Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Is there a newer version of cops? Next Document: Cops won't "make" in some versions of linux (GNU). See reader questions & answers on this topic! - Help others by sharing your knowledge Fails the self-test (on fast machines): You have to slow it down (just the self-test scripts, not the tripwire binary itself). The test scripts create and then update a file, and then fail to detect that the timestamp has changed. But this is ok, because the timestamp has indeed not changed, because this all happens within a second on some modern machines. This occurs in a few places in the test scripts. If a second-boundary happens to be crossed during this brief interval, then that particular test will succeed, but another one might fail soon. In the tests directory, edit 3 of the 4 files named test.*.sh: in test.escape.sh, add "sleep 1" on line 46 (in the cert version), just before running tripwire; in inter and update, un-comment-out the "sleep 1". If this isn't good enough (obscure but can happen), use "sleep 2". See ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/README-third Dumps core when building the database (if you have 8-bit chars in filenames): Tripwire 1.2 contains a bug relating to octal printing of 8-bit chars in file names. The bug occurs in filename_escape() in src/utils.c. Double the size of the "octal_array" to contain all 256 possible entries, and change octal_array[(int)(*pcin)] to octal_array[*pcin & 255] farther down. (This only works if you have eight-bit bytes, of course, but most of us do.) Dumps core when verifying (this bug surfaces on some systems only): In config.parse.c just before the end of configfile_read(), on line 356 in the tripwire 1.2 distribution, there is a "rewind(fpout);". It should be conditional on "specified_configmode" as in the previous 'if' statement: at this point the values "fpin" and "fpout" are the same (see line 184), so it is actually rewinding the fp it might have closed in the previous line. So simply add the word "else" before the "rewind". (Perhaps change "fpout" to "fpin" for clarity, although this won't affect its behaviour.) User Contributions:Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Is there a newer version of cops? Next Document: Cops won't "make" in some versions of linux (GNU). Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: