aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2012-02-23 08:34:28 +0800
committercy <cy@FreeBSD.org>2012-02-23 08:34:28 +0800
commitc85629c5c18a5bb2a3f93b598b38d2f595f50dd3 (patch)
treeca83ddff80d43366eb444aa9f098d42dde443422 /security
parent9746ccf932f68ce87f481fa424488b254917e4e2 (diff)
downloadfreebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.tar.gz
freebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.tar.zst
freebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.zip
Misc fixes (not comprehensive) for freebsd8.
Submitted by: Maintainer (Joe Greco <jgreco@ns.sol.net>) Approved by: Implicitly approved by maintainer
Diffstat (limited to 'security')
-rw-r--r--security/tripwire12/Makefile7
-rw-r--r--security/tripwire12/files/tw.conf.freebsd8165
2 files changed, 168 insertions, 4 deletions
diff --git a/security/tripwire12/Makefile b/security/tripwire12/Makefile
index 0bcd9d88b45a..cbff9750d1c8 100644
--- a/security/tripwire12/Makefile
+++ b/security/tripwire12/Makefile
@@ -7,6 +7,7 @@
PORTNAME= tripwire
PORTVERSION= 1.2
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_NETBSD}
@@ -20,7 +21,7 @@ NO_CDROM= cannot be redistributed for more than the cost of duplication
NO_PACKAGE= requires local database to be built
USE_PERL5_BUILD=yes
-TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2
+TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8
post-extract:
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
@@ -33,9 +34,7 @@ post-patch:
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
- @ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \
- < ${TWCONFIG} \
- > ${WRKSRC}/configs/tw.conf.freebsd2
+ @ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8
post-install:
@ ${MKDIR} /var/adm/tcheck
diff --git a/security/tripwire12/files/tw.conf.freebsd8 b/security/tripwire12/files/tw.conf.freebsd8
new file mode 100644
index 000000000000..374c5e18490c
--- /dev/null
+++ b/security/tripwire12/files/tw.conf.freebsd8
@@ -0,0 +1,165 @@
+# $FreeBSD$
+#
+# tripwire.config
+# Generic version for FreeBSD
+# Will need editing...see comments below
+#
+# This file contains a list of files and directories that System
+# Preener will scan. Information collected from these files will be
+# stored in the tripwire.database file.
+#
+# Format: [!|=] entry [ignore-flags]
+#
+# where: '!' signifies the entry is to be pruned (inclusive) from
+# the list of files to be scanned.
+# '=' signifies the entry is to be added, but if it is
+# a directory, then all its contents are pruned
+# (useful for /tmp).
+#
+# where: entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+# [template][ [+|-][pinugsam12] ... ]
+#
+# - : ignore the following atributes
+# + : do not ignore the following attributes
+#
+# p : permission and file mode bits a: access timestamp
+# i : inode number m: modification timestamp
+# n : number of links (ref count) c: inode creation timestamp
+# u : user id of owner 1: signature 1
+# g : group id of owner 2: signature 2
+# s : size of file
+#
+#
+# Ex: The following entry will scan all the files in /etc, and report
+# any changes in mode bits, inode number, reference count, uid,
+# gid, modification and creation timestamp, and the signatures.
+# However, it will ignore any changes in the access timestamp.
+#
+# /etc +pinugsm12-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates: (default) R : [R]ead-only (+pinugsm12-a)
+# L : [L]og file (+pinug-sam12)
+# N : ignore [N]othing (+pinusgsamc12)
+# E : ignore [E]verything (-pinusgsamc12)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+# Ex: /etc/lp E+ug
+#
+# Example configuration file:
+# /etc R # all system files
+# !/etc/lp R # ...but not those logs
+# =/tmp N # just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template): Ignoring everything in a directory still monitors
+# for added and deleted files. Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly? Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbitant
+# protection is not needed. (See README and design document for further
+# details.)
+#
+
+# First, root's traditional "home". Note that FreeBSD's root's home (/root)
+# is protected by R-2 protections in the default config file.
+=/ L
+/.rhosts R # may not exist
+/.profile R # may not exist
+/.cshrc R # may not exist
+/.login R # may not exist
+/.exrc R # may not exist
+/.logout R # may not exist
+/.forward R # may not exist
+
+# Unix itself
+/kernel R
+/boot R
+/boot.config R
+
+# /bin
+/bin R-2
+
+# /dev
+=/dev L
+
+# /etc
+/etc R-2
+/etc/aliases L
+/etc/dumpdates L
+/etc/motd L
+
+# my passwd database should be static at time of system build. yours may
+# not be, if not, uncomment the lines below.
+
+# /etc/passwd L
+# /etc/master.passwd L
+# /etc/pwd.db L
+# /etc/spwd.db L
+
+# /home
+=/home
+
+# /lib
+/lib R-2
+
+# /libexec
+/libexec R-2
+
+# /lkm and /modules
+/lkm R-2
+/modules R-2
+
+# /boot
+/boot R-2
+
+# /rescue
+/rescue R-2
+
+# /root
+/root R-2
+/root/.history L
+
+# /sbin
+/sbin R-2
+
+# /stand
+/stand R-2
+
+# /usr/bin
+/usr/bin R-2
+
+/usr/include R-12
+
+/usr/lib R-2
+
+/usr/libdata R-2
+
+/usr/libexec R-2
+
+/usr/local/bin R-2
+
+/usr/local/etc L
+
+/usr/local/lib R-2
+
+/usr/local/libexec R-2
+
+/usr/local/sbin R-2
+
+/usr/local/share R-2
+
+/usr/sbin R-2
+
+/usr/share R-2
+
+###########################################