pkgsrc/security/tripwire/files/tw.conf.freebsd

# $NetBSD: tw.conf.freebsd,v 1.1 2003/10/02 07:13:27 martti Exp $
# Original Id: tw.conf.386bsd,v 1.1 1993/11/22 06:38:01 genek Exp
#
# tripwire.config
# Generic version for NetBSD
#  Will need editing...see comments below
#
# This file contains a list of files and directories that System 
# Preener will scan.  Information collected from these files will be 
# stored in the tripwire.database file.
#
# Format: 			[!|=] entry [ignore-flags]
#
# where:	 '!' signifies the entry is to be pruned (inclusive) from
#				the list of files to be scanned.
#		 '=' signifies the entry is to be added, but if it is
#				a directory, then all its contents are pruned
#				(useful for /tmp).
#
# where:	entry is the absolute pathname of a file or a directory
#
# where ignore-flags are in the format:
#		[template][ [+|-][pinugsam12] ... ]
#
# 	- :  ignore the following atributes
#	+ :  do not ignore the following attributes
#
#	p :  permission and file mode bits 	a: access timestamp
#	i :  inode number			m: modification timestamp
#	n :  number of links (ref count)	c: inode creation timestamp
#	u :  user id of owner			1: signature 1
#	g :  group id of owner			2: signature 2
#	s :  size of file
#
#
# Ex:   The following entry will scan all the files in /etc, and report
#	any changes in mode bits, inode number, reference count, uid,
#	gid, modification and creation timestamp, and the signatures.
#	However, it will ignore any changes in the access timestamp.
#
#	/etc	+pinugsm12-a
#
# The following templates have been pre-defined to make these long ignore
# mask descriptions unecessary.
#
# Templates: 	(default)	R :  [R]ead-only (+pinugsm12-a)
#				L :  [L]og file (+pinug-sam12)
#				N :  ignore [N]othing (+pinusgsamc12)
#				E :  ignore [E]verything (-pinusgsamc12)
#
# By default, Tripwire uses the R template -- it ignores
# only the access timestamp.
#
# You can use templates with modifiers, like:
#	Ex:  /etc/lp	E+ug
#
#	Example configuration file:
#		/etc		R	# all system files
#		!/etc/lp	R	# ...but not those logs
#		=/tmp		N	# just the directory, not its files
#
# Note the difference between pruning (via "!") and ignoring everything
# (via "E" template):  Ignoring everything in a directory still monitors
# for added and deleted files.  Pruning a directory will prevent Tripwire
# from even looking in the specified directory.
#
#
# Tripwire running slowly?  Modify your tripwire.config entries to
# ignore the (signature 2) attribute when this computationally-exorbitant 
# protection is not needed.  (See README and design document for further
# details.)
#

#  First, root's "home"
=/		L
/root/.rhosts	R	# may not exist
/root/.profile	R	# may not exist
/root/.cshrc		R	# may not exist
/root/.login		R	# may not exist
/root/.exrc		R	# may not exist
/root/.logout	R	# may not exist
/root/.emacs		R	# may not exist
/root/.forward	R	# may not exist
/root/.netrc		R	# may not exist

# Unix itself
/kernel
/boot/kernel/kernel	R

# /bin and exceptions
/bin		R-2
/bin/rcp	R

# /dev
/dev	 	L

# you need this if you have /dev/fd mounted as a fdesc filesystem
=/dev/fd        R

# /etc and exceptions
/etc			R-2
/etc/mail/aliases	L
/etc/disktab		L
/etc/dumpdates		L
/etc/master.passwd	L
/etc/motd		L
/etc/passwd		L
/etc/pwd.db		L
/etc/spwd.db		L
/etc/periodic/daily	L
/etc/periodic/monthly	L
/etc/periodic/weekly	L

# /home
=/home

# /root
/root			R-2
/root/.history		L

# /sbin
/sbin			R-2

# /usr/bin
/usr/bin		R-2

/usr/include		R-12

/usr/lib		R-2

/usr/libexec		R-2

/usr/local/bin		R-2

/usr/local/etc		L

/usr/sbin		R-2

/usr/src/bin		R-2
/usr/src/lib		R-2
/usr/src/libexec	R-2
/usr/src/sbin		R-2
/usr/src/usr.bin	R-2
/usr/src/usr.sbin	R-2
/usr/src/sys		R-2
!/usr/src/sys/i386/compile
!/usr/src/sys/i386/conf

# packages...
=@localbase@
=@x11base@

###########################################