Update twpol.txt to make it current with 5.X and beyond.

Approved by: portsmgr (marcus)
author: Cy Schubert <cy@FreeBSD.org> 2005-08-09 18:24:15 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2005-08-09 18:24:15 +0000
commit: bd60fa6a1b82cd2d813e2164613d0c2432748611 (patch)
tree: 7f6841fafb789e996b41e55a0eaa0847e0e63653 /security/tripwire
parent: 2b2c011d66c1ecb9e432c68453c8aa6f27b3e1d3 (diff)
download: ports-bd60fa6a1b82cd2d813e2164613d0c2432748611.tar.gz
ports-bd60fa6a1b82cd2d813e2164613d0c2432748611.zip
3 files changed, 13 insertions, 1 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
index 9d9408ba4855..36d02cf6ed7c 100644
--- a/security/tripwire/Makefile
+++ b/security/tripwire/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	tripwire
 PORTVERSION=	2.3.1.2
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	http://download.sourceforge.net/tripwire/
 DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/}
diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4
index edb5d6a2e9f1..7be1442fa538 100644
--- a/security/tripwire/files/twpol.m4
+++ b/security/tripwire/files/twpol.m4
@@ -192,6 +192,9 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # /boot is used by FreeBSD 5.X+
+  /boot					-> $(SEC_CRIT) ;
+  # /kernel is used by FreeBSD 4.X
   /kernel				-> $(SEC_CRIT) ;
   /kernel.old				-> $(SEC_CRIT) ;
   /kernel.GENERIC			-> $(SEC_CRIT) ;
@@ -207,8 +210,10 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # /modules is used by FreeBSD 4.X
   /modules				-> $(SEC_CRIT) (recurse = true) ;
   /modules.old				-> $(SEC_CRIT) (recurse = true) ;
+  # /lkm is used by FreeBSD 2.X and 3.X
   # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
 }
 
@@ -250,6 +255,7 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # XXX Do we really need to verify the integrity of /dev on 5.X?
   /dev					-> $(Device) (recurse = true) ;
   !/dev/vga ;
   !/dev/dri ;
diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt
index edb5d6a2e9f1..7be1442fa538 100644
--- a/security/tripwire/files/twpol.txt
+++ b/security/tripwire/files/twpol.txt
@@ -192,6 +192,9 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # /boot is used by FreeBSD 5.X+
+  /boot					-> $(SEC_CRIT) ;
+  # /kernel is used by FreeBSD 4.X
   /kernel				-> $(SEC_CRIT) ;
   /kernel.old				-> $(SEC_CRIT) ;
   /kernel.GENERIC			-> $(SEC_CRIT) ;
@@ -207,8 +210,10 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # /modules is used by FreeBSD 4.X
   /modules				-> $(SEC_CRIT) (recurse = true) ;
   /modules.old				-> $(SEC_CRIT) (recurse = true) ;
+  # /lkm is used by FreeBSD 2.X and 3.X
   # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
 }
 
@@ -250,6 +255,7 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   severity = $(SIG_HI)
 )
 {
+  # XXX Do we really need to verify the integrity of /dev on 5.X?
   /dev					-> $(Device) (recurse = true) ;
   !/dev/vga ;
   !/dev/dri ;
author	Cy Schubert <cy@FreeBSD.org>	2005-08-09 18:24:15 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2005-08-09 18:24:15 +0000
commit	bd60fa6a1b82cd2d813e2164613d0c2432748611 (patch)
tree	7f6841fafb789e996b41e55a0eaa0847e0e63653 /security/tripwire
parent	2b2c011d66c1ecb9e432c68453c8aa6f27b3e1d3 (diff)
download	ports-bd60fa6a1b82cd2d813e2164613d0c2432748611.tar.gz ports-bd60fa6a1b82cd2d813e2164613d0c2432748611.zip