From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 10 01:08:46 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C7CBB16A41F
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Aug 2005 01:08:46 +0000 (GMT)
	(envelope-from freebsd-questions@auscert.org.au)
Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 07B7445760
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Aug 2005 01:08:45 +0000 (GMT)
	(envelope-from freebsd-questions@auscert.org.au)
Received: from app.auscert.org.au (app [10.0.1.192])
	by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id
	j7A16JmG061371; Wed, 10 Aug 2005 11:06:19 +1000 (EST)
Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1])
	by app.auscert.org.au (8.13.1/8.13.1) with ESMTP id j7A18iMK092309;
	Wed, 10 Aug 2005 11:08:44 +1000 (EST)
	(envelope-from freebsd-questions@auscert.org.au)
Message-Id: <200508100108.j7A18iMK092309@app.auscert.org.au>
To: freebsd-questions@freebsd.org
From: Joel Hatton <freebsd-questions@auscert.org.au>
In-Reply-To: Your message of "Tue, 09 Aug 2005 14:49:50 EST."
	<42F908DE.8030101@northwestern.edu> 
Date: Wed, 10 Aug 2005 11:08:44 +1000
Cc: Bret Walker <bret-walker@northwestern.edu>
Subject: Re: Tripwire Policy File and 5.4 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2005 01:08:46 -0000

> 
> The policy file looks to be updated for 5.x systems now.  Tripwire's back.

I'm not so convinced of that - after a cvsup of ports overnight, this
remains:

# ll /usr/ports/security/tripwire/files/twpol.txt 
-rw-r--r--  1 root  wheel  20651 Mar  5  2002 /usr/ports/security/tripwire/files/twpol.txt

Last time I tried, Tripwire was still unable to perform an interactive
update, which is no great inconvenience but doesn't really inspire
confidence. The only improvement I've noticed since the first 5.x is that
it at least compiles now - given the lack of effective replacements for
Tripwire this is the least we could expect. Not being able to package this
port has been a real trial, however, and I don't believe that it wouldn't
be possible with a bit of consideration - no, I'm not volunteering right
now as more important things are pressing me.

I have adapted my own policy/config file and periodic script to run with
output in the daily security email - I'm happy to post these if anyone is
interested.

cheers,
joel

-- Joel Hatton --
Security Analyst                    | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
The University of Queensland        | WWW:     www.auscert.org.au
Qld 4072 Australia                  | Email:   auscert@auscert.org.au