Tripwire Open Source Versions Save

Q1 2018 update for OST: A couple of twprint tweaks, plus updates for documentation and default policies.

• twprint can now print reports for individual objects.
• twprint now has verbosity levels for --print-dbfile mode.
• Provide a useful README.md (issue #17 ).
• Document return codes in man pages (issue #28 ).
• Update install script after testing on additional platforms.
• Provide default policies for more operating systems, and update some existing policies
• Usability tweaks to twtest.
• Clean up code style with clang-format, & add a custom style that approximates existing OST usage.
• Update copyright dates to 2018.

• Fix & expand tests in Perl acceptance test framework
• Fix & expand twtest unit tests, & rework unit test mini-framework so they’re referenced by name, not some numeric ID, and list tests as “skipped" if they don’t make any test assertions.
• Add configure options to enable coverage, profiling, & use /dev/urandom as RNG (all off by default)
• Add a ‘list’ make target to list all make targets
• Remove dead code & add test coverage per gcov+lcov results
• Fix various memory issues pointed out by valgrind
• In examine-encryption mode, better reporting (& nonzero exit) if we can't find a keyfile for the examined file.
• More exception handling around individual objects & init/IC as a whole, since there have been occasional reports of uncaught exceptions during init or check, and so far haven’t been able to repro or figure out what circumstances it occurs under. (e.g. Github issue #25)
• Tweak install.sh so it can be run directly, not just thru 'make install' if you want. (Github issue #26)
• Improve native (non-Posixy) path handling on platforms that need it (DOS, AROS, RISC OS, Redox)
• New platforms: MirOS BSD, Bitrig, LibertyBSD, RISC OS, Redox
• Add default policies for HP-UX & various BSDs

Update to improve build system & unit tests, & clean up a bunch of compile & static analysis warnings.

• Buildsys: 'install-strip', 'uninstall', 'check', and 'distcheck' make targets now do useful things. (the install-strip change addresses the remaining bit of issue #18.)
• Buildsys: To support old flavors of gcc, add "--disable-extrawarnings" configure option for compilers that don't understand -Wextra arg, and detect if the local g++ happens to be called c++.
• Fix various new warnings w/ GCC 7.
• Use std::unique_ptr instead of deprecated std::auto_ptr, where available.
• Clean up / enable more twtest unit tests, & tweak the framework for clarity.
• Remove more dead code and strip out a bunch of uses of the always-true IS_UNIX ifdef.
• Address some static analysis warnings from CppCheck & Flawfinder
• Add a sanity check in fcodatasourceiterimpl to address a unit test that failed on some platforms.
• Update old policy test files in src/parser/testfiles to use current policy syntax.

A minor update to fix two issues:

Fix a new issue with level 2 report printing ( Issue #19 ) Fix 'make install-strip' target, which wasn't actually stripping binaries (Issue #20)

*Updated release to include archives with curl/wget-friendly names (Issue #22)

NOTE: This release has an annoying reporting issue (see https://github.com/Tripwire/tripwire-open-source/issues/19) that's fixed in 2.4.3.4 and later. You probably don't want to use this release.

Small update to OST with a variety of fixes. Items from the ChangeLog:

• Run Clang static analyzer & fix some of its quibbles
• Fix compilation error on Alpine Linux 3.x (Issue #15)
• Fix file permissions on a couple of source files (Issue #14)
• Fix some errors w/ make install/uninstall/dist (Issue #15)

What's New:

i18n

• Optionally use iconv(), where available, for report/db files that are portable across different character encodings. This is disabled by default for the sake of backward compatibility.
• Properly display multibyte/high ascii chars when displaying reports or DBs.

Hash generation

• Disk cache hinting with posix_fadvise() or similar mechanism (where available), to avoid filling the system disk cache with files we've already read & aren't immediately going to revisit.
• HASH_DIRECT_IO config option, to use direct i/o while hashing files, where available (only Linux in 2.4.3.2), per longstanding user request.
• Use O_NOATIME, where available, so that scanning a file/dir/symlink doesn't update its access time attribute.
• Optionally use system CommonCrypto for hashes on Mac OS X.

Build System

• Regenerated build system with automake 1.15 (we were previously on the ancient version 1.8).
• ‘make dist’ now generates a complete, buildable source bundle.
• Can now use OpenSSL while cross compiling, if the appropriate libs are available.
• Can finally use a build directory outside of the OST source tree.

Platform(s)

• MS-DOS/FreeDOS + DJGPP support added
• AROS-specific fixes for not echoing passphrases, & deleting temporary files.
• Cygwin: paths with leading double slashes are now handled correctly. Cygwin uses this syntax for UNC paths.

Other

• Remove dead code & unused files
• Add embedded version strings for 'what' command (or 'version' command on AROS)
• Add a new config file option RESOLVE_IDS_TO_NAMES to control whether we try to resolve uid/gid values to user & group names. Static binaries are known to segfault when doing this given certain nsswitch.conf setups (particularly LDAP/AD), so setting this to false bypasses name resolution and just displays the numeric uid/gid.
• Add a new optional --key-size argument to twadmin --generate-keys mode, with available sizes of 1024 or 2048 bits. Previously twadmin always created 1024-bit El Gamal keys, and this remains the default if --key-size is not specified, at least for the time being.
• Fix a compilation issue with C++11 and -Werror=terminate.

A quick update to 2.4.3.0:

• Now builds with GCC 6.0.0 (the default compiler in Fedora 24) Specifically, fixed the 'narrowing' errors in twparser/yyparse.cpp by adding some explicit casts.
• OST's old unit test suite has been revived, and unit test files have been moved to the 'twtest' dir. The unit test suite is sort of archaic and ugly, and ultimately it might be desirable to migrate it to some modern test framework, boost or gtest possibly.
• Tabs replaced with spaces across the project. OST had come to have a mix of the two styles over time, and it turns out that tends to trigger GCC 6's new 'misleading indentation' warning.
• Got rid of assorted other compiler warnings.

The Open Source Tripwire 2.4.3.0 update includes compilation & portability fixes, a few significant bug fixes, and a couple of small but useful mini-features:

• Fixes compilation errors on LLVM/clang and gcc 4.7+.
• Fixes platform-specific build errors on various platforms, including OpenBSD and Cygwin.
• Fixes an ugly defect around generating invalid SHA hash values.
• Fixes >2GB file support on platforms where it wasn't available previously, e.g. 32-bit Linux.
• Fixes blocking on mandatory file locks, via O_NONBLOCK.
• Adds a '-h' command line arg to display hash values as hex instead of base64.
• Adds the long-requested MAILFROMADDRESS config param, for email reporting.