I a running TW on a CentOS 6.8
2.6.32-042stab120.5 #1 SMP Tue Oct 25 22:31:12 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux
with
yum-cron.noarch 3.2.29-75.el6.centos @updates

On March 21 there was following automatic update:

#==============================================================
Package Arch Version Repository Size
#==============================================================
Updating:
tripwire x86_64 2.4.3.3-1.el6 epel 1.4 M

Ever since this update the Object summary printed after a --check is empty (modified, added, or removed files are not listed any more). The number of violations is correct and the report file shows the violating files. The cfg and pol files have not changed, although there are new versions of the txt files present.

...
Total objects scanned: 41435
Total violations found: 39

#===========================================================
Object Summary:
#===========================================================

#-------------------------------------------------------------------------------
Section: Unix File System
#-------------------------------------------------------------------------------

#-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
#-------------------------------------------------------------------------------

#===========================================================
Error Report:
#===========================================================

No Errors

#-------------------------------------------------------------------------------

Hi,

I am trying to make an a portable version of the Tripwire agent.
But configure fails with the --enable-static option.
These are the last lines of its output :

checking for pthread_getspecific... no
checking for pthread_getspecific... no
checking for pthread_getspecific... no
configure: error: No posix threads detected, cannot continue.

I am guessing a library must be missing but I can't identify which one.
I am working on RHEL 7.6, glibc-static and glibc are installed and up-to-date.

Thank you for any guidance you can provide.

Hi,
I'm installing tripwire on Ubuntu 17.04. and keep runing into segmentation faults when running tripwire --init.
The seg fault is always at the same point in the process.
The server has been upgraded ( apt-get update / upgrade) and tripwire has been removed, purged, deleted and reinstalled three times.

There is no /var/lib/tripwire/servername.tld.org.twd file - as it wont get past the error to create one so checks etc all impossible

syslog shows:

Jun 24 06:02:56 prod03 tripwire[5582]: Integrity Check Failed: File could not be opened.
Jun 24 06:20:54 prod03 tripwire[6578]: Integrity Check Failed: File could not be opened.

Is there a place I can go to get support or are there files that will help you if this is an issue.

tripwire.txt

I have a filesystem with a handful of changes and a handful of errors (missing files that were specifically listed by the policy), and the "-t 2" level of report detail does not give the names of the affected/changed files. The File System Errors are reported, and the summary section reports how many files have been modified/added.

The "-t 1" and "-t 3" levels correctly report the affected filenames, and for "-t 3", the specific reason or reasons for reporting the file.

2.4.3.2 works as expected.

I've preserved the .twr file. It is not encrypted and you should be able to reproduce this for yourself. Let me know if you want a copy.

Great to see OST coming back to life... Nice work Brian and team.

Ron

I am helping to manage a Unix system that is running in FIPS mode, and we are unable to initialize Tripwire with our current policy file. I thought the issue was with the MD5 hash check, but I still receive this error even after removing any reference to the check in our policy:

[root tripwire]# tripwire --init -v
Open Source Tripwire(R) 2.4.3.7.0 built for x86_64-redhat-linux-gnu

Open Source Tripwire 2.4 Portions copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Opening configuration file: /etc/tripwire/tw.cfg
This file is encrypted.

Opening key file: /etc/tripwire/site.key
Opening key file: /etc/tripwire/<host>-local.key
Please enter your local passphrase: 
Opening key file: /etc/tripwire/site.key
Opening policy file: /etc/tripwire/tw.pol
This file is encrypted.
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
Processing:  /
--- Generating information for: /
--- Generating information for: /.autorelabel
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
Software interrupt forced exit: Abort
Software interrupt forced exit: Segmentation Fault

So far I've been unable to locate any other solutions, so I'm hoping someone here can point me in the right direction. Thanks in advance.

Hi,

Sometimes tripwire detects some modifications on all files of my ecryptfs partition:
[...]

Rule Name: Security Control (/home/tenflo/.ssh)
Severity Level: 66

Modified:
"/home/tenflo/.ssh"
"/home/tenflo/.ssh/authorized_keys"
[...]
mount | grep home
/home/.ecryptfs/tenflo/.Private on /home/tenflo type ecryptfs (rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=1048531b9e8064b3,ecryptfs_sig=1167f0335614ee57,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)

Whereas the sha512sum of my files don't change. Why tripwire detects a modification in this case?

Is there a way to filter filenames by pattern or regex?

For example, I would like to skip/exclude all Thumbnail cache files named Thumbs.db that Windows automatically creates. Or backup files that some text editors automatically create.

I am asking here because I could not find any mention of an appropriate mailing list, user forum or the like.

Hi,
I am using tripwire-2.4.3.7 on CentOS7.8.
Following steps provided in the tripwire instructions created both keys, config and policy files and initialised the database.
Running tripwire --check reports no errors as expected.
Then had to change system date by moving +2 days forward.
Running tripwire --check reports multiple errors indicating that all files are modified.
Obviously no files were modified on the system.
As far as I understood tripwire check will compare every file hash against a record in the database for file integrity including permissions.
How the system time can affect this check? No file has changed after moving system date forward.
I am interested to understand what can cause this kind of error reported by tripwire?
I am happy to provide more info if needed.

hello,

Under RHEL6 I use a clone of a the master branch. I have a policy of linux. I made the following test and I don't understand the result.

/sbin --> ${SEC_READONLY}

I generate a database etc...
To test it works I put a file under /sbin/ using touch /sbin/toto

And I do a scan.

The report says only a modification date on /sbin

but no file added.

Why It doesn't see toto file added inside /sbin/ ? strange...

best

bruno

has anyone tried to build triwire on windows?

I got Software interrupt forced exit: Segmentation Fault.
I got a corefile, dug out all the symbol files, fired up gdb and got a back trace...

#0  0x0000000000000421 in ?? ()
#1  0x0000000000455f03 in cFCONameTbl::Clear (this=this@entry=0x6f72c0 <cFCOName_i::msNameTbl>) at fconametbl.cpp:216
#2  0x0000000000455f9c in cFCONameTbl::~cFCONameTbl (this=0x6f72c0 <cFCOName_i::msNameTbl>, __in_chrg=<optimized out>) at fconametbl.cpp:160
#3  0x000000000058bf3d in __run_exit_handlers ()
#4  0x000000000058c10a in exit ()
#5  0x000000000044ddef in util_SignalHandler (sig=11) at tw_signal.cpp:71
#6  <signal handler called>
#7  0x00007f81105ec350 in _nss_systemd_is_blocked () from /lib/x86_64-linux-gnu/libnss_systemd.so.2
#8  0x00007f81105ed507 in _nss_systemd_getpwuid_r () from /lib/x86_64-linux-gnu/libnss_systemd.so.2
#9  0x00000000005f44b3 in getpwuid_r ()
#10 0x00000000005f4253 in getpwuid ()
#11 0x000000000049d02b in cUnixFSServices::GetUserName (this=<optimized out>, user_id=502, tstrUser=...) at unixfsservices.cpp:542
#12 0x0000000000462a29 in cFSPropDisplayer::InitForProp (this=0x3008c50, pFCO=<optimized out>, propIdx=<optimized out>) at fspropdisplayer.cpp:270
#13 0x00000000004635c5 in cFSPropDisplayer::InitForFCO (this=this@entry=0x3008c50, ifco=0x2c521d0) at fspropdisplayer.cpp:248
#14 0x000000000046d21b in cFCOReportUtil::InitPropDisplayer (gi=...) at fcoreportutil.cpp:118
#15 0x000000000046d3b5 in cFCOReportUtil::FinalizeReport (rr=...) at fcoreportutil.cpp:86
#16 0x0000000000436a51 in cTWModeIC::Execute (this=0xcb7730, pQueue=0x7ffd735bbd50) at twcmdline.cpp:1464
#17 0x000000000041a7dc in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at tripwiremain.cpp:229

... Looked at the source, Googled around and found the bit in https://github.com/Tripwire/tripwire-open-source#readme about RESOLVE_IDS_TO_NAMES=false. Setting that cured the segfault.

As there's already a signal handler, it wouldn't be too difficult to surround calls to getpwuid() etc with flag setting/clearing (e.g. boolRunningGetPWuid=true; getpwuid(); boolRunningGetPWuid=false;), then in the signal handler, if the flag is set, emit a message along the lines of Segfault in name resolution, try setting RESOLVE_IDS_TO_NAMES=false. Would be a bit more user-friendly than just Software interrupt forced exit: Segmentation Fault ;-)

Hi, I have installed tripwire on Linux Mint 19.1 following these instructions:
./touchconfig.sh
./configure
make
And I don't have error messages; I have executed make check successfully, too.
But if I wrote ./tripwire --init or ./twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key I have the message error bash: ./twadmin (or ./tripwire): File o directory doesn't exist.
Why? How could I resolve it?
Thanks.

Hi, I'm running tripwire on a server and it's been working well for years.
It was configured to deliver emails to a local address but I've recently changed it to deliver to an external email provider (via a local alias).

That provider is now rejecting the emails as they don't have a fully-qualified sender address.
For some reason the emails are sent with a from address that is just tripwire@machine_name, with no domain.
I've checked all my config and there is no reference to that address.
All my emailto values in my policy file are fully qualified.

Is there a way that I can configure that address please?

Thanks, Darren.

Thank you!

Thank you for your project and software!

Thank you for maintenance in the past and in the future!

Kind regards and season's greetings!

Hello, I will like to know how can I install TripWire in a Kubernetes Cluster. I am looking for a solution where I can install tripwire container along with the app's container in a single pod

g++ -DHAVE_CONFIG_H -I.. -I../.. -O -pipe -Wall -Wno-non-virtual-dtor -c -o integer.o integer.cpp
integer.cpp: In function ‘void MontgomeryReduce(word_, word_, const word_, const word_, const word_, unsigned int)’:
integer.cpp:743:8: warning: unused variable ‘carry’ [-Wunused-variable]
word carry = Add(R, R, M, N);
^
integer.cpp: In function ‘void CorrectQuotientEstimate(word_, word_, word&, word&, const word_, unsigned int’:
integer.cpp:903:7: warning: unused variable ‘borrow’ [-Wunused-variable]
word borrow = Subtract(R, R, T, N+2);
^
integer.cpp: In member function ‘Integer& Integer::operator++()’:
integer.cpp:1617:8: warning: unused variable ‘borrow’ [-Wunused-variable]
word borrow = Decrement(reg, reg.size);
^
In file included from modarith.h:9:0,
from integer.cpp:5:
algebra.h: In instantiation of ‘T AbstractEuclideanDomain::Gcd(const Element&, const Element&) const [with T = Integer; AbstractEuclideanDomain::Element = Integer]’:
integer.cpp:2111:46: required from here
algebra.h:276:35: error: ‘Equal’ was not declared in this scope, and no declarations were found by argument-dependent lookup at the point of instantiation [-fpermissive]
while (!Equal(g[i1], this->Zero()))
^
algebra.h:276:35: note: declarations in dependent base ‘AbstractGroup’ are not found by unqualified lookup
algebra.h:276:35: note: use ‘this->Equal’ instead

sh&££€&

&

e
r

f
d
f
g
h
h
f

f
f
f
f
g
g
g
g
h
h

hh
h

h
hh

g
h
h
h
h
h

gh
h
h

h
h
h
h
h
h
h
h
h
h
h

h
h
h

h
h

a

aa
a
a
a
a
a
a

G
G

G

D
E
F
G
G

S
D
G
H
H
H
J
Y

HY
R
S
S
G
H
J
J

JH
D

RT
H

D
S

t
hb

b
g
u
h
g
d
w
w
g
h

n
m
mm

nh
b
f
e

w
s
d
t
g

dd
d
d
s
s
s
a

a
sa
s

d
f
f
d
d
.

Hi there,
I need some information about return code. I try to look into code, but it's very difficult to have a complete list. It will be very nice to add this in man page.
Thank in advance,
Didier.

Hi,

I'm testing Tripwire Open Source on Ubuntu 16.04 LTS, but as soon as I run "tripwire --init" it crashes
with a segmentation fault:

root@xxx:~# tripwire --init -v
Open Source Tripwire(R) 2.4.3.1.0 built for x86_64-pc-linux-gnu
[...]
--- Generating information for: /usr/sbin/zic
Processing: /usr/sbin/siggen
--- Generating information for: /usr/sbin/siggen
Processing: /usr/sbin/tripwire
--- Generating information for: /usr/sbin/tripwire
Software interrupt forced exit: Segmentation Fault

A backtrace from gdb:
(gdb) bt
#0 0x0000000000000421 in ?? ()
#1 0x000000000043e679 in cFCONameTbl::Clear() ()
#2 0x000000000043e6ee in cFCONameTbl::~cFCONameTbl() ()
#3 0x00000000005818b8 in __run_exit_handlers ()
#4 0x0000000000581903 in exit ()
#5 0x000000000043679d in util_SignalHandler(int) ()
#6
#7 0x0000000000000000 in ?? ()
#8 0x00007f9769235fe9 in __pthread_initialize_minimal_internal () at nptl-init.c:471
#9 0x00007f97692355d1 in _init () at ../sysdeps/x86_64/crti.S:72
#10 0x00007f976944df58 in ?? () from /lib/x86_64-linux-gnu/libnss_sss.so.2
#11 0x000000000062f25a in call_init.part ()
#12 0x000000000062f415 in _dl_init ()
#13 0x0000000000620d35 in dl_open_worker ()
#14 0x000000000061e4f4 in _dl_catch_error ()
#15 0x0000000000620699 in _dl_open ()
#16 0x00000000005f2672 in do_dlopen ()
#17 0x000000000061e4f4 in _dl_catch_error ()
#18 0x00000000005f285e in __libc_dlopen_mode ()
#19 0x00000000005edd2d in __nss_next2 ()
#20 0x00000000005e34a0 in getpwuid_r ()
#21 0x00000000005e32a6 in getpwuid ()
#22 0x0000000000483706 in cUnixFSServices::GetOwnerForFile(std::__cxx11::basic_string<char, std::char_traits,

std::allocator > const&, std::cxx11::basic_string<char, std::char_traits, std::allocator >&) const ()
#23 0x000000000044922a in cFSPropDisplayer::InitForProp(iFCO const*, int) ()
#24 0x000000000044a0e1 in cFSPropDisplayer::InitForFCO(iFCO const*) ()
#25 0x000000000040ef1d in cTripwireUtil::CalcProps(iFCO, iFCOSpec const, iFCOPropCalc_, iFCOPropDisplayer_) ()
#26 0x000000000040145a in cGenerateDb::Execute(cFCOSpecList const&, cHierDatabase&, iFCOPropDisplayer_, cErrorBucket_, unsigned int) ()
#27 0x000000000041b056 in cTWModeDbInit::Execute(cErrorQueue*) ()
#28 0x000000000040db1f in main ()

Cheers,
Tom.

Hi,
i have a problem when i run "tripwire --init". In fact, I have this error :

user@ubuntu:/etc/tripwire$ tripwire --init

Error: File could not be opened.

Filename: /usr/local/etc/tw.cfg

Aucun fichier ou dossier de ce type

Configuration file could not be read.

Exiting...

I don't know with tripwire try access to /usr/local/etc/tw.cfg whereas my config file is in /etc/tripwire

Thanks for help :)

When sending mails, tripwire formats the Date header according to the locale in the LC_TIME environment variable. That header for mails should always be in the format specified in RFC 5322 section 3.3 and not be dependent on systems locale settings. Otherwise mails will be rejected by several strict mail servers.

I've noticed this behavior on the following version
Open Source Tripwire(R) 2.4.3.7.0 built for x86_64-pc-linux-gnu

I am trying to install tripwire on Ubuntu 20.10. I have tried to install it with

sudo apt install tripwire

And then I've followed the usual steps outlined here. That gives me:

$ sudo tripwire --init
Please enter your local passphrase: 
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
Software interrupt forced exit: Segmentation Fault
Segmentation fault

Next, I tried to build the whole thing from scratch as outlined here. That worked here, but not for me; It just gave me the same segmentation fault. I checked file permissions in /etc/tripwire/, and they are all 644. I also looked at /var/crash/, and there is a _usr_sbin_tripwire.0.crash:

ProblemType: Crash

Architecture: amd64

CrashCounter: 1

Date: Thu May 13 16:55:22 2021

DistroRelease: Ubuntu 20.10

ExecutablePath: /usr/sbin/tripwire

ExecutableTimestamp: 1587715517

ProcCmdline: tripwire

ProcCwd: /home/.../tripwire-open-source-2.4.3.7

ProcEnviron:

 LANGUAGE=en_US:en

 LC_ADDRESS=es_ES.UTF-8

 LC_NAME=es_ES.UTF-8

 LC_MONETARY=es_ES.UTF-8

 LC_PAPER=es_ES.UTF-8

 LANG=en_US.UTF-8

 TERM=xterm-256color

 LC_IDENTIFICATION=es_ES.UTF-8

 LC_TELEPHONE=es_ES.UTF-8

 LC_MEASUREMENT=es_ES.UTF-8

 LC_TIME=es_ES.UTF-8

 PATH=(custom, no user)

 LC_NUMERIC=es_ES.UTF-8

 SHELL=/bin/bash

ProcMaps:

 00400000-00401000 r--p 00000000 fd:01 25952498                           /usr/sbin/tripwire

 00401000-0066d000 r-xp 00001000 fd:01 25952498                           /usr/sbin/tripwire

 0066d000-00706000 r--p 0026d000 fd:01 25952498                           /usr/sbin/tripwire

 00707000-0071c000 r--p 00306000 fd:01 25952498                           /usr/sbin/tripwire

 0071c000-00722000 rw-p 0031b000 fd:01 25952498                           /usr/sbin/tripwire

 00722000-00729000 rw-p 00000000 00:00 0 

 01c23000-01ca4000 rw-p 00000000 00:00 0                                  [heap]

 7fb20cf25000-7fb20d025000 rw-p 00000000 00:00 0 

 7fb20d025000-7fb20d026000 r--p 00000000 fd:01 25954640                   /usr/lib/x86_64-linux-gnu/ld-2.32.so

 7fb20d026000-7fb20d04a000 r-xp 00001000 fd:01 25954640                   /usr/lib/x86_64-linux-gnu/ld-2.32.so

 7fb20d04a000-7fb20d053000 r--p 00025000 fd:01 25954640                   /usr/lib/x86_64-linux-gnu/ld-2.32.so

 7fb20d053000-7fb20d054000 r--p 0002d000 fd:01 25954640                   /usr/lib/x86_64-linux-gnu/ld-2.32.so

 7fb20d054000-7fb20d056000 rw-p 0002e000 fd:01 25954640                   /usr/lib/x86_64-linux-gnu/ld-2.32.so

 7fb20d056000-7fb20d07c000 r--p 00000000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d07c000-7fb20d1e9000 r-xp 00026000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d1e9000-7fb20d235000 r--p 00193000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d235000-7fb20d236000 ---p 001df000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d236000-7fb20d239000 r--p 001df000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d239000-7fb20d23c000 rw-p 001e2000 fd:01 25958112                   /usr/lib/x86_64-linux-gnu/libc-2.32.so

 7fb20d23c000-7fb20d240000 rw-p 00000000 00:00 0 

 7fb20d240000-7fb20d243000 r--p 00000000 fd:01 25958121                   /usr/lib/x86_64-linux-gnu/libnss_files-2.32.so

 7fb20d243000-7fb20d24b000 r-xp 00003000 fd:01 25958121                   /usr/lib/x86_64-linux-gnu/libnss_files-2.32.so

 7fb20d24b000-7fb20d24d000 r--p 0000b000 fd:01 25958121                   /usr/lib/x86_64-linux-gnu/libnss_files-2.32.so

 7fb20d24d000-7fb20d24e000 r--p 0000c000 fd:01 25958121                   /usr/lib/x86_64-linux-gnu/libnss_files-2.32.so

 7fb20d24e000-7fb20d24f000 rw-p 0000d000 fd:01 25958121                   /usr/lib/x86_64-linux-gnu/libnss_files-2.32.so

 7fb20d24f000-7fb20d255000 rw-p 00000000 00:00 0 

 7fb20d271000-7fb20d278000 r--s 00000000 fd:01 26611939                   /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache

 7fb20d278000-7fb21aa56000 r--p 00000000 fd:01 25956329                   /usr/lib/locale/locale-archive

 7fb21aa56000-7fb21aab8000 rw-p 00000000 00:00 0 

 7ffe5608a000-7ffe560ab000 rw-p 00000000 00:00 0                          [stack]

 7ffe561b2000-7ffe561b6000 r--p 00000000 00:00 0                          [vvar]

 7ffe561b6000-7ffe561b8000 r-xp 00000000 00:00 0                          [vdso]

 ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]

ProcStatus:

 Name:  tripwire

 Umask: 0022

 State: S (sleeping)

 Tgid:  170790

 Ngid:  0

 Pid:   170790

 PPid:  170789

 TracerPid: 0

 Uid:   0   0   0   0

 Gid:   0   0   0   0

 FDSize:    64

 Groups:    0 

 NStgid:    170790

 NSpid: 170790

 NSpgid:    170789

 NSsid: 65176

 VmPeak:      228636 kB

 VmSize:      228636 kB

 VmLck:        0 kB

 VmPin:        0 kB

 VmHWM:     4788 kB

 VmRSS:     4788 kB

 RssAnon:        908 kB

 RssFile:       3880 kB

 RssShmem:         0 kB

 VmData:        2048 kB

 VmStk:      132 kB

 VmExe:     2480 kB

 VmLib:     1644 kB

 VmPTE:       64 kB

 VmSwap:           0 kB

 HugetlbPages:         0 kB

 CoreDumping:   1

 THP_enabled:   1

 Threads:   1

 SigQ:  0/127780

 SigPnd:    0000000000000000

 ShdPnd:    0000000000000000

 SigBlk:    0000000000000000

 SigIgn:    0000000000001000

 SigCgt:    00000000418000fc

 CapInh:    0000000000000000

 CapPrm:    000000ffffffffff

 CapEff:    000000ffffffffff

 CapBnd:    000000ffffffffff

 CapAmb:    0000000000000000

 NoNewPrivs:    0

 Seccomp:   0

 Speculation_Store_Bypass:  thread vulnerable

 Cpus_allowed:  ffff

 Cpus_allowed_list: 0-15

 Mems_allowed:  00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001

 Mems_allowed_list: 0

 voluntary_ctxt_switches:   4

 nonvoluntary_ctxt_switches:    17

Signal: 11

Uname: Linux 5.8.0-50-generic x86_64

UserGroups: N/A

_LogindSession: c2

CoreDump: base64

Tripwire 2.4.3.2 won't compile on Alpine Linux 3.5, Tripwire 2.4.3.1 works fine.
config.log.txt

make[3]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/cryptlib'
Making all in core
make[3]: Entering directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/core'
g++ -DHAVE_CONFIG_H		 -I. -I../..  -I./..   -O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -c -o archive.o archive.cpp
In file included from archive.cpp:42:0:
fsservices.h:294:36: error: 'uid_t' has not been declared
   virtual bool        GetUserName( uid_t user_id, TSTRING& tstrUser ) const = 0;
                                    ^~~~~
fsservices.h:295:37: error: 'gid_t' has not been declared
   virtual bool        GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const = 0;
                                     ^~~~~
make[3]: *** [Makefile:411: archive.o] Error 1
make[3]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/core'
make[2]: *** [Makefile:340: all-recursive] Error 1
make[2]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src'
make[1]: *** [Makefile:385: all-recursive] Error 1
make[1]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2'
make: *** [Makefile:326: all] Error 2

adding #include <sys/stat.h> to src/core/fsservices.h fixes the build, but will fail on make install:

make[3]: Entering directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/cryptlib'
make[3]: Nothing to be done for 'install-exec-am'.
 ../.././install-sh -c -d '.'
 /usr/bin/install -c -m 644 algebra.h asn.h config.h cryptlib.h des.h elgamal.h eprecomp.h filters.h forkjoin.h integer.h iterhash.h misc.h modarith.h nbtheory.h pch.h queue.h rng.h sha.h smartptr.h words.h zbits.h zdeflate.h zinflate.h ztrees.h '.'
install: 'algebra.h' and './algebra.h' are the same file
install: 'asn.h' and './asn.h' are the same file
install: 'config.h' and './config.h' are the same file
install: 'cryptlib.h' and './cryptlib.h' are the same file
install: 'des.h' and './des.h' are the same file
install: 'elgamal.h' and './elgamal.h' are the same file
install: 'eprecomp.h' and './eprecomp.h' are the same file
install: 'filters.h' and './filters.h' are the same file
install: 'forkjoin.h' and './forkjoin.h' are the same file
install: 'integer.h' and './integer.h' are the same file
install: 'iterhash.h' and './iterhash.h' are the same file
install: 'misc.h' and './misc.h' are the same file
install: 'modarith.h' and './modarith.h' are the same file
install: 'nbtheory.h' and './nbtheory.h' are the same file
install: 'pch.h' and './pch.h' are the same file
install: 'queue.h' and './queue.h' are the same file
install: 'rng.h' and './rng.h' are the same file
install: 'sha.h' and './sha.h' are the same file
install: 'smartptr.h' and './smartptr.h' are the same file
install: 'words.h' and './words.h' are the same file
install: 'zbits.h' and './zbits.h' are the same file
install: 'zdeflate.h' and './zdeflate.h' are the same file
install: 'zinflate.h' and './zinflate.h' are the same file
install: 'ztrees.h' and './ztrees.h' are the same file
make[3]: *** [Makefile:392: install-libcryptlib_aHEADERS] Error 1
make[3]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/cryptlib'
make[2]: *** [Makefile:507: install-am] Error 2
make[2]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src/cryptlib'
make[1]: *** [Makefile:340: install-recursive] Error 1
make[1]: Leaving directory '/home/vagrant/src/tripwire/tripwire-open-source-2.4.3.2/src'
make: *** [Makefile:385: install-recursive] Error 1

Hello

I am making some changes to the source code and trying to generate a binary file again. But I cannot achieve this. I tried with "make" and "make install", but no changes were made.

How should I use which commands to recompile and run the existing project on the machine ?

Thank you.

policy.y:221:1: error: narrowing conversion of '65535' from 'int' to 'short int' inside { } [-Wnarrowing]
Complete issue can be found here: https://bugzilla.redhat.com/attachment.cgi?id=1126647

Would be great if you'd have some simple instructions how to install from source.

Attempt:

git clone <repo>
./touchconfig.sh
./configure
make
./installer/install.sh /root/tripwire-open-source/installer/install.cfg -n -f -s abc123 -l 123abc

Gives me:

Error: configuration parameter $TWPOLICY undefined.
There is an error in the configuration file /root/tripwire-open-source/installer/install.cfg.

Hello,

tripwire --update --accept-all will fail to properly update datbase.

Expected Behavior
Properly update dabatase

Actual Behavior

### Error: File could not be opened.
### Filename: /var/lib/tripwire/report/billmanager.ct-20190816-144759.twr
### No such file or directory
### Exiting...

Additional Notes
Distribution: CentOS 7
Version: tripwire-2.4.3.7-1.el7.x86_64

Would changing REPORTFILE to a static file fixes this?

If I run tripwire on my server, it causes my disk buffer cache to fill up, which pushes legitimate applications out of RAM and into the swap space.

An option in to bypass the disk buffer cache would be welcome, as it would allow me to use tripwire on my server without grinding it to a halt.

More information at: https://bugs.gentoo.org/show_bug.cgi?id=595398
Thanks.

The specific error is:

x86_64-pc-linux-gnu-g++ -DHAVE_CONFIG_H		  -I.. -I../..  -DCONFIG_DIR="\"/etc/tripwire\"" -fno-strict-aliasing  -Werror=terminate -march=native -O2 -pipe -c -o asn.o asn.cpp
In file included from asn.cpp:4:0:
asn.cpp: In destructor ‘virtual BERSequenceDecoder::~BERSequenceDecoder()’:
asn.h:15:45: error: throw will always call terminate() [-Werror=terminate]
 #define BERDecodeError() throw BERDecodeErr()
                                             ^
asn.cpp:90:13: note: in expansion of macro ‘BERDecodeError’
             BERDecodeError();
             ^~~~~~~~~~~~~~
asn.h:15:45: note: in C++11 destructors default to noexcept
 #define BERDecodeError() throw BERDecodeErr()
                                             ^
asn.cpp:90:13: note: in expansion of macro ‘BERDecodeError’
             BERDecodeError();
             ^~~~~~~~~~~~~~

the README is rather minimal. im interested, but there's not enough info to digest whether or not this is a good option for me!

Hi,

First thanks for your application.

2 cpp files have executable permissions:

• src/db/hierdatabase.cpp
• src/core/codeconvert.cpp

Best regards,

Didier.

Hi, I search to send my report by mail, but i don't find anywhere good informations.
I have to the report via a service account (that take an authentification) via SMTP to send email on my personnal address mail
So, can you help me please ? :)

Is there any plan to support a more modern file hash? Sha2/3 maybe?

https://shattered.io/

github by default creates tarballs like 2.4.3.4.tar.gz. If a user is downloading the file via a browser, it is translated to a proper file name like tripwire-open-source-2.4.3.4.tar.gz.

If users want to fetch the file via wget of curl, this translation does not work. This is especially a problem if users want to download a set of programs using a list of urls.

Please set up a link so a user can fetch a properly named tarball using wget without the need to specify a -O option. See for example https://github.com/logrotate/logrotate/releases

-- Bruce Dubbs
linuxfreomscratch.org

Binaries are not stripped after make install:

alpine:~/local/sbin$ file *
siggen:   ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, not stripped, with debug_info
tripwire: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, not stripped, with debug_info
twadmin:  ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, not stripped, with debug_info
twprint:  ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, not stripped, with debug_info

alpine:~/local/sbin$ objdump -h tripwire | grep debug
 26 .debug_aranges 000000b0  0000000000000000  0000000000000000  00133270  2**4
 27 .debug_info   0000018b  0000000000000000  0000000000000000  00133320  2**0
 28 .debug_abbrev 000000b7  0000000000000000  0000000000000000  001334ab  2**0
 29 .debug_line   000000ed  0000000000000000  0000000000000000  00133562  2**0
 30 .debug_frame  00000038  0000000000000000  0000000000000000  00133650  2**3
 31 .debug_str    00000171  0000000000000000  0000000000000000  00133688  2**0
 32 .debug_loc    000000d6  0000000000000000  0000000000000000  001337f9  2**0
 33 .debug_ranges 000000a0  0000000000000000  0000000000000000  001338d0  2**4

Also --enable-static will not produce actual static binaries (despite not having any dynamic dependencies):

alpine:~/local2/sbin$ file tripwire
tripwire: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped, with debug_info

alpine:~/local2/sbin$ ldd tripwire
	ldd (0x79ff1aacf000)

alpine:~/local2/sbin$ scanelf -n tripwire 
 TYPE   NEEDED FILE 
ET_DYN  tripwire 

alpine:~/local2/sbin$ objdump -h tripwire | head

tripwire:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .gnu.hash     00000160  0000000000000190  0000000000000190  00000190  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .dynsym       000003c0  00000000000002f0  00000000000002f0  000002f0  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .dynstr       0000065c  00000000000006b0  00000000000006b0  000006b0  2**0

dynamic.config.log.txt
static.config.log.txt

I should have noticed this with 2.4.3.3-dev, sorry.