-
Notifications
You must be signed in to change notification settings - Fork 127
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
132 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| ############################################################################### | ||
| # ## | ||
| # Default Tripwire 2.4 Policy file for AROS ## | ||
| # ## | ||
| ############################################################################### | ||
|
|
||
|
|
||
| ############################################################################### | ||
| # ## | ||
| # Global Variable Definitions ## | ||
| # ## | ||
| # These are defined at install time by the installation script. You may ## | ||
| # Manually edit these if you are using this file directly and not from the ## | ||
| # installation script itself. ## | ||
| # ## | ||
| ############################################################################### | ||
|
|
||
| @@section GLOBAL | ||
| TWROOT=; | ||
| TWBIN=; | ||
| TWPOL=; | ||
| TWDB=; | ||
| TWSKEY=; | ||
| TWLKEY=; | ||
| TWREPORT=; | ||
| HOSTNAME=; | ||
|
|
||
| ############################################################################## | ||
| # Predefined Variables # | ||
| ############################################################################## | ||
| # | ||
| # Property Masks | ||
| # | ||
| # - ignore the following properties | ||
| # + check the following properties | ||
| # | ||
| # a access timestamp (mutually exclusive with +CMSH) | ||
| # b number of blocks allocated | ||
| # c inode creation/modification timestamp | ||
| # d ID of device on which inode resides | ||
| # g group id of owner | ||
| # i inode number | ||
| # l growing files (logfiles for example) | ||
| # m modification timestamp | ||
| # n number of links | ||
| # p permission and file mode bits | ||
| # r ID of device pointed to by inode (valid only for device objects) | ||
| # s file size | ||
| # t file type | ||
| # u user id of owner | ||
| # | ||
| # C CRC-32 hash | ||
| # H HAVAL hash | ||
| # M MD5 hash | ||
| # S SHA hash | ||
| # | ||
| ############################################################################## | ||
|
|
||
| #Device = +pugsdr-intlbamcCMSH ; | ||
| #Dynamic = +pinugtd-srlbamcCMSH ; | ||
| #Growing = +pinugtdl-srbamcCMSH ; | ||
| #IgnoreAll = -pinugtsdrlbamcCMSH ; | ||
| #IgnoreNone = +pinugtsdrbamcCMSH-l ; | ||
| #ReadOnly = +pinugtsdbmCM-rlacSH ; | ||
| Temporary = +pugt ; | ||
|
|
||
| @@section FS | ||
|
|
||
| ######################################### | ||
| # ## | ||
| # Tripwire Binaries and Data Files ## | ||
| # ## | ||
| ######################################### | ||
|
|
||
| # Tripwire Binaries | ||
| ( | ||
| rulename = "Tripwire Binaries", | ||
| ) | ||
| { | ||
| $(TWBIN)/siggen -> $(ReadOnly) ; | ||
| $(TWBIN)/tripwire -> $(ReadOnly) ; | ||
| $(TWBIN)/twadmin -> $(ReadOnly) ; | ||
| $(TWBIN)/twprint -> $(ReadOnly) ; | ||
| } | ||
|
|
||
| # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases | ||
| ( | ||
| rulename = "Tripwire Data Files", | ||
| ) | ||
| { | ||
| # NOTE: We remove the inode attribute because when Tripwire creates a backup, | ||
| # it does so by renaming the old file and creating a new one (which will | ||
| # have a new inode number). Inode is left turned on for keys, which shouldn't | ||
| # ever change. | ||
|
|
||
| # NOTE: The first integrity check triggers this rule and each integrity check | ||
| # afterward triggers this rule until a database update is run, since the | ||
| # database file does not exist before that point. | ||
|
|
||
| $(TWDB) -> $(Dynamic) -i ; | ||
| $(TWPOL)/tw.pol -> $(ReadOnly) -i ; | ||
| $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; | ||
| $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; | ||
| $(TWSKEY)/site.key -> $(ReadOnly) ; | ||
|
|
||
| # don't scan the individual reports | ||
| $(TWREPORT) -> $(Dynamic) (recurse=0) ; | ||
| } | ||
|
|
||
|
|
||
| ############################################################################## | ||
|
|
||
| (rulename="OS Files",) | ||
| { | ||
| AROS:System -> $(IgnoreNone); | ||
| AROS:Devs -> $(IgnoreNone); | ||
| AROS:Libs -> $(IgnoreNone); | ||
| AROS:Tools-> $(IgnoreNone); | ||
| AROS:Prefs -> $(IgnoreNone); | ||
| AROS:Utilities -> $(IgnoreNone); | ||
| AROS:WBStartup -> $(IgnoreNone); | ||
| } | ||
|
|
||
| (rulename="Development Tools",) | ||
| { | ||
| Work:Development -> $(IgnoreNone); | ||
| } | ||
|
|
||
| (rulename="Extras",) | ||
| { | ||
| Work:Extras -> $(IgnoreNone); | ||
| } |