aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2005-08-10 02:24:15 +0800
committercy <cy@FreeBSD.org>2005-08-10 02:24:15 +0800
commit989958838ae7ad4adce86ea820550aa865169059 (patch)
treefa254bd9f2f3c1a4a1b97e5069f6f6bf190b7238 /security
parent09209c6532feb61475ab9cf07c134e9f9f0ec42f (diff)
downloadfreebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.tar.gz
freebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.tar.zst
freebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.zip
Update twpol.txt to make it current with 5.X and beyond.
Approved by: portsmgr (marcus)
Diffstat (limited to 'security')
-rw-r--r--security/tripwire/Makefile2
-rw-r--r--security/tripwire/files/twpol.m46
-rw-r--r--security/tripwire/files/twpol.txt6
3 files changed, 13 insertions, 1 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
index 9d9408ba4855..36d02cf6ed7c 100644
--- a/security/tripwire/Makefile
+++ b/security/tripwire/Makefile
@@ -7,7 +7,7 @@
PORTNAME= tripwire
PORTVERSION= 2.3.1.2
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security
MASTER_SITES= http://download.sourceforge.net/tripwire/
DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/}
diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4
index edb5d6a2e9f1..7be1442fa538 100644
--- a/security/tripwire/files/twpol.m4
+++ b/security/tripwire/files/twpol.m4
@@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # /boot is used by FreeBSD 5.X+
+ /boot -> $(SEC_CRIT) ;
+ # /kernel is used by FreeBSD 4.X
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
@@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # /modules is used by FreeBSD 4.X
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
+ # /lkm is used by FreeBSD 2.X and 3.X
# /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
}
@@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # XXX Do we really need to verify the integrity of /dev on 5.X?
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;
diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt
index edb5d6a2e9f1..7be1442fa538 100644
--- a/security/tripwire/files/twpol.txt
+++ b/security/tripwire/files/twpol.txt
@@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # /boot is used by FreeBSD 5.X+
+ /boot -> $(SEC_CRIT) ;
+ # /kernel is used by FreeBSD 4.X
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
@@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # /modules is used by FreeBSD 4.X
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
+ # /lkm is used by FreeBSD 2.X and 3.X
# /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
}
@@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point
severity = $(SIG_HI)
)
{
+ # XXX Do we really need to verify the integrity of /dev on 5.X?
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;