Crashes on machines running tripwire

From: Ken Rossman (
Date: 11/08/03

  • Next message: Steve Buehler: "Re: RHEL ES v.3 and RHN"
    Date: Sat, 8 Nov 2003 15:28:38 -0500

    I have had several crashes over the past couple of months on RHL 7.x
    and I am at a loss to debug this problem at present. Does anyone know
    tripwire includes some kind of kernel module that it uses when it is
    (see output below)

    If indeed tripwire is what is "tripping up" this system, how would it be
    able to do this? If tripwire doesn't somehow load kernel modules and
    them, then this may be a kernel bug (or a hardware problem)...

    tnx, K

    Red Hat Linux release 7.2 Enigma
    Kernel 2.4.7010 on an i686

    Sage login: invalid operand: 0000
    CPU: 0
    EIP: 0010:[<c01363bc>]
    EFLAGS: 00010086
    Eax: 0000001c ebx: c39de9c0 ecx: 0000001 edx: 00001dc1
    Esi: c12ebdac edi: 0000002 ebp: c39dea08 esp: c42b7e20
    ds: 0018 es: 0018 ss: 0018
    Process tripwire (pid: 6782, stackpage=c42b7000)
    Stack: c022d46 00000361.
    (3 lines)
    Call Trace: [<c022d346>] ..

    Code: 0f 0b 59 .
    <0> Kernel panic: Aiee, killing interrupt handler !
    In interrupt handler not syncing

    (machine hangs)

    redhat-list mailing list

  • Next message: Steve Buehler: "Re: RHEL ES v.3 and RHN"

    Relevant Pages

    • Re: Kernel-loadable Root Kits
      ... But activity in /tmp is normal and will be ignored by tripwire, ... >> appropriate lock in kernel code but I don't know if it's possible. ... >> and compare MD5 checksums. ... from;)) some time ago there were proprietary device drivers (sound cards, ...
    • Re: [Full-disclosure] Microsoft GhostBuster Opinions
      ... this is not just like tripwire. ... >>and reporting false data to tripwire then tripwire can run along merrily ... This is why booting to a trusted kernel ...
    • Re: [Full-disclosure] Microsoft GhostBuster Opinions
      ... On Thu, 17 Mar 2005, Dave King wrote: ... > a known good kernel could yeild incorrect results if the kernel has been ... A similar result can be had using tripwire on the system ... failing system that reboots or blue screens every few weeks rather then ...
    • Re: LKM support (Was: Re: possible compromise or just misreading logs)
      ... >> there is no way tripwire can be assured it is verifying the binary it ... >> asks the kernel for information about. ... If you get a root compromise so that a KLM can be ... I think tripwire makes it very ...
    • Re: Test if pointer points to allocated memory
      ... Dan Pop wrote: ... (Calling something so simple a kernel now ... under the rubric of `interrupt handler'. ... > Yet, the OS design remained unchanged until its official death, in the ...