From time to time tripwire reports:
### Error: File could not be decrypted.
### Filename: /var/lib/tripwire/XXXXX.twd
It also reports sometimes that files had been changed, which sould not be have been changed (e.g. /dev/tty3); at the next check there is no report about changes to these files.
I already reinstalled tripwire, but always get the same behaviour. Might this concern to any problems with hardware - for example RAM or HDD - or is this a known problem? I could not find any message relating to this.
Has there been any resolution to this? I'm getting the same problem with a brand new installation on a new system. The initial generation of the database runs fine without any errors. However any attempts to run Tripwire in any mode afterwards fails with the "File could not be decrypted" message complaining about the database it just created.
Wow, that sounds pretty strange.
Have you verified that the db file actually exists in the location it's looking at? It could be that the paths in the config file aren't correct - make sure that all the files it lists actually exist and are in the specified locations [ ./twadmin -m f ]. This goes for the TEMP variable too - if this is wrong, all *sorts* of things will fail.
You might try checking the encryption on the database, to make sure it knows what key file it's signed with. [ ./twadmin -m e <database>.twd ]
If security isn't a serious concern, you could try running with an unsigned database. The format is still encoded and compressed, it just won't have the crypto signature attached. You can do this with twadmin as well: [ ./twadmin -m R <database>.twd ]
Log in to post a comment.