| View previous topic :: View next topic |
| Author |
Message |
FizzyWidget
Veteran
Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1
|
 Posted: Sun Dec 25, 2011 11:59 pm Post subject: Cant sign keyfiles using tripwire |
 |
|
I have created a twpol.txt file using the script here https://bugs.gentoo.org/344577 and have edited the twcfg.txt file to suit my requirements
| Code: | ROOT =/usr/sbin
POLFILE =/mnt/500musb/tripwire/server/tw.pol
DBFILE =/mnt/500musb/tripwire/server/$(HOSTNAME).twd
REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
SITEKEYFILE =/mnt/500musb/tripwire/server/site.key
LOCALKEYFILE =/mnt/500musb/tripwire/server/$(HOSTNAME)-local.key
EDITOR =/bin/nano
LATEPROMPTING =false
LOOSEDIRECTORYCHECKING =false
MAILNOVIOLATIONS =true
EMAILREPORTLEVEL =3
REPORTLEVEL =3
MAILMETHOD =SENDMAIL
SYSLOGREPORTING =false
MAILPROGRAM =/usr/lib/sendmail -oi -t |
I then run /etc/tripwire/twinstall.sh and it asks me for a site passphrase and then a local passphrase, which i put it, but right at the end it errors out with this message
| Quote: | Signing configuration file...
### Error: Invalid Keyfile format
### Exiting...
Error: signing of configuration file failed. |
and i am at a bit of a loss, i have used tripwire before, but i left things as default, I have since been advised that this is not advisable, so i decided to try it from fresh using a 500meg usb stick.
I have also edited the twpol.txt file to point towards the usb stick as there were a few options going to /etc/tripwire
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch. |
|
| Back to top |
|
 |
wcg
Guru
Joined: 06 Jan 2009
Posts: 588
|
| Posted: Mon Dec 26, 2011 10:13 am Post subject: |
|
|
(NB: I have not used Tripwire, but this is what I would do if I wanted to
use it and the same thing happened.)
Look in tw-install.sh for that error message. Is it coming from the shell
script or from some binary that the shell script is running to sign the file?
The essential question is which binary if any is reporting the error.
Say it is something like "/usr/sbin/tw-sign":
| Code: |
mv /usr/sbin/tw-sign /usr/sbin/tw-sign.bin
echo '#!/bin/sh' > /usr/sbin/tw-sign
echo "strace -f -o /tmp/trace_tw-sign.log /usr/sbin/tw-sign.bin" >> /usr/sbin/tw-sign
chmod 755 /usr/sbin/tw-sign
# or, if this runs as root,
# chmod 700 /usr/sbin/tw-sign
# If it runs as some tripwire-specific userid,
# chown tripwire_uid.tripwire_gid /usr/sbin/tw-sign
|
Then run your tw-install.sh script again. After it errors out, take a look at
/tmp/trace_tw-sign.log and see what happened (wrong pathname or something
else).
Don't forget to mv tw-sign.bin back to tw-sign afterwards. (Replace "tw-sign" with actual
binary called from the tw-install.sh script.)
You of course need strace installed for this. (It is in Portage.)
_________________
TIA |
|
| Back to top |
|
|
FizzyWidget
Veteran
Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1
|
| Posted: Mon Dec 26, 2011 10:15 am Post subject: |
|
|
Thanks for the suggestion, will have to look into it later as have family coming over soon so busy with other things 
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
