When I attempt to update the policy to exclude non-existent files from the OOTB policy for Fedora Core 9 I get the following:
$ sudo tripwire -m p /etc/tripwire/twpol.txt
Parsing policy file: /etc/tripwire/twpol.txt
### Error: Section already declared.
### FS: Line number 77
I used tripolex to rem non-existent entries in twpol.txt.
Line 77+ in twpol.txt reads:
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
I am using tripwire from binary rpm: tripwire-188.8.131.52-5.fc9.i386.rpm
Am I doing anything wrong or have I stumbled on a bug? This is the latest version available as rpm.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.