Date: Wed, 22 Feb 2012 16:34:50 -0800 From: Cy Schubert <Cy.Schubert@komquats.com> To: Joe Greco <jgreco@ns.sol.net> Cc: ports@freebsd.org Subject: Re: Req update for ports/security/tripwire12 Message-ID: <201202230034.q1N0Yoin004455@slippy.cwsent.com> In-Reply-To: Message from Joe Greco <jgreco@ns.sol.net> of "Wed, 22 Feb 2012 15:57:11 CST." <201202222157.q1MLvBKV052020@aurora.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Committed. Berkeley unified diffs are preferred. -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org In message <201202222157.q1MLvBKV052020@aurora.sol.net>, Joe Greco writes: > misc fixes (not comprehensive) for freebsd8 > > diff -Ncr tripwire12.old/Makefile tripwire12/Makefile > *** tripwire12.old/Makefile Sun Apr 26 02:22:57 2009 > --- tripwire12/Makefile Wed Feb 22 15:22:52 2012 > *************** > *** 20,26 **** > NO_PACKAGE= requires local database to be built > USE_PERL5_BUILD=yes > > ! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2 > > post-extract: > @ (cd ${WRKDIR}; tar xpf T1.2.tar) > --- 20,26 ---- > NO_PACKAGE= requires local database to be built > USE_PERL5_BUILD=yes > > ! TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8 > > post-extract: > @ (cd ${WRKDIR}; tar xpf T1.2.tar) > *************** > *** 33,41 **** > > pre-configure: > @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs > ! @ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \ > ! < ${TWCONFIG} \ > ! > ${WRKSRC}/configs/tw.conf.freebsd2 > > post-install: > @ ${MKDIR} /var/adm/tcheck > --- 33,39 ---- > > pre-configure: > @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs > ! @ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8 > > post-install: > @ ${MKDIR} /var/adm/tcheck > diff -Ncr tripwire12.old/files/tw.conf.freebsd8 tripwire12/files/tw.conf.free > bsd8 > *** tripwire12.old/files/tw.conf.freebsd8 Wed Dec 31 18:00:00 1969 > --- tripwire12/files/tw.conf.freebsd8 Wed Feb 22 15:52:37 2012 > *************** > *** 0 **** > --- 1,165 ---- > + # $FreeBSD$ > + # > + # tripwire.config > + # Generic version for FreeBSD > + # Will need editing...see comments below > + # > + # This file contains a list of files and directories that System > + # Preener will scan. Information collected from these files will be > + # stored in the tripwire.database file. > + # > + # Format: [!|=] entry [ignore-flags] > + # > + # where: '!' signifies the entry is to be pruned (inclusive) from > + # the list of files to be scanned. > + # '=' signifies the entry is to be added, but if it is > + # a directory, then all its contents are pruned > + # (useful for /tmp). > + # > + # where: entry is the absolute pathname of a file or a directory > + # > + # where ignore-flags are in the format: > + # [template][ [+|-][pinugsam12] ... ] > + # > + # - : ignore the following atributes > + # + : do not ignore the following attributes > + # > + # p : permission and file mode bits a: access timestamp > + # i : inode number m: modification timestamp > + # n : number of links (ref count) c: inode creation timestamp > + # u : user id of owner 1: signature 1 > + # g : group id of owner 2: signature 2 > + # s : size of file > + # > + # > + # Ex: The following entry will scan all the files in /etc, and report > + # any changes in mode bits, inode number, reference count, uid, > + # gid, modification and creation timestamp, and the signatures. > + # However, it will ignore any changes in the access timestamp. > + # > + # /etc +pinugsm12-a > + # > + # The following templates have been pre-defined to make these long ignore > + # mask descriptions unecessary. > + # > + # Templates: (default) R : [R]ead-only (+pinugsm12-a) > + # L : [L]og file (+pinug-sam12) > + # N : ignore [N]othing (+pinusgsamc12) > + # E : ignore [E]verything (-pinusgsamc12) > + # > + # By default, Tripwire uses the R template -- it ignores > + # only the access timestamp. > + # > + # You can use templates with modifiers, like: > + # Ex: /etc/lp E+ug > + # > + # Example configuration file: > + # /etc R # all system files > + # !/etc/lp R # ...but not those logs > + # =/tmp N # just the directory, not its files > + # > + # Note the difference between pruning (via "!") and ignoring everything > + # (via "E" template): Ignoring everything in a directory still monitors > + # for added and deleted files. Pruning a directory will prevent Tripwire > + # from even looking in the specified directory. > + # > + # > + # Tripwire running slowly? Modify your tripwire.config entries to > + # ignore the (signature 2) attribute when this computationally-exorbitant > + # protection is not needed. (See README and design document for further > + # details.) > + # > + > + # First, root's traditional "home". Note that FreeBSD's root's home (/roo > t) > + # is protected by R-2 protections in the default config file. > + =/ L > + /.rhosts R # may not exist > + /.profile R # may not exist > + /.cshrc R # may not exist > + /.login R # may not exist > + /.exrc R # may not exist > + /.logout R # may not exist > + /.forward R # may not exist > + > + # Unix itself > + /kernel R > + /boot R > + /boot.config R > + > + # /bin > + /bin R-2 > + > + # /dev > + =/dev L > + > + # /etc > + /etc R-2 > + /etc/aliases L > + /etc/dumpdates L > + /etc/motd L > + > + # my passwd database should be static at time of system build. yours may > + # not be, if not, uncomment the lines below. > + > + # /etc/passwd L > + # /etc/master.passwd L > + # /etc/pwd.db L > + # /etc/spwd.db L > + > + # /home > + =/home > + > + # /lib > + /lib R-2 > + > + # /libexec > + /libexec R-2 > + > + # /lkm and /modules > + /lkm R-2 > + /modules R-2 > + > + # /boot > + /boot R-2 > + > + # /rescue > + /rescue R-2 > + > + # /root > + /root R-2 > + /root/.history L > + > + # /sbin > + /sbin R-2 > + > + # /stand > + /stand R-2 > + > + # /usr/bin > + /usr/bin R-2 > + > + /usr/include R-12 > + > + /usr/lib R-2 > + > + /usr/libdata R-2 > + > + /usr/libexec R-2 > + > + /usr/local/bin R-2 > + > + /usr/local/etc L > + > + /usr/local/lib R-2 > + > + /usr/local/libexec R-2 > + > + /usr/local/sbin R-2 > + > + /usr/local/share R-2 > + > + /usr/sbin R-2 > + > + /usr/share R-2 > + > + ########################################### > > ... JG > -- > Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net > "We call it the 'one bite at the apple' rule. Give me one chance [and] then I > won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CN > N) > With 24 million small businesses in the US alone, that's way too many apples. > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202230034.q1N0Yoin004455>