Req update for ports/security/tripwire12
Joe Greco
jgreco at ns.sol.net
Wed Feb 22 22:50:52 UTC 2012
misc fixes (not comprehensive) for freebsd8
diff -Ncr tripwire12.old/Makefile tripwire12/Makefile
*** tripwire12.old/Makefile Sun Apr 26 02:22:57 2009
--- tripwire12/Makefile Wed Feb 22 15:22:52 2012
***************
*** 20,26 ****
NO_PACKAGE= requires local database to be built
USE_PERL5_BUILD=yes
! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2
post-extract:
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
--- 20,26 ----
NO_PACKAGE= requires local database to be built
USE_PERL5_BUILD=yes
! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8
post-extract:
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
***************
*** 33,41 ****
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
! @ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \
! < ${TWCONFIG} \
! > ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
--- 33,39 ----
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
! @ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8
post-install:
@ ${MKDIR} /var/adm/tcheck
diff -Ncr tripwire12.old/files/tw.conf.freebsd8 tripwire12/files/tw.conf.freebsd8
*** tripwire12.old/files/tw.conf.freebsd8 Wed Dec 31 18:00:00 1969
--- tripwire12/files/tw.conf.freebsd8 Wed Feb 22 15:52:37 2012
***************
*** 0 ****
--- 1,165 ----
+ # $FreeBSD$
+ #
+ # tripwire.config
+ # Generic version for FreeBSD
+ # Will need editing...see comments below
+ #
+ # This file contains a list of files and directories that System
+ # Preener will scan. Information collected from these files will be
+ # stored in the tripwire.database file.
+ #
+ # Format: [!|=] entry [ignore-flags]
+ #
+ # where: '!' signifies the entry is to be pruned (inclusive) from
+ # the list of files to be scanned.
+ # '=' signifies the entry is to be added, but if it is
+ # a directory, then all its contents are pruned
+ # (useful for /tmp).
+ #
+ # where: entry is the absolute pathname of a file or a directory
+ #
+ # where ignore-flags are in the format:
+ # [template][ [+|-][pinugsam12] ... ]
+ #
+ # - : ignore the following atributes
+ # + : do not ignore the following attributes
+ #
+ # p : permission and file mode bits a: access timestamp
+ # i : inode number m: modification timestamp
+ # n : number of links (ref count) c: inode creation timestamp
+ # u : user id of owner 1: signature 1
+ # g : group id of owner 2: signature 2
+ # s : size of file
+ #
+ #
+ # Ex: The following entry will scan all the files in /etc, and report
+ # any changes in mode bits, inode number, reference count, uid,
+ # gid, modification and creation timestamp, and the signatures.
+ # However, it will ignore any changes in the access timestamp.
+ #
+ # /etc +pinugsm12-a
+ #
+ # The following templates have been pre-defined to make these long ignore
+ # mask descriptions unecessary.
+ #
+ # Templates: (default) R : [R]ead-only (+pinugsm12-a)
+ # L : [L]og file (+pinug-sam12)
+ # N : ignore [N]othing (+pinusgsamc12)
+ # E : ignore [E]verything (-pinusgsamc12)
+ #
+ # By default, Tripwire uses the R template -- it ignores
+ # only the access timestamp.
+ #
+ # You can use templates with modifiers, like:
+ # Ex: /etc/lp E+ug
+ #
+ # Example configuration file:
+ # /etc R # all system files
+ # !/etc/lp R # ...but not those logs
+ # =/tmp N # just the directory, not its files
+ #
+ # Note the difference between pruning (via "!") and ignoring everything
+ # (via "E" template): Ignoring everything in a directory still monitors
+ # for added and deleted files. Pruning a directory will prevent Tripwire
+ # from even looking in the specified directory.
+ #
+ #
+ # Tripwire running slowly? Modify your tripwire.config entries to
+ # ignore the (signature 2) attribute when this computationally-exorbitant
+ # protection is not needed. (See README and design document for further
+ # details.)
+ #
+
+ # First, root's traditional "home". Note that FreeBSD's root's home (/root)
+ # is protected by R-2 protections in the default config file.
+ =/ L
+ /.rhosts R # may not exist
+ /.profile R # may not exist
+ /.cshrc R # may not exist
+ /.login R # may not exist
+ /.exrc R # may not exist
+ /.logout R # may not exist
+ /.forward R # may not exist
+
+ # Unix itself
+ /kernel R
+ /boot R
+ /boot.config R
+
+ # /bin
+ /bin R-2
+
+ # /dev
+ =/dev L
+
+ # /etc
+ /etc R-2
+ /etc/aliases L
+ /etc/dumpdates L
+ /etc/motd L
+
+ # my passwd database should be static at time of system build. yours may
+ # not be, if not, uncomment the lines below.
+
+ # /etc/passwd L
+ # /etc/master.passwd L
+ # /etc/pwd.db L
+ # /etc/spwd.db L
+
+ # /home
+ =/home
+
+ # /lib
+ /lib R-2
+
+ # /libexec
+ /libexec R-2
+
+ # /lkm and /modules
+ /lkm R-2
+ /modules R-2
+
+ # /boot
+ /boot R-2
+
+ # /rescue
+ /rescue R-2
+
+ # /root
+ /root R-2
+ /root/.history L
+
+ # /sbin
+ /sbin R-2
+
+ # /stand
+ /stand R-2
+
+ # /usr/bin
+ /usr/bin R-2
+
+ /usr/include R-12
+
+ /usr/lib R-2
+
+ /usr/libdata R-2
+
+ /usr/libexec R-2
+
+ /usr/local/bin R-2
+
+ /usr/local/etc L
+
+ /usr/local/lib R-2
+
+ /usr/local/libexec R-2
+
+ /usr/local/sbin R-2
+
+ /usr/local/share R-2
+
+ /usr/sbin R-2
+
+ /usr/share R-2
+
+ ###########################################
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the freebsd-ports
mailing list