integrit-users Mailing List for integrit file verification system (Page 4)
Brought to you by:
ecashin
Menu
▾
▴
integrit-users — mailing list for discussion of issues related to using integrit
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(9) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(10) |
Feb
(27) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
(12) |
Jul
(5) |
Aug
(14) |
Sep
(6) |
Oct
(31) |
Nov
(6) |
Dec
(4) |
| 2002 |
Jan
(2) |
Feb
(13) |
Mar
(2) |
Apr
(3) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(13) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2003 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(2) |
Jun
|
Jul
(8) |
Aug
(5) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
(4) |
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
(1) |
Feb
|
Mar
|
Apr
(5) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(5) |
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(15) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ed L C. <ec...@ug...> - 2003-07-09 03:14:43
|
It has become apparent to me that grad school is requiring a focus that leaves me hard pressed to find the time necessary to add cross platform databases to integrit. Happily, integrit is a stable piece of software that doesn't require constant developer attention, so that's not such a bad thing, but thinking of the future ... I'm wondering if there might be someone who agrees with integrit's design philosophy of utility, reliability, and efficiency through simplicity, who has skill with C programming and who actively uses integrit, who would be willing to become the maintainer if I were to make integrit into a gnu project. Ideally the integrit maintainer would not do much, except resisting user pressure to add features that are not absolutely necessary, making bugfixes, administrating email lists, promoting integrit, and adding the occasional essential feature. The last big new feature was large file support. The next big one would be databases that work across platforms, allowing databases to be generated on one host and used on any other host. If you are interested in maintaining integrit, please let me know, personally or on this mailing list. Thanks. -- --Ed L Cashin PGP public key: http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2003-05-21 03:40:20
|
RD...@al... (Ross Druker) writes: > I'm suddenly seeing the following errors. You must have changed your configuration file. > Has anyone seen this before. Does > anyone know what it means? Here's a small sample: > > Warning: overwriting old checkset (!) for file (/tmp) > Warning: overwriting old checkset (!) for file (/usr) > Warning: overwriting old checkset (!) for file (/var) > Warning: overwriting non-inheriting part of old checkset (; $MC) for file (/) > Warning: overwriting cascading part of old checkset (; $MC) for file (/) If you have a backup of the last version of your configuration, see what's changed. Odds are, you are creating a checkset for each warning and then overriding it later in the file. -- --Ed L Cashin PGP public key: http://noserose.net/e/pgp/ |
|
From: <RD...@al...> - 2003-05-20 19:41:11
|
I'm suddenly seeing the following errors. Has anyone seen this before. Does anyone know what it means? Here's a small sample: Warning: overwriting old checkset (!) for file (/tmp) Warning: overwriting old checkset (!) for file (/usr) Warning: overwriting old checkset (!) for file (/var) Warning: overwriting non-inheriting part of old checkset (; $MC) for file (/) Warning: overwriting cascading part of old checkset (; $MC) for file (/) -- Ross Druker Rohm and Haas Co. RD...@Ro... Philadelphia, PA (215) 592-3281 The opinions expressed are mine and not those of Rohm and Haas Company. |
|
From: Ed L C. <ec...@ug...> - 2003-03-30 06:42:50
|
Amul <am...@cc...> writes: > Ed, > You are more than welcome to post to the mailing list. I read the > comment about you posting to the list. I was just being lazy and > skipped the joining the mailing list. :) I noticed that you're in > Athens, GA. Are you going to school there? I've been told by the > locals that Athens is a college town. Yes, I was a sysadmin at UGA for a while, and I decided to get into academic research, so I'm in the C.S. Masters program now. > I'm compiling integrit 3.02.00-stable from September 6, 2002 on > sourceforge.net. I remember doing some work getting integrit to build cleanly on Mac OS X, and I think that the CVS version may contain a fix for the problem you were seeing in the md5 code preprocessing. I'm not sure, though, and I can't find a note to that effect in the CVS log. Using the CVS version is pretty easy, so you could see if it works better. There are instructions here: http://sourceforge.net/cvs/?group_id=15369 > I tried your recommendation of removing the -static > compilation flag. And it works. :) Correct me if I'm wrong, but > without static, I can't take the binary off this machine and to > another Mac and run it. Right? I'll look into how MOSX is handling > the static command. The static option makes the linker try to produce a statically-linked binary executable. The alternative is an executable that is linked with ld.so, and at runtime ld.so will try to dynamically find and load libc. So you could take the binary off the build machine and run it on another Mac, especially if the shared libraries are the same on both. That's how most pre-compiled software is. The statically-compiled integrit is traditionally preferred because of the small chance that an intruder could modify the system's libraries (and presumably not the kernel or integrit), in which case you'd be better off with an integrit that didn't rely on the poisoned libraries. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2003-03-30 05:48:40
|
Amul <am...@cc...> writes: > Hello Ed, Hi. > I am building intregrit on my iBook and I am getting an error when > compiling integrit. As you will see there is some odd issue with > compiling md5.o but I don't seem to understand why its complaining. I > looked in the source and can't find anything wrong. > The bigger issue is with the library crt0. I think it is the C > RunTime 0 for program initialization. Any thoughts on how I should > proceed? ... > gcc -I. -I. -I./hashtbl -g -Wall -O2 -DHAVE_CONFIG_H -o md5.o -c > ./gnupg/md5.c > ./gnupg/md5.c:341: illegal statement, missing `;' after `hd' That looks familiar -- I think that this is fixed in the CVS version. What version of integrit are you trying to compile? ... > gcc -L. -Lhashtbl -static -o integrit main.o options.o xml.o > eachfile.o rules.o checkset.o missing.o xstrdup.o cdb_put.o cdb_get.o > elcwft.o cdb.o cdb_make.o cdb_hash.o md5.o -lhashtbl -lintegrit > ld: can't locate file for: -lcrt0.o That looks like a compiler installation issue. Like maybe you're mixing two different compilers or your system doesn't have a static libc library. To see if it's the latter problem, you could try the above linking command without "-static". By the way, do you mind if I Cc the mailing list? Someone might have some insight to share, or someone might benefit later from reading about it. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2003-01-23 16:10:46
|
(I'm copying this to the list because it addresses issues that other Cygwin users may encounter.) "john 5 mccoy" <v19...@ly...> writes: > (In case you're interested, the "makefile.in" file is not a makefile. > >It's an input file. The configure script produces the real makefile > >customized for your system. That's why you have to run configure > >before running make as suggested in the README and INSTALL files.) > > I already read the readme and install files but "./configure && make" > didn't ring a bell. You put me in the right direction. I have trouble > with running ./configure && make && make install. 'configure' is unix > script, wich is not included in cygwin. Well, it's a Bourne shell script, and I think that bash is a part of the Cygwin distribution. Bash can run bourne shell scripts, but it is nicer to use. If you have bash, you can use the commands in the INSTALL file. The DOS shell is command.com. It's pretty lame. Chances are that once you try bash you'll never want to go back to command.com. :) > I'm trying to figure out how to make makefile in cygwin. 'make' > however has a port in cygwin. Make wants to use the bourne shell (or bash) to run the commands in the makefile. If I recall correctly, on my Cygwin installation make just found bash and used it without me having to do anything special. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2003-01-20 05:40:01
|
"john 5 mccoy" <v19...@ly...> writes: [ed writes] > > If we talk about it here on the mailing list it might help other > > people too. I've built integrit in Cygwin. It will be easiest for > > you if you use the CVS version of integrit. There I believe that's > > how I did it: installed CVS; got integrit from the cvs repository at > > sourceforge; and built integrit. > > There is a problem to get CVS client : ... > I'm doing something wrong but haven't a clue. I don't remember how I installed cvs. Tell you what, here's a tarball of the current (CVS) version: http://www.noserose.net/e/integrit/download/integrit-20030119.tar.gz This is an unofficial pre-release of 3.03. Good luck. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: john 5 m. <v19...@ly...> - 2003-01-20 04:54:36
|
Mr Cashin, Thanks for your answer. I'm sorry if i posted my mail several times. I didn't see it show up in "integrit-users Archives" mailing list although i subscribed sucessfully. >If we talk about it here on the mailing list it might help >other people too. I've built integrit in Cygwin. It will be >easiest for you if you use the CVS version of integrit. There >I believe that's how I did it: installed CVS; got integrit >from the cvs repository at sourceforge; and built integrit. There is a problem to get CVS client : "In order to access a CVS repository, you must install a special piece of software called a CVS client; CVS clients are available for most any operating system (we include information about many popular CVS clients in our site documentation collection)." ->pointing to a dead page : http://sourceforge.net/docman/display_doc.php?group_id=1 i tried to compile with CYGWIN and gnuWin32Utils/Make and i get this error : $ make -f r:/integrit/makefile.in r:/integrit/makefile.in:20: *** missing separator. Stop. note :line 20 = @SET_MAKE@ when replacing spaces with a tab i get error : $ make -f r:/integrit/makefile.in r:/integrit/makefile.in:20: *** commands commence before first target. Stop. Trying to compile test results in : $ make r:/integrit/test/test r:\cygwin\bin\make.exe: Nothing to be done for `r:/integrit/test/test'. I'm doing something wrong but haven't a clue. Regards, _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus |
|
From: john 5 m. <v19...@ly...> - 2003-01-20 01:55:09
|
sorry for this non-related topic. I have trouble to compile integrit in win32 environment. i'm not familiar with *nix. My search for compile help is not succesfull. Could someone who already has compiled integrit with cygwin and willing to help, drop me a mail : v19...@ly... ? many thanks in advance, john _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus |
|
From: Ed L C. <ec...@ug...> - 2003-01-19 17:41:51
|
"john 5 mccoy" <v19...@ly...> writes: > sorry for this non-related topic. It's OK. Issues related to building integrit are on-topic. > I have trouble to compile integrit in win32 environment. > i'm not familiar with *nix. My search for compile help is not succesfull. > > Could someone who already has compiled integrit with cygwin and > willing to help, drop me a mail : v19...@ly... ? If we talk about it here on the mailing list it might help other people too. I've built integrit in Cygwin. It will be easiest for you if you use the CVS version of integrit. There are instructions here: http://sourceforge.net/cvs/?group_id=15369 I believe that's how I did it: installed CVS; got integrit from the cvs repository at sourceforge; and built integrit. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: john 5 m. <v19...@ly...> - 2003-01-19 07:11:42
|
sorry for this non-related topic. I have trouble to compile integrit in win32 environment. i'm not familiar with *nix. My search for compile help is not succesfull. Could someone who already has compiled integrit with cygwin and willing to help, drop me a mail : v19...@ly... ? many thanks in advance, john _____________________________________________________________ _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus |
|
From: john 5 m. <v19...@ly...> - 2003-01-19 07:07:58
|
sorry for this non-related topic. I have trouble to compile integrit in win32 environment. i'm not familiar with *nix. My search for compile help is not succesfull. Could someone who already has compiled integrit with cygwin and willing to help, drop me a mail : v19...@ly... ? many thanks in advance, john _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus |
|
From: Ed L C. <ec...@ug...> - 2003-01-04 01:26:36
|
"Dan Beldiman" <lis...@be...> writes: > Hi, > > I'm pretty new to integrit, and what i've seen so far is really > nice! Thanks much. I've been out of town, so I'm sorry I didn't reply right away. > I wonder if I can compare the known and the current database on a > different system then the one where they where created. My idea is > to create the database on an endangered machine, then copy it to a > save place, and compare it there with a database which I think > should be fine. The server which I want to check using integrit is > at a webhoster, and i don't have the posibility to mount some other > filesystem using nfs-readonly as suggested in the documentation. Right now integrit uses a system-dependent way of representing information about files. Specifically, the stat struct containing the information returned by the stat system call is simply written out into the database. That means that a database won't work on one machine if the stat struct has a different format than the machine where the database was created. I'm hoping to work on a cross-platform (and maybe smaller) format for the database stat info very soon. If the stat structs are not compatable, one thing you might be able to do in the mean time is to use the auxiliary utilities along with UNIX tools. Say the database is generated on a host named "gen" and you want to compare the databases on a host named "cmp". You could do something like this: dan@gen databases$ i-viewdb current.cdb | ssh cmp 'gzip > current.txt.gz' ... and then ... dan@cmp dan$ zdiff -u known.txt.gz current.txt.gz | less With a ruby or perl script you could automate it more. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Dan B. <lis...@be...> - 2002-12-25 10:17:26
|
Hi, I'm pretty new to integrit, and what i've seen so far is really nice! I wonder if I can compare the known and the current database on a different system then the one where they where created.My idea is to create the database on an endangered machine, then copy it to a save place, and compare it there with a database which I think should be fine.The server which I want to check using integrit is at a webhoster, and i don't have the posibility to mount some other filesystem using nfs-readonly as suggested in the documentation. Thanks a lot for any help Dan |
|
From: Ed L C. <ec...@ug...> - 2002-11-06 06:04:50
|
Pen Helm <jph...@ea...> writes: > Is there an integrit for Macintosh? > (Perhaps for System X which is Unix-based?) I'm copying the integrit-users mailing list in case anyone else has tried it, but the last time I tried it, something didn't work correctly during the build. There have been some recent improvements to the build process that were made in order for integrit to build more smoothly on Cygwin, and I believe that these improvements will help integrit to build on Mac OS X. (Specifically, the configure script now better handles the case where the system has no stdint.h or inttypes.h header files.) If you would like to try building integrit on Mac OS X, I recommend using the most current version via CVS. There are instructions here: http://sourceforge.net/cvs/?group_id=15369 ... that tell you how to use anonymous CVS to check out the current integrit sources. Please let us know how it works. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2002-10-24 01:38:45
|
Hi. I recently bought Windows XP Professional (for some hardware
support) and got a chance to try building integrit with Cygwin
1.3.12-2. I made a couple of changes to integrit in order to better
support Cygwin:
* asked sourceforge to removed aux directory (and some others like
beecrypt and cdb directories) from integrit CVS resository.
This allows Windows users to check out the integrit sources via
anonymous cvs. Windows won't allow directories named "aux", and
cvs keeps empty directories around forever.
* changed order of tests in configure so that stdint.h.in is used
correctly on platforms that don't have the stdint.h system header.
This was already supposed to work already but didn't. Now it
works.
So if you want to try integrit on Windows then you can try the cvs
version of integrit. Anonymous cvs instructions are here:
http://sourceforge.net/cvs/?group_id=15369
The only testing I did was to do the "make test" target, which
succeeded, and to use utils/i-ls on some files. So let us know how it
goes.
--
--Ed L Cashin | PGP public key:
ec...@ug... | http://noserose.net/e/pgp/
|
|
From: Ed L C. <ec...@ug...> - 2002-09-30 13:01:48
|
On Mon, Sep 30, 2002 at 09:36:49AM +0200, C.S...@mo... wrote: > Hallo, > > just wanted to know if there exists a DTD (Document Type Definition) for the > XML-Output of integrit. > If so, can someone please post it? Yes, there is one in xml.c, in a function called xml_dtd. I polled the list a while ago asking whether the xml users would like integrit's xml output to begin with a DTD, but at the time, the xml-using community was silent. Because it would increase the size of the output and nobody indicated any interest, I never turned on the dtd feature. The dtd would probably be better off in a documentation file instead of occupying space in the integrit binary. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: <C.S...@mo...> - 2002-09-30 07:37:06
|
Hallo, just wanted to know if there exists a DTD (Document Type Definition) for the XML-Output of integrit. If so, can someone please post it? thanks for your help, Schwabl Christian |
|
From: Ed L C. <ec...@ug...> - 2002-09-28 18:11:34
|
Hi. There's a new example, integrit-run.c, in the examples directory of the integrit distribution, in the CVS repository. It shows how to create a statically-linked program that will run integrit sequentially on several config files. This example is for folks who have multiple roots to check but do not want to use a Bourne shell script to run integrit multiple times. For more info on using anonymous CVS, please see ... http://sourceforge.net/cvs/?group_id=15369 Thanks. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2002-09-14 18:35:45
|
Chris Lalor <la...@ma...> writes: > Thanks for all the help - the platforms are in fact different as you > guessed. > > the checks were being done on a solaris8 box and the central hids box > is running on RH 7.2 - i'll figure a way around this. > > But yeah - it would be a great feature to have this stuff independent > - > as it would help us - as we'll be distributing this to 100's of > different servers including windows - all run from one platform. I don't think you're the only one. This is one feature that really makes sense. I've hesitated in the past simply because other changes were going on and I wanted to let things stabilize. Now that integrit is pretty stable, having platform-independent databases seems like a worthy goal. They would be completely incompatible with the previous databases, but an auxiliary tool could be created for converting old-style databases into platform- independent databases. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Chris L. <la...@ma...> - 2002-09-14 00:10:26
|
Thanks for all the help - the platforms are in fact different as you guessed. the checks were being done on a solaris8 box and the central hids box is running on RH 7.2 - i'll figure a way around this. But yeah - it would be a great feature to have this stuff independent - as it would help us - as we'll be distributing this to 100's of different servers including windows - all run from one platform. -chris lalor On Friday, September 13, 2002, at 07:49 PM, Ed L Cashin wrote: > Chris Lalor <la...@ma...> writes: > >> Sorry to be a nuisance - but I'm having trouble using i-viewdb on a >> database that is functioning fine for testing. >> >> Here is an initial test output: >> >> integrit: ---- integrit, version 3.01 ----------------- > ... >> integrit: root : /opt/Dynamo4.5.1 >> integrit: do check : yes >> integrit: do update : yes > > What architecture and O.S. is running integrit here? > > ... >> no here's my attempt at viewing the database (in a different location >> cause it gets scp'd back. >> >> [hids@hids-1 db]$ i-viewdb xxx-dynamo_k.cdb >> integrit (viewdb): Error: bad entry (too big value) in DB >> (xxx-dynamo_k.cdb) > > What architecture and O.S. is running i-viewdb here? > > Integrit's databases are not platform independent. The struct stat > data type must be the same on the platform where i-viewdb and integrit > are run. > > You could make a good case that this situation is not the best: > integrit often runs on different hosts (and occasionally > architectures) than where the databases are stored. > > Also, integrit doesn't use all of the data in a struct stat. It is > possible that by storing the stat information in a > platform-independent form, integrit database size could be reduced. > > Something for version four, right? > > ... >> sorry again to bug you on this - but i don't really know what the >> error is referring to - and it's the last thing i need to get up my >> integrit install. > > i-viewdb should work on the same O.S. and architecture as that of the > host where the database was generated. If that's not sufficient for > your needs, that's a good reason for version four to have > platform-independent databases. > >> If need be - I'll upgrade to 3.02.00 if it'll fix it - but i've not >> seen anything to make me think that this in particular has been fixed > > Since integrit compiles pretty easily, you might as well upgrade, but > I doubt it will affect your situation if I've guessed right about > platform differences. > > -- > --Ed L Cashin | PGP public key: > ec...@ug... | http://noserose.net/e/pgp/ > |
|
From: Ed L C. <ec...@ug...> - 2002-09-13 23:49:10
|
Chris Lalor <la...@ma...> writes: > Sorry to be a nuisance - but I'm having trouble using i-viewdb on a > database that is functioning fine for testing. > > Here is an initial test output: > > integrit: ---- integrit, version 3.01 ----------------- ... > integrit: root : /opt/Dynamo4.5.1 > integrit: do check : yes > integrit: do update : yes What architecture and O.S. is running integrit here? ... > no here's my attempt at viewing the database (in a different location > cause it gets scp'd back. > > [hids@hids-1 db]$ i-viewdb xxx-dynamo_k.cdb > integrit (viewdb): Error: bad entry (too big value) in DB > (xxx-dynamo_k.cdb) What architecture and O.S. is running i-viewdb here? Integrit's databases are not platform independent. The struct stat data type must be the same on the platform where i-viewdb and integrit are run. You could make a good case that this situation is not the best: integrit often runs on different hosts (and occasionally architectures) than where the databases are stored. Also, integrit doesn't use all of the data in a struct stat. It is possible that by storing the stat information in a platform-independent form, integrit database size could be reduced. Something for version four, right? ... > sorry again to bug you on this - but i don't really know what the > error is referring to - and it's the last thing i need to get up my > integrit install. i-viewdb should work on the same O.S. and architecture as that of the host where the database was generated. If that's not sufficient for your needs, that's a good reason for version four to have platform-independent databases. > If need be - I'll upgrade to 3.02.00 if it'll fix it - but i've not > seen anything to make me think that this in particular has been fixed Since integrit compiles pretty easily, you might as well upgrade, but I doubt it will affect your situation if I've guessed right about platform differences. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Chris L. <la...@ma...> - 2002-09-13 19:58:42
|
Sorry to be a nuisance - but I'm having trouble using i-viewdb on a database that is functioning fine for testing. Here is an initial test output: integrit: ---- integrit, version 3.01 ----------------- integrit: output : human-readable integrit: conf file : xxx-dynamo.conf integrit: known db : /export/home/hids/xxx-dynamo_k.cdb integrit: current db : /export/home/hids/xxx-dynamo_c.cdb integrit: root : /opt/Dynamo4.5.1 integrit: do check : yes integrit: do update : yes integrit: checking for missing files -------------- integrit: current-state db md5sum -------------- integrit: 20b7965921b08d9849a36ebc914dd9f2 /export/home/hids/xxx-dynamo_c.cdb no here's my attempt at viewing the database (in a different location cause it gets scp'd back. [hids@hids-1 db]$ i-viewdb xxx-dynamo_k.cdb integrit (viewdb): Error: bad entry (too big value) in DB (xxx-dynamo_k.cdb) yet - when i change the directory - again - the database is fully functional: integrit: ---- integrit, version 3.01 ----------------- integrit: output : human-readable integrit: conf file : xxx-dynamo.conf integrit: known db : /export/home/hids/xxx-dynamo_k.cdb integrit: current db : /export/home/hids/xxx-dynamo_c.cdb integrit: root : /opt/Dynamo4.5.1 integrit: do check : yes integrit: do update : yes changed: /opt/Dynamo4.5.1 m(20020913-060057:20020913-154333) c(20020913-060057 :20020913-154333) new: /opt/Dynamo4.5.1/hi p(644) u(0) g(1) z(0) m(20020913-154333) integrit: checking for missing files -------------- integrit: current-state db md5sum -------------- integrit: 1a1ff3d6ac88dac662adb5fd744c1860 /export/home/hids/xxx-dynamo_c.cdb sorry again to bug you on this - but i don't really know what the error is referring to - and it's the last thing i need to get up my integrit install. If need be - I'll upgrade to 3.02.00 if it'll fix it - but i've not seen anything to make me think that this in particular has been fixed |
|
From: Ed L C. <ec...@ug...> - 2002-09-11 00:20:15
|
la...@ma... writes: > I apologise if this question is a bit basic or has been asked a lot - > i tried to trawl the list for it, but i've had trouble getting a > config file to work the way i'd like. It's been added to the FAQ for version 3.02, but the FAQ entry is kind of short: http://integrit.sourceforge.net/texinfo/integrit.html#Multiple%20Roots > I want to be able to run multiple checks daily on important system > binaries (a config file that would theoretically be portable across > almost all of our many servers). This config file would include the > following pretty much: > > /bin > /sbin > /usr/bin > /usr/libexec > /usr/sbin > /usr/local/bin > /usr/local/sbin > > etc... essentially only the system binaries If it were me, since the contents of / and /usr don't change very much, I'd probably make a integrit-root.conf and integrit-usr.conf pair of configuration files. That's just me, though. Some integrit users find it necessary to generate multiple configuration files from a master config file. > one easy way to do this would be if it were possible to explicitly > define checks on subdirectories of directories that have been set to > ignore... ie: > > root=/ > !/ > /bin siplugmc > /sbin siplugmc > /usr/bin siplugmc > /usr/sbin siplugmc > > etc...... > > While i know i can generate config files on the fly - or else use a > config/db sets for each of the subdirs - a way to do this or something > similar in one config would be greatly appreciated. If integrit's config files contained expressions of complex inter-relationships it might be more convenient to have just one file, but I must admit I'm surprised that people request this feature. It's very easy to create five little integrit config files instead of one config file, personally I find it more modular and self-documenting -- but I think it might be helpful if I add to the examples directory another couple examples. The new examples would show concretely how to generate multiple config files from a master. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
|
From: Ed L C. <ec...@ug...> - 2002-09-10 23:52:01
|
Hi. Depending on your O.S., since LFS may entail using a larger data type for some of the information in a file stat structure, the database of an integrit without LFS may not be compatible with a non-LFS integrit database. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
1 message has been excluded from this view by a project administrator.
