From 22fd8f9cc761ffdd4b4861c700cf7b023c8ef634 Mon Sep 17 00:00:00 2001 From: agc Date: Tue, 17 Nov 1998 16:27:25 +0000 Subject: Initial import of tripwire-1.2, a file and directory integrity checker, into the NetBSD Packages Collection. --- security/tripwire/Makefile | 27 ++++++ security/tripwire/files/conf-netbsd.h | 54 ++++++++++++ security/tripwire/files/md5 | 3 + security/tripwire/files/tw.conf.netbsd | 150 +++++++++++++++++++++++++++++++++ security/tripwire/patches/patch-aa | 28 ++++++ security/tripwire/patches/patch-ab | 36 ++++++++ security/tripwire/patches/patch-ac | 65 ++++++++++++++ security/tripwire/pkg/COMMENT | 1 + security/tripwire/pkg/DESCR | 10 +++ security/tripwire/pkg/MESSAGE | 6 ++ security/tripwire/pkg/PLIST | 10 +++ 11 files changed, 390 insertions(+) create mode 100644 security/tripwire/Makefile create mode 100644 security/tripwire/files/conf-netbsd.h create mode 100644 security/tripwire/files/md5 create mode 100644 security/tripwire/files/tw.conf.netbsd create mode 100644 security/tripwire/patches/patch-aa create mode 100644 security/tripwire/patches/patch-ab create mode 100644 security/tripwire/patches/patch-ac create mode 100644 security/tripwire/pkg/COMMENT create mode 100644 security/tripwire/pkg/DESCR create mode 100644 security/tripwire/pkg/MESSAGE create mode 100644 security/tripwire/pkg/PLIST (limited to 'security/tripwire') diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile new file mode 100644 index 00000000000..f97d5bfa579 --- /dev/null +++ b/security/tripwire/Makefile @@ -0,0 +1,27 @@ +# $NetBSD: Makefile,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ +# + +DISTNAME= tripwire-1.2 +CATEGORIES= security +MASTER_SITES= ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/ +EXTRACT_SUFX= .tar.Z + +MAINTAINER= packages@netbsd.org +HOMEPAGE= http://www.cs.purdue.edu/coast/coast-library.html + +post-extract: + (cd ${WRKDIR}; /bin/pax -r < T1.2.tar) + ${CP} ${FILESDIR}/conf-netbsd.h ${WRKSRC}/configs + +post-patch: + ${MV} ${WRKSRC}/include/config.h ${WRKSRC}/include/config.h.in + ${SED} -e 's|@localbase@|${LOCALBASE}|g' ${WRKSRC}/include/config.h.in \ + > ${WRKSRC}/include/config.h + +post-install: + ${MKDIR} ${PREFIX}/share/doc/tripwire ${PREFIX}/etc/tripwire/databases + ${INSTALL_MAN} ${WRKSRC}/docs/designdoc.ps ${PREFIX}/share/doc/tripwire + ${SED} -e 's|@localbase@|${LOCALBASE}|g' -e 's|@x11base@|${X11BASE}|g' \ + ${FILESDIR}/tw.conf.netbsd > ${PREFIX}/etc/tripwire/tripwire.conf + +.include "../../mk/bsd.pkg.mk" diff --git a/security/tripwire/files/conf-netbsd.h b/security/tripwire/files/conf-netbsd.h new file mode 100644 index 00000000000..8a93506e606 --- /dev/null +++ b/security/tripwire/files/conf-netbsd.h @@ -0,0 +1,54 @@ +/* Original Id: conf-bsd.h,v 1.2 1993/08/19 05:26:52 genek Exp */ + +/* + * conf-bsd.h + * + * Tripwire configuration file + * + * Gene Kim + * Purdue University + */ + +/*** + *** Operating System specifics + *** + *** If the answer to a question in the comment is "Yes", then + *** change the corresponding "#undef" to a "#define" + ***/ + +/* + * is your OS a System V derivitive? if so, what version? + * (e.g., define SYSV 4) + */ + +#undef SYSV + +/* + * does your system have a like System V? + */ + +#undef MALLOCH + +/* + * does your system have a like POSIX says you should? + */ + +#define STDLIBH + +/* + * does your system use readdir(3) that returns (struct dirent *)? + */ + +#define DIRENT + +/* + * is #include ok? (as opposed to ) + */ + +#define STRINGH + +/* + * does your system have gethostname(2) (instead of uname(2))? + */ + +#define GETHOSTNAME diff --git a/security/tripwire/files/md5 b/security/tripwire/files/md5 new file mode 100644 index 00000000000..3ca426e0cab --- /dev/null +++ b/security/tripwire/files/md5 @@ -0,0 +1,3 @@ +$NetBSD: md5,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ + +MD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88 diff --git a/security/tripwire/files/tw.conf.netbsd b/security/tripwire/files/tw.conf.netbsd new file mode 100644 index 00000000000..8c8e0b27fa5 --- /dev/null +++ b/security/tripwire/files/tw.conf.netbsd @@ -0,0 +1,150 @@ +# $NetBSD: tw.conf.netbsd,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ +# Original Id: tw.conf.386bsd,v 1.1 1993/11/22 06:38:01 genek Exp +# +# tripwire.config +# Generic version for NetBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's "home" +=/ L +/root/.rhosts R # may not exist +/root/.profile R # may not exist +/root/.cshrc R # may not exist +/root/.login R # may not exist +/root/.exrc R # may not exist +/root/.logout R # may not exist +/root/.emacs R # may not exist +/root/.forward R # may not exist +/root/.netrc R # may not exist + +# Unix itself +/netbsd R + +# /bin and exceptions +/bin R-2 +/bin/rcp R + +# /dev +/dev L + +# /etc and exceptions +/etc R-2 +/etc/aliases L +/etc/daily L +/etc/disktab L +/etc/dumpdates L +/etc/master.passwd L +/etc/monthly L +/etc/motd L +/etc/passwd L +/etc/pwd.db L +/etc/spwd.db L +/etc/uucp L +/etc/weekly L + +# /home +=/home + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/sbin R-2 + +/usr/src/bin R-2 +/usr/src/lib R-2 +/usr/src/libexec R-2 +/usr/src/sbin R-2 +/usr/src/usr.bin R-2 +/usr/src/usr.sbin R-2 +/usr/src/sys R-2 +!/usr/src/sys/arch/i386/compile +!/usr/src/sys/arch/i386/conf + +# packages... +=@localbase@ +=@x11base@ + +########################################### diff --git a/security/tripwire/patches/patch-aa b/security/tripwire/patches/patch-aa new file mode 100644 index 00000000000..0c7d6cb78ad --- /dev/null +++ b/security/tripwire/patches/patch-aa @@ -0,0 +1,28 @@ +$NetBSD: patch-aa,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ + +Miscellaneous Makefile settings. + +--- Makefile 1994/07/25 15:59:41 1.16 ++++ Makefile 1998/11/17 13:44:39 +@@ -12,10 +12,10 @@ + ### + + # destination directory for final executables +-DESTDIR = /secureplace/bin ++DESTDIR = ${PREFIX}/sbin + + # destination for man pages +-MANDIR = /usr/man ++MANDIR = ${PREFIX}/man + + # system utilities + LEX = lex +@@ -48,7 +48,7 @@ + #CFLAGS = -systype bsd43 # ETA/10 (SVR3) + #CFLAGS = -systype bsd43 # MIPS RISC/OS 4.5x + #CFLAGS = -O -ansi # gnu CC +-#CFLAGS = -O -ansi -W -Wreturn-type -Wswitch -Wshadow # gnu CC w/all warnings ++CFLAGS = -O -ansi -W -Wreturn-type -Wswitch -Wshadow # gnu CC w/all warnings + #CFLAGS = -OG # Pyramid OSx + #CFLAGS = -O -Kold # Pyramid DC/OSx (SVR4) + #CFLAGS = -DTW_TYPE32='int' # DEC OSF/1 Alpha (or any other architecture diff --git a/security/tripwire/patches/patch-ab b/security/tripwire/patches/patch-ab new file mode 100644 index 00000000000..bd6b33c4151 --- /dev/null +++ b/security/tripwire/patches/patch-ab @@ -0,0 +1,36 @@ +$NetBSD: patch-ab,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ + +NetBSD-specific paths for tripwire. + +--- include/config.h 1994/07/15 11:02:52 1.5 ++++ include/config.h 1998/11/17 14:40:02 +@@ -17,7 +17,7 @@ + *** file that corresponds with your operating system. + ***/ + +-#include "../configs/conf-svr4.h" ++#include "../configs/conf-netbsd.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +@@ -102,9 +102,8 @@ + # define DATABASE_PATH "/usr/local/adm/tcheck/databases" + #endif + */ +- +-#define CONFIG_PATH "/tmp/genek" +-#define DATABASE_PATH "/tmp/genek" ++# define CONFIG_PATH "@localbase@/etc/tripwire" ++# define DATABASE_PATH "@localbase@/etc/tripwire/databases" + + /******* name of Tripwire files ************************************** + * +@@ -121,7 +120,7 @@ + * + *********************************************************************/ + +-#define CONFIG_FILE "tw.config" ++#define CONFIG_FILE "tripwire.conf" + #define DATABASE_FILE "tw.db_@" + + /******* Default ignore mask **************************************** diff --git a/security/tripwire/patches/patch-ac b/security/tripwire/patches/patch-ac new file mode 100644 index 00000000000..a44ea8eb979 --- /dev/null +++ b/security/tripwire/patches/patch-ac @@ -0,0 +1,65 @@ +$NetBSD: patch-ac,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ + +NetBSD defines both LITTLE_ENDIAN and BIG_ENDIAN, and sets the +definition of BYTE_ORDER accordingly. So check the value of +BYTE_ORDER in this file. + +--- sigs/sha/sha.c 1994/07/25 15:46:45 1.5 ++++ sigs/sha/sha.c 1998/11/17 15:59:20 +@@ -46,10 +46,7 @@ + + #include "sha.h" + +-#if BYTEORDER == 0x1234 +-#define LITTLE_ENDIAN +-#endif +- ++#include + + /* The SHS f()-functions */ + +@@ -214,7 +211,7 @@ + shsInfo->digest[ 4 ] += E; + } + +-#ifdef LITTLE_ENDIAN ++#if BYTE_ORDER == LITTLE_ENDIAN + + /* When run on a little-endian CPU we need to perform byte reversal on an + array of longwords. It is possible to make the code endianness- +@@ -258,7 +255,7 @@ + while( count >= SHS_BLOCKSIZE ) + { + memcpy( (char *) shsInfo->data, (char *) buffer, SHS_BLOCKSIZE ); +-#ifdef LITTLE_ENDIAN ++#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( shsInfo->data, SHS_BLOCKSIZE ); + #endif /* LITTLE_ENDIAN */ + shsTransform( shsInfo ); +@@ -289,7 +286,7 @@ + { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset( ( char * ) shsInfo->data + count, 0, 64 - count ); +-#ifdef LITTLE_ENDIAN ++#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( shsInfo->data, SHS_BLOCKSIZE ); + #endif /* LITTLE_ENDIAN */ + shsTransform( shsInfo ); +@@ -300,7 +297,7 @@ + else + /* Pad block to 56 bytes */ + memset( ( char * ) shsInfo->data + count, 0, 56 - count ); +-#ifdef LITTLE_ENDIAN ++#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( shsInfo->data, SHS_BLOCKSIZE ); + #endif /* LITTLE_ENDIAN */ + +@@ -309,7 +306,7 @@ + shsInfo->data[ 15 ] = lowBitcount; + + shsTransform( shsInfo ); +-#ifdef LITTLE_ENDIAN ++#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( shsInfo->data, SHS_DIGESTSIZE ); + #endif /* LITTLE_ENDIAN */ + } diff --git a/security/tripwire/pkg/COMMENT b/security/tripwire/pkg/COMMENT new file mode 100644 index 00000000000..3ad49d464c3 --- /dev/null +++ b/security/tripwire/pkg/COMMENT @@ -0,0 +1 @@ +a file and directory integrity checker diff --git a/security/tripwire/pkg/DESCR b/security/tripwire/pkg/DESCR new file mode 100644 index 00000000000..e90701d8ffb --- /dev/null +++ b/security/tripwire/pkg/DESCR @@ -0,0 +1,10 @@ +Tripwire is a file and directory integrity checker, a utility that +compares a designated set of files and directories against information +stored in a previously generated database. Any differences are +flagged and logged, including added or deleted entries. When run +against system files on a regular basis, any changes in critical +system files will be spotted -- and appropriate damage control +measures can be taken immediately. With Tripwire, system +administrators can conclude with a high degree of certainty that a +given set of files remain free of unauthorized modifications if +Tripwire reports no changes. diff --git a/security/tripwire/pkg/MESSAGE b/security/tripwire/pkg/MESSAGE new file mode 100644 index 00000000000..e6929806b7f --- /dev/null +++ b/security/tripwire/pkg/MESSAGE @@ -0,0 +1,6 @@ +To use tripwire to protect your systems, you should first initialise +the databases: + + (cd ${PREFIX}/etc/tripwire; ${PREFIX}/sbin/tripwire -initialize) + +which creates the database in the ${PREFIX}/etc/tripwire/databases directory. diff --git a/security/tripwire/pkg/PLIST b/security/tripwire/pkg/PLIST new file mode 100644 index 00000000000..14c5cd20d93 --- /dev/null +++ b/security/tripwire/pkg/PLIST @@ -0,0 +1,10 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 1998/11/17 16:27:25 agc Exp $ +etc/tripwire/tripwire.conf +sbin/tripwire +share/doc/tripwire/designdoc.ps +man/man5/tw.config.5 +man/man8/siggen.8 +man/man8/tripwire.8 +@exec /bin/mkdir -p %D/etc/tripwire/databases +@unexec /bin/rm -rf %D/etc/tripwire || /usr/bin/true +@dirrm share/doc/tripwire -- cgit v1.2.3