With that many errors from that many different programs it strongly
suggests that there is a problem with your filesystem, possibly an
existing infection.
When testing for intrusion on a system that has been running with a live
connection, it's necessary to test from an inviolate source, an ISO
image that is known to be un-infected. Obviously, this should not be
created on an infected machine, which is a problem if you have limited
resources.
Nevertheless, you can try building a live image and testing from that.
--
Jonathan
On 2022-05-03 07:18, Sylvain wrote:
Thank you for your responses!
Tripwire:
---------
- It throws a segfault error while scaning on one PC. No errors
mentioned in log files.
- on another machine tripwire worked fine for a long time but now I
have this error while scaning:
*** Fatal exception: basic_string::_M_create
*** Exiting...
run-parts: /etc/cron.daily/tripwire exited with return code 8
Aide:
-----
I have a segfault and this line in syslog: kernel: [ 1771.894150]
aide[7032]: segfault at 1c ip 00007f7472672050 sp
00007fffc95d5bf0 error 4 in libnss_systemd.so.2[7f7472671000+33000].
The system is up to date from backports. The segfault is solved if I
use the aid-dynamic package, but the scan is too much long...
Integrit:
---------
I have this error while initializing the DB: integrit (main): Error:
walk_file_tree: Permission denied
The support is simply a mailing list and I still don't have an answer
about this problem.
OSSEC:
------
There is no .deb for this soft. The compilation ends with an error.
I've just contact the support.
OSSEC+:
-------
There's a problem during installation. I've just contact the support.
I'll test Wazuh.
