The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tripwire

Discussion in 'General Discussion' started by thehostinghut, Jan 19, 2005.

  1. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    Has anyone had issues installing tripwire on RedHat?

    I keep getting this:

    Software interrupt forced exit: Segmentation Fault

    when trying to run tripwire --init or tripwire -m i

    or anything else do to with creating the database.

    I may give up and try someting else. I think it gives alot of false positives with cpanel anyhow.

    Thanks,

    Tracy
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I would recommend looking for a Mandrake 10 rpm for tripwire. It installs just fine on RedHat servers.
     
  3. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    Will do. I will look for it and let you know what comes of it.

    Why does the one that comes with the server not work? I assume every one gets the same thing when they get a server.

    I will look for a mandrake version though.

    Thanks,

    Tracy
     
  4. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    I was not as of yet able to find a mandrake 10 tripwire.

    If anyone knows where I can find one let me know.

    Thanks,

    Tracy
     
  5. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    Here is what I had to do to get it to work:

    # cat > ./cleantw.pl
    #!/usr/bin/perl

    while (<> ){
    #look at the line, and check for a line that can be
    # Construed as a file name
    CASE:{
    ( m|(^\s*)(/[/\w\.\_\-]+)(\s+->.*)| ) and do {
    print $1;
    print "#" unless (-e $2);
    print "$2$3\n";
    last;
    };

    print $_;
    }
    };

    Then I had to:

    perl cleantw.pl < twpol.txt > cleanedpol.txt

    Then:

    # /usr/sbin/twadmin -m P cleanedpol.txt
    # /usr/sbin/tripwire --init


    Now it runs without errors. It does scan and all so I think this will do the trick.

    If you know of any security issue by doing that please let me know. That was the only way I could get this thing to run.

    Thanks,

    Tracy
     
  6. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    Why does it do this:

    Added:
    "/var/log/bandwidth/2005/Jan/24"
    "/var/log/dcpumon/2005/Jan/24"
    "/var/log/dcpumon/toplog.1106546400"
    "/var/log/dcpumon/toplog.1106546701"
    "/var/log/dcpumon/toplog.1106546101"

    Removed:
    "/var/log/dcpumon/toplog.1106544301"
    "/var/log/dcpumon/toplog.1106544601"
    "/var/log/dcpumon/toplog.1106544900"


    It looks like it removed log files. Is it supposed to do that?

    I will look into that.

    Thanks,

    Tracy
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  8. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    Chirpy
    Ah so that was just telling me the log was removed and not that it removed it. I see.

    I went to your site to see what you all done to a server to help keep it as secure as it can be. There seems to be alot of things there:

    APF (inbound and outbound port filtering) ** Done
    APF anti-dos protection ** Done
    BFD Done
    PRM Not done
    Stop unnecessary Processes * Not sure what needs to be done need to find info.
    Logcheck Not sure Need to find info
    Logwatch Done
    Tripwire Done :)
    WHM configuration check This is done to my knowlege
    openSSH configuration check Done
    Proftpd enhancement Need more info
    Rootkit Hunter Done
    Chkrootkit Done
    mod_security Done
    mod_dosevasive Done
    Host spoof protection Need more info
    Kernel check * Need more info
    Apache check Need more info
    Enhanced log rotation Need more info
    Secure /tmp /var/tmp /dev/shm * Questions on how to secure /tmp dir if they are already there.
    Libsafe * Need more info
    Exploit check
    HD check *
    MailScanner package Something designed by you
    File Manager/Console script Is there really a need for this?
    Operating System updates if required (excluding kernel) UP to date
    Perl installation check and repair if required Perl is installed
    Delete unnecessary OS users
    Remove unnecessary RPMs Need more info
    Enhanced path protection Need nore info
    Exploit cleanup if required No need for this yet :)
    Initial cPanel configuration if required No need for this
    Kernel upgrade if required * No need
    Apache upgrade if required Current
    MailMan performance enhancements Need more info
    MySQL query cache Need more info
    MRTG graphs Not done is there a true need for this?

    Not that you have to answer anything that I need more info on but it seems like I am missing things I may want to look into.

    I would pay someone to do all of these things but if I do I won't learn how to do it myself.

    You seem like the person everyone talks about so I like to learn for the best so I can strive to be the best.

    I think you have helped me out on another question I had and you was 100% correct and I thank you.

    So any segestions you may have will be greatly appreciated.

    Thanks again Chirpy!!!

    Tracy
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hmm, I could tell you, but then I'd have to shoo, erm, charge you ;)

    All the options that you see that we offer can be found with some digging in Google. The searching experience can be an education in itself and will help towards the understanding of exactly what it is that's being done. I don't mean to be evasive, well, I do a little, but I think it's the finding the answer and the mistakes that best helps when learning this stuff.
     
  10. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Chirpy is excellent at providing explanations/details of his package installs. ;)
     
  11. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    I did get that Mandrake version before I seen you posted it. It did not work. I still have to use the cleantw.pl file. So I don't know what the deal is.

    I have also been able to do a few more things in your list. I just think most sites are a little unclear on how to really use the software though.

    I think I am going to make a forum just for security related how to's. I got a word doc full of stuff that I have found. Google helps but it would be nice to have it all in one place.

    Chirpy I seen this in a post, well here is a link to it:

    http://forums.cpanel.net/showthread.php?p=166612#post166612

    Kinda got a kick outa that. :)

    Anyhow talk at ya later

    Tracy
     
  12. quadrahost

    quadrahost Active Member

    Joined:
    Jul 17, 2003
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Anyone got a recent how to on installing tripwire on a RHE 3.0 box and where to get it from? All the threads I found when searching are fairly old.

    Thanks
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I still use the Mandrake (Mandriva!) tripwire rpms.
     

Share This Page