summaryrefslogtreecommitdiff
path: root/security/tripwire
diff options
context:
space:
mode:
authoragc <agc@pkgsrc.org>1998-11-17 16:27:25 +0000
committeragc <agc@pkgsrc.org>1998-11-17 16:27:25 +0000
commit22fd8f9cc761ffdd4b4861c700cf7b023c8ef634 (patch)
treea058cdb593c72939aa1077ce1fcaca4dfa1f7503 /security/tripwire
parentd3a03ccd3caa930df2267b9b5c1213ce0d73b5f1 (diff)
downloadpkgsrc-22fd8f9cc761ffdd4b4861c700cf7b023c8ef634.tar.gz
Initial import of tripwire-1.2, a file and directory integrity checker,
into the NetBSD Packages Collection.
Diffstat (limited to 'security/tripwire')
-rw-r--r--security/tripwire/Makefile27
-rw-r--r--security/tripwire/files/conf-netbsd.h54
-rw-r--r--security/tripwire/files/md53
-rw-r--r--security/tripwire/files/tw.conf.netbsd150
-rw-r--r--security/tripwire/patches/patch-aa28
-rw-r--r--security/tripwire/patches/patch-ab36
-rw-r--r--security/tripwire/patches/patch-ac65
-rw-r--r--security/tripwire/pkg/COMMENT1
-rw-r--r--security/tripwire/pkg/DESCR10
-rw-r--r--security/tripwire/pkg/MESSAGE6
-rw-r--r--security/tripwire/pkg/PLIST10
11 files changed, 390 insertions, 0 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
new file mode 100644
index 00000000000..f97d5bfa579
--- /dev/null
+++ b/security/tripwire/Makefile
@@ -0,0 +1,27 @@
+# $NetBSD: Makefile,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+#
+
+DISTNAME= tripwire-1.2
+CATEGORIES= security
+MASTER_SITES= ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/
+EXTRACT_SUFX= .tar.Z
+
+MAINTAINER= packages@netbsd.org
+HOMEPAGE= http://www.cs.purdue.edu/coast/coast-library.html
+
+post-extract:
+ (cd ${WRKDIR}; /bin/pax -r < T1.2.tar)
+ ${CP} ${FILESDIR}/conf-netbsd.h ${WRKSRC}/configs
+
+post-patch:
+ ${MV} ${WRKSRC}/include/config.h ${WRKSRC}/include/config.h.in
+ ${SED} -e 's|@localbase@|${LOCALBASE}|g' ${WRKSRC}/include/config.h.in \
+ > ${WRKSRC}/include/config.h
+
+post-install:
+ ${MKDIR} ${PREFIX}/share/doc/tripwire ${PREFIX}/etc/tripwire/databases
+ ${INSTALL_MAN} ${WRKSRC}/docs/designdoc.ps ${PREFIX}/share/doc/tripwire
+ ${SED} -e 's|@localbase@|${LOCALBASE}|g' -e 's|@x11base@|${X11BASE}|g' \
+ ${FILESDIR}/tw.conf.netbsd > ${PREFIX}/etc/tripwire/tripwire.conf
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/tripwire/files/conf-netbsd.h b/security/tripwire/files/conf-netbsd.h
new file mode 100644
index 00000000000..8a93506e606
--- /dev/null
+++ b/security/tripwire/files/conf-netbsd.h
@@ -0,0 +1,54 @@
+/* Original Id: conf-bsd.h,v 1.2 1993/08/19 05:26:52 genek Exp */
+
+/*
+ * conf-bsd.h
+ *
+ * Tripwire configuration file
+ *
+ * Gene Kim
+ * Purdue University
+ */
+
+/***
+ *** Operating System specifics
+ ***
+ *** If the answer to a question in the comment is "Yes", then
+ *** change the corresponding "#undef" to a "#define"
+ ***/
+
+/*
+ * is your OS a System V derivitive? if so, what version?
+ * (e.g., define SYSV 4)
+ */
+
+#undef SYSV
+
+/*
+ * does your system have a <malloc.h> like System V?
+ */
+
+#undef MALLOCH
+
+/*
+ * does your system have a <stdlib.h> like POSIX says you should?
+ */
+
+#define STDLIBH
+
+/*
+ * does your system use readdir(3) that returns (struct dirent *)?
+ */
+
+#define DIRENT
+
+/*
+ * is #include <string.h> ok? (as opposed to <strings.h>)
+ */
+
+#define STRINGH
+
+/*
+ * does your system have gethostname(2) (instead of uname(2))?
+ */
+
+#define GETHOSTNAME
diff --git a/security/tripwire/files/md5 b/security/tripwire/files/md5
new file mode 100644
index 00000000000..3ca426e0cab
--- /dev/null
+++ b/security/tripwire/files/md5
@@ -0,0 +1,3 @@
+$NetBSD: md5,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+
+MD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88
diff --git a/security/tripwire/files/tw.conf.netbsd b/security/tripwire/files/tw.conf.netbsd
new file mode 100644
index 00000000000..8c8e0b27fa5
--- /dev/null
+++ b/security/tripwire/files/tw.conf.netbsd
@@ -0,0 +1,150 @@
+# $NetBSD: tw.conf.netbsd,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+# Original Id: tw.conf.386bsd,v 1.1 1993/11/22 06:38:01 genek Exp
+#
+# tripwire.config
+# Generic version for NetBSD
+# Will need editing...see comments below
+#
+# This file contains a list of files and directories that System
+# Preener will scan. Information collected from these files will be
+# stored in the tripwire.database file.
+#
+# Format: [!|=] entry [ignore-flags]
+#
+# where: '!' signifies the entry is to be pruned (inclusive) from
+# the list of files to be scanned.
+# '=' signifies the entry is to be added, but if it is
+# a directory, then all its contents are pruned
+# (useful for /tmp).
+#
+# where: entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+# [template][ [+|-][pinugsam12] ... ]
+#
+# - : ignore the following atributes
+# + : do not ignore the following attributes
+#
+# p : permission and file mode bits a: access timestamp
+# i : inode number m: modification timestamp
+# n : number of links (ref count) c: inode creation timestamp
+# u : user id of owner 1: signature 1
+# g : group id of owner 2: signature 2
+# s : size of file
+#
+#
+# Ex: The following entry will scan all the files in /etc, and report
+# any changes in mode bits, inode number, reference count, uid,
+# gid, modification and creation timestamp, and the signatures.
+# However, it will ignore any changes in the access timestamp.
+#
+# /etc +pinugsm12-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates: (default) R : [R]ead-only (+pinugsm12-a)
+# L : [L]og file (+pinug-sam12)
+# N : ignore [N]othing (+pinusgsamc12)
+# E : ignore [E]verything (-pinusgsamc12)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+# Ex: /etc/lp E+ug
+#
+# Example configuration file:
+# /etc R # all system files
+# !/etc/lp R # ...but not those logs
+# =/tmp N # just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template): Ignoring everything in a directory still monitors
+# for added and deleted files. Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly? Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbitant
+# protection is not needed. (See README and design document for further
+# details.)
+#
+
+# First, root's "home"
+=/ L
+/root/.rhosts R # may not exist
+/root/.profile R # may not exist
+/root/.cshrc R # may not exist
+/root/.login R # may not exist
+/root/.exrc R # may not exist
+/root/.logout R # may not exist
+/root/.emacs R # may not exist
+/root/.forward R # may not exist
+/root/.netrc R # may not exist
+
+# Unix itself
+/netbsd R
+
+# /bin and exceptions
+/bin R-2
+/bin/rcp R
+
+# /dev
+/dev L
+
+# /etc and exceptions
+/etc R-2
+/etc/aliases L
+/etc/daily L
+/etc/disktab L
+/etc/dumpdates L
+/etc/master.passwd L
+/etc/monthly L
+/etc/motd L
+/etc/passwd L
+/etc/pwd.db L
+/etc/spwd.db L
+/etc/uucp L
+/etc/weekly L
+
+# /home
+=/home
+
+# /root
+/root R-2
+/root/.history L
+
+# /sbin
+/sbin R-2
+
+# /usr/bin
+/usr/bin R-2
+
+/usr/include R-12
+
+/usr/lib R-2
+
+/usr/libexec R-2
+
+/usr/local/bin R-2
+
+/usr/local/etc L
+
+/usr/sbin R-2
+
+/usr/src/bin R-2
+/usr/src/lib R-2
+/usr/src/libexec R-2
+/usr/src/sbin R-2
+/usr/src/usr.bin R-2
+/usr/src/usr.sbin R-2
+/usr/src/sys R-2
+!/usr/src/sys/arch/i386/compile
+!/usr/src/sys/arch/i386/conf
+
+# packages...
+=@localbase@
+=@x11base@
+
+###########################################
diff --git a/security/tripwire/patches/patch-aa b/security/tripwire/patches/patch-aa
new file mode 100644
index 00000000000..0c7d6cb78ad
--- /dev/null
+++ b/security/tripwire/patches/patch-aa
@@ -0,0 +1,28 @@
+$NetBSD: patch-aa,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+
+Miscellaneous Makefile settings.
+
+--- Makefile 1994/07/25 15:59:41 1.16
++++ Makefile 1998/11/17 13:44:39
+@@ -12,10 +12,10 @@
+ ###
+
+ # destination directory for final executables
+-DESTDIR = /secureplace/bin
++DESTDIR = ${PREFIX}/sbin
+
+ # destination for man pages
+-MANDIR = /usr/man
++MANDIR = ${PREFIX}/man
+
+ # system utilities
+ LEX = lex
+@@ -48,7 +48,7 @@
+ #CFLAGS = -systype bsd43 # ETA/10 (SVR3)
+ #CFLAGS = -systype bsd43 # MIPS RISC/OS 4.5x
+ #CFLAGS = -O -ansi # gnu CC
+-#CFLAGS = -O -ansi -W -Wreturn-type -Wswitch -Wshadow # gnu CC w/all warnings
++CFLAGS = -O -ansi -W -Wreturn-type -Wswitch -Wshadow # gnu CC w/all warnings
+ #CFLAGS = -OG # Pyramid OSx
+ #CFLAGS = -O -Kold # Pyramid DC/OSx (SVR4)
+ #CFLAGS = -DTW_TYPE32='int' # DEC OSF/1 Alpha (or any other architecture
diff --git a/security/tripwire/patches/patch-ab b/security/tripwire/patches/patch-ab
new file mode 100644
index 00000000000..bd6b33c4151
--- /dev/null
+++ b/security/tripwire/patches/patch-ab
@@ -0,0 +1,36 @@
+$NetBSD: patch-ab,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+
+NetBSD-specific paths for tripwire.
+
+--- include/config.h 1994/07/15 11:02:52 1.5
++++ include/config.h 1998/11/17 14:40:02
+@@ -17,7 +17,7 @@
+ *** file that corresponds with your operating system.
+ ***/
+
+-#include "../configs/conf-svr4.h"
++#include "../configs/conf-netbsd.h"
+
+ #ifdef TW_TYPE32
+ typedef TW_TYPE32 int32;
+@@ -102,9 +102,8 @@
+ # define DATABASE_PATH "/usr/local/adm/tcheck/databases"
+ #endif
+ */
+-
+-#define CONFIG_PATH "/tmp/genek"
+-#define DATABASE_PATH "/tmp/genek"
++# define CONFIG_PATH "@localbase@/etc/tripwire"
++# define DATABASE_PATH "@localbase@/etc/tripwire/databases"
+
+ /******* name of Tripwire files **************************************
+ *
+@@ -121,7 +120,7 @@
+ *
+ *********************************************************************/
+
+-#define CONFIG_FILE "tw.config"
++#define CONFIG_FILE "tripwire.conf"
+ #define DATABASE_FILE "tw.db_@"
+
+ /******* Default ignore mask ****************************************
diff --git a/security/tripwire/patches/patch-ac b/security/tripwire/patches/patch-ac
new file mode 100644
index 00000000000..a44ea8eb979
--- /dev/null
+++ b/security/tripwire/patches/patch-ac
@@ -0,0 +1,65 @@
+$NetBSD: patch-ac,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+
+NetBSD defines both LITTLE_ENDIAN and BIG_ENDIAN, and sets the
+definition of BYTE_ORDER accordingly. So check the value of
+BYTE_ORDER in this file.
+
+--- sigs/sha/sha.c 1994/07/25 15:46:45 1.5
++++ sigs/sha/sha.c 1998/11/17 15:59:20
+@@ -46,10 +46,7 @@
+
+ #include "sha.h"
+
+-#if BYTEORDER == 0x1234
+-#define LITTLE_ENDIAN
+-#endif
+-
++#include <machine/endian.h>
+
+ /* The SHS f()-functions */
+
+@@ -214,7 +211,7 @@
+ shsInfo->digest[ 4 ] += E;
+ }
+
+-#ifdef LITTLE_ENDIAN
++#if BYTE_ORDER == LITTLE_ENDIAN
+
+ /* When run on a little-endian CPU we need to perform byte reversal on an
+ array of longwords. It is possible to make the code endianness-
+@@ -258,7 +255,7 @@
+ while( count >= SHS_BLOCKSIZE )
+ {
+ memcpy( (char *) shsInfo->data, (char *) buffer, SHS_BLOCKSIZE );
+-#ifdef LITTLE_ENDIAN
++#if BYTE_ORDER == LITTLE_ENDIAN
+ byteReverse( shsInfo->data, SHS_BLOCKSIZE );
+ #endif /* LITTLE_ENDIAN */
+ shsTransform( shsInfo );
+@@ -289,7 +286,7 @@
+ {
+ /* Two lots of padding: Pad the first block to 64 bytes */
+ memset( ( char * ) shsInfo->data + count, 0, 64 - count );
+-#ifdef LITTLE_ENDIAN
++#if BYTE_ORDER == LITTLE_ENDIAN
+ byteReverse( shsInfo->data, SHS_BLOCKSIZE );
+ #endif /* LITTLE_ENDIAN */
+ shsTransform( shsInfo );
+@@ -300,7 +297,7 @@
+ else
+ /* Pad block to 56 bytes */
+ memset( ( char * ) shsInfo->data + count, 0, 56 - count );
+-#ifdef LITTLE_ENDIAN
++#if BYTE_ORDER == LITTLE_ENDIAN
+ byteReverse( shsInfo->data, SHS_BLOCKSIZE );
+ #endif /* LITTLE_ENDIAN */
+
+@@ -309,7 +306,7 @@
+ shsInfo->data[ 15 ] = lowBitcount;
+
+ shsTransform( shsInfo );
+-#ifdef LITTLE_ENDIAN
++#if BYTE_ORDER == LITTLE_ENDIAN
+ byteReverse( shsInfo->data, SHS_DIGESTSIZE );
+ #endif /* LITTLE_ENDIAN */
+ }
diff --git a/security/tripwire/pkg/COMMENT b/security/tripwire/pkg/COMMENT
new file mode 100644
index 00000000000..3ad49d464c3
--- /dev/null
+++ b/security/tripwire/pkg/COMMENT
@@ -0,0 +1 @@
+a file and directory integrity checker
diff --git a/security/tripwire/pkg/DESCR b/security/tripwire/pkg/DESCR
new file mode 100644
index 00000000000..e90701d8ffb
--- /dev/null
+++ b/security/tripwire/pkg/DESCR
@@ -0,0 +1,10 @@
+Tripwire is a file and directory integrity checker, a utility that
+compares a designated set of files and directories against information
+stored in a previously generated database. Any differences are
+flagged and logged, including added or deleted entries. When run
+against system files on a regular basis, any changes in critical
+system files will be spotted -- and appropriate damage control
+measures can be taken immediately. With Tripwire, system
+administrators can conclude with a high degree of certainty that a
+given set of files remain free of unauthorized modifications if
+Tripwire reports no changes.
diff --git a/security/tripwire/pkg/MESSAGE b/security/tripwire/pkg/MESSAGE
new file mode 100644
index 00000000000..e6929806b7f
--- /dev/null
+++ b/security/tripwire/pkg/MESSAGE
@@ -0,0 +1,6 @@
+To use tripwire to protect your systems, you should first initialise
+the databases:
+
+ (cd ${PREFIX}/etc/tripwire; ${PREFIX}/sbin/tripwire -initialize)
+
+which creates the database in the ${PREFIX}/etc/tripwire/databases directory.
diff --git a/security/tripwire/pkg/PLIST b/security/tripwire/pkg/PLIST
new file mode 100644
index 00000000000..14c5cd20d93
--- /dev/null
+++ b/security/tripwire/pkg/PLIST
@@ -0,0 +1,10 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $
+etc/tripwire/tripwire.conf
+sbin/tripwire
+share/doc/tripwire/designdoc.ps
+man/man5/tw.config.5
+man/man8/siggen.8
+man/man8/tripwire.8
+@exec /bin/mkdir -p %D/etc/tripwire/databases
+@unexec /bin/rm -rf %D/etc/tripwire || /usr/bin/true
+@dirrm share/doc/tripwire