diff options
author | cy <cy@FreeBSD.org> | 2012-02-23 08:34:28 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2012-02-23 08:34:28 +0800 |
commit | c85629c5c18a5bb2a3f93b598b38d2f595f50dd3 (patch) | |
tree | ca83ddff80d43366eb444aa9f098d42dde443422 /security | |
parent | 9746ccf932f68ce87f481fa424488b254917e4e2 (diff) | |
download | freebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.tar.gz freebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.tar.zst freebsd-ports-gnome-c85629c5c18a5bb2a3f93b598b38d2f595f50dd3.zip |
Misc fixes (not comprehensive) for freebsd8.
Submitted by: Maintainer (Joe Greco <jgreco@ns.sol.net>)
Approved by: Implicitly approved by maintainer
Diffstat (limited to 'security')
-rw-r--r-- | security/tripwire12/Makefile | 7 | ||||
-rw-r--r-- | security/tripwire12/files/tw.conf.freebsd8 | 165 |
2 files changed, 168 insertions, 4 deletions
diff --git a/security/tripwire12/Makefile b/security/tripwire12/Makefile index 0bcd9d88b45a..cbff9750d1c8 100644 --- a/security/tripwire12/Makefile +++ b/security/tripwire12/Makefile @@ -7,6 +7,7 @@ PORTNAME= tripwire PORTVERSION= 1.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_NETBSD} @@ -20,7 +21,7 @@ NO_CDROM= cannot be redistributed for more than the cost of duplication NO_PACKAGE= requires local database to be built USE_PERL5_BUILD=yes -TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2 +TWCONFIG?= ${FILESDIR}/tw.conf.freebsd8 post-extract: @ (cd ${WRKDIR}; tar xpf T1.2.tar) @@ -33,9 +34,7 @@ post-patch: pre-configure: @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs - @ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \ - < ${TWCONFIG} \ - > ${WRKSRC}/configs/tw.conf.freebsd2 + @ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8 post-install: @ ${MKDIR} /var/adm/tcheck diff --git a/security/tripwire12/files/tw.conf.freebsd8 b/security/tripwire12/files/tw.conf.freebsd8 new file mode 100644 index 000000000000..374c5e18490c --- /dev/null +++ b/security/tripwire12/files/tw.conf.freebsd8 @@ -0,0 +1,165 @@ +# $FreeBSD$ +# +# tripwire.config +# Generic version for FreeBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's traditional "home". Note that FreeBSD's root's home (/root) +# is protected by R-2 protections in the default config file. +=/ L +/.rhosts R # may not exist +/.profile R # may not exist +/.cshrc R # may not exist +/.login R # may not exist +/.exrc R # may not exist +/.logout R # may not exist +/.forward R # may not exist + +# Unix itself +/kernel R +/boot R +/boot.config R + +# /bin +/bin R-2 + +# /dev +=/dev L + +# /etc +/etc R-2 +/etc/aliases L +/etc/dumpdates L +/etc/motd L + +# my passwd database should be static at time of system build. yours may +# not be, if not, uncomment the lines below. + +# /etc/passwd L +# /etc/master.passwd L +# /etc/pwd.db L +# /etc/spwd.db L + +# /home +=/home + +# /lib +/lib R-2 + +# /libexec +/libexec R-2 + +# /lkm and /modules +/lkm R-2 +/modules R-2 + +# /boot +/boot R-2 + +# /rescue +/rescue R-2 + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /stand +/stand R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libdata R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/local/lib R-2 + +/usr/local/libexec R-2 + +/usr/local/sbin R-2 + +/usr/local/share R-2 + +/usr/sbin R-2 + +/usr/share R-2 + +########################################### |