I've updated to 0.2.2 of mktwpol. In running mktwpol -u, I get the following error: Ready to encrypt /etc/tripwire/twpol-140207-0839.txt ... ### Error: Rule already defined as a start or stop point of another rule. ### /etc/security/limits.conf: Line number 407 ### Exiting... The policy file was not altered. Looking at the generated twpol.txt, I see that /etc/security/limits.conf is defined in two places in the same rule: # Security Related Programs: sys-libs/pam ... /etc/security/limits.conf -> $(ReadOnly) ; # Security Related Programs: Security Control File ... /etc/security/limits.conf -> $(ReadOnly) ; I'm not running a modified mktwpol-gentoo-140202.rules file, and in there I only see one reference to /etc/security/limits.conf. Reproducible: Always Steps to Reproduce: 1. mktwpol -u Actual Results: # mktwpol.sh -u Plain-text Policy File : /etc/tripwire/twpol-140207-0839.txt ... Using Rules File : /etc/tripwire/mktwpol-gentoo-140202.rules Processing rule 29 of 29 tripwire policy rules Ready to encrypt /etc/tripwire/twpol-140207-0839.txt ... ### Error: Rule already defined as a start or stop point of another rule. ### /etc/security/limits.conf: Line number 407 ### Exiting... The policy file was not altered. Ready to make encrypted tripwire database ... Please enter your local passphrase: Expected Results: Generation of the policy file without error. # emerge --info Portage 2.2.7 (default/linux/amd64/13.0/no-multilib, gcc-4.7.3, glibc-2.17, 3.10.25-gentoo x86_64) ================================================================= System uname: Linux-3.10.25-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5430_@_2.66GHz-with-gentoo-2.2 KiB Mem: 8171532 total, 828888 free KiB Swap: 1060284 total, 1059920 free Timestamp of tree: Fri, 07 Feb 2014 05:15:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.5-r3, 3.3.3 dev-util/cmake: 2.8.11.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6, 1.12.6, 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo SSIS ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="-q --with-bdeps y" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://gentoo.cs.uni.edu/ http://mirror.usu.edu/mirrors/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://192.168.0.157/gentoo-portage" USE="acl amd64 apache2 bash-completion berkdb bzip2 cli corefonts cracklib crypt ctype curl cxx djvu dri fontconfig fortran fpx ftp gcj gd gdbm gif gnutls graphviz gs hash hdri iconv imagemagick ipv6 jbig jpeg jpeg2k lcms lzma mmx modules ncurses nls nptl nptlonly openexr openmp openssl pam pcntl pcre pdf png posix python readline samba sasl session simplexml smtp snmp soap sockets sse sse2 ssh ssl svg tcpd threads tiff truetype unicode vim-syntax webp wmf xml zip zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
The file /etc/security/limits.conf is entered twice on your system (and not on mine) becuase you have installed the "pam" package. This is obviously common, and I think my decision to specifically name /etc/security/limits.conf for creation of a policy was an unwise decision. mktwpol.sh -u will deliver a policy file without the reported error, if you change /etc/tripwire/mktwpol-gentoo-140202.rules file as follows: COMMENTS[1]='Security Control Files' FILELIST[1]="/etc/security" This change removes the specific listing of /etc/security/limits.conf in FILELIST[1]. Tripwire will continue to monitor files in the /etc/security branch, and /etc/security/limits.conf will be specifically listed (in your policy) under the "pam" package. Thanks for the report.
Thanks for the feedback. I'll try out your suggestion here in a little while once I undig myself from my current tasks.
Yes, that did resolve my issue.