diff options
author | cy <cy@FreeBSD.org> | 2005-08-10 02:24:15 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2005-08-10 02:24:15 +0800 |
commit | 989958838ae7ad4adce86ea820550aa865169059 (patch) | |
tree | fa254bd9f2f3c1a4a1b97e5069f6f6bf190b7238 /security | |
parent | 09209c6532feb61475ab9cf07c134e9f9f0ec42f (diff) | |
download | freebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.tar.gz freebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.tar.zst freebsd-ports-gnome-989958838ae7ad4adce86ea820550aa865169059.zip |
Update twpol.txt to make it current with 5.X and beyond.
Approved by: portsmgr (marcus)
Diffstat (limited to 'security')
-rw-r--r-- | security/tripwire/Makefile | 2 | ||||
-rw-r--r-- | security/tripwire/files/twpol.m4 | 6 | ||||
-rw-r--r-- | security/tripwire/files/twpol.txt | 6 |
3 files changed, 13 insertions, 1 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile index 9d9408ba4855..36d02cf6ed7c 100644 --- a/security/tripwire/Makefile +++ b/security/tripwire/Makefile @@ -7,7 +7,7 @@ PORTNAME= tripwire PORTVERSION= 2.3.1.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://download.sourceforge.net/tripwire/ DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/} diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4 index edb5d6a2e9f1..7be1442fa538 100644 --- a/security/tripwire/files/twpol.m4 +++ b/security/tripwire/files/twpol.m4 @@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /boot is used by FreeBSD 5.X+ + /boot -> $(SEC_CRIT) ; + # /kernel is used by FreeBSD 4.X /kernel -> $(SEC_CRIT) ; /kernel.old -> $(SEC_CRIT) ; /kernel.GENERIC -> $(SEC_CRIT) ; @@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /modules is used by FreeBSD 4.X /modules -> $(SEC_CRIT) (recurse = true) ; /modules.old -> $(SEC_CRIT) (recurse = true) ; + # /lkm is used by FreeBSD 2.X and 3.X # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld } @@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # XXX Do we really need to verify the integrity of /dev on 5.X? /dev -> $(Device) (recurse = true) ; !/dev/vga ; !/dev/dri ; diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt index edb5d6a2e9f1..7be1442fa538 100644 --- a/security/tripwire/files/twpol.txt +++ b/security/tripwire/files/twpol.txt @@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /boot is used by FreeBSD 5.X+ + /boot -> $(SEC_CRIT) ; + # /kernel is used by FreeBSD 4.X /kernel -> $(SEC_CRIT) ; /kernel.old -> $(SEC_CRIT) ; /kernel.GENERIC -> $(SEC_CRIT) ; @@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /modules is used by FreeBSD 4.X /modules -> $(SEC_CRIT) (recurse = true) ; /modules.old -> $(SEC_CRIT) (recurse = true) ; + # /lkm is used by FreeBSD 2.X and 3.X # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld } @@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # XXX Do we really need to verify the integrity of /dev on 5.X? /dev -> $(Device) (recurse = true) ; !/dev/vga ; !/dev/dri ; |