integrit-users Mailing List for integrit file verification system
Brought to you by:
ecashin
Menu
▾
▴
integrit-users — mailing list for discussion of issues related to using integrit
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(9) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(10) |
Feb
(27) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
(12) |
Jul
(5) |
Aug
(14) |
Sep
(6) |
Oct
(31) |
Nov
(6) |
Dec
(4) |
| 2002 |
Jan
(2) |
Feb
(13) |
Mar
(2) |
Apr
(3) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(13) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2003 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(2) |
Jun
|
Jul
(8) |
Aug
(5) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
(4) |
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
(1) |
Feb
|
Mar
|
Apr
(5) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(5) |
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(15) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Sylvain S. <syl...@sf...> - 2022-04-29 16:33:26
|
Hello, It's not easy to find help while dealing with integrit... I try to initialize a data base using : integrit -v -u -C /etc/integrit/integrit.conf Integrit run for a while and I finaly get this error message : integrit (main): Error: walk_file_tree: Permission denied I don't know how to deal with this... If you can help me... I'm under Debian 11.3. I try integrit because I have segfault using tripwire and aide. Thanks ! Sylvain (France) |
|
From: Ed C. <ec...@no...> - 2008-08-18 19:11:19
|
2008/8/16 Christian Tschabuschnig <tsc...@gm...>:
> Ed L. Cashin wrote:
...
>> You can use strace to run integrit, and you'll see the
>> last few system calls it made before exiting.
>
> I did that and it's the directory i excluded:
>
> lstat("/home/tschaboo/.gvfs", 0x7fffa5af9ff0) = -1 EACCES (Permission
> denied)
It does look like integrit should either not lstat the directory at
all or at least ignore EACCES, based on the documentation for
the bang prefix.
--
Ed Cashin <ec...@no...>
|
|
From: Christian T. <tsc...@gm...> - 2008-08-17 00:56:16
|
Ed L. Cashin wrote:
> 2008/8/16 Christian Tschabuschnig <tsc...@gm...>:
>> Yuri D'Elia wrote:
>>> If the directory is excluded properly, it's a bug,
>>> but I want to be sure.
>>
>> Integrit doesn't tell me which file/directory causes the
>> problem, so i'm just guessing. But i can't think of
>> anything else in my home, that root isn't able to access.
>
> You can use strace to run integrit, and you'll see the
> last few system calls it made before exiting.
I did that and it's the directory i excluded:
lstat("/home/tschaboo/.gvfs", 0x7fffa5af9ff0) = -1 EACCES (Permission
denied)
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
|
From: Ed L. C. <ec...@no...> - 2008-08-16 21:51:29
|
2008/8/16 Christian Tschabuschnig <tsc...@gm...>: > Yuri D'Elia wrote: ... >> If the directory is excluded properly, it's a bug, but I want to be sure. > > Integrit doesn't tell me which file/directory causes the problem, so i'm > just guessing. But i can't think of anything else in my home, that root > isn't able to access. You can use strace to run integrit, and you'll see the last few system calls it made before exiting. -- Ed Cashin <ec...@no...> |
|
From: Christian T. <tsc...@gm...> - 2008-08-16 20:02:39
|
Yuri D'Elia wrote: > Can you post your permissions of .gvfs/home dir, along with your > integrit.conf? $ ls -ld tschaboo/ tschaboo/.gvfs/ drwxr-xr-x 74 tschaboo tschaboo 4096 2008-08-16 03:02 tschaboo/ dr-x------ 2 tschaboo tschaboo 0 2008-08-14 19:01 tschaboo/.gvfs/ $ grep -v '^#' /etc/integrit/integrit.conf root=/home/tschaboo known=/home/tschaboo/.integrit/known.cdb current=/home/tschaboo/.integrit/current.cdb !/home/tschaboo/.gvfs !/home/tschaboo/.dbus !/home/tschaboo/tmp > If the directory is excluded properly, it's a bug, but I want to be sure. Integrit doesn't tell me which file/directory causes the problem, so i'm just guessing. But i can't think of anything else in my home, that root isn't able to access. > Note that there is a less known switch that's called "stop_on_err" that > you can set to avoid integrit stopping at the first error. How do i use this switch? Putting "stop_on_err=0" or just "stop_on_err" into the config-file doesn't seem to change anything. |
|
From: Yuri D'E. <wa...@us...> - 2008-08-16 09:00:25
|
In article <48A...@gm...>, Christian Tschabuschnig <tsc...@gm...> wrote: > root@hardy64:/etc/integrit# integrit -C /etc/integrit/integrit.conf -u -vvv > integrit: ---- integrit, version 4.1 ----------------- > integrit: output : human-readable > integrit: conf file : /etc/integrit/integrit.conf > integrit: known db : /home/tschaboo/.integrit/known.cdb > integrit: current db : /home/tschaboo/.integrit/current.cdb > integrit: root : /home/tschaboo > integrit: do check : no > integrit: do update : yes > integrit (main): Error: walk_file_tree: Permission denied > root@hardy64:/etc/integrit# > > After upgrading to Ubuntu 8.04 i also had problems backing up with > rsnapshot [1]. After some research, i found that the problem is a gnome > virtual filesystem in ~/.gvfs which is not readable by root [2]. So i > expected that my problem with integrit has the same cause. Indeed, if i > run integrit as the user (and not root) it succeeds. I should mention > that the error occurs also when the directory is excluded [3]. That's > the real problem. Is there something that can be done about this? Can you post your permissions of .gvfs/home dir, along with your integrit.conf? If the directory is excluded properly, it's a bug, but I want to be sure. Note that there is a less known switch that's called "stop_on_err" that you can set to avoid integrit stopping at the first error. |
|
From: Christian T. <tsc...@gm...> - 2008-08-15 01:50:36
|
Hello, i just started trying integrit. I know it's unusual, but i started by trying to put my home-directory into the database. The following error occured: root@hardy64:/etc/integrit# integrit -C /etc/integrit/integrit.conf -u -vvv integrit: ---- integrit, version 4.1 ----------------- integrit: output : human-readable integrit: conf file : /etc/integrit/integrit.conf integrit: known db : /home/tschaboo/.integrit/known.cdb integrit: current db : /home/tschaboo/.integrit/current.cdb integrit: root : /home/tschaboo integrit: do check : no integrit: do update : yes integrit (main): Error: walk_file_tree: Permission denied root@hardy64:/etc/integrit# After upgrading to Ubuntu 8.04 i also had problems backing up with rsnapshot [1]. After some research, i found that the problem is a gnome virtual filesystem in ~/.gvfs which is not readable by root [2]. So i expected that my problem with integrit has the same cause. Indeed, if i run integrit as the user (and not root) it succeeds. I should mention that the error occurs also when the directory is excluded [3]. That's the real problem. Is there something that can be done about this? Regards, Christian [1] <http://rsnapshot.org/> [2] <http://www.backupcentral.com/phpBB2/two-way-mirrors-of-external-mailing-lists-3/rsnapshot-24/deleted-files-still-present-in-backup-89739/?sid=4d4676ae4a5e5b566b4e0f771ba308c9#275338> [3] yes, without trailing slash. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? |
|
From: Yuri D'E. <wa...@us...> - 2007-11-02 15:41:09
|
In article <C80...@hf...>, Lars Behrens <la...@hf...> wrote: > hi, > > > i am new to the list as i am to integrit ;-) Hi, and welcome; > Because I didnt change anything, I was confused about the fact that I > saw a lot of "new, new, new"-messages on standardout: > > new: /work p(755) t(40000) u(0) g(0) z(4096) m(20071024-120219) > new: /boot p(755) t(40000) u(0) g(0) z(4096) m(20071024-132450) > new: /boot/initrd.img-2.6.18-5-686 p(644) t(100000) u(0) g(0) z > (4489291) m(20071024-132449) > new: /boot/initrd.img-2.6.18-5-686 s > (cc087f8e1ad2a4d64d131bde7169cc4ca4d43f65) > (...) > > - why this? First, create your "current" db using -u, then move the current.db to known.db. After that, -c will compare correctly against the known.db. > ALWAYS_EMAIL=true > > in /etc/integrit/integrit.debian.conf; but I didnt receive any > emails. Though I just received an email because of the cron-file in / > etc/cron.daily ... > > any ideas about it? These are debian-specific options. In debian, most of the database creation/update process is automated and run as a cron job already. In fact, just set your /etc/integrit/ files and let it run nightly. If you need to test your configuration, run /etc/cron.daily/integrit instead of running integrit directly. Hope this helps. Bests |
|
From: Lars B. <la...@hf...> - 2007-11-01 07:44:59
|
hi, i am new to the list as i am to integrit ;-) the program looks quite nice. I choosed it because it is not widely spread as tripwire is, so maybe it is less compromittable. at least i like it because it is small and simple. but I am a bit confused about it. I first tried it with the config it is shipped with on debian; integrit is 4. 0-1. the first run I did with integrit -C /etc/integrit/integrit.conf -u Beside /etc, /root, /usr I included three HDs e.g. partitions with 80GB data to the current.cdb. Integrit did not send me anything to syslog except the typical: start: integrit -C /etc/integrit/integrit.conf -cu integrit: ---- integrit, version 4.0 ----------------- integrit: output : human-readable integrit: conf file : /etc/integrit/integrit.conf integrit: known db : /var/lib/integrit/known.cdb integrit: current db : /var/lib/integrit/current.cdb integrit: root : / integrit: do check : yes integrit: do update : yes It took about an hour to build the initial database (measured with top). I moved it to known.cdb and let the check run: integrit -C /etc/integrit/integrit.conf -c Because I didnt change anything, I was confused about the fact that I saw a lot of "new, new, new"-messages on standardout: new: /work p(755) t(40000) u(0) g(0) z(4096) m(20071024-120219) new: /boot p(755) t(40000) u(0) g(0) z(4096) m(20071024-132450) new: /boot/initrd.img-2.6.18-5-686 p(644) t(100000) u(0) g(0) z (4489291) m(20071024-132449) new: /boot/initrd.img-2.6.18-5-686 s (cc087f8e1ad2a4d64d131bde7169cc4ca4d43f65) (...) - why this? so I tried to let the current.cdb beside the known.cdb, I tried different -u and -c, always the same. second strange thing: I sat the option ALWAYS_EMAIL=true in /etc/integrit/integrit.debian.conf; but I didnt receive any emails. Though I just received an email because of the cron-file in / etc/cron.daily ... any ideas about it? thanx a lot in advance! greetings lars berens |
|
From: Yuri D'E. <wa...@us...> - 2007-06-07 09:17:24
|
Hi everybody. It has been brought to my attention that there's an interesting integrity checker in the same spirit as integrit: http://o-security.sourceforge.net/ Has anyone tried it enough to comment? Leveraging capabilities is a good idea. |
|
From: Yuri D'E. <wa...@us...> - 2007-06-02 21:56:00
|
integrit 4.1 fixes exit status codes when just "missing files" are found. http://sourceforge.net/project/showfiles.php?group_id=15369&package_id=12 354&release_id=513044 |
|
From: Yuri D'E. <wa...@us...> - 2007-05-24 11:35:04
|
In article <f33qbs$4j6$1...@se...>, Thorsten Kampe <tho...@th...> wrote: > * Yuri D'Elia (Wed, 23 May 2007 18:43:35 +0200) > > In article <f2ujrl$6l4$1...@se...>, > > Thorsten Kampe <tho...@th...> wrote: > > > > Anyway... did it fix the problem? > > > > > > Yes, runs fine now, thanks... > > > > I'm not sure it's worth waiting to release such a small change. > > Well, if an "Integrity File Checker" says "everything is fine" even > though the file has completely vanished, then this is not a small > change but a huuge security bug. Agreed. |
|
From: Yuri D'E. <wa...@us...> - 2007-05-24 11:29:54
|
In article <51c...@ma...>, "Ed L. Cashin" <ec...@no...> wrote: > One thing about integrit is that it doesn't change much (by design), > so it seems perfectly appropriate to release now. Waiting for more > significant changes might take a while and would deny today's users > the benefit of the recent productive dialog. Yes, but to a degree. I'm a bit disgruntled by the amount of stuff that breaks for no or little reason. If you count the number of components of a typical unix system, all developed without coordination, you see why you *need* a distribution today, while I was used to build everything from scratch years ago without the typical upgrade pain you feel today. ... anyway ... :) I may have found a simpler solution to the multiple-roots problem. I have the need of multiple roots in a couple of places, mostly because I don't want to include an entire tree and then ignore _every_ single file in it just to monitor the branch I want. It may be as simple as adding an "additive" rule, which we don't have right now. Consider: root=/ !/var +/var/lib [flags] which in turn could be useful when used this way: root=/ !/ +/home +/usr/local !/usr/local/var In practice, this requires only minimal changes to walk_file_tree, in order to be restarted for each additive rule which is (really) shadowed by a previous exclusion. |
|
From: Thorsten K. <tho...@th...> - 2007-05-24 10:45:42
|
* Yuri D'Elia (Wed, 23 May 2007 18:43:35 +0200) > In article <f2ujrl$6l4$1...@se...>, > Thorsten Kampe <tho...@th...> wrote: > > > Anyway... did it fix the problem? > > > > Yes, runs fine now, thanks... > > I'm not sure it's worth waiting to release such a small change. Well, if an "Integrity File Checker" says "everything is fine" even though the file has completely vanished, then this is not a small change but a huuge security bug. |
|
From: Ed L. C. <ec...@no...> - 2007-05-23 17:02:14
|
On 5/23/07, Yuri D'Elia <wa...@us...> wrote: > In article <f2ujrl$6l4$1...@se...>, > Thorsten Kampe <tho...@th...> wrote: > > > > Anyway... did it fix the problem? > > > > Yes, runs fine now, thanks... > > I'm not sure it's worth waiting to release such a small change. > I'd like to release it as 4.1 in a few days if anybody doesn't pop in. > Ed, comments? Yes, releasing often is a great policy in open source. :) One thing about integrit is that it doesn't change much (by design), so it seems perfectly appropriate to release now. Waiting for more significant changes might take a while and would deny today's users the benefit of the recent productive dialog. -- Ed L. Cashin <ec...@no...> |
|
From: Yuri D'E. <wa...@us...> - 2007-05-23 16:43:59
|
In article <f2ujrl$6l4$1...@se...>, Thorsten Kampe <tho...@th...> wrote: > > Anyway... did it fix the problem? > > Yes, runs fine now, thanks... I'm not sure it's worth waiting to release such a small change. I'd like to release it as 4.1 in a few days if anybody doesn't pop in. Ed, comments? |
|
From: Thorsten K. <tho...@th...> - 2007-05-22 11:25:09
|
* Yuri D'Elia (Tue, 22 May 2007 10:56:41 +0200) > In article <f2t1fu$ilv$1...@se...>, > Thorsten Kampe <tho...@th...> wrote: > > * Thorsten Kampe (Mon, 21 May 2007 01:22:50 +0100) > > > * Yuri D'Elia (Mon, 21 May 2007 00:48:39 +0200) > > > > Thorsten Kampe <tho...@th...> wrote: > > > > > ## After removing autorun.inf (which is the only file monitored) > > > > > ## intergrit exits with "0" > > > > If you can, download the update sources from CVS: > > > > > > > > http://sourceforge.net/cvs/?group_id=15369 > > > > > > > > (build with "autoconf && ./configure && make"). > > > > > > The configure script errors with: > > > config.status: error: cannot find input file: config.h.in > > > > > > ...and in fact, there is no config.h.in file. > > > > Figured it out myself finally: > > I had to run autoheader and autoconf in integrit and in > > integrit/hashtabl and to manually invoke "makeinfo doc/integrit.info > > doc/integrit.texi" before "make install" > > MMh, yes, the autotools setup in integrit is a bit messy. All these > steps can be performed automatically somehow, like "autoreconf && > ./configure && make all distready && ./configure && tar ..." (since the > official package won't require autotools to be installed). It should be > fixed, but, well, I'm not sure it's worth the effort since automake can > break other builds instead of helping... > > Anyway... did it fix the problem? Yes, runs fine now, thanks... Thorsten |
|
From: Yuri D'E. <wa...@us...> - 2007-05-22 08:57:04
|
In article <f2t1fu$ilv$1...@se...>, Thorsten Kampe <tho...@th...> wrote: > * Thorsten Kampe (Mon, 21 May 2007 01:22:50 +0100) > > * Yuri D'Elia (Mon, 21 May 2007 00:48:39 +0200) > > > Thorsten Kampe <tho...@th...> wrote: > > > > ## After removing autorun.inf (which is the only file monitored) > > > > ## intergrit exits with "0" > > > > > > Verified, and fixed. missing files didn't contribute to the exit code. > > > > Thanks. > > > > > If you can, download the update sources from CVS: > > > > > > http://sourceforge.net/cvs/?group_id=15369 > > > > > > (build with "autoconf && ./configure && make"). > > > > The configure script errors with: > > config.status: error: cannot find input file: config.h.in > > > > ...and in fact, there is no config.h.in file. > > Figured it out myself finally: > I had to run autoheader and autoconf in integrit and in > integrit/hashtabl and to manually invoke "makeinfo doc/integrit.info > doc/integrit.texi" before "make install" MMh, yes, the autotools setup in integrit is a bit messy. All these steps can be performed automatically somehow, like "autoreconf && ./configure && make all distready && ./configure && tar ..." (since the official package won't require autotools to be installed). It should be fixed, but, well, I'm not sure it's worth the effort since automake can break other builds instead of helping... Anyway... did it fix the problem? |
|
From: Thorsten K. <tho...@th...> - 2007-05-21 21:04:35
|
* Thorsten Kampe (Mon, 21 May 2007 01:22:50 +0100) > * Yuri D'Elia (Mon, 21 May 2007 00:48:39 +0200) > > Thorsten Kampe <tho...@th...> wrote: > > > ## After removing autorun.inf (which is the only file monitored) > > > ## intergrit exits with "0" > > > > Verified, and fixed. missing files didn't contribute to the exit code. > > Thanks. > > > If you can, download the update sources from CVS: > > > > http://sourceforge.net/cvs/?group_id=15369 > > > > (build with "autoconf && ./configure && make"). > > The configure script errors with: > config.status: error: cannot find input file: config.h.in > > ...and in fact, there is no config.h.in file. Figured it out myself finally: I had to run autoheader and autoconf in integrit and in integrit/hashtabl and to manually invoke "makeinfo doc/integrit.info doc/integrit.texi" before "make install" Thorsten |
|
From: Thorsten K. <tho...@th...> - 2007-05-21 00:22:55
|
* Yuri D'Elia (Mon, 21 May 2007 00:48:39 +0200) > Thorsten Kampe <tho...@th...> wrote: > > * Yuri D'Elia (Sun, 20 May 2007 01:50:38 +0200) > > > Thorsten Kampe <tho...@th...> wrote: > > > > Integrit 4 returns the wrong exit code (0) when a file is missing. > > > > > > > > Integrit returns 0 when the file is missing or when not missing > > > > > > > > Integrit returns 1 when the file has changed. > > > > > > > > Obviously it doesn't (or shouldn't matter) whether a file has changed > > > > or has completely vanished. From a "file integrity checker" point of > > > > view both cases should be "file has changed" scenarios and should > > > > return "1". > <...> > > ## After removing autorun.inf (which is the only file monitored) > > ## intergrit exits with "0" > > Verified, and fixed. missing files didn't contribute to the exit code. Thanks. > If you can, download the update sources from CVS: > > http://sourceforge.net/cvs/?group_id=15369 > > (build with "autoconf && ./configure && make"). The configure script errors with: config.status: error: cannot find input file: config.h.in ...and in fact, there is no config.h.in file. Thorsten |
|
From: Yuri D'E. <wa...@us...> - 2007-05-20 22:48:55
|
In article <f2o85n$ho$1...@se...>, Thorsten Kampe <tho...@th...> wrote: > * Yuri D'Elia (Sun, 20 May 2007 01:50:38 +0200) > > In article <f2le4r$6pa$1...@se...>, > > Thorsten Kampe <tho...@th...> wrote: > > > > > Hi, > > > > > > Integrit 4 returns the wrong exit code (0) when a file is missing. > > > > > > Integrit returns 0 when the file is missing or when not missing > > > > > > Integrit returns 1 when the file has changed. > > > > > > Obviously it doesn't (or shouldn't matter) whether a file has changed > > > or has completely vanished. From a "file integrity checker" point of > > > view both cases should be "file has changed" scenarios and should > > > return "1". <...> > ## After removing autorun.inf (which is the only file monitored) > ## intergrit exits with "0" Verified, and fixed. missing files didn't contribute to the exit code. If you can, download the update sources from CVS: http://sourceforge.net/cvs/?group_id=15369 (build with "autoconf && ./configure && make"). |
|
From: Thorsten K. <tho...@th...> - 2007-05-20 01:27:30
|
* Yuri D'Elia (Sun, 20 May 2007 01:50:38 +0200) > In article <f2le4r$6pa$1...@se...>, > Thorsten Kampe <tho...@th...> wrote: > > > Hi, > > > > Integrit 4 returns the wrong exit code (0) when a file is missing. > > > > Integrit returns 0 when the file is missing or when not missing > > > > Integrit returns 1 when the file has changed. > > > > Obviously it doesn't (or shouldn't matter) whether a file has changed > > or has completely vanished. From a "file integrity checker" point of > > view both cases should be "file has changed" scenarios and should > > return "1". > > Can you provide a sample configuration an the steps needed to reproduce > the problem? [integrit version 4.0] % /usr/local/sbin/integrit -qucC ~/.integrit/integrit-g.conf; echo $? changed: /cygdrive/g/autorun.inf p(0644:0600) integrit: current-state db RMD160 -------------- integrit: 15b2288b4681af00603cedade583890685e41bf0 /home/thorsten/.integrit/current.cdb 1 ## autorun.inf has changed and integrit exits correctly with "1" % rm /cygdrive/g/autorun.inf rm: remove regular file `/cygdrive/g/autorun.inf'? y removed `/cygdrive/g/autorun.inf' % /usr/local/sbin/integrit -qucC ~/.integrit/integrit-g.conf; echo $? missing: /cygdrive/g/autorun.inf p(644) u(1038) g(513) z(344) m (20070519-154738) missing: /cygdrive/g/autorun.inf s (cc03ded778aa949f68885344316af6cd7b8bc7d3) integrit: current-state db RMD160 -------------- integrit: 294d1c460dcda98d9c6f73c3ad582b4ac7a8694c /home/thorsten/.integrit/current.cdb 0 ## After removing autorun.inf (which is the only file monitored) ## intergrit exits with "0" ## my ~/.integrit/integrit-g.conf root=/cygdrive/g known=/home/thorsten/.integrit/known-g.cdb current=/home/thorsten/.integrit/current.cdb !/cygdrive/g/cygwin !/cygdrive/g/data !/cygdrive/g/documents !/cygdrive/g/program\ files !/cygdrive/g/recycled !/cygdrive/g/system !/cygdrive/g/tmp !/cygdrive/g/cv-thorsten_kampe.doc !/cygdrive/g/launchu3.exe !/cygdrive/g/polish_conversation.abw !/cygdrive/g/pstart.exe !/cygdrive/g/pstart.xml !/cygdrive/g/thorsten.tc !/cygdrive/g/thorsten.vol !/cygdrive/g/tree.far =/cygdrive/g/autorun.inf |
|
From: Yuri D'E. <wa...@us...> - 2007-05-19 23:50:49
|
In article <f2le4r$6pa$1...@se...>,
Thorsten Kampe <tho...@th...> wrote:
> Hi,
>
> Integrit 4 returns the wrong exit code (0) when a file is missing.
>
> Integrit returns 0 when the file is missing or when not missing
>
> Integrit returns 1 when the file has changed.
>
> Obviously it doesn't (or shouldn't matter) whether a file has changed
> or has completely vanished. From a "file integrity checker" point of
> view both cases should be "file has changed" scenarios and should
> return "1".
Can you provide a sample configuration an the steps needed to reproduce
the problem?
> This makes it impossible to query changes from a batch script via exit
> codes or I'd have to use the crude hack that was suggested in [1]
>
> if [ "`wc -l $filename | awk '{ print $1 }'`" -gt 0 ]; then
>
> Will this be fixed?!
Integrit 4 has clear exit status codes. See the "Exit status" section in
the info integrit manual. Any difference in behavior are broken and will
be fixed.
|
|
From: Yuri D'E. <wa...@us...> - 2007-05-19 21:20:06
|
In article <464...@we...>, "PolicyBoy" <tno...@fr...> wrote: > I have an issue with Integrit 3.0.2. on OpenBSD 3.6 > I have a script that runs fine when invoked manually from command line as > root. > > When it is invoked from root's crontab it produces and empty file. > > Any ideas? > > Here is the script. > > integreport=/root/integrit/jz.$(date +%m%d%y).output > integrit -C /cdrom/integrit/iar_root.conf -c > $integreport Check the $PATH (or try a full pathname). Check root's mail for possible error output. |
|
From: Thorsten K. <tho...@th...> - 2007-05-18 23:55:04
|
Hi,
Integrit 4 returns the wrong exit code (0) when a file is missing.
Integrit returns 0 when the file is missing or when not missing
Integrit returns 1 when the file has changed.
Obviously it doesn't (or shouldn't matter) whether a file has changed
or has completely vanished. From a "file integrity checker" point of
view both cases should be "file has changed" scenarios and should
return "1".
This makes it impossible to query changes from a batch script via exit
codes or I'd have to use the crude hack that was suggested in [1]
if [ "`wc -l $filename | awk '{ print $1 }'`" -gt 0 ]; then
Will this be fixed?!
Thorsten
[1] http://sourceforge.net/mailarchive/forum.php?thread_name=
10110260958.ZM293014%40gandalf.sh.rohmhaas.com&forum_name=integrit-
users
|
1 message has been excluded from this view by a project administrator.
