Hello,
I have written a script which send the report to a email address.
Finally it was the solution the most simplest.
Thank you for your help
Regards
Cédric
> From: onea...@hotmail.com
> To: debian-user@lists.debian.org
> Subject: Tripwire can'
On Mon, Apr 25, 2011 at 04:47:39PM +, Camaleón wrote:
> On Mon, 25 Apr 2011 16:28:09 +, Cedric DC wrote:
>
> >> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
> > I have read the "man tripwire". It's not possible to s
On Sun, Apr 24, 2011 at 07:28:42AM +, Cedric DC wrote:
>
> Hello,
>
> I repost my question because I don't have posted it in the right way. I'm
> sorry, it's my first post in the Debian mailing list.
>
> I have setup tripwire on a Debian 6. I have trip
I have change a settings in my hotmail email.
I hope that's OK now.
> Date: Mon, 25 Apr 2011 08:40:39 -0600
> From: pecon...@mesanetworks.net
> To: debian-user@lists.debian.org
> Subject: Re: Tripwire can't send report by emai
On Mon, 25 Apr 2011 16:28:09 +, Cedric DC wrote:
>> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
> I have read the "man tripwire". It's not possible to specify the
> sender email address.
Recheck "man 8 tripwire" (test mod
> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
I have read the "man tripwire". It's not possible to specify the sender email
address.
> 2/ Configure your MTA/MDA to go out with a real/routeable e-mail address.
I try to translate the em
Cedric,
I don't have much to offer on your problem with tripwire, but your emails
to debian-user are being caught by a spam filter that I have recently
installed that is claimed by its author to filter out 'unreadable' spam.
This may be happening to other subscribers ot debian-
On Sun, Apr 24, 2011 at 07:45:37AM +, Cedric DC wrote:
>
> I don't find how to change this "" by a FQDN the
>
> If I try to launch hostname -v, I have the FQDN of my server.
> root@proxytest:/etc/tripwire# hostname -f
> proxytest.subdomain.mydomain.com
>
ve not "masqueraded" (and you need to) your fancy e-mail
address when you are going throught Internet.
So basically you have to go with one of these options:
1/ Instruct tripwire to use a real e-mail sender (whether possible)
2/ Configure your MTA/MDA to go out with a real/routeable e-mai
I don't find how to change this "" by a FQDN the
If I try to launch hostname -v, I have the FQDN of my server.
root@proxytest:/etc/tripwire# hostname -f
proxytest.subdomain.mydomain.com
Can I specify the "From address" in twcfg.txt ?
root@proxytest:/
Hello,
I repost my question because I don't have posted it in the right way. I'm
sorry, it's my first post in the Debian mailing list.
I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr
files) in the directory /var/lib/tripwire/report/
With the followin
On 04/23/2011 03:18 PM, Cedric DC wrote:
[snip]
If I try to launch this in command line I have this message :
root@proxytest:/etc/cron.daily# /usr/sbin/tripwire --test --email
t...@mydomain.com
Sending a test message to: t...@mydomain.com
### Error: The SMTP server returned an error.
### Error
On Sat, Apr 23, 2011 at 02:21:01PM -0700, evenso wrote:
> It is far more appropriate to ask your question with a new thread rather
> than piggy back a question onto someone else's question.
>
> You can ask your own question by addressing your mail to
>
> debian-user@lists.debian.org
>
> with a
On Sat, Apr 23, 2011 at 08:18:50PM +, Cedric DC wrote:
>
> Hello,
>
> I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr
> files) in the directory /var/lib/tripwire/report/
> With the following command I can read the report.
> twprint --p
Hello,
I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr
files) in the directory /var/lib/tripwire/report/
With the following command I can read the report.
twprint --print-report --twrfile proxytest-20110421-135326.twr > test-log
I would like send the report by em
On Tuesday, November 09, 2010 02:35:39 you wrote:
>Sadly, debsums doesn't work for such basic packages as binutils and
>sysklogd.
It does; just not quite in the way you would like. Many packages are shipped
without debsums. However, debsums uses a dpkg/apt hook to generate sums for
any package
In <201011090408.16027.jesus.nava...@undominio.net>, Jesús M. Navarro wrote:
>Hi, Boyd:
>On Tuesday 09 November 2010 03:39:58 Boyd Stephen Smith Jr. wrote:
>> In theory, it could be possible for dpkg/apt to update the tripwire
>> database automatically. I recommen
Thank you, I had forgotten debsums.
Sadly, debsums doesn't work for such basic packages as binutils and sysklogd.
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: "Boyd Stephen Smith Jr."
Date: Mon, 8 Nov 2010 20:39:58
To:
Subject: Re: How do I keep
Hi, Boyd:
On Tuesday 09 November 2010 03:39:58 Boyd Stephen Smith Jr. wrote:
> In , Josh
> Narins
>
> wrote:
> >Installing packages, updating packages, removing packages.
> >
> >These basic operations result in lots of tripwire noise. Was the
> >change to /usr/
In , Josh Narins
wrote:
>Installing packages, updating packages, removing packages.
>
>These basic operations result in lots of tripwire noise. Was the
>change to /usr/sbin/zic part of a legitimate update, or a
>super-secret-stealth attack?
>
>At this point I wish I could md
Installing packages, updating packages, removing packages.
These basic operations result in lots of tripwire noise. Was the
change to /usr/sbin/zic part of a legitimate update, or a
super-secret-stealth attack?
At this point I wish I could md5sum every binary and library file
managed by the OS
On Fri, Sep 01, 2006 at 12:18:26PM -0300, Alejandro wrote:
> Dear all, I've been use Tripwire since a lot of years on my Debian
> boxes, but now I want to know if there is any file integrity checker
> package better than Tripwire, that presents any visible advantage...or
> is T
Dear all, I've been use Tripwire since a lot of years on my Debian
boxes, but now I want to know if there is any file integrity checker
package better than Tripwire, that presents any visible advantage...or
is Tripwire still the best option at the present ???
Really thanks,
Alejandro
-
on Thu, Jan 05, 2006 at 11:52:06AM -0800, Todd A. Jacobs ([EMAIL PROTECTED])
wrote:
> The amount of data that tripwire reports on /proc is a bit overwhelming,
> and strikes me as not particularly useful most of the time. After all,
> most of the info in the root of /proc is PID info,
The amount of data that tripwire reports on /proc is a bit overwhelming,
and strikes me as not particularly useful most of the time. After all,
most of the info in the root of /proc is PID info, so while certain
system processes shouldn't change all that often, most of the stuff in
there is p
I'm trying to tune tripwire (under debian testing) to give me less
unneccessary errors. At the moment /var/log/syslog and files in
/var/log/cups, exim4, tiger are all being listed as being modified.
Obviously this is fine, since they're logs, so I don't want to be
notified o
David Baron wrote:
> So ... I have this thing fairly stable. 14 /etc items seem to change daily
> due to their chron or daemon execution. Can live with this. (Results with
> alternatives such as aide should be similar--the ideal monitoring package
> would track upgrades and logrotations et al and
On Thu, 23 Sep 2004, David Baron wrote:
> RIght now, I have /var and /proc excluded because of their volativity. I
> assume there are specific items/directories in these which SHOULD be
> monitored. Can anyone tell me which ones?
every directory should be monitored ... no exceptions
because
So ... I have this thing fairly stable. 14 /etc items seem to change daily due
to their chron or daemon execution. Can live with this. (Results with
alternatives such as aide should be similar--the ideal monitoring package
would track upgrades and logrotations et al and not squawk at these.)
R
g system operation
>>
>> There is an exclusion list.
>
> I haven't found one but I assume it gets placed in the "policy" file.
> Attempts to change policy fail because of all the "errors" and "changed
> items" that I want to get rid of--catch
On Friday 10 September 2004 20:01, [EMAIL PROTECTED]
wrote:
> > This is a file-system integrity checker, will detect hacks,
> > intrusions, etc. I tried it but seems to find lots of stuff that
> > seem part of the dynamics of the ongoing system operation
>
> There is an exclusion list.
I
ouch within the lifetime of this test, INODES
> also touching /proc/ stuff.
Welcome to tripwire.
It really is mostly useless except on public systems that you never mess with,
but are very worried about.
You can tweak the settings in /etc/tripwire though, to get it to be at least
som
tainly did
> not touch within the lifetime of this test, INODES also touching /proc/
> stuff.
You can configure it to avoid directories or specific files that you don't
wnat monitored for changes. See the docs for Tripwire for the details of
how to do so (it has been too long since
Em Fri, 10 Sep 2004 11:10:09 +0200, David Baron escreveu:
> This is a file-system integrity checker, will detect hacks,
> intrusions, etc. I tried it but seems to find lots of stuff that
> seem part of the dynamics of the ongoing system operation
There is an exclusion list.
--
Leandro G
Anyone using this on Debian?
This is a file-system integrity checker, will detect hacks, intrusions, etc. I
tried it but seems to find lots of stuff that seem part of the dynamics of
the ongoing system operation, and attempts to change its "policy" are
crippled by all these items. Examples are
Anthony Campbell wrote:
> I've got rid of most of the errors reported by tripwire but am left with
> this:
> 1. File system error.
> Filename: /proc/19860/fd/3
> No such file or directory
> Do I just ignore this, or what?
/proc is a a virtual filesy
I've got rid of most of the errors reported by tripwire but am left with
this:
1. File system error.
Filename: /proc/19860/fd/3
No such file or directory
Do I just ignore this, or what?
AC
--
[EMAIL PROTECTED]|| http://www.acampbell.org.uk
using Linux GNU/Debian || for
On Fri, Feb 21, 2003 at 12:45:59PM +, Jeff Elkins wrote:
> I just completed moving my elkins.org server from RH7.2 to woody and
> everything went pretty smoothly, except for tripwire. Apt does not show this
> as an available package. Is this for license reasons? Is there a c
Thanks for the suggestions!
Jeff Elkins
http://www.elkins.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Kirk Strauser, 2003-Feb-21 13:29 -0600:
> At 2003-02-21T12:45:59Z, Jeff Elkins <[EMAIL PROTECTED]> writes:
>
> > Is there a comparable package available for debian?
>
> I've started using AIDE on my production machines.
I'm using Integrit. It's working nicely on my Testing system.
jc
--
Jef
At 2003-02-21T12:45:59Z, Jeff Elkins <[EMAIL PROTECTED]> writes:
> Is there a comparable package available for debian?
I've started using AIDE on my production machines.
--
Kirk Strauser
In Googlis non est, ergo non est.
pgp0.pgp
Description: PGP signature
I just completed moving my elkins.org server from RH7.2 to woody and
everything went pretty smoothly, except for tripwire. Apt does not show this
as an available package. Is this for license reasons? Is there a comparable
package available for debian?
Thanks,
Jeff Elkins
http://www.elkins.org
Hi!
It seems to be the best source of information on internet, really :)
Got the problem with tripwire. I run several woody installations checking
integrity with tripwire which i remember i installed with apt-get. Now it
seems that tripwire aint packaged anymore for Debian testing/woody. At
http://sourceforge.net/projects/tripwire/
http://www.tripwire.org/
--
Dipl.-Ing. Jörg Platte
Computer Engineering Institute | phone: +49 231-755-6165
University Dortmund| mobile: +49 178-2978865
44221 Dortmund / Germany | fax:+49 231-755-3251
--
To UNSUBSCRIBE, email to
Ühel ilusal päeval [23.03.2002] kirjutas Cam Ellison <[EMAIL PROTECTED]>:
> * Juhan Kundla ([EMAIL PROTECTED]) wrote:
> > Heips!
> >
> > I had the following error while installing tripwire on my debian woody
> > box. I have never had any problems with apt-get or
* Juhan Kundla ([EMAIL PROTECTED]) wrote:
> Heips!
>
> I had the following error while installing tripwire on my debian woody
> box. I have never had any problems with apt-get or debian packages, so i
> am kind of lost now. Is it a bug? What should i do to debug this error?
>
* Juhan Kundla ([EMAIL PROTECTED]) wrote:
> Heips!
>
> I had the following error while installing tripwire on my debian woody
> box. I have never had any problems with apt-get or debian packages, so i
> am kind of lost now. Is it a bug? What should i do to debug this error?
Heips!
I had the following error while installing tripwire on my debian woody
box. I have never had any problems with apt-get or debian packages, so i
am kind of lost now. Is it a bug? What should i do to debug this error?
Setting up tripwire (2.3.1.2-3) ...
/var/lib/dpkg/info/tripwire.postinst
* Kent West ([EMAIL PROTECTED]) wrote:
> Cam Ellison wrote:
> >The last woody upgrade to tripwire will not configure. I keep getting
> >this error message:
> >
> >/var/lib/dpkg/info/tripwire.postinst: =ROOT: command not found
> >
> I have no answer, but I am
* Kent West ([EMAIL PROTECTED]) wrote:
> Cam Ellison wrote:
> >The last woody upgrade to tripwire will not configure. I keep getting
> >this error message:
> >
> >/var/lib/dpkg/info/tripwire.postinst: =ROOT: command not found
> >
>
> I have no answer,
Cam Ellison wrote:
The last woody upgrade to tripwire will not configure. I keep getting this
error message:
/var/lib/dpkg/info/tripwire.postinst: =ROOT: command not found
The portion of this file that has a reference to ROOT is:
eval `/usr/sbin/twadmin -m f 2>/dev/null |
perl -pe
The last woody upgrade to tripwire will not configure. I keep getting this
error message:
/var/lib/dpkg/info/tripwire.postinst: =ROOT: command not found
The portion of this file that has a reference to ROOT is:
eval `/usr/sbin/twadmin -m f 2>/dev/null |
perl -pe 's!HOSTNAME!
Keith Steensma wrote:
>Has anyone succeded is getting a (somewhat) newer version of Tripwire to
>run under Woody. That 'old' version in the Woody archives is nearly
>useless.
Check the tripwire website. There's already a version 2.x
On Thu, Nov 29, 2001 at 08:17:55PM -0600, Keith Steensma wrote:
> Has anyone succeded is getting a (somewhat) newer version of Tripwire to
> run under Woody. That 'old' version in the Woody archives is nearly
> useless.
Yes, I have used it on several machines. It builds witho
Has anyone succeded is getting a (somewhat) newer version of Tripwire to
run under Woody. That 'old' version in the Woody archives is nearly
useless.
--
ö¿ö
Keith Steensma
Jacksonville, Arkansas
anyone have any comments on tripwire vs. aide? i would like to hear
some pros and cons, stories of success, failure, blood, sweat, and
tears.
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTE
On Mon, Aug 27, 2001 at 05:27:04PM +0200, Martin F Krafft wrote:
> i need to employ some tripwire-like tool on a couple of hosts and i
> was wondering if you had any experience. i myself have used tripwire
> for years, but i could see many features that other programs could
> have t
hi all,
i need to employ some tripwire-like tool on a couple of hosts and i
was wondering if you had any experience. i myself have used tripwire
for years, but i could see many features that other programs could
have that tripwire doesn't... but i don't have time to test the others
out
also sprach Roberto Diaz (on Sat, 18 Aug 2001 07:11:26PM +0200):
> > at first, it was only /home, and i thought it had anything to do with
> > the quotae i enabled on that partition, but /usr/doc is (a) not a
> > partition of its own, and (b) /usr doesn't have quotae.
>
> /home could be explained
> at first, it was only /home, and i thought it had anything to do with
> the quotae i enabled on that partition, but /usr/doc is (a) not a
> partition of its own, and (b) /usr doesn't have quotae.
/home could be explained if you have something (like netscape which let
things there, or procmail wh
folks,
this one leaves me puzzled, so i was wondering if you could help
me out. every day, tripwire reports to me that on one of my
systems (only), the directories /home and /usr/doc have changed:
changed: drwxr-xr-x root 8192 Aug 6 16:18:56 2001 /usr/doc
changed: drwxr-xr-x root
at 11:47:10AM -0500, Dimitri Maziuk wrote:
> The idea is to have the database somewhere where Evil Hackers(tm) can't
> get to it. How you do it depends on your level of paranoia: from simply
> chattr +i /usr/lib/tripwire/databases/tw.db (lax security) to storing
> the database on
On Fri, Jun 01, 2001 at 07:45:29PM +0530, N. Raghavendra wrote:
> Hello debian-user,
>
> I have just installed the tripwire package. Two questions:
>
> 1. The directory /usr/lib/tripwire/databases was empty, so I
> created a database by doing 'tripwire -initialize'
* N. Raghavendra ([EMAIL PROTECTED]) spake thusly:
> Hello debian-user,
>
> I have just installed the tripwire package. Two questions:
>
> 1. The directory /usr/lib/tripwire/databases was empty, so I
> created a database by doing 'tripwire -initialize'. It looks lik
Hello debian-user,
I have just installed the tripwire package. Two questions:
1. The directory /usr/lib/tripwire/databases was empty, so I
created a database by doing 'tripwire -initialize'. It looks like
this is a necessary step, because /etc/cron.daily tripwire says
"do not run
Tim Uckun <[EMAIL PROTECTED]> writes:
> >An alternative would be aide, that's available at least for sid.
>
> I'll have to look into that one too.
I just switched to aide after running tripwire for years. There are
three major advantages to aide for me:
-
At 12:22 PM 3/25/2001 +0300, Tommi Komulainen wrote:
On Sun, Mar 25, 2001 at 12:04:19AM -0800, Tim Uckun wrote:
> Is anybody aware of a tripwire package for debian? If not is there a
> similar software I can use instead.
Aware? Errr, a trick question? Have you tried apt-cache search?
On Sun, Mar 25, 2001 at 12:04:19AM -0800, Tim Uckun wrote:
> Is anybody aware of a tripwire package for debian? If not is there a
> similar software I can use instead.
Aware? Errr, a trick question? Have you tried apt-cache search?
Package: tripwire
Section: non-US
Version: 2.3.
Is anybody aware of a tripwire package for debian? If not is there a
similar software I can use instead.
--
Tim Uckun
Mobile Intelligence Unit.
--
"There are some who call me TIM?"
--
ctive approach?
maybe this is a one-time screw up. otherwise it may have to do with
mysql running somewhere somehow, preventing tripwire from collecting
the data it needs.
martin
[greetings from the heart of the sun]# echo madduck@ !#:1:[EMAIL
PROTECTED]@@@.net
--
the web site you seek
cannot
I've installed tripwire and initialized the database and everything seemed
to have went fine but when I ran it I got the following error message:
preen_change_count: /usr/bin/mysql_fix_privilege_tables: illegal database
record! Aborting... (nfields=14)
'1 001.10 100755 342460 1 0 0 4
so tripwire is at least one step towards security. fair product, fair
configuration and all that, but why is it so darn stupid. so by
concept, it should mail root iff changes are found. not otherwise. but
i get a mail every day which states that
/usr/lib/tripwire/tw.db_hostname is updated. well
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Nov 19, 2000 at 11:22:57PM -0500, Mike wrote:
> Federico Grau wrote:
> > Whats the debian perspective on tripwire...
> >
> > I see there is a non-free package "tripwire 1.2-16.1", however the
> > tripw
Federico Grau writes:
> ...the tripwire.org FAQ ( http://www.tripwire.org/qanda/faq.php quetion
> 16) says that the linux version of tripwire is released under the gpl
> (can they release under the gpl and restrict that license to linux?!).
They say they are releasing the Linux version
Federico Grau wrote:
> Whats the debian perspective on tripwire...
>
> I see there is a non-free package "tripwire 1.2-16.1", however the
> tripwire.org FAQ ( http://www.tripwire.org/qanda/faq.php quetion 16) says that
> the linux version of tripwire is released under
Whats the debian perspective on tripwire...
I see there is a non-free package "tripwire 1.2-16.1", however the
tripwire.org FAQ ( http://www.tripwire.org/qanda/faq.php quetion 16) says that
the linux version of tripwire is released under the gpl (can they release
under the gpl and res
On Sat, 2 May 1998, David Welton wrote:
> Hi, I'm looking for a basic document describing how to take some basic
> (but important) steps towards securing your computer. Something that
> describes to the new user how to use things like tcpd, ssh, tripwire,
> and other things to
David Welton <[EMAIL PROTECTED]> writes:
> Hi, I'm looking for a basic document describing how to take some basic
> (but important) steps towards securing your computer. Something that
> describes to the new user how to use things like tcpd, ssh, tripwire,
> and other thin
Hi,
> Hi, I'm looking for a basic document describing how to take some basic
> (but important) steps towards securing your computer. Something that
> describes to the new user how to use things like tcpd, ssh, tripwire,
> and other things to keep their system secure. Some
Hi, I'm looking for a basic document describing how to take some basic
(but important) steps towards securing your computer. Something that
describes to the new user how to use things like tcpd, ssh, tripwire,
and other things to keep their system secure. Something that is not
comprehensive
Walter L. Preuninger II writes:
> I am trying to use tripwire, but when running
> walterp# tripwire -init
> ### Phase 1: Reading configuration file
> ### Phase 2: Generating file list
> Segmentation fault (core dumped)
You may want to install the tripwi
I am trying to use tripwire, but when running
walterp# tripwire -init
### Phase 1: Reading configuration file
### Phase 2: Generating file list
Segmentation fault (core dumped)
walterp# tripwire -version
Tripwire version 1.2 (patchlevel 2
Hi!
I am trying to run tripwire 1.2-4, but when I run 'tripwire -init' I
always get a segmentation fault after the 2nd step. I am using kernel
2.0.31-pre9.
Any ideas?
--
Bye,
: Thomas R. Varga <[EMAIL PROTECTED]>
: PGP fingerprint = 2C 50 14 B7 E5 5C 05 27 88 4C DD E4 08
83 matches
Mail list logo