From c85629c5c18a5bb2a3f93b598b38d2f595f50dd3 Mon Sep 17 00:00:00 2001
From: cy <cy@FreeBSD.org>
Date: Thu, 23 Feb 2012 00:34:28 +0000
Subject: Misc fixes (not comprehensive) for freebsd8.

Submitted by:	Maintainer (Joe Greco <jgreco@ns.sol.net>)
Approved by:	Implicitly approved by maintainer
---
 security/tripwire12/Makefile               |   7 +-
 security/tripwire12/files/tw.conf.freebsd8 | 165 +++++++++++++++++++++++++++++
 2 files changed, 168 insertions(+), 4 deletions(-)
 create mode 100644 security/tripwire12/files/tw.conf.freebsd8

(limited to 'security')

diff --git a/security/tripwire12/Makefile b/security/tripwire12/Makefile
index 0bcd9d88b45a..cbff9750d1c8 100644
--- a/security/tripwire12/Makefile
+++ b/security/tripwire12/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	tripwire
 PORTVERSION=	1.2
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_NETBSD}
 
@@ -20,7 +21,7 @@ NO_CDROM=	cannot be redistributed for more than the cost of duplication
 NO_PACKAGE=	requires local database to be built
 USE_PERL5_BUILD=yes
 
-TWCONFIG?=	${FILESDIR}/tw.conf.freebsd2
+TWCONFIG?=	${FILESDIR}/tw.conf.freebsd8
 
 post-extract:
 	@ (cd ${WRKDIR}; tar xpf T1.2.tar)
@@ -33,9 +34,7 @@ post-patch:
 
 pre-configure:
 	@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
-	@ ${SED} s%/kernel%`/sbin/sysctl -bn kern.bootfile`% \
-		< ${TWCONFIG} \
-		> ${WRKSRC}/configs/tw.conf.freebsd2
+	@ ${cp} ${TWCONFIG} ${WRKSRC}/configs/tw.conf.freebsd8
 
 post-install:
 	@ ${MKDIR} /var/adm/tcheck
diff --git a/security/tripwire12/files/tw.conf.freebsd8 b/security/tripwire12/files/tw.conf.freebsd8
new file mode 100644
index 000000000000..374c5e18490c
--- /dev/null
+++ b/security/tripwire12/files/tw.conf.freebsd8
@@ -0,0 +1,165 @@
+# $FreeBSD$
+#
+# tripwire.config
+# Generic version for FreeBSD
+#  Will need editing...see comments below
+#
+# This file contains a list of files and directories that System 
+# Preener will scan.  Information collected from these files will be 
+# stored in the tripwire.database file.
+#
+# Format: 			[!|=] entry [ignore-flags]
+#
+# where:	 '!' signifies the entry is to be pruned (inclusive) from
+#				the list of files to be scanned.
+#		 '=' signifies the entry is to be added, but if it is
+#				a directory, then all its contents are pruned
+#				(useful for /tmp).
+#
+# where:	entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+#		[template][ [+|-][pinugsam12] ... ]
+#
+# 	- :  ignore the following atributes
+#	+ :  do not ignore the following attributes
+#
+#	p :  permission and file mode bits 	a: access timestamp
+#	i :  inode number			m: modification timestamp
+#	n :  number of links (ref count)	c: inode creation timestamp
+#	u :  user id of owner			1: signature 1
+#	g :  group id of owner			2: signature 2
+#	s :  size of file
+#
+#
+# Ex:   The following entry will scan all the files in /etc, and report
+#	any changes in mode bits, inode number, reference count, uid,
+#	gid, modification and creation timestamp, and the signatures.
+#	However, it will ignore any changes in the access timestamp.
+#
+#	/etc	+pinugsm12-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates: 	(default)	R :  [R]ead-only (+pinugsm12-a)
+#				L :  [L]og file (+pinug-sam12)
+#				N :  ignore [N]othing (+pinusgsamc12)
+#				E :  ignore [E]verything (-pinusgsamc12)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+#	Ex:  /etc/lp	E+ug
+#
+#	Example configuration file:
+#		/etc		R	# all system files
+#		!/etc/lp	R	# ...but not those logs
+#		=/tmp		N	# just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template):  Ignoring everything in a directory still monitors
+# for added and deleted files.  Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly?  Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbitant 
+# protection is not needed.  (See README and design document for further
+# details.)
+#
+
+#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
+#  is protected by R-2 protections in the default config file.
+=/		L
+/.rhosts	R	# may not exist
+/.profile	R	# may not exist
+/.cshrc		R	# may not exist
+/.login		R	# may not exist
+/.exrc		R	# may not exist
+/.logout	R	# may not exist
+/.forward	R	# may not exist
+
+# Unix itself
+/kernel		R
+/boot		R
+/boot.config	R
+
+# /bin
+/bin		R-2
+
+# /dev
+=/dev	 	L
+
+# /etc
+/etc			R-2
+/etc/aliases	 	L
+/etc/dumpdates		L
+/etc/motd		L
+
+# my passwd database should be static at time of system build.  yours may
+# not be, if not, uncomment the lines below.
+
+# /etc/passwd		L
+# /etc/master.passwd	L
+# /etc/pwd.db		L
+# /etc/spwd.db		L
+
+# /home
+=/home
+
+# /lib
+/lib			R-2
+
+# /libexec
+/libexec		R-2
+
+# /lkm and /modules
+/lkm			R-2
+/modules		R-2
+
+# /boot
+/boot			R-2
+
+# /rescue
+/rescue			R-2
+
+# /root
+/root			R-2
+/root/.history		L
+
+# /sbin
+/sbin			R-2
+
+# /stand
+/stand			R-2
+
+# /usr/bin
+/usr/bin		R-2
+
+/usr/include		R-12
+
+/usr/lib		R-2
+
+/usr/libdata		R-2
+
+/usr/libexec		R-2
+
+/usr/local/bin		R-2
+
+/usr/local/etc		L
+
+/usr/local/lib		R-2
+
+/usr/local/libexec	R-2
+
+/usr/local/sbin		R-2
+
+/usr/local/share	R-2
+
+/usr/sbin		R-2
+
+/usr/share		R-2
+
+###########################################
-- 
cgit