Open ElToro1966 opened 3 years ago
Hi ElToro1966, sorry this is happening for you. Couple of quick ideas --
In the meantime, I'll spin up a 20.10 VM (with an es_ES.UTF-8 locale) and install with apt-get and see if I have any luck reproducing this.
Thanks, @brc0x1 I spent several hours trying to figure out the issue, I thought the problem was with the virtual machine...
My virtual machine in the VMware ESXi Hypervisor with HW Spec: CPU: 8 vCPUs RAM: 24 GB HARD DISK: 128 GB
And OS: Ubuntu 20.04.2 LTS (focal) I am also experiencing the same issue:
After setting the RESOLVE_IDS_TO_NAMES config value to false in tw.cfg the problem has been resolved;
I have a similar problem.
first there was a mistake: Software interrupt forced exit: Segmentation Fault
I added
RESOLVE_IDS_TO_NAMES =false
in tw.cfg
the previous error disappeared but a new error appeared:
Software interrupt forced exit: Segmentation Fault
Software interrupt forced exit: Emulation Trap
before the error was the output of the file name that is being processed, I added them to the exceptions, but it did not help.
how can this be solved?
HI @OmlineEditor, are you on Ubuntu 20.x also? When this happens, is the machine using any sort of directory service (LDAP/Active Directory, NIS, etc.) If setting RESOLVE_IDS_TO_NAMES didn't fix this for you, your best bet is probably going to be to rebuild from source without enabling static linking.
HI @OmlineEditor, are you on Ubuntu 20.x also? When this happens, is the machine using any sort of directory service (LDAP/Active Directory, NIS, etc.) If setting RESOLVE_IDS_TO_NAMES didn't fix this for you, your best bet is probably going to be to rebuild from source without enabling static linking.
Where can I get detailed instructions on how to do this?
@OmlineEditor Here's the readme section about building from source: https://github.com/Tripwire/tripwire-open-source/blob/master/README.md#building-ost . Let me know if you run into any difficulties or have any questions.
Brief question. I cannot $ sudo nano /etc/tripwire/tw.cfg
because the file contents appear as random symbols (the encryption?)
Though, even after unencrypting with $ sudo twadmin -m R /etc/tripwire/tw.cfg
it still would not display any intelligible readout, neither with sudo nano or sudo cat.
What am I missing?
( After fiddling I encrypted again with $ sudo twadmin -m E /etc/tripwire/tw.cfg
)
Hi @G0rd0n , to see the plaintext version of your config file, you'll need to use a different twadmin mode for that: twadmin -m f or twadmin --print-cfgfile . This is because a decrypted tw.cfg is still in a compressed binary form. If you have a plaintext config file and want to create or update a tw.cfg file, the mode for that is twadmin -m F or twadmin --create-cfgfile, and there's a similar pair of modes for creating and displaying policy files.
Okay, that actually makes sense. I will dig a bit deeper into this. Thank you for helping and explaining more about this product.
Hi @G0rd0n, can u wirte, me a command how i can edit tw.cfg? I'am a beginner and I don't know how to do this.
@karolk53 I can't really help you with this. I am just as much a novice as you are : P I haven't actually worked on this since my last post, so I would need to re-read a lot of stuff again. If I could spare the time then I could probably make it work, but it is on the backburner for now.
Hi @G0rd0n, can u wirte, me a command how i can edit tw.cfg? I'am a beginner and I don't know how to do this.
install a file manager and edit through it using the F4 key.
installation for ubuntu or Debian:
apt install mc
run programm, type the command as root
mc
go to the desired folder select the file and press F4
I encountered the same problem when I upgraded to 22.04. Your RESOLVE_IDS_TO_NAMES fix resolved the issue. However, now it segfaults near the end of the tripwire -init run when attempting to access the /tmp folder... The /tmp folder has the sticky bit set on its permissions. I'll experiment to see if this effects the result... Does anyone know if this issue will be corrected in the future? p.s., My ubuntu 22.04 machine is not a member of a samba AD domain nor does it use NIS.
For me this works:
cd /etc/tripwire
echo "RESOLVE_IDS_TO_NAMES=false" >> twcfg.txt
twadmin -m F -c tw.cfg -S site.key twcfg.txt
tripwire --init
....
The database was successfully generated.
On ubuntu after upgrading from 20.04 to 22.04, tripwire will segfault using policy and config files that worked under 20.04 and also after a fresh tripwire install using the default policy and config. The inclusion of RESOLVE_IDS_TO_NAMES = false in the config file only moves the point at which it will segfault. With RESOLVE_IDS_TO_NAMES = false set, the fault appears to occur at the very end of the run after the final file has been checked. Without the RESOLVE_IDS_TO_NAMES setting, the segfault occurs near the beginning of the run. (Note that this was run on an ubuntu install that was upgraded using the do-release-upgrade command on August 16, 2022. I have not tested tripwire on a fresh install of 22.04. The tripwire version is 2.4.3.7.0 built for x86_64-pc-linux-gnu. The date on the released tripwire executable is Nov 10 2021 and its size is 3140528 bytes.) Running tripwire under gdb does no good because it appears that all symbols have been striped from the released tripwire executable. It will segfault, but the backtrace is useless without symbols. I downloaded the tripwire source from the ubuntu 22.04 repository and recompiled it. However, it does not segfault. The apt-get --build command built the new executable with symbols and it is statically linked. So, I can't tell if the fresh compile is actually free of the problem (possibly due to statically linking to whatever libraries are on my computer) or if by including symbols or some other compiler option difference, the segfault problem was moved somewhere else. In any case, I have a working version of tripwire for now. Luckily, I found this on my desktop computer before running the 22.04 upgrade on any of my servers! Hopefully, the maintainers will provide a working released version of tripwire at some point in the future.
Has anyone found a solution? I made all kinds of changes as above, but the fix works for a few days, the same error happens again. Thank you!!
Has anyone found a solution? I made all kinds of changes as above, but the fix works for a few days, the same error happens again. Thank you!!
there is no solution, you need to fix the sources
Same here... My re-compiled version worked for a while and now it segfaults, too.
--- edit: Hmm... My recompiled version has been working fine for months now. I'm not sure why I thought it stopped working. Maybe I referenced the released copy by mistake? I completely removed the installed version and did a make install of my recompiled version. It appears to work. I'm not sure what the problem was.
Same here... My re-compiled version worked for a while and now it segfaults, too.
Did you manage to get it to work on 22? I'm having the same issue...
@zodman's fix shown in https://github.com/Tripwire/tripwire-open-source/issues/48#issuecomment-1218329046 worked for me... at least for now. This is on a fresh Debian 11.6 install, fail2ban 0.11.2-2 from Debian standard packages (Bullseye). [ https://packages.debian.org/bullseye/fail2ban ]
For comparison, it seems that Ubuntu Kinetic (22) is versioned : fail2ban_0.11.2-6.debian.tar.xz in its source... I haven't compared the context between Debian vs. Ubuntu, so I'm not unaware as to what patches/changes are present in the 0.11.2-6.
Yes, I experienced the same segfaulting issue that is reference above. Not sure that this is the same issue/causality that Ubuntu users are experiencing, TBH.
@zodman's fix shown in #48 NOT worked for me. On Debian 11.
... Processing: /tmp --- Generating information for: /tmp Software interrupt forced exit: Segmentation Fault Segmentation fault
Any idea? thanks
Was this ever resolved? Is it safe to reinstall the released version, yet? Do any developers read these posts? Or are we just posting into the ether?
Was this ever resolved? Is it safe to reinstall the released version, yet? Do any developers read these posts? Or are we just posting into the ether?
the project is dead, the last changes were 5 years ago. no one will fix anything
I had the same problem with a freshly installed Debian 12 (Bookworm).
Setting RESOLVE_IDS_TO_NAMES=false
in twcfg.txt helped but I think it's more like a workaround than a solution. Because this parameter should only be necessary if you use UIDs/GIDs from non-local directory servers like Active Directory or different LDAP servers. In this case the local system can't resolve the names (it can't find the username for UID 1001 or groupname for GID 2002). But on a standalone system without connection to NIS/LDAP/AD servers it should resolve every UID/GID.
The real problem on my system were wrong file permissions for the folder /usr/lib/firmware/intel/
and all subfolders and files within them. UID and GID were set to 3064 and 1199. Looks like a bug in the debian package that provides these files.
Solved the problem by setting the same owner & group to this folder like all other folders within /usr/lib/firmware/
with:
chown -R root:root /usr/lib/firmware/intel
You can find the problematic folder with:
tripwire --init -v
with -v
it will show all folders it's parsing. The last folder it's showing before the error occurs is the folder that makes trouble.
Hope this will help the one ore the other :)
Thanks, I'll give that a try when I have access to the problem computer again (next March). FYI, when I tried a fresh installation of ubuntu in a virtual machine, tripwire appeared to work fine right out of the box...
On Friday, October 27, 2023 at 11:12:53 PM GMT+8, S-A-L13 ***@***.***> wrote:
I had the same problem with a freshly installed Debian 12 (Bookworm). Setting RESOLVE_IDS_TO_NAMES=false in twcfg.txt helped but I think it's more like a workaround than a solution. Because this parameter should only be necessary if you use UIDs/GIDs from non-local directory servers like Active Directory or different LDAP servers. In this case the local system can't resolve the names (it can't find the username for UID 1001 or groupname for GID 2002). But on a standalone system without connection to NIS/LDAP/AD servers it should resolve every UID/GID.
The real problem on my system were wrong file permissions for the folder /usr/lib/firmware/intel/ and all subfolders and files within them. UID and GID were set to 3064 and 1199. Looks like a bug in the debian package that provides these files. Solved the problem by setting the same owner & group to this folder like all other folders within /usr/lib/firmware/ with: chown -R root:root /usr/lib/firmware/intel
You can find the problematic folder with: tripwire --init -v with -v it will show all folders he is parsing. The last folder it's showing before the error occurs is the folder that makes trouble.
Hope this will help the one ore the other :)
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>
I am trying to install tripwire on Ubuntu 20.10. I have tried to install it with
sudo apt install tripwire
And then I've followed the usual steps outlined here. That gives me:
Next, I tried to build the whole thing from scratch as outlined here. That worked here, but not for me; It just gave me the same segmentation fault. I checked file permissions in /etc/tripwire/, and they are all 644. I also looked at /var/crash/, and there is a _usr_sbin_tripwire.0.crash: