1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# $NetBSD
# From NetBSD: tw.conf.netbsd,v 1.3 2001/11/05 14:29:23 hubertf Exp
#
# tripwire.config
# Generic version for Darwin
# YOU SHOULD EDIT THIS TO MEET YOUR REQUIREMENTS!
#
# This file contains a list of files and directories that System
# Preener will scan. Information collected from these files will be
# stored in the tripwire.database file.
#
# Format: [!|=] entry [ignore-flags]
#
# where: '!' signifies the entry is to be pruned (inclusive) from
# the list of files to be scanned.
# '=' signifies the entry is to be added, but if it is
# a directory, then all its contents are pruned
# (useful for /tmp).
#
# where: entry is the absolute pathname of a file or a directory
#
# where ignore-flags are in the format:
# [template][ [+|-][pinugsam12] ... ]
#
# - : ignore the following atributes
# + : do not ignore the following attributes
#
# p : permission and file mode bits a: access timestamp
# i : inode number m: modification timestamp
# n : number of links (ref count) c: inode creation timestamp
# u : user id of owner 1: signature 1
# g : group id of owner 2: signature 2
# s : size of file
#
#
# Ex: The following entry will scan all the files in /etc, and report
# any changes in mode bits, inode number, reference count, uid,
# gid, modification and creation timestamp, and the signatures.
# However, it will ignore any changes in the access timestamp.
#
# /etc +pinugsm12-a
#
# The following templates have been pre-defined to make these long ignore
# mask descriptions unecessary.
#
# Templates: (default) R : [R]ead-only (+pinugsm12-a)
# L : [L]og file (+pinug-sam12)
# N : ignore [N]othing (+pinusgsamc12)
# E : ignore [E]verything (-pinusgsamc12)
#
# By default, Tripwire uses the R template -- it ignores
# only the access timestamp.
#
# You can use templates with modifiers, like:
# Ex: /etc/lp E+ug
#
# Example configuration file:
# /etc R # all system files
# !/etc/lp R # ...but not those logs
# =/tmp N # just the directory, not its files
#
# Note the difference between pruning (via "!") and ignoring everything
# (via "E" template): Ignoring everything in a directory still monitors
# for added and deleted files. Pruning a directory will prevent Tripwire
# from even looking in the specified directory.
#
#
# Tripwire running slowly? Modify your tripwire.config entries to
# ignore the (signature 2) attribute when this computationally-exorbitant
# protection is not needed. (See README and design document for further
# details.)
#
# First, root's "home"
=/ L
/var/root R-2
!/var/root/Library # noisy
# /bin and exceptions
/bin R-2
# /dev
/dev L
!/dev/fd R # Grumbles on Darwin
# /etc and exceptions
/etc R-2
/etc/master.passwd L
/etc/motd L
/etc/passwd L
/etc/uucp L
# Home directories
=/Users
# /sbin
/sbin R-2
# /usr/bin
/usr/bin R-2
/usr/lib R-2
/usr/libexec R-2
/usr/local/bin R-2
/usr/local/etc L
/usr/sbin R-2
# packages...
=@localbase@
=@x11base@
###########################################
|
