Segmentation fault on Ubuntu 20.10 #48
Comments
|
Hi ElToro1966, sorry this is happening for you. Couple of quick ideas --
In the meantime, I'll spin up a 20.10 VM (with an es_ES.UTF-8 locale) and install with apt-get and see if I have any luck reproducing this. |
|
Thanks, @brc0x1 My virtual machine in the VMware ESXi Hypervisor with HW Spec: And OS: Ubuntu 20.04.2 LTS (focal) After setting the RESOLVE_IDS_TO_NAMES config value to false in tw.cfg the problem has been resolved; |
|
I have a similar problem. the previous error disappeared but a new error appeared: before the error was the output of the file name that is being processed, I added them to the exceptions, but it did not help. how can this be solved? |
|
HI @OmlineEditor, are you on Ubuntu 20.x also? When this happens, is the machine using any sort of directory service (LDAP/Active Directory, NIS, etc.) If setting RESOLVE_IDS_TO_NAMES didn't fix this for you, your best bet is probably going to be to rebuild from source without enabling static linking. |
Where can I get detailed instructions on how to do this? |
|
@OmlineEditor Here's the readme section about building from source: https://github.com/Tripwire/tripwire-open-source/blob/master/README.md#building-ost . Let me know if you run into any difficulties or have any questions. |
|
Brief question. I cannot |
|
Hi @G0rd0n , to see the plaintext version of your config file, you'll need to use a different twadmin mode for that: twadmin -m f or twadmin --print-cfgfile . This is because a decrypted tw.cfg is still in a compressed binary form. If you have a plaintext config file and want to create or update a tw.cfg file, the mode for that is twadmin -m F or twadmin --create-cfgfile, and there's a similar pair of modes for creating and displaying policy files. |
|
Okay, that actually makes sense. I will dig a bit deeper into this. |
|
Hi @G0rd0n, can u wirte, me a command how i can edit tw.cfg? I'am a beginner and I don't know how to do this. |
|
@karolk53 I can't really help you with this. I am just as much a novice as you are : P |
install a file manager and edit through it using the F4 key. installation for ubuntu or Debian: run programm, type the command as root go to the desired folder select the file and press F4 |
|
I encountered the same problem when I upgraded to 22.04. Your RESOLVE_IDS_TO_NAMES fix resolved the issue. |
|
For me this works: |
|
On ubuntu after upgrading from 20.04 to 22.04, tripwire will segfault using policy and config files that worked under 20.04 and also after a fresh tripwire install using the default policy and config. The inclusion of RESOLVE_IDS_TO_NAMES = false in the config file only moves the point at which it will segfault. With RESOLVE_IDS_TO_NAMES = false set, the fault appears to occur at the very end of the run after the final file has been checked. Without the RESOLVE_IDS_TO_NAMES setting, the segfault occurs near the beginning of the run. (Note that this was run on an ubuntu install that was upgraded using the do-release-upgrade command on August 16, 2022. I have not tested tripwire on a fresh install of 22.04. The tripwire version is 2.4.3.7.0 built for x86_64-pc-linux-gnu. The date on the released tripwire executable is Nov 10 2021 and its size is 3140528 bytes.) |
|
Has anyone found a solution? I made all kinds of changes as above, but the fix works for a few days, the same error happens again. |
there is no solution, you need to fix the sources |
|
Same here... My re-compiled version worked for a while and now it segfaults, too. --- edit: Hmm... My recompiled version has been working fine for months now. I'm not sure why I thought it stopped working. Maybe I referenced the released copy by mistake? I completely removed the installed version and did a make install of my recompiled version. It appears to work. I'm not sure what the problem was. |
Did you manage to get it to work on 22? |
|
@zodman's fix shown in #48 (comment) worked for me... at least for now. This is on a fresh Debian 11.6 install, fail2ban 0.11.2-2 from Debian standard packages (Bullseye). [ https://packages.debian.org/bullseye/fail2ban ] For comparison, it seems that Ubuntu Kinetic (22) is versioned : fail2ban_0.11.2-6.debian.tar.xz in its source... I haven't compared the context between Debian vs. Ubuntu, so I'm not unaware as to what patches/changes are present in the 0.11.2-6. Yes, I experienced the same segfaulting issue that is reference above. Not sure that this is the same issue/causality that Ubuntu users are experiencing, TBH. |
|
Was this ever resolved? Is it safe to reinstall the released version, yet? |
the project is dead, the last changes were 5 years ago. no one will fix anything |
|
I had the same problem with a freshly installed Debian 12 (Bookworm). The real problem on my system were wrong file permissions for the folder You can find the problematic folder with: Hope this will help the one ore the other :) |
|
Thanks, I'll give that a try when I have access to the problem computer again (next March). FYI, when I tried a fresh installation of ubuntu in a virtual machine, tripwire appeared to work fine right out of the box...
On Friday, October 27, 2023 at 11:12:53 PM GMT+8, S-A-L13 ***@***.***> wrote:
I had the same problem with a freshly installed Debian 12 (Bookworm).
Setting RESOLVE_IDS_TO_NAMES=false in twcfg.txt helped but I think it's more like a workaround than a solution. Because this parameter should only be necessary if you use UIDs/GIDs from non-local directory servers like Active Directory or different LDAP servers. In this case the local system can't resolve the names (it can't find the username for UID 1001 or groupname for GID 2002). But on a standalone system without connection to NIS/LDAP/AD servers it should resolve every UID/GID.
The real problem on my system were wrong file permissions for the folder /usr/lib/firmware/intel/ and all subfolders and files within them. UID and GID were set to 3064 and 1199. Looks like a bug in the debian package that provides these files.
Solved the problem by setting the same owner & group to this folder like all other folders within /usr/lib/firmware/ with:
chown -R root:root /usr/lib/firmware/intel
You can find the problematic folder with:
tripwire --init -v
with -v it will show all folders he is parsing. The last folder it's showing before the error occurs is the folder that makes trouble.
Hope this will help the one ore the other :)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: ***@***.***>
|
I am trying to install tripwire on Ubuntu 20.10. I have tried to install it with
sudo apt install tripwireAnd then I've followed the usual steps outlined here. That gives me:
Next, I tried to build the whole thing from scratch as outlined here. That worked here, but not for me; It just gave me the same segmentation fault. I checked file permissions in /etc/tripwire/, and they are all 644. I also looked at /var/crash/, and there is a _usr_sbin_tripwire.0.crash:
The text was updated successfully, but these errors were encountered: