From e4f227a22250008ab54f78b1497a5a8f578e82b7 Mon Sep 17 00:00:00 2001 From: martti Date: Thu, 2 Oct 2003 07:13:27 +0000 Subject: Added support for FreeBSD --- security/tripwire/Makefile | 4 +- security/tripwire/files/conf-freebsd.h | 54 +++++++++++ security/tripwire/files/tw.conf.freebsd | 153 ++++++++++++++++++++++++++++++++ 3 files changed, 209 insertions(+), 2 deletions(-) create mode 100644 security/tripwire/files/conf-freebsd.h create mode 100644 security/tripwire/files/tw.conf.freebsd (limited to 'security/tripwire') diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile index 254fb5e3e1a..0b0f9c4b0b2 100644 --- a/security/tripwire/Makefile +++ b/security/tripwire/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.14 2003/09/19 13:26:12 agc Exp $ +# $NetBSD: Makefile,v 1.15 2003/10/02 07:13:27 martti Exp $ # DISTNAME= tripwire-1.2 @@ -11,7 +11,7 @@ MAINTAINER= tech-pkg@NetBSD.org HOMEPAGE= http://www.cerias.purdue.edu/coast/coast-library.html COMMENT= File and directory integrity checker -ONLY_FOR_PLATFORM= NetBSD-*-* SunOS-*-* +ONLY_FOR_PLATFORM= NetBSD-*-* FreeBSD-*-* SunOS-*-* USE_BUILDLINK2= YES USE_PKGINSTALL= YES diff --git a/security/tripwire/files/conf-freebsd.h b/security/tripwire/files/conf-freebsd.h new file mode 100644 index 00000000000..8a93506e606 --- /dev/null +++ b/security/tripwire/files/conf-freebsd.h @@ -0,0 +1,54 @@ +/* Original Id: conf-bsd.h,v 1.2 1993/08/19 05:26:52 genek Exp */ + +/* + * conf-bsd.h + * + * Tripwire configuration file + * + * Gene Kim + * Purdue University + */ + +/*** + *** Operating System specifics + *** + *** If the answer to a question in the comment is "Yes", then + *** change the corresponding "#undef" to a "#define" + ***/ + +/* + * is your OS a System V derivitive? if so, what version? + * (e.g., define SYSV 4) + */ + +#undef SYSV + +/* + * does your system have a like System V? + */ + +#undef MALLOCH + +/* + * does your system have a like POSIX says you should? + */ + +#define STDLIBH + +/* + * does your system use readdir(3) that returns (struct dirent *)? + */ + +#define DIRENT + +/* + * is #include ok? (as opposed to ) + */ + +#define STRINGH + +/* + * does your system have gethostname(2) (instead of uname(2))? + */ + +#define GETHOSTNAME diff --git a/security/tripwire/files/tw.conf.freebsd b/security/tripwire/files/tw.conf.freebsd new file mode 100644 index 00000000000..f4388efc2da --- /dev/null +++ b/security/tripwire/files/tw.conf.freebsd @@ -0,0 +1,153 @@ +# $NetBSD: tw.conf.freebsd,v 1.1 2003/10/02 07:13:27 martti Exp $ +# Original Id: tw.conf.386bsd,v 1.1 1993/11/22 06:38:01 genek Exp +# +# tripwire.config +# Generic version for NetBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's "home" +=/ L +/root/.rhosts R # may not exist +/root/.profile R # may not exist +/root/.cshrc R # may not exist +/root/.login R # may not exist +/root/.exrc R # may not exist +/root/.logout R # may not exist +/root/.emacs R # may not exist +/root/.forward R # may not exist +/root/.netrc R # may not exist + +# Unix itself +/kernel +/boot/kernel/kernel R + +# /bin and exceptions +/bin R-2 +/bin/rcp R + +# /dev +/dev L + +# you need this if you have /dev/fd mounted as a fdesc filesystem +=/dev/fd R + +# /etc and exceptions +/etc R-2 +/etc/mail/aliases L +/etc/disktab L +/etc/dumpdates L +/etc/master.passwd L +/etc/motd L +/etc/passwd L +/etc/pwd.db L +/etc/spwd.db L +/etc/periodic/daily L +/etc/periodic/monthly L +/etc/periodic/weekly L + +# /home +=/home + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/sbin R-2 + +/usr/src/bin R-2 +/usr/src/lib R-2 +/usr/src/libexec R-2 +/usr/src/sbin R-2 +/usr/src/usr.bin R-2 +/usr/src/usr.sbin R-2 +/usr/src/sys R-2 +!/usr/src/sys/i386/compile +!/usr/src/sys/i386/conf + +# packages... +=@localbase@ +=@x11base@ + +########################################### -- cgit v1.2.3