PR ports/7197 seems to have been the wrong fix. While I think Joe Greco's

statements are a little strong (like /.cshrc being used in single user mode),
it does appear /root was already protected.

PR:		ports/7200
Submitted by:	Joe Greco <greco@ns.sol.net>

3 files changed, 30 insertions, 27 deletions

diff --git a/security/tripwire-131/files/tw.conf.freebsd2 b/security/tripwire-131/files/tw.conf.freebsd2
index bb1f18bbebe8..08e843e28e8d 100644
--- a/security/tripwire-131/files/tw.conf.freebsd2
+++ b/security/tripwire-131/files/tw.conf.freebsd2
@@ -1,4 +1,4 @@
-# $Id: tw.conf.freebsd2,v 1.1.1.1 1997/04/01 04:44:00 jdp Exp $
+# $Id: tw.conf.freebsd2,v 1.2 1998/07/28 17:15:37 obrien Exp $
 #
 # tripwire.config
 # Generic version for FreeBSD
@@ -70,15 +70,16 @@
 # details.)
 #
 
-#  First, root's "home"
+#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
+#  is protected by R-2 protections in the default config file.
 =/		L
-/root/.rhosts	R	# may not exist
-/root/.profile	R	# may not exist
-/root/.cshrc		R	# may not exist
-/root/.login		R	# may not exist
-/root/.exrc		R	# may not exist
-/root/.logout	R	# may not exist
-/root/.forward	R	# may not exist
+/.rhosts	R	# may not exist
+/.profile	R	# may not exist
+/.cshrc		R	# may not exist
+/.login		R	# may not exist
+/.exrc		R	# may not exist
+/.logout	R	# may not exist
+/.forward	R	# may not exist
 
 # Unix itself
 /kernel		R
diff --git a/security/tripwire/files/tw.conf.freebsd2 b/security/tripwire/files/tw.conf.freebsd2
index bb1f18bbebe8..08e843e28e8d 100644
--- a/security/tripwire/files/tw.conf.freebsd2
+++ b/security/tripwire/files/tw.conf.freebsd2
@@ -1,4 +1,4 @@
-# $Id: tw.conf.freebsd2,v 1.1.1.1 1997/04/01 04:44:00 jdp Exp $
+# $Id: tw.conf.freebsd2,v 1.2 1998/07/28 17:15:37 obrien Exp $
 #
 # tripwire.config
 # Generic version for FreeBSD
@@ -70,15 +70,16 @@
 # details.)
 #
 
-#  First, root's "home"
+#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
+#  is protected by R-2 protections in the default config file.
 =/		L
-/root/.rhosts	R	# may not exist
-/root/.profile	R	# may not exist
-/root/.cshrc		R	# may not exist
-/root/.login		R	# may not exist
-/root/.exrc		R	# may not exist
-/root/.logout	R	# may not exist
-/root/.forward	R	# may not exist
+/.rhosts	R	# may not exist
+/.profile	R	# may not exist
+/.cshrc		R	# may not exist
+/.login		R	# may not exist
+/.exrc		R	# may not exist
+/.logout	R	# may not exist
+/.forward	R	# may not exist
 
 # Unix itself
 /kernel		R
diff --git a/security/tripwire12/files/tw.conf.freebsd2 b/security/tripwire12/files/tw.conf.freebsd2
index bb1f18bbebe8..08e843e28e8d 100644
--- a/security/tripwire12/files/tw.conf.freebsd2
+++ b/security/tripwire12/files/tw.conf.freebsd2
@@ -1,4 +1,4 @@
-# $Id: tw.conf.freebsd2,v 1.1.1.1 1997/04/01 04:44:00 jdp Exp $
+# $Id: tw.conf.freebsd2,v 1.2 1998/07/28 17:15:37 obrien Exp $
 #
 # tripwire.config
 # Generic version for FreeBSD
@@ -70,15 +70,16 @@
 # details.)
 #
 
-#  First, root's "home"
+#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
+#  is protected by R-2 protections in the default config file.
 =/		L
-/root/.rhosts	R	# may not exist
-/root/.profile	R	# may not exist
-/root/.cshrc		R	# may not exist
-/root/.login		R	# may not exist
-/root/.exrc		R	# may not exist
-/root/.logout	R	# may not exist
-/root/.forward	R	# may not exist
+/.rhosts	R	# may not exist
+/.profile	R	# may not exist
+/.cshrc		R	# may not exist
+/.login		R	# may not exist
+/.exrc		R	# may not exist
+/.logout	R	# may not exist
+/.forward	R	# may not exist
 
 # Unix itself
 /kernel		R