I'm trying to run tripwire on a RHEL 5.4 box. I'm new to it.
I'm getting errors: The object: "/ora" is on a different file system...ignoring.
For one thing, it's not a different file system. It's not any different than the root partition, that tripwire will monitor. And I want tripwire to monitor it.
I've been googling around, and have seen this error in all sorts of places, but with either no comment or, if a question is specifically asked about this, no answer to the question.
Anyone out there know what the work around for this might be?
=== Al
Here's partial output. The command I ran with strace was: strace /usr/loca/bin/tripwire -m i
This initializes the tripwire database. I include what I think is the relevant output here:
lstat("/ora", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 write(1, "The object: "/ora" is on a diffe"..., 61) = 61 lstat("/selinux", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/selinux", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 4 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 getdents(4, /* 2 entries */, 32768) = 48 getdents(4, /* 0 entries */, 32768) = 0 close(4) = 0 lstat("/srv", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/srv", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 4 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 getdents(4, /* 2 entries */, 32768) = 48 getdents(4, /* 0 entries */, 32768) = 0 close(4) = 0
I looked at the lstat man page, and there is a blurb on how it treats symbolic links as individual files. But /ora isn't a symbolic link.
=== Al
----- Original Message ---- From: Corey Chandler lists@sequestered.net To: CentOS mailing list centos@centos.org Sent: Wed, November 4, 2009 10:06:58 AM Subject: Re: [CentOS] Tripwire Question
Al Sparks wrote:
I'm trying to run tripwire on a RHEL 5.4 box. I'm new to it.
RHEL != CentOS.
That said, what happens when you strace tripwire?
-- Corey / KB1JWQ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Al Sparks wrote: Here's partial output. The command I ran with strace was: strace /usr/loca/bin/tripwire -m i
My apologies if this sounds like I'm doubting you, but can you paste the contents of /etc/mtab for me?
-- Corey / KB1JWQ
/dev/mapper/VolGroup00-LogVol00 / ext3 rw 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 /dev/mapper/VolGroup00-LogVol02 /usr ext3 rw 0 0 /dev/mapper/VolGroup00-LogVol04 /var ext3 rw 0 0 /dev/mapper/VolGroup00-LogVol06 /ora ext3 rw 0 0 /dev/mapper/VolGroup00-LogVol01 /home ext3 rw 0 0 /dev/mapper/VolGroup00-LogVol03 /tmp ext3 rw 0 0 /dev/mapper/VolGroup00-LogVol05 /opt ext3 rw 0 0 /dev/sda1 /boot ext3 rw 0 0 tmpfs /dev/shm tmpfs rw 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0 sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
=== Al
On Wed, Nov 4, 2009 at 6:23 PM, Al Sparks data345@yahoo.com wrote:
Al Sparks wrote: Here's partial output. The command I ran with strace was: strace /usr/loca/bin/tripwire -m i
My apologies if this sounds like I'm doubting you, but can you paste the contents of /etc/mtab for me?
[snip]
/dev/mapper/VolGroup00-LogVol06 /ora ext3 rw 0 0
:)
You do indeed have /ora on a separate filesystem as C Chandler is getting at.
----- Original Message ---- From: Kwan Lowe kwan.lowe@gmail.com To: CentOS mailing list centos@centos.org Sent: Wed, November 4, 2009 3:12:47 PM Subject: Re: [CentOS] Tripwire Question
On Wed, Nov 4, 2009 at 6:23 PM, Al Sparks data345@yahoo.com wrote:
Al Sparks wrote: Here's partial output. The command I ran with strace was: strace /usr/loca/bin/tripwire -m i
My apologies if this sounds like I'm doubting you, but can you paste the contents of /etc/mtab for me?
[snip]
/dev/mapper/VolGroup00-LogVol06 /ora ext3 rw 0 0
I figured it out. I had to add an entry in the policy file under: rulename = "Monitor Filesystems" area. When I added /ora it worked.
One thing that confused me about all this, was that /usr and /var are also separate files systems, but were not getting those same errors.
Thanks for the help. === Al
Al Sparks wrote:
I'm trying to run tripwire on a RHEL 5.4 box. I'm new to it.
I'm getting errors: The object: "/ora" is on a different file system...ignoring.
For one thing, it's not a different file system. It's not any different than the root partition, that tripwire will monitor. And I want tripwire to monitor it.
'different file system' meaning its a different partition. is that true? if so, I'm guessing you'd need to manually add that folder to tripwire's config.
-
Al Sparks -
Corey Chandler -
John R Pierce -
Karanbir Singh -
Kwan Lowe