Misc fixes (not comprehensive) for freebsd8.
Submitted by: Maintainer (Joe Greco <jgreco@ns.sol.net>) Approved by: Implicitly approved by maintainer
This commit is contained in:
parent
c80ba98a50
commit
b5198bca2e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=292095
2 changed files with 168 additions and 4 deletions
|
@ -7,6 +7,7 @@
|
|||
|
||||
PORTNAME= tripwire
|
||||
PORTVERSION= 1.2
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ${MASTER_SITE_NETBSD}
|
||||
|
||||
|
@ -20,7 +21,7 @@ NO_CDROM= cannot be redistributed for more than the cost of duplication
|
|||
NO_PACKAGE= requires local database to be built
|
||||
USE_PERL5_BUILD=yes
|
||||
|
||||
TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2
|
||||
TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8
|
||||
|
||||
post-extract:
|
||||
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
|
||||
|
@ -33,9 +34,7 @@ post-patch:
|
|||
|
||||
pre-configure:
|
||||
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
|
||||
@ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \
|
||||
< ${TWCONFIG} \
|
||||
> ${WRKSRC}/configs/tw.conf.freebsd2
|
||||
@ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8
|
||||
|
||||
post-install:
|
||||
@ ${MKDIR} /var/adm/tcheck
|
||||
|
|
165
security/tripwire12/files/tw.conf.freebsd8
Normal file
165
security/tripwire12/files/tw.conf.freebsd8
Normal file
|
@ -0,0 +1,165 @@
|
|||
# $FreeBSD$
|
||||
#
|
||||
# tripwire.config
|
||||
# Generic version for FreeBSD
|
||||
# Will need editing...see comments below
|
||||
#
|
||||
# This file contains a list of files and directories that System
|
||||
# Preener will scan. Information collected from these files will be
|
||||
# stored in the tripwire.database file.
|
||||
#
|
||||
# Format: [!|=] entry [ignore-flags]
|
||||
#
|
||||
# where: '!' signifies the entry is to be pruned (inclusive) from
|
||||
# the list of files to be scanned.
|
||||
# '=' signifies the entry is to be added, but if it is
|
||||
# a directory, then all its contents are pruned
|
||||
# (useful for /tmp).
|
||||
#
|
||||
# where: entry is the absolute pathname of a file or a directory
|
||||
#
|
||||
# where ignore-flags are in the format:
|
||||
# [template][ [+|-][pinugsam12] ... ]
|
||||
#
|
||||
# - : ignore the following atributes
|
||||
# + : do not ignore the following attributes
|
||||
#
|
||||
# p : permission and file mode bits a: access timestamp
|
||||
# i : inode number m: modification timestamp
|
||||
# n : number of links (ref count) c: inode creation timestamp
|
||||
# u : user id of owner 1: signature 1
|
||||
# g : group id of owner 2: signature 2
|
||||
# s : size of file
|
||||
#
|
||||
#
|
||||
# Ex: The following entry will scan all the files in /etc, and report
|
||||
# any changes in mode bits, inode number, reference count, uid,
|
||||
# gid, modification and creation timestamp, and the signatures.
|
||||
# However, it will ignore any changes in the access timestamp.
|
||||
#
|
||||
# /etc +pinugsm12-a
|
||||
#
|
||||
# The following templates have been pre-defined to make these long ignore
|
||||
# mask descriptions unecessary.
|
||||
#
|
||||
# Templates: (default) R : [R]ead-only (+pinugsm12-a)
|
||||
# L : [L]og file (+pinug-sam12)
|
||||
# N : ignore [N]othing (+pinusgsamc12)
|
||||
# E : ignore [E]verything (-pinusgsamc12)
|
||||
#
|
||||
# By default, Tripwire uses the R template -- it ignores
|
||||
# only the access timestamp.
|
||||
#
|
||||
# You can use templates with modifiers, like:
|
||||
# Ex: /etc/lp E+ug
|
||||
#
|
||||
# Example configuration file:
|
||||
# /etc R # all system files
|
||||
# !/etc/lp R # ...but not those logs
|
||||
# =/tmp N # just the directory, not its files
|
||||
#
|
||||
# Note the difference between pruning (via "!") and ignoring everything
|
||||
# (via "E" template): Ignoring everything in a directory still monitors
|
||||
# for added and deleted files. Pruning a directory will prevent Tripwire
|
||||
# from even looking in the specified directory.
|
||||
#
|
||||
#
|
||||
# Tripwire running slowly? Modify your tripwire.config entries to
|
||||
# ignore the (signature 2) attribute when this computationally-exorbitant
|
||||
# protection is not needed. (See README and design document for further
|
||||
# details.)
|
||||
#
|
||||
|
||||
# First, root's traditional "home". Note that FreeBSD's root's home (/root)
|
||||
# is protected by R-2 protections in the default config file.
|
||||
=/ L
|
||||
/.rhosts R # may not exist
|
||||
/.profile R # may not exist
|
||||
/.cshrc R # may not exist
|
||||
/.login R # may not exist
|
||||
/.exrc R # may not exist
|
||||
/.logout R # may not exist
|
||||
/.forward R # may not exist
|
||||
|
||||
# Unix itself
|
||||
/kernel R
|
||||
/boot R
|
||||
/boot.config R
|
||||
|
||||
# /bin
|
||||
/bin R-2
|
||||
|
||||
# /dev
|
||||
=/dev L
|
||||
|
||||
# /etc
|
||||
/etc R-2
|
||||
/etc/aliases L
|
||||
/etc/dumpdates L
|
||||
/etc/motd L
|
||||
|
||||
# my passwd database should be static at time of system build. yours may
|
||||
# not be, if not, uncomment the lines below.
|
||||
|
||||
# /etc/passwd L
|
||||
# /etc/master.passwd L
|
||||
# /etc/pwd.db L
|
||||
# /etc/spwd.db L
|
||||
|
||||
# /home
|
||||
=/home
|
||||
|
||||
# /lib
|
||||
/lib R-2
|
||||
|
||||
# /libexec
|
||||
/libexec R-2
|
||||
|
||||
# /lkm and /modules
|
||||
/lkm R-2
|
||||
/modules R-2
|
||||
|
||||
# /boot
|
||||
/boot R-2
|
||||
|
||||
# /rescue
|
||||
/rescue R-2
|
||||
|
||||
# /root
|
||||
/root R-2
|
||||
/root/.history L
|
||||
|
||||
# /sbin
|
||||
/sbin R-2
|
||||
|
||||
# /stand
|
||||
/stand R-2
|
||||
|
||||
# /usr/bin
|
||||
/usr/bin R-2
|
||||
|
||||
/usr/include R-12
|
||||
|
||||
/usr/lib R-2
|
||||
|
||||
/usr/libdata R-2
|
||||
|
||||
/usr/libexec R-2
|
||||
|
||||
/usr/local/bin R-2
|
||||
|
||||
/usr/local/etc L
|
||||
|
||||
/usr/local/lib R-2
|
||||
|
||||
/usr/local/libexec R-2
|
||||
|
||||
/usr/local/sbin R-2
|
||||
|
||||
/usr/local/share R-2
|
||||
|
||||
/usr/sbin R-2
|
||||
|
||||
/usr/share R-2
|
||||
|
||||
###########################################
|
Loading…
Reference in a new issue