aboutsummaryrefslogtreecommitdiffstats
path: root/security/tripwire
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2006-02-16 23:17:31 +0800
committercy <cy@FreeBSD.org>2006-02-16 23:17:31 +0800
commit15bd9bf2d5fbf7ec43b240172236e41b3c3564f7 (patch)
tree2dfdc63712aa7334896147320cfd5c60a925b765 /security/tripwire
parentd46ee40421ce893c39880041ce053236906f9775 (diff)
downloadfreebsd-ports-gnome-15bd9bf2d5fbf7ec43b240172236e41b3c3564f7.tar.gz
freebsd-ports-gnome-15bd9bf2d5fbf7ec43b240172236e41b3c3564f7.tar.zst
freebsd-ports-gnome-15bd9bf2d5fbf7ec43b240172236e41b3c3564f7.zip
Ugrade 2.3.1-2 --> 2.4.0.1
Also, document the rename of files/twpol.txt to files/twpol.m4 through a repocopy. M4 is now used to conditionally build the initial copy of the Tripwire policy file based on the version of FreeBSD this port is being installed on.
Diffstat (limited to 'security/tripwire')
-rw-r--r--security/tripwire/Makefile66
-rw-r--r--security/tripwire/distinfo6
-rw-r--r--security/tripwire/files/patch-install::install.sh70
-rw-r--r--security/tripwire/files/patch-src::Makefile35
-rw-r--r--security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp11
-rw-r--r--security/tripwire/files/patch-src::core::msystem.cpp14
-rw-r--r--security/tripwire/files/patch-src::core::unix::file_unix.cpp45
-rw-r--r--security/tripwire/files/patch-src::core::unix::unixfsservices.cpp31
-rw-r--r--security/tripwire/files/patch-src::tripwire::mailmessage.cpp11
-rw-r--r--security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp16
-rw-r--r--security/tripwire/files/twpol.m442
-rw-r--r--security/tripwire/files/twpol.txt661
-rw-r--r--security/tripwire/pkg-descr8
-rw-r--r--security/tripwire/pkg-plist2
14 files changed, 42 insertions, 976 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
index 76481b8992dc..c7ad628bd570 100644
--- a/security/tripwire/Makefile
+++ b/security/tripwire/Makefile
@@ -6,28 +6,28 @@
#
PORTNAME= tripwire
-PORTVERSION= 2.3.1.2
-PORTREVISION= 5
+PORTVERSION= 2.4.0.1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
-DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/}
+DISTNAME= ${PORTNAME}-${PORTVERSION}-src
MAINTAINER= cy@FreeBSD.org
COMMENT= File system security and verification program
-BROKEN= DOES NOT BUILD: /usr/lib/libpthread.so: undefined reference to __usleep
LATEST_LINK= ${PORTNAME}
MAN5= twfiles.5 twconfig.5 twpolicy.5
MAN8= siggen.8 tripwire.8 twadmin.8 twintro.8 twprint.8
NO_PACKAGE= "requires local database to be built"
-WRKSRC= ${WRKDIR}/${DISTNAME}
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
BUILD_WRKSRC= ${WRKSRC}/src
+USE_BZIP2= yes
+GNU_CONFIGURE= yes
USE_GMAKE= yes
-USE_PERL5= yes
-ALL_TARGET= release
+USE_PERL5_BUILD= yes
MAKE_ARGS= SYSPRE=${ARCH}-unknown-freebsd
IS_INTERACTIVE= yes
+M4= /usr/bin/m4
# Tripwire config files are stored in TWCFG
TWCFG?= /usr/local/etc/tripwire
@@ -44,51 +44,37 @@ TWREPORT?= ${TWDB}/report
# This sets the default text editor for Tripwire.
TWEDITOR?= /usr/bin/vi
# This sets the location of the twpol.txt file that is to be installed
-TWPOL_TXT?= ${FILESDIR}/twpol.txt
+TWPOL_TXT?= ${FILESDIR}/twpol.m4
# Other variables that are used:
TRIPWIRE_CLOBBER?= NO
# If TRIPWIRE_CLOBBER is set to YES, the install script clobbers
# previously installed config files.
+CONFIGURE_ARGS= --prefix=${PREFIX} --program-transform-name='' --sysconfdir=${TWCFG}
.include <bsd.port.pre.mk>
-PLIST_SUB+= TWCFG=${TWCFG} TWDB=${TWDB}
-
-.if ${OSVERSION} > 501000
-USE_GCC= 2.95
-USE_REINPLACE= YES
+.if ${OSVERSION} < 500000
+BUILD_DEPENDS= ${LOCALBASE}/lib/libstlport_gcc.so:${PORTSDIR}/devel/stlport
+RUN_DEPENDS= ${LOCALBASE}/lib/libstlport_gcc.so:${PORTSDIR}/devel/stlport
.endif
+PLIST_SUB+= TWCFG=${TWCFG} TWDB=${TWDB}
+
pre-configure:
- @ ${CP} ${TWPOL_TXT} ${WRKSRC}/policy/twpol.txt
+ @ ${M4} -DFREEBSD_VERSION=`${ECHO_CMD} ${OSREL} | ${CUT} -d. -f1` < ${TWPOL_TXT} > ${WRKSRC}/policy/twpol-FreeBSD.txt
@ ${MV} ${WRKSRC}/src/core/stdcore.h ${WRKSRC}/src/core/stdcore.h.orig
@ ${SED} 's%^# define CONFIG_FILE_ROOT "/usr/local/etc/tripwire"%# define CONFIG_FILE_ROOT "${TWCFG}"%' ${WRKSRC}/src/core/stdcore.h.orig > ${WRKSRC}/src/core/stdcore.h
@ ${MV} ${WRKSRC}/man/man4/twconfig.4 ${WRKSRC}/man/man5/twconfig.5
@ ${MV} ${WRKSRC}/man/man4/twpolicy.4 ${WRKSRC}/man/man5/twpolicy.5
+ @ ${LN} -s ${WRKSRC}/contrib ${WRKSRC}/install
-.if ${OSVERSION} > 501000
-post-extract:
- @ ${REINPLACE_CMD} -e "s|CC \= gcc|CC \= gcc295|g" ${WRKSRC}/src/STLport-4.0/src/gcc.mak
- @ ${REINPLACE_CMD} -e "s|CXX \= c\+\+|CXX \= g\+\+295|g" ${WRKSRC}/src/STLport-4.0/src/gcc.mak
- @ ${REINPLACE_CMD} -e "s|ln \-s \/usr\/include\/g\+\+ include|ln \-s ${PREFIX}\/lib\/gcc\-lib\/${ARCH}\-portbld\-freebsd${OSREL}\/2.95.3\/include include|g" ${WRKSRC}/src/STLport-4.0/STLport.mak
- @ ${REINPLACE_CMD} -e "s|CC \= cc|CC \= gcc295|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc
- @ ${REINPLACE_CMD} -e "s|CXX \= c\+\+|CXX \= g\+\+295|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc
- @ ${REINPLACE_CMD} -e "s|LINKFLAGS_R \= \-pthread|LINKFLAGS_R \+\= \-lpthread|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc
- @ ${REINPLACE_CMD} -e "s|LINKFLAGS_D \= \-pthread|LINKFLAGS_D \+\= \-lpthread|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc
- @ ${REINPLACE_CMD} -e "s|CC \= g\+\+|CC \= g\+\+295|g" ${WRKSRC}/src/cryptlib/i386-unknown-freebsd.mak
- @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/core/msystem.cpp
- @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/twparser/yylex.cpp
- @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/tripwire/tripwiremain.cpp
-.endif
-
-install-software:
+install-config-files:
@ ${ECHO_CMD} TWPOLICY=${TWPOLICY} >> ${WRKSRC}/install/install.cfg
@ ${ECHO_CMD} TWSITEKEYDIR=${TWSITEKEYDIR} >> ${WRKSRC}/install/install.cfg
@ ${ECHO_CMD} TWLOCALKEYDIR=${TWLOCALKEYDIR} >> ${WRKSRC}/install/install.cfg
@ ${ECHO_CMD} TWDB=${TWDB} >> ${WRKSRC}/install/install.cfg
@ ${ECHO_CMD} TWREPORT=${TWREPORT} >> ${WRKSRC}/install/install.cfg
@ ${ECHO_CMD} TWEDITOR=${TWEDITOR} >> ${WRKSRC}/install/install.cfg
- @ ${ECHO_CMD} TWPOL_TXT=${TWPOL_TXT} >> ${WRKSRC}/install/install.cfg
@ cd ${WRKSRC} && ${LN} -sf install/install.cfg install/install.sh .
.if ( defined(TRIPWIRE_CLOBBER) && ${TRIPWIRE_CLOBBER} == "YES" ) || \
( defined(TRIPWIRE_CLOBBER) && ${TRIPWIRE_CLOBBER} == "yes" )
@@ -103,11 +89,6 @@ create-database:
${TWDB} ${TWREPORT}
@ ${ECHO} Creating tripwire database
@ cd ${TWCFG} && ${PREFIX}/sbin/tripwire --init
- @ ${ECHO} To create a floppy backup of your tripwire database
- @ ${ECHO} run \"make floppy\". The default database will not
- @ ${ECHO} fit on a floppy, however with the removal of objects
- @ ${ECHO} from the database, it can be made to fit on a 1.44 MB
- @ ${ECHO} floppy disk.
@ ${ECHO_CMD}
@ ${ECHO} The tripwire database, configuration file and
@ ${ECHO} policy file are signed using the local and site keys,
@@ -116,17 +97,6 @@ create-database:
.endif
-floppy:
- @ disklabel -w -B /dev/rfd0c fd1440
- @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
- @ mount /dev/fd0c /mnt
- @ ${CP} -p ${PREFIX}/sbin/tripwire /mnt/tripwire
- @ ${CP} -p ${TWCFG}/* /mnt
- @ ${SH} -c "${CP} -p ${TWDB}/* /mnt || exit 0"
- @ ${CHMOD} 555 /mnt/tripwire
- @ umount /mnt
- @ ${ECHO} Do not forget to remove and write-protect the floppy.
-
-do-install: install-software create-database
+post-install: install-config-files create-database
.include <bsd.port.post.mk>
diff --git a/security/tripwire/distinfo b/security/tripwire/distinfo
index 185cdb7e5565..b6dec09bddcb 100644
--- a/security/tripwire/distinfo
+++ b/security/tripwire/distinfo
@@ -1,3 +1,3 @@
-MD5 (tripwire-2.3.1-2.tar.gz) = 6a15fe110565cef9ed33c1c7e070355e
-SHA256 (tripwire-2.3.1-2.tar.gz) = d339fbc093ce9e9f0c98fa2b454735bb2c13613103d6edcfcce57dbd3a394d2a
-SIZE (tripwire-2.3.1-2.tar.gz) = 1514955
+MD5 (tripwire-2.4.0.1-src.tar.bz2) = b371f79ac23cacc9ad40b1da76b4a0c4
+SHA256 (tripwire-2.4.0.1-src.tar.bz2) = 397269815278b775f1dd657c3bd06982990a2af2a7ab2a8c8175b117c6147212
+SIZE (tripwire-2.4.0.1-src.tar.bz2) = 1208424
diff --git a/security/tripwire/files/patch-install::install.sh b/security/tripwire/files/patch-install::install.sh
deleted file mode 100644
index 6e7ecf08eec0..000000000000
--- a/security/tripwire/files/patch-install::install.sh
+++ /dev/null
@@ -1,70 +0,0 @@
---- install/install.sh.orig Fri Oct 27 17:26:26 2000
-+++ install/install.sh Fri Feb 22 07:34:55 2002
-@@ -3,7 +3,7 @@
- #########################################################
- #########################################################
- ##
--## Tripwire(R) 2.3 Open Source for LINUX install script
-+## Tripwire(R) 2.3 Open Source for FreeBSD install script
- ##
- #########################################################
- #########################################################
-@@ -252,12 +252,14 @@
- unamVER=`uname -v -r`
- if ((echo "$unamOS" | $GREP -i "Linux" > /dev/null) ||
- (echo "$unamOS" | $GREP -i "HP-UX" > /dev/null) ||
-+ (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null) ||
- (echo "$unamOS" | $GREP -i "AIX" > /dev/null)); then
- unamHW=`uname -m`
- else
- unamHW=`uname -p`
- fi
-- if (echo "$unamOS" | $GREP -i "Linux" > /dev/null); then
-+ if (echo "$unamOS" | $GREP -i "Linux" > /dev/null) ||
-+ (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then
- osokay=1
- fi
- if [ "$osokay" -eq 0 ] ; then
-@@ -488,7 +490,11 @@
- BASE_DIR=`echo $0 | sed s/$BASE_DIR\$//`
- if [ ! -z "$BASE_DIR" ] ; then
- TAR_DIR="${BASE_DIR}"
-- BIN_DIR="${BASE_DIR}bin/i686-pc-linux_r"
-+ if (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then
-+ BIN_DIR="${BASE_DIR}bin/${unamHW}-unknown-freebsd_r"
-+ else
-+ BIN_DIR="${BASE_DIR}bin/i686-pc-linux_r"
-+ fi
- else
- TAR_DIR="${BASE_DIR}"
- fi
-@@ -621,15 +627,22 @@
- f1=' ff=$README ; d="" ; dd=$TWDOCS ; rr=0444 '
- f2=' ff=$REL_NOTES ; d="" ; dd=$TWDOCS ; rr=0444 '
- f3=' ff=$TWLICENSEFILE ; d="" ; dd=$TWDOCS ; rr=0444 '
--f4=' ff=tripwire ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
--f5=' ff=twadmin ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
--f6=' ff=twprint ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
--f7=' ff=siggen ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
-+if (echo "$unamOS" | $GREP -i "Linux" > /dev/null); then
-+ f4=' ff=tripwire ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
-+ f5=' ff=twadmin ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
-+ f6=' ff=twprint ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
-+ f7=' ff=siggen ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 '
-+elif (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then
-+ f4=' ff=tripwire ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 '
-+ f5=' ff=twadmin ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 '
-+ f6=' ff=twprint ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 '
-+ f7=' ff=siggen ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 '
-+fi
- f8=' ff=TRADEMARK ; d="" ; dd=$TWDOCS ; rr=0444 '
--f9=' ff=policyguide.txt ; d="" ; dd=$TWDOCS ; rr=0444 '
-+f9=' ff=policyguide.txt ; d="/policy/" ; dd=$TWDOCS ; rr=0444 '
- f10=' ff=twpol.txt ; d="/policy/" ; dd=$TWPOLICY ; rr=0640 '
--f11=' ff=twpolicy.4 ; d="/man/man4" ; dd=$TWMAN/man4 ; rr=0444 '
--f12=' ff=twconfig.4 ; d="/man/man4" ; dd=$TWMAN/man4 ; rr=0444 '
-+f11=' ff=twpolicy.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 '
-+f12=' ff=twconfig.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 '
- f13=' ff=twfiles.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 '
- f14=' ff=siggen.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
- f15=' ff=tripwire.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
diff --git a/security/tripwire/files/patch-src::Makefile b/security/tripwire/files/patch-src::Makefile
deleted file mode 100644
index d49c5079587c..000000000000
--- a/security/tripwire/files/patch-src::Makefile
+++ /dev/null
@@ -1,35 +0,0 @@
---- src/Makefile.orig Sat Mar 3 20:03:52 2001
-+++ src/Makefile Fri Feb 22 07:48:44 2002
-@@ -5,15 +5,16 @@
- #
- # This makefile handles different platforms targets through the use of the
- # makefile variable "SYSPRE". To configure the make process for your specific
--# platform edit the SYSPRE variable in the Configuration section below to match your
--# setup.
-+# platform edit the SYSPRE variable in the Configuration section below to match
-+# your setup.
- #
- # During the build process this makefile recursively calls gmake using this
- # file (Makefile) or one of the subdirectory makefiles (e.g. core/core.mak)
- # as the makefile. When it does this it passes the SYSPRE definition along
- # by using the directive "SYSPRE=$(SYSPRE)".
- #
--# Comments that start with '#=' are echoed to the screen by the default target, help.
-+# Comments that start with '#=' are echoed to the screen by the default target,
-+# help.
- #= *** Build Commands
- #=
- #= Please note that all Tripwire makefiles require GNU make (gmake) to build!
-@@ -77,9 +78,11 @@
- #
- # i686-pc-linux == Linux Intel x86
- # sparc-linux == Linux Sparc (not fully implemented)
-+# i386-unknown-freebsd == FreeBSD Intel x86
-+# alpha-unknown-freebsd == FreeBSD Compaq Alpha
- #
-
--SYSPRE = i686-pc-linux
-+#SYSPRE = i686-pc-linux
- #SYSPRE = sparc-linux
- #SYSPRE = i386-unknown-freebsd
- #SYSPRE = i386-unknown-openbsd
diff --git a/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp b/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp
deleted file mode 100644
index 551cd1fb7a3e..000000000000
--- a/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/STLport-4.0/src/num_put_float.cpp.orig Sat Feb 24 19:44:14 2001
-+++ src/STLport-4.0/src/num_put_float.cpp Sat Oct 12 02:55:14 2002
-@@ -43,7 +43,7 @@
-
- # ifdef __STL_UNIX
-
--# ifdef __OpenBSD__
-+# if defined(__OpenBSD__) || defined(__FreeBSD__)
- # include <math.h>
- # include <float.h>
- # else
diff --git a/security/tripwire/files/patch-src::core::msystem.cpp b/security/tripwire/files/patch-src::core::msystem.cpp
deleted file mode 100644
index 5df1a0d36393..000000000000
--- a/security/tripwire/files/patch-src::core::msystem.cpp
+++ /dev/null
@@ -1,14 +0,0 @@
---- src/core/msystem.cpp.orig Wed Aug 10 15:59:22 2005
-+++ src/core/msystem.cpp Wed Aug 10 17:00:19 2005
-@@ -951,8 +951,11 @@
- * ignore any signals until child dies
- */
- for(i = 0; i < MAX_SIGNAL; i++)
-+#ifdef __FreeBSD__
-+#define SIGCLD SIGCHLD
-+#endif
- #ifdef SIGCLD
- if (i != SIGCLD)
- #endif
- savesig[i] = tw_sigign(i);
- /*
diff --git a/security/tripwire/files/patch-src::core::unix::file_unix.cpp b/security/tripwire/files/patch-src::core::unix::file_unix.cpp
deleted file mode 100644
index d43cca7f771c..000000000000
--- a/security/tripwire/files/patch-src::core::unix::file_unix.cpp
+++ /dev/null
@@ -1,45 +0,0 @@
---- src/core/unix/file_unix.cpp Sat Oct 28 04:15:21 2000
-+++ src/core/unix/file_unix.cpp Wed Jun 13 09:29:07 2001
-@@ -155,10 +155,15 @@
- if( flags & OPEN_CREATE )
- perm |= O_CREAT;
-
-+ mode_t openmode = 0664;
-+ if ( flags & OPEN_EXCLUSIVE ) {
-+ perm |= O_CREAT | O_EXCL;
-+ openmode = (mode_t) 0600; // Make sure only root can read the file
-+ }
- //
- // actually open the file
- //
-- int fh = _topen( sFileName.c_str(), perm, 0664 );
-+ int fh = _topen( sFileName.c_str(), perm, openmode );
- if( fh == -1 )
- {
- throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) );
---- src/core/file.h Sat Oct 28 04:15:20 2000
-+++ src/core/file.h Wed Jun 13 09:07:20 2001
-@@ -96,7 +96,8 @@
- OPEN_LOCKED_TEMP = 0x00000004, // the file should not be readable by other processes and should be removed when closed
- OPEN_TRUNCATE = 0x00000008, // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE
- OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
-- OPEN_TEXT = 0x00000020
-+ OPEN_TEXT = 0x00000020,
-+ OPEN_EXCLUSIVE = 0x0000040 // Use O_CREAT | O_EXCL
- };
-
- //Ctor, Dtor, CpyCtor, Operator=:
---- src/core/archive.cpp Sat Feb 24 21:02:12 2001
-+++ src/core/archive.cpp Wed Jun 13 09:15:25 2001
-@@ -896,8 +896,9 @@
- // create file
-
- // set up flags
-- uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE;
-- if ( openFlags & FA_OPEN_TRUNCATE )
-+ uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE | cFile::OPEN_EXCLUSIVE;
-+
-+ if ( openFlags & FA_OPEN_TRUNCATE )
- flags |= cFile::OPEN_TRUNCATE;
- if ( openFlags & FA_OPEN_TEXT )
- flags |= cFile::OPEN_TEXT;
diff --git a/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp b/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp
deleted file mode 100644
index 14919a9e3ee0..000000000000
--- a/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp
+++ /dev/null
@@ -1,31 +0,0 @@
---- src/core/unix/unixfsservices.cpp.orig Sat Feb 24 11:02:12 2001
-+++ src/core/unix/unixfsservices.cpp Tue Jul 10 21:40:37 2001
-@@ -243,6 +243,7 @@
- {
- char* pchTempFileName;
- char szTemplate[MAXPATHLEN];
-+ int fd;
-
- #ifdef _UNICODE
- // convert template from wide character to multi-byte string
-@@ -253,13 +254,14 @@
- strcpy( szTemplate, strName.c_str() );
- #endif
-
-- // create temp filename
-- pchTempFileName = mktemp( szTemplate );
-+ // create temp filename and check to see if mkstemp failed
-+ if ((fd = mkstemp( szTemplate )) == -1) {
-+ throw eFSServicesGeneric( strName );
-+ } else {
-+ close(fd);
-+ }
-+ pchTempFileName = szTemplate;
-
-- //check to see if mktemp failed
-- if ( pchTempFileName == NULL || strlen(pchTempFileName) == 0) {
-- throw eFSServicesGeneric( strName );
-- }
-
- // change name so that it has the XXXXXX part filled in
- #ifdef _UNICODE
diff --git a/security/tripwire/files/patch-src::tripwire::mailmessage.cpp b/security/tripwire/files/patch-src::tripwire::mailmessage.cpp
deleted file mode 100644
index f5566a087aa7..000000000000
--- a/security/tripwire/files/patch-src::tripwire::mailmessage.cpp
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/tripwire/mailmessage.cpp.orig Thu Jul 5 05:16:34 2001
-+++ src/tripwire/mailmessage.cpp Thu Jul 5 05:16:47 2001
-@@ -241,7 +241,7 @@
- time_t current_time = time(NULL);
- tm = localtime ( &current_time );
-
-- const TCHAR* szFormat = _T("%a %d %b %Y %H:%M:%S %z");
-+ const TCHAR* szFormat = _T("%a, %d %b %Y %H:%M:%S %z");
-
- size_t numChars = _tcsftime( szDate, countof( szDate ), szFormat, tm );
-
diff --git a/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp b/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp
deleted file mode 100644
index f88afd69aea0..000000000000
--- a/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: src/tripwire/pipedmailmessage.cpp
-===================================================================
-retrieving revision 1.1
-retrieving revision 1.2
-diff -u -r1.1 -r1.2
---- src/tripwire/pipedmailmessage.cpp 21 Jan 2001 00:46:48 -0000 1.1
-+++ src/tripwire/pipedmailmessage.cpp 26 May 2004 20:59:15 -0000 1.2
-@@ -180,7 +180,7 @@
-
- void cPipedMailMessage::SendString( const TSTRING& s )
- {
-- if( _ftprintf( mpFile, s.c_str() ) < 0 )
-+ if( _ftprintf( mpFile, "%s", s.c_str() ) < 0 )
- {
- TOSTRINGSTREAM estr;
- estr << TSS_GetString( cTripwire, tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND )
diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4
index 7be1442fa538..240a409d6079 100644
--- a/security/tripwire/files/twpol.m4
+++ b/security/tripwire/files/twpol.m4
@@ -3,6 +3,7 @@
#
# $FreeBSD$
+# This file originally was repocopied from: ports/security/tripwire/files/twpol.txt,v 1.3 2005/08/09 18:24:15 cy Exp
#
# This is the example Tripwire Policy file. It is intended as a place to
@@ -184,7 +185,9 @@ SIG_HI = 100 ; # Critical files that are significant point
#
-# FreeBSD Kernel
+ifelse(eval(FREEBSD_VERSION<=4),1,`# FreeBSD Kernel
+',`# FreeBSD Kernel and boot code
+')dnl
#
(
@@ -192,15 +195,17 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
- # /boot is used by FreeBSD 5.X+
- /boot -> $(SEC_CRIT) ;
- # /kernel is used by FreeBSD 4.X
+ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /kernel is used by FreeBSD <=4.X
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
+',eval(FREEBSD_VERSION>=5),1,`dnl /boot is used by FreeBSD >=5.X
+ /boot -> $(SEC_CRIT) ;
+')
}
+ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /modules and /lkm are used by FreeBSD <=4.X
#
# FreeBSD Modules
#
@@ -210,12 +215,17 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
- # /modules is used by FreeBSD 4.X
+')
+ifelse(eval(FREEBSD_VERSION<=3),1,`dnl /lkm is used by FreeBSD 2.X and 3.X
+ /lkm -> $(SEC_CRIT) (recurse = true) ;
+',eval(FREEBSD_VERSION<=4),1,`dnl /modules is used by FreeBSD 4.X
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
- # /lkm is used by FreeBSD 2.X and 3.X
- # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
+')
+dnl FreeBSD >=5.X puts modules in /boot/kernel
+ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /modules and /lkm are used by FreeBSD <=4.X
}
+')dnl
#
@@ -255,7 +265,7 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
- # XXX Do we really need to verify the integrity of /dev on 5.X?
+ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /dev is devfs on FreeBSD >= 5.X
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;
@@ -300,6 +310,7 @@ SIG_HI = 100 ; # Critical files that are significant point
/dev/ttypu -> $(SEC_TTY) ;
/dev/ttypv -> $(SEC_TTY) ;
/dev/cuaa0 -> $(SEC_TTY) ; # modem
+')
}
@@ -415,6 +426,7 @@ SIG_HI = 100 ; # Critical files that are significant point
! /usr/share/man/cat9 ;
! /usr/share/man/catl ;
! /usr/share/man/catn ;
+ifelse(eval(FREEBSD_VERSION<=4),1,`
/usr/share/perl/man -> $(SEC_CONFIG) ;
!/usr/share/perl/man/whatis ;
!/usr/share/perl/man/.glimpse_filenames ;
@@ -428,19 +440,7 @@ SIG_HI = 100 ; # Critical files that are significant point
!/usr/share/perl/man/.glimpse_turbo ;
/usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/perl/man/cat3 ;
- /usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ;
- ! /usr/local/lib/perl5/5.00503/man/whatis ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
- /usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/local/lib/perl5/5.00503/man/cat3 ;
+')dnl
}
diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt
deleted file mode 100644
index 7be1442fa538..000000000000
--- a/security/tripwire/files/twpol.txt
+++ /dev/null
@@ -1,661 +0,0 @@
-#
-# Policy file for FreeBSD
-#
-# $FreeBSD$
-
-
-#
-# This is the example Tripwire Policy file. It is intended as a place to
-# start creating your own custom Tripwire Policy file. Referring to it as
-# well as the Tripwire Policy Guide should give you enough information to
-# make a good custom Tripwire Policy file that better covers your
-# configuration and security needs. A text version of this policy file is
-# called twpol.txt.
-#
-# Note that this file is tuned to an install of FreeBSD using
-# buildworld. If run unmodified, this file should create no errors on
-# database creation, or violations on a subsiquent integrity check.
-# However it is impossible for there to be one policy file for all machines,
-# so this existing one errs on the side of security. Your FreeBSD
-# configuration will most likey differ from the one our policy file was
-# tuned to, and will therefore require some editing of the default
-# Tripwire Policy file.
-#
-# The example policy file is best run with 'Loose Directory Checking'
-# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
-# file.
-#
-# Email support is not included and must be added to this file.
-# Add the 'emailto=' to the rule directive section of each rule (add a comma
-# after the 'severity=' line and add an 'emailto=' and include the email
-# addresses you want the violation reports to go to). Addresses are
-# semi-colon delimited.
-#
-
-
-
-#
-# Global Variable Definitions
-#
-# These are defined at install time by the installation script. You may
-# Manually edit these if you are using this file directly and not from the
-# installation script itself.
-#
-
-@@section GLOBAL
-TWROOT=;
-TWBIN=;
-TWPOL=;
-TWDB=;
-TWSKEY=;
-TWLKEY=;
-TWREPORT=;
-HOSTNAME=;
-
-@@section FS
-SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
-SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
-SEC_BIN = $(ReadOnly) ; # Binaries that should not change
-SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
-SEC_TTY = $(Dynamic)-ugp ; # Tty files that change ownership at login
-SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
-SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
-SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
-SIG_MED = 66 ; # Non-critical files that are of significant security impact
-SIG_HI = 100 ; # Critical files that are significant points of vulnerability
-
-
-# Tripwire Binaries
-(
- rulename = "Tripwire Binaries",
- severity = $(SIG_HI)
-)
-{
- $(TWBIN)/siggen -> $(SEC_BIN) ;
- $(TWBIN)/tripwire -> $(SEC_BIN) ;
- $(TWBIN)/twadmin -> $(SEC_BIN) ;
- $(TWBIN)/twprint -> $(SEC_BIN) ;
-}
-
-# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
-(
- rulename = "Tripwire Data Files",
- severity = $(SIG_HI)
-)
-{
- # NOTE: We remove the inode attribute because when Tripwire creates a backup,
- # it does so by renaming the old file and creating a new one (which will
- # have a new inode number). Inode is left turned on for keys, which shouldn't
- # ever change.
-
- # NOTE: The first integrity check triggers this rule and each integrity check
- # afterward triggers this rule until a database update is run, since the
- # database file does not exist before that point.
-
- $(TWDB) -> $(SEC_CONFIG) -i ;
- $(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
- $(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
- $(TWPOL)/twcfg.txt -> $(SEC_BIN) ;
- $(TWPOL)/twpol.txt -> $(SEC_BIN) ;
- $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
- $(TWSKEY)/site.key -> $(SEC_BIN) ;
-
- #don't scan the individual reports
- $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
-}
-
-
-# Tripwire HQ Connector Binaries
-#(
-# rulename = "Tripwire HQ Connector Binaries",
-# severity = $(SIG_HI)
-#)
-#{
-# $(TWBIN)/hqagent -> $(SEC_BIN) ;
-#}
-#
-# Tripwire HQ Connector - Configuration Files, Keys, and Logs
-
-#
-# Note: File locations here are different than in a stock HQ Connector
-# installation. This is because Tripwire 2.3 uses a different path
-# structure than Tripwire 2.2.1.
-#
-# You may need to update your HQ Agent configuation file (or this policy
-# file) to correct the paths. We have attempted to support the FHS standard
-# here by placing the HQ Agent files similarly to the way Tripwire 2.3
-# places them.
-#
-
-#(
-# rulename = "Tripwire HQ Connector Data Files",
-# severity = $(SIG_HI)
-#)
-#{
-#
-# # NOTE: Removing the inode attribute because when Tripwire creates a backup
-# # it does so by renaming the old file and creating a new one (which will
-# # have a new inode number). Leaving inode turned on for keys, which
-# # shouldn't ever change.
-#
-#
-# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
-# $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
-# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
-# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
-#
-# # Uncomment if you have agent logging enabled.
-# #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
-#}
-
-
-
-# Commonly accessed directories that should remain static with regards to owner and group
-(
- rulename = "Invariant Directories",
- severity = $(SIG_MED)
-)
-{
- / -> $(SEC_INVARIANT) (recurse = false) ;
- /home -> $(SEC_INVARIANT) (recurse = false) ;
-}
-
-#
-# First, root's "home"
-#
-
-(
- rulename = "Root's home",
- severity = $(SIG_HI)
-)
-{
- # /.rhosts -> $(SEC_CRIT) ;
- /.profile -> $(SEC_CRIT) ;
- /.cshrc -> $(SEC_CRIT) ;
- /.login -> $(SEC_CRIT) ;
- # /.exrc -> $(SEC_CRIT) ;
- # /.logout -> $(SEC_CRIT) ;
- # /.forward -> $(SEC_CRIT) ;
- /root -> $(SEC_CRIT) (recurse = true) ;
- !/root/.history ;
- !/root/.bash_history ;
- # !/root/.lsof_SYSTEM_NAME ; # Uncomment if lsof is installed
-}
-
-
-#
-# FreeBSD Kernel
-#
-
-(
- rulename = "FreeBSD Kernel",
- severity = $(SIG_HI)
-)
-{
- # /boot is used by FreeBSD 5.X+
- /boot -> $(SEC_CRIT) ;
- # /kernel is used by FreeBSD 4.X
- /kernel -> $(SEC_CRIT) ;
- /kernel.old -> $(SEC_CRIT) ;
- /kernel.GENERIC -> $(SEC_CRIT) ;
-}
-
-
-#
-# FreeBSD Modules
-#
-
-(
- rulename = "FreeBSD Modules",
- severity = $(SIG_HI)
-)
-{
- # /modules is used by FreeBSD 4.X
- /modules -> $(SEC_CRIT) (recurse = true) ;
- /modules.old -> $(SEC_CRIT) (recurse = true) ;
- # /lkm is used by FreeBSD 2.X and 3.X
- # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
-}
-
-
-#
-# System Administration Programs
-#
-
-(
- rulename = "System Administration Programs",
- severity = $(SIG_HI)
-)
-{
- /sbin -> $(SEC_CRIT) (recurse = true) ;
- /usr/sbin -> $(SEC_CRIT) (recurse = true) ;
-}
-
-
-#
-# User Utilities
-#
-
-(
- rulename = "User Utilities",
- severity = $(SIG_HI)
-)
-{
- /bin -> $(SEC_CRIT) (recurse = true) ;
- /usr/bin -> $(SEC_CRIT) (recurse = true) ;
-}
-
-
-#
-# /dev
-#
-
-(
- rulename = "/dev",
- severity = $(SIG_HI)
-)
-{
- # XXX Do we really need to verify the integrity of /dev on 5.X?
- /dev -> $(Device) (recurse = true) ;
- !/dev/vga ;
- !/dev/dri ;
- /dev/console -> $(SEC_TTY) ;
- /dev/ttyv0 -> $(SEC_TTY) ;
- /dev/ttyv1 -> $(SEC_TTY) ;
- /dev/ttyv2 -> $(SEC_TTY) ;
- /dev/ttyv3 -> $(SEC_TTY) ;
- /dev/ttyv4 -> $(SEC_TTY) ;
- /dev/ttyv5 -> $(SEC_TTY) ;
- /dev/ttyv6 -> $(SEC_TTY) ;
- /dev/ttyv7 -> $(SEC_TTY) ;
- /dev/ttyp0 -> $(SEC_TTY) ;
- /dev/ttyp1 -> $(SEC_TTY) ;
- /dev/ttyp2 -> $(SEC_TTY) ;
- /dev/ttyp3 -> $(SEC_TTY) ;
- /dev/ttyp4 -> $(SEC_TTY) ;
- /dev/ttyp5 -> $(SEC_TTY) ;
- /dev/ttyp6 -> $(SEC_TTY) ;
- /dev/ttyp7 -> $(SEC_TTY) ;
- /dev/ttyp8 -> $(SEC_TTY) ;
- /dev/ttyp9 -> $(SEC_TTY) ;
- /dev/ttypa -> $(SEC_TTY) ;
- /dev/ttypb -> $(SEC_TTY) ;
- /dev/ttypc -> $(SEC_TTY) ;
- /dev/ttypd -> $(SEC_TTY) ;
- /dev/ttype -> $(SEC_TTY) ;
- /dev/ttypf -> $(SEC_TTY) ;
- /dev/ttypg -> $(SEC_TTY) ;
- /dev/ttyph -> $(SEC_TTY) ;
- /dev/ttypi -> $(SEC_TTY) ;
- /dev/ttypj -> $(SEC_TTY) ;
- /dev/ttypl -> $(SEC_TTY) ;
- /dev/ttypm -> $(SEC_TTY) ;
- /dev/ttypn -> $(SEC_TTY) ;
- /dev/ttypo -> $(SEC_TTY) ;
- /dev/ttypp -> $(SEC_TTY) ;
- /dev/ttypq -> $(SEC_TTY) ;
- /dev/ttypr -> $(SEC_TTY) ;
- /dev/ttyps -> $(SEC_TTY) ;
- /dev/ttypt -> $(SEC_TTY) ;
- /dev/ttypu -> $(SEC_TTY) ;
- /dev/ttypv -> $(SEC_TTY) ;
- /dev/cuaa0 -> $(SEC_TTY) ; # modem
-}
-
-
-#
-# /etc
-#
-
-(
- rulename = "/etc",
- severity = $(SIG_HI)
-)
-{
- /etc -> $(SEC_CRIT) (recurse = true) ;
- # /etc/mail/aliases -> $(SEC_CONFIG) ;
- /etc/dumpdates -> $(SEC_CONFIG) ;
- /etc/motd -> $(SEC_CONFIG) ;
- !/etc/ppp/connect-errors ;
- /etc/skeykeys -> $(SEC_CONFIG) ;
- # Uncomment the following 4 lines if your password file does not change
- # /etc/passwd -> $(SEC_CONFIG) ;
- # /etc/master.passwd -> $(SEC_CONFIG) ;
- # /etc/pwd.db -> $(SEC_CONFIG) ;
- # /etc/spwd.db -> $(SEC_CONFIG) ;
-}
-
-
-#
-# Copatibility (Linux)
-#
-
-(
- rulename = "Linux Compatibility",
- severity = $(SIG_HI)
-)
-{
- /compat -> $(SEC_CRIT) (recurse = true) ;
-#
-# Uncomment the following if Linux compatibility is used. Replace
-# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
-# installed.
-#
-#@@ifhost HOSTNAME1 || HOSTNAME2
-# /compat/linux/etc -> $(SEC_INVARIANT) (recurse = false) ;
-# /compat/linux/etc/X11 -> $(SEC_CONFIG) (recurse = true) ;
-# /compat/linux/etc/pam.d -> $(SEC_CONFIG) (recurse = true) ;
-# /compat/linux/etc/profile.d -> $(SEC_CONFIG) (recurse = true) ;
-# /compat/linux/etc/real -> $(SEC_CONFIG) (recurse = true) ;
-# /compat/linux/etc/bashrc -> $(SEC_CONFIG) ;
-# /compat/linux/etc/csh.login -> $(SEC_CONFIG) ;
-# /compat/linux/etc/host.conf -> $(SEC_CONFIG) ;
-# /compat/linux/etc/hosts.allow -> $(SEC_CONFIG) ;
-# /compat/linux/etc/hosts.deny -> $(SEC_CONFIG) ;
-# /compat/linux/etc/info-dir -> $(SEC_CONFIG) ;
-# /compat/linux/etc/inputrc -> $(SEC_CONFIG) ;
-# /compat/linux/etc/ld.so.conf -> $(SEC_CONFIG) ;
-# /compat/linux/etc/nsswitch.conf -> $(SEC_CONFIG) ;
-# /compat/linux/etc/profile -> $(SEC_CONFIG) ;
-# /compat/linux/etc/redhat-release -> $(SEC_CONFIG) ;
-# /compat/linux/etc/rpc -> $(SEC_CONFIG) ;
-# /compat/linux/etc/securetty -> $(SEC_CONFIG) ;
-# /compat/linux/etc/shells -> $(SEC_CONFIG) ;
-# /compat/linux/etc/termcap -> $(SEC_CONFIG) ;
-# /compat/linux/etc/yp.conf -> $(SEC_CONFIG) ;
-# !/compat/linux/etc/ld.so.cache ;
-# !/compat/linux/var/spool/mail ;
-#@@endif
-}
-
-
-#
-# Libraries, include files, and other system files
-#
-
-(
- rulename = "Libraries, include files, and other system files",
- severity = $(SIG_HI)
-)
-{
- /usr/include -> $(SEC_CRIT) (recurse = true) ;
- /usr/lib -> $(SEC_CRIT) (recurse = true) ;
- /usr/libdata -> $(SEC_CRIT) (recurse = true) ;
- /usr/libexec -> $(SEC_CRIT) (recurse = true) ;
- /usr/share -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man -> $(SEC_CONFIG) ;
- !/usr/share/man/whatis ;
- !/usr/share/man/.glimpse_filenames ;
- !/usr/share/man/.glimpse_filenames_index ;
- !/usr/share/man/.glimpse_filetimes ;
- !/usr/share/man/.glimpse_filters ;
- !/usr/share/man/.glimpse_index ;
- !/usr/share/man/.glimpse_messages ;
- !/usr/share/man/.glimpse_partitions ;
- !/usr/share/man/.glimpse_statistics ;
- !/usr/share/man/.glimpse_turbo ;
- /usr/share/man/man1 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man2 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man4 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man5 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man6 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man7 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man8 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/man9 -> $(SEC_CRIT) (recurse = true) ;
- /usr/share/man/mann -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/share/man/cat1 ;
- ! /usr/share/man/cat2 ;
- ! /usr/share/man/cat3 ;
- ! /usr/share/man/cat4 ;
- ! /usr/share/man/cat5 ;
- ! /usr/share/man/cat6 ;
- ! /usr/share/man/cat7 ;
- ! /usr/share/man/cat8 ;
- ! /usr/share/man/cat9 ;
- ! /usr/share/man/catl ;
- ! /usr/share/man/catn ;
- /usr/share/perl/man -> $(SEC_CONFIG) ;
- !/usr/share/perl/man/whatis ;
- !/usr/share/perl/man/.glimpse_filenames ;
- !/usr/share/perl/man/.glimpse_filenames_index ;
- !/usr/share/perl/man/.glimpse_filetimes ;
- !/usr/share/perl/man/.glimpse_filters ;
- !/usr/share/perl/man/.glimpse_index ;
- !/usr/share/perl/man/.glimpse_messages ;
- !/usr/share/perl/man/.glimpse_partitions ;
- !/usr/share/perl/man/.glimpse_statistics ;
- !/usr/share/perl/man/.glimpse_turbo ;
- /usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/share/perl/man/cat3 ;
- /usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ;
- ! /usr/local/lib/perl5/5.00503/man/whatis ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
- ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
- /usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/local/lib/perl5/5.00503/man/cat3 ;
-}
-
-
-#
-# X11R6
-#
-
-(
- rulename = "X11R6",
- severity = $(SIG_HI)
-)
-{
- /usr/X11R6 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/lib/X11/xdm -> $(SEC_CONFIG) (recurse = true) ;
- !/usr/X11R6/lib/X11/xdm/xdm-errors ;
- !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
- !/usr/X11R6/lib/X11/xdm/xdm-pid ;
- /usr/X11R6/lib/X11/xkb/compiled -> $(SEC_CONFIG) (recurse = true) ;
- /usr/X11R6/man -> $(SEC_CONFIG) ;
- !/usr/X11R6/man/whatis ;
- !/usr/X11R6/man/.glimpse_filenames ;
- !/usr/X11R6/man/.glimpse_filenames_index ;
- !/usr/X11R6/man/.glimpse_filetimes ;
- !/usr/X11R6/man/.glimpse_filters ;
- !/usr/X11R6/man/.glimpse_index ;
- !/usr/X11R6/man/.glimpse_messages ;
- !/usr/X11R6/man/.glimpse_partitions ;
- !/usr/X11R6/man/.glimpse_statistics ;
- !/usr/X11R6/man/.glimpse_turbo ;
- /usr/X11R6/man/man1 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man2 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man4 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man5 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man6 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man7 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man8 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/man9 -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/manl -> $(SEC_CRIT) (recurse = true) ;
- /usr/X11R6/man/mann -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/X11R6/man/cat1 ;
- ! /usr/X11R6/man/cat2 ;
- ! /usr/X11R6/man/cat3 ;
- ! /usr/X11R6/man/cat4 ;
- ! /usr/X11R6/man/cat5 ;
- ! /usr/X11R6/man/cat6 ;
- ! /usr/X11R6/man/cat7 ;
- ! /usr/X11R6/man/cat8 ;
- ! /usr/X11R6/man/cat9 ;
- ! /usr/X11R6/man/catl ;
- ! /usr/X11R6/man/catn ;
-}
-
-
-#
-# sources
-#
-
-(
- rulename = "Sources",
- severity = $(SIG_HI)
-)
-{
- /usr/src -> $(SEC_CRIT) (recurse = true) ;
- /usr/src/sys/compile -> $(SEC_CONFIG) (recurse = false) ;
-}
-
-
-#
-# NIS
-#
-
-(
- rulename = "NIS",
- severity = $(SIG_HI)
-)
-{
- /var/yp -> $(SEC_CRIT) (recurse = true) ;
- !/var/yp/binding ;
-}
-
-
-#
-# Temporary directories
-#
-(
- rulename = "Temporary directories",
- recurse = false,
- severity = $(SIG_LOW)
-)
-{
- /usr/tmp -> $(SEC_INVARIANT) ;
- /var/tmp -> $(SEC_INVARIANT) ;
- /var/preserve -> $(SEC_INVARIANT) ;
- /tmp -> $(SEC_INVARIANT) ;
-}
-
-#
-# Local files
-#
-
-(
- rulename = "Local files",
- severity = $(SIG_MED)
-)
-{
- /usr/local/bin -> $(SEC_BIN) (recurse = true) ;
- /usr/local/sbin -> $(SEC_BIN) (recurse = true) ;
- /usr/local/etc -> $(SEC_BIN) (recurse = true) ;
- /usr/local/lib -> $(SEC_BIN) (recurse = true ) ;
- /usr/local/libexec -> $(SEC_BIN) (recurse = true ) ;
- /usr/local/share -> $(SEC_BIN) (recurse = true ) ;
- /usr/local/man -> $(SEC_CONFIG) ;
- !/usr/local/man/whatis ;
- !/usr/local/man/.glimpse_filenames ;
- !/usr/local/man/.glimpse_filenames_index ;
- !/usr/local/man/.glimpse_filetimes ;
- !/usr/local/man/.glimpse_filters ;
- !/usr/local/man/.glimpse_index ;
- !/usr/local/man/.glimpse_messages ;
- !/usr/local/man/.glimpse_partitions ;
- !/usr/local/man/.glimpse_statistics ;
- !/usr/local/man/.glimpse_turbo ;
- /usr/local/man/man1 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man2 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man4 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man5 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man6 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man7 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man8 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/man9 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/manl -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/man/mann -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/local/man/cat1 ;
- ! /usr/local/man/cat2 ;
- ! /usr/local/man/cat3 ;
- ! /usr/local/man/cat4 ;
- ! /usr/local/man/cat5 ;
- ! /usr/local/man/cat6 ;
- ! /usr/local/man/cat7 ;
- ! /usr/local/man/cat8 ;
- ! /usr/local/man/cat9 ;
- ! /usr/local/man/catl ;
- ! /usr/local/man/catn ;
- /usr/local/krb5 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man -> $(SEC_CONFIG) ;
- !/usr/local/krb5/man/whatis ;
- !/usr/local/krb5/man/.glimpse_filenames ;
- !/usr/local/krb5/man/.glimpse_filenames_index ;
- !/usr/local/krb5/man/.glimpse_filetimes ;
- !/usr/local/krb5/man/.glimpse_filters ;
- !/usr/local/krb5/man/.glimpse_index ;
- !/usr/local/krb5/man/.glimpse_messages ;
- !/usr/local/krb5/man/.glimpse_partitions ;
- !/usr/local/krb5/man/.glimpse_statistics ;
- !/usr/local/krb5/man/.glimpse_turbo ;
- /usr/local/krb5/man/man1 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man2 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man3 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man4 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man5 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man6 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man7 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man8 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/man9 -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/manl -> $(SEC_CRIT) (recurse = true) ;
- /usr/local/krb5/man/mann -> $(SEC_CRIT) (recurse = true) ;
- ! /usr/local/krb5/man/cat1 ;
- ! /usr/local/krb5/man/cat2 ;
- ! /usr/local/krb5/man/cat3 ;
- ! /usr/local/krb5/man/cat4 ;
- ! /usr/local/krb5/man/cat5 ;
- ! /usr/local/krb5/man/cat6 ;
- ! /usr/local/krb5/man/cat7 ;
- ! /usr/local/krb5/man/cat8 ;
- ! /usr/local/krb5/man/cat9 ;
- ! /usr/local/krb5/man/catl ;
- ! /usr/local/krb5/man/catn ;
- /usr/local/www -> $(SEC_CONFIG) (recurse = true) ;
-}
-
-
-(
- rulename = "Security Control",
- severity = $(SIG_HI)
-)
-{
- /etc/group -> $(SEC_CRIT) ;
- /etc/crontab -> $(SEC_CRIT) ;
-}
-
-#=============================================================================
-#
-# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
-# Inc. in the United States and other countries. All rights reserved.
-#
-# FreeBSD is a registered trademark of the FreeBSD Project Inc.
-#
-# UNIX is a registered trademark of The Open Group.
-#
-#=============================================================================
-#
-# Permission is granted to make and distribute verbatim copies of this document
-# provided the copyright notice and this permission notice are preserved on all
-# copies.
-#
-# Permission is granted to copy and distribute modified versions of this
-# document under the conditions for verbatim copying, provided that the entire
-# resulting derived work is distributed under the terms of a permission notice
-# identical to this one.
-#
-# Permission is granted to copy and distribute translations of this document
-# into another language, under the above conditions for modified versions,
-# except that this permission notice may be stated in a translation approved by
-# Tripwire, Inc.
-#
-# DCM
diff --git a/security/tripwire/pkg-descr b/security/tripwire/pkg-descr
index c0176a3905f3..1abf28d5bcae 100644
--- a/security/tripwire/pkg-descr
+++ b/security/tripwire/pkg-descr
@@ -4,12 +4,4 @@ Used with system files on a regular (e.g., daily) basis, Tripwire
can notify system administrators of corrupted or tampered files,
so damage control measures can be taken in a timely manner.
-If "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the
-"make" command line, this port will write the tripwire database to
-a floppy disk, which should then be write-protected and used as a
-reference for future runs. The diskette should be formatted and
-present in the "A" drive before starting the "make install" step.
-
-Joe Greco <jgreco@ns.sol.net>
-
WWW: http://sourceforge.net/projects/tripwire/
diff --git a/security/tripwire/pkg-plist b/security/tripwire/pkg-plist
index 2cd6872d8e93..663033bbe4f7 100644
--- a/security/tripwire/pkg-plist
+++ b/security/tripwire/pkg-plist
@@ -2,8 +2,6 @@ sbin/tripwire
sbin/twadmin
sbin/twprint
sbin/siggen
-share/doc/tripwire/README
-share/doc/tripwire/Release_Notes
share/doc/tripwire/COPYING
share/doc/tripwire/TRADEMARK
share/doc/tripwire/policyguide.txt