Date: Fri, 6 Nov 1998 11:51:29 -0500 From: mhpower@mit.edu To: root@wagsky.com Cc: fpscha@ns1.sminter.com.ar, freebsd-security@FreeBSD.ORG Subject: Re: tripwire fails 'make test' Message-ID: <199811061651.AA26461@stan.mit.edu> In-Reply-To: <Pine.BSF.4.02A.9811052234290.16158-100000@pn.wagsky.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> ... tripwire fails to properly execute its own >testing (under either multi- or single-user mode). Is this indicative of >a problem which needs to be resolved? ... >=== test.update.sh: testing CHANGED files === >=== test.update.sh: test FAILED! (expecting 8, got 0) === I sent the tripwire authors a bug report and a patch for what I suspect is this same problem in (I think) 1996, and got a response indicating that they didn't wish to issue a new release to fix it. What I think is going on is that test.update.sh expects that at least one second will pass in between recording the mtime of a file, and the checking of the mtime of that file after a "touch" is done. On fast machines/disks, less than a second passes, and thus tripwire reports an error since it thinks it failed to detect an mtime change. The simplest workaround may be to insert a sleep statement prior to when the file is touched. I've included an untested patch below that uses this approach. If there's any interest, I can go find the longer explanation that I wrote up at the time, as well as the patch that I submitted (which was looked over by Gene Kim and Gene Spafford, who didn't object to it but yet haven't made any changes to the distribution at ftp://coast.cs.purdue.edu/pub/Purdue/Tripwire/tripwire-1.2.tar.Z). Matt *** test.update.sh.old Tue Feb 22 02:46:22 1994 --- test.update.sh Fri Nov 6 11:37:15 1998 *************** *** 169,174 **** --- 169,175 ---- ( . $MYRUN ; ) > $LOGFILE ; set _ $STATUSDEL; shift . $MYCHECK + sleep 2 touch $OLDFILE echo "=== $ME: testing CHANGED files ===" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811061651.AA26461>