29:41 Linux1 SuSEfirewall2: Warning: config 'vsftpd' not available I did install vsftpd, but I removed it and install pure-ftpd instead.
i have a backtrack install that i would like to keep while installing suse for an everyday OS; i start the install process but when it gets to partitioning the hard drive, it doesnt seem to recognize anything already being on there; it just gives me the setup for suse, ie:
sda1 ext3 = OS sda2 or sda5 = swap. do i have to configure a partition scheme? i installed ubuntu on a desktop alongside windows very easily due to grub graphical install/partition; is there not a similar function for suse?
I have an apparently stable installation of Xubuntu that I've hand-tweaked in a few ways. I'd like to be able to reinstall this system verbatim on this machine should a disk crash happen, etc.Is there a "standard" method to create an install and/or total-backup CD that would be an instantiation of the currently-installed-and-modified system?
View 1 Replies View RelatedI am installing Ubuntu Server 10.10 on and old Dell Laptop. The network connection is an Xircom PCMCIA card.During install, the computer sees and interacts via the network just fine. For example, I can ping the gateway. Also, the command "lspcmcia" works and show the Xircom card.When I reboot, however, there is no network access, and the "lspcmcia" command is not there. When I try "lspcmcia" the OS helpfully tells me that I can "apt-get" pcmciautils, but, without network access, that fails.I tried adding the install cdrom to apt using "apt-cdrom" and then tried to "apt-get" pcmciautils and it got further, installing some dependencies, but acted like it still was unable to locate the pcmciautils package.
View 1 Replies View RelatedTrying to install Ubuntu (tried several releases) on HP Pavillion Pentium 4 Proccessor 515 2.93 Gig 1M L2 cache 533mhz 90nm . Have 1 gig ram and 1Tb hd. Hangs on initial install screen for ever. Tried versions from 8.10 (origional disk) to 11.01. Machine works perfectly on Windows XP but who wants that? The model is pavillion 1000 system number pl397aa.
View 7 Replies View RelatedI downloaded Ubuntu and burned it to a CD-There was no problem with that part. It starts to install asks about the partition then the keyboard. Then it just stops and does nothing.
View 3 Replies View RelatedI'm an OpenSuse user wanting to try something different.Ubuntu Studios caught my attention. I had a brief play with an older version a while ago and liked whatI saw.Im having problems installing though.I've downloaded the 32bit version from the studio website link, and burnt the DVD.However the install always fails at the same stage: Select and install software.The error message is not specific, and no more information is given other than the step has failed.Any ideas what could be causing this? Ive tried to burn the DVD several times, on 2 different machines, but no luck so far.
View 8 Replies View RelatedInstalling Ubuntu 10.10 desktop.on a Highpoint rocketraid 2642.Installing Ubuntu, it does not find the drive?How do I install the drivers to install and boot after the installation from the raid drives?
View 1 Replies View RelatedI am on 10.10 using Gnome 2. When I go to install GIMP via Terminal, SPM or USC I get an error about not being able to install libpoppler-glib4. Odd thing is I have the updated version.
View 6 Replies View RelatedI am a rookie. Yesterday, I intended to install a dictionary with the command sudo apt-get install dict-xdict, but it turned out to fail with the error. Then, I quited with Ctrl+ c, and I did not care much till today because when I want install something else today, the error keeps coming out. Therefore, I think I would better remove dict-xdict first, so I use sudo apt-get remove dict-xdict, but the error still appears:
[Code]...
I have already tries sudo apt-get -f install dict-xdict and it doesn't work out. I am hoping to install some other applications now, but I have not idea what I could do to fix this problem or just circumvent it
Toward the end of installing Ubuntu 10.10 32bit (Alt CD) on my iMac 11,1, the installer asked me to type in the location for installing the grub boot loader.
I told it to use /dev/sda3 and it immediately failed. I'm still in the installer. Can anyone suggest a solution?
Here are my partitions on sda:
...from the shell in the installer, there is no grub.cfg in /target/boot/grub.
I'm trying to migrate from Ubuntu to OpenSUSE but for some reason I can't get the install to work. I've tried installing the GNOME live CD both from a CD and a USB but after I select installation it goes to the loading screen for a few seconds and then the screen goes black and it stays like that till I reboot. Is it a problem with my hardware or something or did something miss-write when I burned the CD/USB?
View 3 Replies View RelatedWhen I run it live, I see KDE4. When I install it off the same disk, it installs Gnome. I can't figure out how to install KDE4. I had no luck with apt-get install kde4 (E: Couldn't find package kde4), no luck with aptitude, no luck with Synaptic (The following packages have unresolved dependencis kdebase-runtime-bin-kde4).
View 3 Replies View RelatedI installed Kubuntu-Desktop on Ubuntu & now my Ubuntu installation is on the 2nd (data)partition! It's hard to believe but I'm looking at it from a live cd and that's what looks like happened.For right now, my main goal is to get Ubuntu back.Should I make the 2nd partition bootable so I have a dual-boot option at startup? Should I make the 2nd partition bootable & not the first? Can I uninstall Kubuntu somehow & have things return to how they were?I thought I was just loading an alternative sassion to Gnome.I thought that the only thing I said yes to was to use the KDE boot manager (or whatever).
View 8 Replies View RelatedI just installed a minimal version of Ubuntu 10.10 (with Openbox) over 10.04. Mainly everything's ok, but I have three problems:
1. When shutting down or rebooting, my speakers make a loud pop. Upon googling around, I found this topic on the Arch forums. Running
Code:
Before rebooting/shutting down works. I, however, would like to have this permanently fixed so I don't have to run these commands every time before rebooting/shutting down.
2. I can't install the ATi video card drivers. I downloaded the correct driver (10.9) from the ATi website and made sure I had the packages found here installed. I also made it executable by running
Code:
When I run the installer, using
Code:
I get this output:
Code:
3. When booting, I get a message saying something like "intel_ips can't find i915 symbols, so graphics turbo is disabled". When googling for this, I see this is a kernel related issue. Since I don't have any understandings of kernels, I thought this is a little too high up for me. What does it mean and how can I fix it, as it slows my boot down quite a bit?
I have just installed ubuntu on my machine which doesn't have Internet. I can access the net on my laptop and copy any files over. I am wanting to install blueman to tether my iPhone. I cannot find a .deb of it, so downloaded the tar.gz but the stock install doesnt have a compiler. I could download and copy over a compiler, but I'm guessing I'm going to be here hours copying over each dependancy that I come across (I'm guessing there may be a few) how I can tether my iPhone or how I can install blueman? Does anyone know of any pre-built packages I can just copy n install?
View 5 Replies View Related