Package: tripwire Version: 2.4.3.7-4+b9 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Maintainer, The latest version of tripwire segfaults during a run. I've taken an strace, but it's over a Gb lond, and still over 100 Mb when tarred and feathered. I'll try and attach the last couple of hundred lines. I do note that the last couple of files that it was checking before it failed were symlinks to other files (/lib/x86_64-linux-gnu/libbsd.so.0 and /lib/x86_64-linux-gnu/libmd.so.0), but I don't know whether that's relevant or not. - -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.5.khufu (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0] 1.5.82 ii sendmail-bin [mail-transport-agent] 8.17.2-1 tripwire recommends no packages. tripwire suggests no packages. - -- Configuration Files: /etc/tripwire/twpol.txt changed: @@section GLOBAL TWBIN = /usr/sbin; TWETC = /etc/tripwire; TWVAR = /var/lib/tripwire; @@section FS SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change SEC_BIN = $(ReadOnly) ; # Binaries that should not change SEC_CONFIG = $(Dynamic) ; # Config files that are changed # infrequently but accessed # often SEC_LOG = $(Growing) ; # Files that grow, but that # should never change ownership SEC_INVARIANT = +tpug ; # Directories that should never # change permission or ownership SIG_LOW = 33 ; # Non-critical files that are of # minimal security impact SIG_MED = 66 ; # Non-critical files that are of # significant security impact SIG_HI = 100 ; # Critical files that are # significant points of # vulnerability ( rulename = "Tripwire Binaries", severity = $(SIG_HI) ) { $(TWBIN)/siggen -> $(SEC_BIN) ; $(TWBIN)/tripwire -> $(SEC_BIN) ; $(TWBIN)/twadmin -> $(SEC_BIN) ; $(TWBIN)/twprint -> $(SEC_BIN) ; } ( rulename = "Tripwire Data Files", severity = $(SIG_HI) ) { $(TWVAR)/$(HOSTNAME).twd -> $(SEC_CONFIG) -i ; $(TWETC)/tw.pol -> $(SEC_BIN) -i ; $(TWETC)/tw.cfg -> $(SEC_BIN) -i ; $(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ; $(TWETC)/site.key -> $(SEC_BIN) ; #don't scan the individual reports $(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ; } ( rulename = "Critical system boot files", severity = $(SIG_HI) ) { /boot -> $(SEC_CRIT) ; /lib/modules -> $(SEC_CRIT) ; } ( rulename = "Boot Scripts", severity = $(SIG_HI) ) { /etc/init.d -> $(SEC_BIN) ; /etc/rcS.d -> $(SEC_BIN) ; /etc/rc0.d -> $(SEC_BIN) ; /etc/rc1.d -> $(SEC_BIN) ; /etc/rc2.d -> $(SEC_BIN) ; /etc/rc3.d -> $(SEC_BIN) ; /etc/rc4.d -> $(SEC_BIN) ; /etc/rc5.d -> $(SEC_BIN) ; /etc/rc6.d -> $(SEC_BIN) ; /etc/systemd -> $(SEC_BIN) ; } ( rulename = "Root file-system executables", severity = $(SIG_HI) ) { /bin -> $(SEC_BIN) ; /sbin -> $(SEC_BIN) ; } ( rulename = "Root file-system libraries", severity = $(SIG_HI) ) { /lib -> $(SEC_BIN) ; } ( rulename = "Security Control", severity = $(SIG_MED) ) { /etc/passwd -> $(SEC_CONFIG) ; /etc/shadow -> $(SEC_CONFIG) ; } ( rulename = "Root config files", severity = 100 ) { /root -> $(SEC_CRIT) ; # Catch all additions to /root /root/.bashrc -> $(SEC_CONFIG) ; /root/.bash_profile -> $(SEC_CONFIG) ; /root/.Xdefaults -> $(SEC_CONFIG) ; /root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode number on login /root/.ICEauthority -> $(SEC_CONFIG) ; } ( rulename = "Devices & Kernel information", severity = $(SIG_HI), ) { /dev -> $(Device) ; } ( rulename = "Things that change all the time", severity = 0 ) { /etc/cups/printers.conf -> $(IgnoreAll) ; /etc/cups/printers.conf.O -> $(IgnoreAll) ; /etc/cups/subscriptions.conf -> $(IgnoreAll) ; /etc/cups/subscriptions.conf.O -> $(IgnoreAll) ; /root/.bash_history -> $(IgnoreAll) ; /root/.cache/dconf/user -> $(IgnoreAll) ; /root/.emacs.d/auto-save-list -> $(IgnoreAll) ; /root/.gnupg/random_seed -> $(IgnoreAll) ; /root/.lesshst -> $(IgnoreAll) ; /root/.local/share/lftp/transfer_log -> $(IgnoreAll) ; /root/.mc -> $(IgnoreAll) ; /root/.viminfo -> $(IgnoreAll) ; /root/.xsession-errors -> $(IgnoreAll) ; } ( rulename = "Other configuration files", severity = $(SIG_MED) ) { /etc -> $(SEC_BIN) ; } ( rulename = "Other binaries", severity = $(SIG_MED) ) { /usr/local/sbin -> $(SEC_BIN) ; /usr/local/bin -> $(SEC_BIN) ; /usr/sbin -> $(SEC_BIN) ; /usr/bin -> $(SEC_BIN) ; /opt -> $(SEC_BIN) ; } ( rulename = "Other libraries", severity = $(SIG_MED) ) { /usr/local/lib -> $(SEC_BIN) ; /usr/lib -> $(SEC_BIN) ; /usr/share/perl5 -> $(SEC_BIN) ; } ( rulename = "Invariant Directories", severity = $(SIG_MED) ) { / -> $(SEC_INVARIANT) (recurse = 0) ; /home -> $(SEC_INVARIANT) (recurse = 0) ; /tmp -> $(SEC_INVARIANT) (recurse = 0) ; /usr -> $(SEC_INVARIANT) (recurse = 0) ; /var -> $(SEC_INVARIANT) (recurse = 0) ; /var/tmp -> $(SEC_INVARIANT) (recurse = 0) ; } - -- debconf information: tripwire/upgrade: true tripwire/site-passphrase-incorrect: false tripwire/change-in-default-policy: * tripwire/rebuild-config: true * tripwire/installed: * tripwire/use-localkey: true * tripwire/rebuild-policy: true tripwire/local-passphrase-incorrect: false * tripwire/use-sitekey: true tripwire/email-report: tripwire/broken-passphrase: -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEETZlw4yMXM0sUHntjEvfoZbXi52EFAmUYeYUOHHJqbXhAcmpt eC5uZXQACgkQEvfoZbXi52GHBw/+KQDt9tCiDL0Fyp0Xbni34j+e2VmMyhTOTtOJ flrYtsw2QsahIEKaL6JNA1sVhIrFFAhjgMF/PW3/k1yLqbBoEt0JruiE6eVfd2Hl A8F1QOuXWFiPTWSd6ZryFDSaH2oRNG6VJAYUsLHuJKVsQyDCCG0/UlYnZ5ifR9sF krzMWbMx33J83+ZiNCHvkOh+49/++iLf/2UuDo6E0K+UnxFtoWw/xoMwthGfYEkt 45yMFG7Ma9i5NRrjvpSM78gXKRbqZ0U0MI27WTjyXZb58QG1hMYi5/QIL/7t9vJd Hmf1DZIo16ZSwsizrK7eLCRnm6U8topPbEqw97sSoDqXoBMGKWuDVhsnqJdLTlXz QYVdy2ddDln4ZY9n5VN8rJflKSmSEfN6ACJwbS+ZwktRY4UoVCSHwBuSYKnr9wm+ MgdtThmR9YgIr2bJ45r1u/+2UtUUvtaSkue2qu/WbB/Xx2/zH1AKIFSwtI2QiTdP Gxukb7rkZpgHjzmK3gJxq42FYoDBObio1hIKmgiTtJvjy83evyG2NY+NUU9rjwvN M3rukq2QqK/xkYmyhldrhal6jfN92VuQdxNcOMe9NQ7/3ho/v0QzElKSzz20Lojq /CY9FmPFXY3Sl2lkJ3rqTme3+Cm98P6lATFC7YkLieldURpo5ExU1dvXC8u7hG2P 3i0zaQo= =u4zG -----END PGP SIGNATURE-----