View previous topic :: View next topic |
Author |
Message |
jagdpanther l33t
Joined: 22 Nov 2003 Posts: 721
|
Posted: Mon Oct 15, 2018 5:45 pm Post subject: tripwire and changing device numbers |
|
|
On one of my Gentoo systems, after a reboot and a subsequent "/usr/sbin/tripwire --check", every file that tripwire-2.4.3.7 tests shows a changed "device number". For example, a very small part of /usr/sbin/twprint -m r -r <tripwire_report>.twr shows:
Code: | Modified object name: /usr/bin/cmake
Property: Expected Observed
------------- ----------- -----------
* Device Number 66308 66309
Modified object name: /usr/bin/cmake-gui
Property: Expected Observed
------------- ----------- -----------
* Device Number 66308 66309
Modified object name: /usr/bin/cmis-client
Property: Expected Observed
------------- ----------- -----------
* Device Number 66308 66309
Modified object name: /usr/bin/cmis-client-0.5
Property: Expected Observed
------------- ----------- -----------
* Device Number 66308 66309 |
Any idea why the device number is changing after a reboot? This system's storage is two NVMe SSDs. I have a second Gentoo system with one NVMe SSD and one spinning HDD and it does not show this problem.
I guess I could read the Tripwire documentation and change my policy file to tell Tripwire to NOT check a file's device number. |
|
Back to top |
|
|
cboldt Veteran
Joined: 24 Aug 2005 Posts: 1046
|
Posted: Tue Oct 16, 2018 1:29 pm Post subject: |
|
|
Those are regular files, and appears they are now being found on "the other" NVMe SSD. The device ID is a hardware ID.
If you've changed hardware or moved /bin to the other drive, those are "one time" or infrequent events. I'd just rebuild the tripwire database with the new/current config and leave it at that. |
|
Back to top |
|
|
jagdpanther l33t
Joined: 22 Nov 2003 Posts: 721
|
Posted: Tue Oct 16, 2018 3:58 pm Post subject: |
|
|
cboldt:
Thanks for the reply.
I have run 'tripwire -m u -r <tripwire report>' to update the tripwire database. Then all is well (except for changes caused by emerge which further 'tripwire -m u -r <tripwire report>' will update) untill a reboot. Sometimes when I reboot, ALL files have that "Device Number" change detected by tripwire.
I suspect (and this is just a guess) that the system does not always see the same NVMe drive first and this causes the device number change. If this is true then how do I fix it? |
|
Back to top |
|
|
cboldt Veteran
Joined: 24 Aug 2005 Posts: 1046
|
Posted: Tue Oct 16, 2018 5:41 pm Post subject: |
|
|
Yes, I think you are right.
I don't know how to get consistent device assignment at boot for NVMe, just no experience with that. Might be a BIOS. EFI function, or a UDEV function. From a little bit of searching, I think udev can handle the consistent device naming for NVMe devices.
Obviously your fstab is in good order, as the system boots regardless of the device ID (/dev placement) assigned at boot. |
|
Back to top |
|
|
|