Req update for ports/security/tripwire12
Cy Schubert
Cy.Schubert at komquats.com
Thu Feb 23 00:49:52 UTC 2012
Committed.
Berkeley unified diffs are preferred.
--
Cheers,
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
In message <201202222157.q1MLvBKV052020 at aurora.sol.net>, Joe Greco writes:
> misc fixes (not comprehensive) for freebsd8
>
> diff -Ncr tripwire12.old/Makefile tripwire12/Makefile
> *** tripwire12.old/Makefile Sun Apr 26 02:22:57 2009
> --- tripwire12/Makefile Wed Feb 22 15:22:52 2012
> ***************
> *** 20,26 ****
> NO_PACKAGE= requires local database to be built
> USE_PERL5_BUILD=yes
>
> ! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2
>
> post-extract:
> @ (cd ${WRKDIR}; tar xpf T1.2.tar)
> --- 20,26 ----
> NO_PACKAGE= requires local database to be built
> USE_PERL5_BUILD=yes
>
> ! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8
>
> post-extract:
> @ (cd ${WRKDIR}; tar xpf T1.2.tar)
> ***************
> *** 33,41 ****
>
> pre-configure:
> @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
> ! @ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \
> ! < ${TWCONFIG} \
> ! > ${WRKSRC}/configs/tw.conf.freebsd2
>
> post-install:
> @ ${MKDIR} /var/adm/tcheck
> --- 33,39 ----
>
> pre-configure:
> @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
> ! @ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8
>
> post-install:
> @ ${MKDIR} /var/adm/tcheck
> diff -Ncr tripwire12.old/files/tw.conf.freebsd8 tripwire12/files/tw.conf.free
> bsd8
> *** tripwire12.old/files/tw.conf.freebsd8 Wed Dec 31 18:00:00 1969
> --- tripwire12/files/tw.conf.freebsd8 Wed Feb 22 15:52:37 2012
> ***************
> *** 0 ****
> --- 1,165 ----
> + # $FreeBSD$
> + #
> + # tripwire.config
> + # Generic version for FreeBSD
> + # Will need editing...see comments below
> + #
> + # This file contains a list of files and directories that System
> + # Preener will scan. Information collected from these files will be
> + # stored in the tripwire.database file.
> + #
> + # Format: [!|=] entry [ignore-flags]
> + #
> + # where: '!' signifies the entry is to be pruned (inclusive) from
> + # the list of files to be scanned.
> + # '=' signifies the entry is to be added, but if it is
> + # a directory, then all its contents are pruned
> + # (useful for /tmp).
> + #
> + # where: entry is the absolute pathname of a file or a directory
> + #
> + # where ignore-flags are in the format:
> + # [template][ [+|-][pinugsam12] ... ]
> + #
> + # - : ignore the following atributes
> + # + : do not ignore the following attributes
> + #
> + # p : permission and file mode bits a: access timestamp
> + # i : inode number m: modification timestamp
> + # n : number of links (ref count) c: inode creation timestamp
> + # u : user id of owner 1: signature 1
> + # g : group id of owner 2: signature 2
> + # s : size of file
> + #
> + #
> + # Ex: The following entry will scan all the files in /etc, and report
> + # any changes in mode bits, inode number, reference count, uid,
> + # gid, modification and creation timestamp, and the signatures.
> + # However, it will ignore any changes in the access timestamp.
> + #
> + # /etc +pinugsm12-a
> + #
> + # The following templates have been pre-defined to make these long ignore
> + # mask descriptions unecessary.
> + #
> + # Templates: (default) R : [R]ead-only (+pinugsm12-a)
> + # L : [L]og file (+pinug-sam12)
> + # N : ignore [N]othing (+pinusgsamc12)
> + # E : ignore [E]verything (-pinusgsamc12)
> + #
> + # By default, Tripwire uses the R template -- it ignores
> + # only the access timestamp.
> + #
> + # You can use templates with modifiers, like:
> + # Ex: /etc/lp E+ug
> + #
> + # Example configuration file:
> + # /etc R # all system files
> + # !/etc/lp R # ...but not those logs
> + # =/tmp N # just the directory, not its files
> + #
> + # Note the difference between pruning (via "!") and ignoring everything
> + # (via "E" template): Ignoring everything in a directory still monitors
> + # for added and deleted files. Pruning a directory will prevent Tripwire
> + # from even looking in the specified directory.
> + #
> + #
> + # Tripwire running slowly? Modify your tripwire.config entries to
> + # ignore the (signature 2) attribute when this computationally-exorbitant
> + # protection is not needed. (See README and design document for further
> + # details.)
> + #
> +
> + # First, root's traditional "home". Note that FreeBSD's root's home (/roo
> t)
> + # is protected by R-2 protections in the default config file.
> + =/ L
> + /.rhosts R # may not exist
> + /.profile R # may not exist
> + /.cshrc R # may not exist
> + /.login R # may not exist
> + /.exrc R # may not exist
> + /.logout R # may not exist
> + /.forward R # may not exist
> +
> + # Unix itself
> + /kernel R
> + /boot R
> + /boot.config R
> +
> + # /bin
> + /bin R-2
> +
> + # /dev
> + =/dev L
> +
> + # /etc
> + /etc R-2
> + /etc/aliases L
> + /etc/dumpdates L
> + /etc/motd L
> +
> + # my passwd database should be static at time of system build. yours may
> + # not be, if not, uncomment the lines below.
> +
> + # /etc/passwd L
> + # /etc/master.passwd L
> + # /etc/pwd.db L
> + # /etc/spwd.db L
> +
> + # /home
> + =/home
> +
> + # /lib
> + /lib R-2
> +
> + # /libexec
> + /libexec R-2
> +
> + # /lkm and /modules
> + /lkm R-2
> + /modules R-2
> +
> + # /boot
> + /boot R-2
> +
> + # /rescue
> + /rescue R-2
> +
> + # /root
> + /root R-2
> + /root/.history L
> +
> + # /sbin
> + /sbin R-2
> +
> + # /stand
> + /stand R-2
> +
> + # /usr/bin
> + /usr/bin R-2
> +
> + /usr/include R-12
> +
> + /usr/lib R-2
> +
> + /usr/libdata R-2
> +
> + /usr/libexec R-2
> +
> + /usr/local/bin R-2
> +
> + /usr/local/etc L
> +
> + /usr/local/lib R-2
> +
> + /usr/local/libexec R-2
> +
> + /usr/local/sbin R-2
> +
> + /usr/local/share R-2
> +
> + /usr/sbin R-2
> +
> + /usr/share R-2
> +
> + ###########################################
>
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CN
> N)
> With 24 million small businesses in the US alone, that's way too many apples.
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
>
More information about the freebsd-ports
mailing list