I keep getting an email that states the following:

/etc/cron.daily/tripwire-check:

**** Error: Tripwire database for host1.anythinghost.com not found. ****
**** Run /etc/tripwire/twinstall.sh and/or tripwire --init. ****


I then access the server by ssh and type "su" then I get # At that point I enter /etc/tripwire/twinstall.sh and/or tripwire --init. and I keep getting "no file or directory" What is this email for and what is trip wire and what do I do about it? Thanks

Good morning,
You should be typing "su -" instead of just "su". It would allow you to run the commands. On boot, there is an init script that runs a verify to make sure the system is OK. If tripwire is never initialized, you get that message. If you want to use tripwire you need to initialize the database, or if you dont want to use it you can disable the init script.

Tripwire maintains an encrypted database of file checksums so it can detect system changes which may indicate a compromise. If there is a compromise, it is easier to clean up because you know which files were changed.

I typed su- like you said and in the ssh window it says "command not found" When I typ su it gives me the # and then I typed /etc/tripwire/twinstall.sh and/or tripwire --init and from there I get file directory not found. How do I initalised the database anyway? Thanks

That should've been "su <space> -". I'm sorry.

To initialize the database, you just run one of those two commands in the error message.

will you do me a favor? From the starting point of # in ssh type what I should type. For an example I typed: "su - /etc/tripwire/twinstall.sh" and then I typed "su - tripwire --init" and all I got was su: user /etc/tripwire/tripwire.sh does not exist and on the second one command "user init--init does not exist" Thanks

Sure. :)

# su -
Password: <enter root password>
$ /etc/tripwire/twinstall.sh

I typed su -
password: ????
the I typed /etc/tripwire/twinstall.sh and I get no such file or directory exist!

I had someone from support look at your server .. tripwire is not installed. I am not sure where you are receiving that error message, but it is not coming from your ServerBeach server.

-knightfoo

This is the email that I get daily addressed to root:

/etc/cron.daily/tripwire-check:

**** Error: Tripwire database for host1.anythinghost.com not found. ****
**** Run /etc/tripwire/twinstall.sh and/or tripwire --init. ****

Are you sure this is coming from "this" host1.anythinghost.com server?

If you have another server with the same hostname it is possible that mail for "root@host1.anythinghost.com" will end up on this server because that is where the domain resolves now. Could this be an old server?

Check the IP address in the e-mail headers to see what IP address the message is originating from. :)

Originally posted by knightfoo
I had someone from support look at your server .. tripwire is not installed. I am not sure where you are receiving that error message, but it is not coming from your ServerBeach server.

-knightfoo

I think the cron job which spews this every day gets created as part of the cpanel install.

I had checked the back side of the email in outlook express. The IP address is 66.135.34.98 and that is an old ip. They had transferred me to another one last week and that is the old ip address. Thanks for letting me know that.

i'm not sure if that meant your found the problem or not, but i would check your cronjobs. you may not have tripwire installed but for some reason (maybe an install and then a dirty uninstall) still have the cronjob scheduled on your system.

Originally posted by anythinghost
I had checked the back side of the email in outlook express. The IP address is 66.135.34.98 and that is an old ip. They had transferred me to another one last week and that is the old ip address. Thanks for letting me know that.


Hopefully you've got it all fixed up now. :)