diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2006-02-16 15:17:31 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2006-02-16 15:17:31 +0000 |
| commit | ebc5833b17da8a3ff61718bb07d0f3e9513ec543 (patch) | |
| tree | bd60fcc47512f837070244f0621ab96ca5bf6e44 /security/tripwire | |
| parent | e06498b03204acb6398e7bffe833cdf2336ee1be (diff) | |
| download | ports-ebc5833b17da8a3ff61718bb07d0f3e9513ec543.tar.gz ports-ebc5833b17da8a3ff61718bb07d0f3e9513ec543.zip | |
Ugrade 2.3.1-2 --> 2.4.0.1
Also, document the rename of files/twpol.txt to files/twpol.m4 through
a repocopy. M4 is now used to conditionally build the initial copy of the
Tripwire policy file based on the version of FreeBSD this port is being
installed on.
Notes
Notes:
svn path=/head/; revision=156177
Diffstat (limited to 'security/tripwire')
| -rw-r--r-- | security/tripwire/Makefile | 66 | ||||
| -rw-r--r-- | security/tripwire/distinfo | 6 | ||||
| -rw-r--r-- | security/tripwire/files/patch-install::install.sh | 70 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::Makefile | 35 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp | 11 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::core::msystem.cpp | 14 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::core::unix::file_unix.cpp | 45 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::core::unix::unixfsservices.cpp | 31 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::tripwire::mailmessage.cpp | 11 | ||||
| -rw-r--r-- | security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp | 16 | ||||
| -rw-r--r-- | security/tripwire/files/twpol.m4 | 42 | ||||
| -rw-r--r-- | security/tripwire/files/twpol.txt | 661 | ||||
| -rw-r--r-- | security/tripwire/pkg-descr | 8 | ||||
| -rw-r--r-- | security/tripwire/pkg-plist | 2 |
14 files changed, 42 insertions, 976 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile index 76481b8992dc..c7ad628bd570 100644 --- a/security/tripwire/Makefile +++ b/security/tripwire/Makefile @@ -6,28 +6,28 @@ # PORTNAME= tripwire -PORTVERSION= 2.3.1.2 -PORTREVISION= 5 +PORTVERSION= 2.4.0.1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/} +DISTNAME= ${PORTNAME}-${PORTVERSION}-src MAINTAINER= cy@FreeBSD.org COMMENT= File system security and verification program -BROKEN= DOES NOT BUILD: /usr/lib/libpthread.so: undefined reference to __usleep LATEST_LINK= ${PORTNAME} MAN5= twfiles.5 twconfig.5 twpolicy.5 MAN8= siggen.8 tripwire.8 twadmin.8 twintro.8 twprint.8 NO_PACKAGE= "requires local database to be built" -WRKSRC= ${WRKDIR}/${DISTNAME} +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} BUILD_WRKSRC= ${WRKSRC}/src +USE_BZIP2= yes +GNU_CONFIGURE= yes USE_GMAKE= yes -USE_PERL5= yes -ALL_TARGET= release +USE_PERL5_BUILD= yes MAKE_ARGS= SYSPRE=${ARCH}-unknown-freebsd IS_INTERACTIVE= yes +M4= /usr/bin/m4 # Tripwire config files are stored in TWCFG TWCFG?= /usr/local/etc/tripwire @@ -44,51 +44,37 @@ TWREPORT?= ${TWDB}/report # This sets the default text editor for Tripwire. TWEDITOR?= /usr/bin/vi # This sets the location of the twpol.txt file that is to be installed -TWPOL_TXT?= ${FILESDIR}/twpol.txt +TWPOL_TXT?= ${FILESDIR}/twpol.m4 # Other variables that are used: TRIPWIRE_CLOBBER?= NO # If TRIPWIRE_CLOBBER is set to YES, the install script clobbers # previously installed config files. +CONFIGURE_ARGS= --prefix=${PREFIX} --program-transform-name='' --sysconfdir=${TWCFG} .include <bsd.port.pre.mk> -PLIST_SUB+= TWCFG=${TWCFG} TWDB=${TWDB} - -.if ${OSVERSION} > 501000 -USE_GCC= 2.95 -USE_REINPLACE= YES +.if ${OSVERSION} < 500000 +BUILD_DEPENDS= ${LOCALBASE}/lib/libstlport_gcc.so:${PORTSDIR}/devel/stlport +RUN_DEPENDS= ${LOCALBASE}/lib/libstlport_gcc.so:${PORTSDIR}/devel/stlport .endif +PLIST_SUB+= TWCFG=${TWCFG} TWDB=${TWDB} + pre-configure: - @ ${CP} ${TWPOL_TXT} ${WRKSRC}/policy/twpol.txt + @ ${M4} -DFREEBSD_VERSION=`${ECHO_CMD} ${OSREL} | ${CUT} -d. -f1` < ${TWPOL_TXT} > ${WRKSRC}/policy/twpol-FreeBSD.txt @ ${MV} ${WRKSRC}/src/core/stdcore.h ${WRKSRC}/src/core/stdcore.h.orig @ ${SED} 's%^# define CONFIG_FILE_ROOT "/usr/local/etc/tripwire"%# define CONFIG_FILE_ROOT "${TWCFG}"%' ${WRKSRC}/src/core/stdcore.h.orig > ${WRKSRC}/src/core/stdcore.h @ ${MV} ${WRKSRC}/man/man4/twconfig.4 ${WRKSRC}/man/man5/twconfig.5 @ ${MV} ${WRKSRC}/man/man4/twpolicy.4 ${WRKSRC}/man/man5/twpolicy.5 + @ ${LN} -s ${WRKSRC}/contrib ${WRKSRC}/install -.if ${OSVERSION} > 501000 -post-extract: - @ ${REINPLACE_CMD} -e "s|CC \= gcc|CC \= gcc295|g" ${WRKSRC}/src/STLport-4.0/src/gcc.mak - @ ${REINPLACE_CMD} -e "s|CXX \= c\+\+|CXX \= g\+\+295|g" ${WRKSRC}/src/STLport-4.0/src/gcc.mak - @ ${REINPLACE_CMD} -e "s|ln \-s \/usr\/include\/g\+\+ include|ln \-s ${PREFIX}\/lib\/gcc\-lib\/${ARCH}\-portbld\-freebsd${OSREL}\/2.95.3\/include include|g" ${WRKSRC}/src/STLport-4.0/STLport.mak - @ ${REINPLACE_CMD} -e "s|CC \= cc|CC \= gcc295|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc - @ ${REINPLACE_CMD} -e "s|CXX \= c\+\+|CXX \= g\+\+295|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc - @ ${REINPLACE_CMD} -e "s|LINKFLAGS_R \= \-pthread|LINKFLAGS_R \+\= \-lpthread|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc - @ ${REINPLACE_CMD} -e "s|LINKFLAGS_D \= \-pthread|LINKFLAGS_D \+\= \-lpthread|g" ${WRKSRC}/src/make_include/i386-unknown-freebsd.inc - @ ${REINPLACE_CMD} -e "s|CC \= g\+\+|CC \= g\+\+295|g" ${WRKSRC}/src/cryptlib/i386-unknown-freebsd.mak - @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/core/msystem.cpp - @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/twparser/yylex.cpp - @ ${REINPLACE_CMD} -e "s|malloc.h|stdlib.h|g" ${WRKSRC}/src/tripwire/tripwiremain.cpp -.endif - -install-software: +install-config-files: @ ${ECHO_CMD} TWPOLICY=${TWPOLICY} >> ${WRKSRC}/install/install.cfg @ ${ECHO_CMD} TWSITEKEYDIR=${TWSITEKEYDIR} >> ${WRKSRC}/install/install.cfg @ ${ECHO_CMD} TWLOCALKEYDIR=${TWLOCALKEYDIR} >> ${WRKSRC}/install/install.cfg @ ${ECHO_CMD} TWDB=${TWDB} >> ${WRKSRC}/install/install.cfg @ ${ECHO_CMD} TWREPORT=${TWREPORT} >> ${WRKSRC}/install/install.cfg @ ${ECHO_CMD} TWEDITOR=${TWEDITOR} >> ${WRKSRC}/install/install.cfg - @ ${ECHO_CMD} TWPOL_TXT=${TWPOL_TXT} >> ${WRKSRC}/install/install.cfg @ cd ${WRKSRC} && ${LN} -sf install/install.cfg install/install.sh . .if ( defined(TRIPWIRE_CLOBBER) && ${TRIPWIRE_CLOBBER} == "YES" ) || \ ( defined(TRIPWIRE_CLOBBER) && ${TRIPWIRE_CLOBBER} == "yes" ) @@ -103,11 +89,6 @@ create-database: ${TWDB} ${TWREPORT} @ ${ECHO} Creating tripwire database @ cd ${TWCFG} && ${PREFIX}/sbin/tripwire --init - @ ${ECHO} To create a floppy backup of your tripwire database - @ ${ECHO} run \"make floppy\". The default database will not - @ ${ECHO} fit on a floppy, however with the removal of objects - @ ${ECHO} from the database, it can be made to fit on a 1.44 MB - @ ${ECHO} floppy disk. @ ${ECHO_CMD} @ ${ECHO} The tripwire database, configuration file and @ ${ECHO} policy file are signed using the local and site keys, @@ -116,17 +97,6 @@ create-database: .endif -floppy: - @ disklabel -w -B /dev/rfd0c fd1440 - @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c - @ mount /dev/fd0c /mnt - @ ${CP} -p ${PREFIX}/sbin/tripwire /mnt/tripwire - @ ${CP} -p ${TWCFG}/* /mnt - @ ${SH} -c "${CP} -p ${TWDB}/* /mnt || exit 0" - @ ${CHMOD} 555 /mnt/tripwire - @ umount /mnt - @ ${ECHO} Do not forget to remove and write-protect the floppy. - -do-install: install-software create-database +post-install: install-config-files create-database .include <bsd.port.post.mk> diff --git a/security/tripwire/distinfo b/security/tripwire/distinfo index 185cdb7e5565..b6dec09bddcb 100644 --- a/security/tripwire/distinfo +++ b/security/tripwire/distinfo @@ -1,3 +1,3 @@ -MD5 (tripwire-2.3.1-2.tar.gz) = 6a15fe110565cef9ed33c1c7e070355e -SHA256 (tripwire-2.3.1-2.tar.gz) = d339fbc093ce9e9f0c98fa2b454735bb2c13613103d6edcfcce57dbd3a394d2a -SIZE (tripwire-2.3.1-2.tar.gz) = 1514955 +MD5 (tripwire-2.4.0.1-src.tar.bz2) = b371f79ac23cacc9ad40b1da76b4a0c4 +SHA256 (tripwire-2.4.0.1-src.tar.bz2) = 397269815278b775f1dd657c3bd06982990a2af2a7ab2a8c8175b117c6147212 +SIZE (tripwire-2.4.0.1-src.tar.bz2) = 1208424 diff --git a/security/tripwire/files/patch-install::install.sh b/security/tripwire/files/patch-install::install.sh deleted file mode 100644 index 6e7ecf08eec0..000000000000 --- a/security/tripwire/files/patch-install::install.sh +++ /dev/null @@ -1,70 +0,0 @@ ---- install/install.sh.orig Fri Oct 27 17:26:26 2000 -+++ install/install.sh Fri Feb 22 07:34:55 2002 -@@ -3,7 +3,7 @@ - ######################################################### - ######################################################### - ## --## Tripwire(R) 2.3 Open Source for LINUX install script -+## Tripwire(R) 2.3 Open Source for FreeBSD install script - ## - ######################################################### - ######################################################### -@@ -252,12 +252,14 @@ - unamVER=`uname -v -r` - if ((echo "$unamOS" | $GREP -i "Linux" > /dev/null) || - (echo "$unamOS" | $GREP -i "HP-UX" > /dev/null) || -+ (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null) || - (echo "$unamOS" | $GREP -i "AIX" > /dev/null)); then - unamHW=`uname -m` - else - unamHW=`uname -p` - fi -- if (echo "$unamOS" | $GREP -i "Linux" > /dev/null); then -+ if (echo "$unamOS" | $GREP -i "Linux" > /dev/null) || -+ (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then - osokay=1 - fi - if [ "$osokay" -eq 0 ] ; then -@@ -488,7 +490,11 @@ - BASE_DIR=`echo $0 | sed s/$BASE_DIR\$//` - if [ ! -z "$BASE_DIR" ] ; then - TAR_DIR="${BASE_DIR}" -- BIN_DIR="${BASE_DIR}bin/i686-pc-linux_r" -+ if (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then -+ BIN_DIR="${BASE_DIR}bin/${unamHW}-unknown-freebsd_r" -+ else -+ BIN_DIR="${BASE_DIR}bin/i686-pc-linux_r" -+ fi - else - TAR_DIR="${BASE_DIR}" - fi -@@ -621,15 +627,22 @@ - f1=' ff=$README ; d="" ; dd=$TWDOCS ; rr=0444 ' - f2=' ff=$REL_NOTES ; d="" ; dd=$TWDOCS ; rr=0444 ' - f3=' ff=$TWLICENSEFILE ; d="" ; dd=$TWDOCS ; rr=0444 ' --f4=' ff=tripwire ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' --f5=' ff=twadmin ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' --f6=' ff=twprint ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' --f7=' ff=siggen ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' -+if (echo "$unamOS" | $GREP -i "Linux" > /dev/null); then -+ f4=' ff=tripwire ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' -+ f5=' ff=twadmin ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' -+ f6=' ff=twprint ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' -+ f7=' ff=siggen ; d="/bin/i686-pc-linux_r" ; dd=$TWBIN ; rr=0550 ' -+elif (echo "$unamOS" | $GREP -i "FreeBSD" > /dev/null); then -+ f4=' ff=tripwire ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 ' -+ f5=' ff=twadmin ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 ' -+ f6=' ff=twprint ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 ' -+ f7=' ff=siggen ; d="/bin/${unamHW}-unknown-freebsd_r" ; dd=$TWBIN ; rr=0550 ' -+fi - f8=' ff=TRADEMARK ; d="" ; dd=$TWDOCS ; rr=0444 ' --f9=' ff=policyguide.txt ; d="" ; dd=$TWDOCS ; rr=0444 ' -+f9=' ff=policyguide.txt ; d="/policy/" ; dd=$TWDOCS ; rr=0444 ' - f10=' ff=twpol.txt ; d="/policy/" ; dd=$TWPOLICY ; rr=0640 ' --f11=' ff=twpolicy.4 ; d="/man/man4" ; dd=$TWMAN/man4 ; rr=0444 ' --f12=' ff=twconfig.4 ; d="/man/man4" ; dd=$TWMAN/man4 ; rr=0444 ' -+f11=' ff=twpolicy.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 ' -+f12=' ff=twconfig.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 ' - f13=' ff=twfiles.5 ; d="/man/man5" ; dd=$TWMAN/man5 ; rr=0444 ' - f14=' ff=siggen.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 ' - f15=' ff=tripwire.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 ' diff --git a/security/tripwire/files/patch-src::Makefile b/security/tripwire/files/patch-src::Makefile deleted file mode 100644 index d49c5079587c..000000000000 --- a/security/tripwire/files/patch-src::Makefile +++ /dev/null @@ -1,35 +0,0 @@ ---- src/Makefile.orig Sat Mar 3 20:03:52 2001 -+++ src/Makefile Fri Feb 22 07:48:44 2002 -@@ -5,15 +5,16 @@ - # - # This makefile handles different platforms targets through the use of the - # makefile variable "SYSPRE". To configure the make process for your specific --# platform edit the SYSPRE variable in the Configuration section below to match your --# setup. -+# platform edit the SYSPRE variable in the Configuration section below to match -+# your setup. - # - # During the build process this makefile recursively calls gmake using this - # file (Makefile) or one of the subdirectory makefiles (e.g. core/core.mak) - # as the makefile. When it does this it passes the SYSPRE definition along - # by using the directive "SYSPRE=$(SYSPRE)". - # --# Comments that start with '#=' are echoed to the screen by the default target, help. -+# Comments that start with '#=' are echoed to the screen by the default target, -+# help. - #= *** Build Commands - #= - #= Please note that all Tripwire makefiles require GNU make (gmake) to build! -@@ -77,9 +78,11 @@ - # - # i686-pc-linux == Linux Intel x86 - # sparc-linux == Linux Sparc (not fully implemented) -+# i386-unknown-freebsd == FreeBSD Intel x86 -+# alpha-unknown-freebsd == FreeBSD Compaq Alpha - # - --SYSPRE = i686-pc-linux -+#SYSPRE = i686-pc-linux - #SYSPRE = sparc-linux - #SYSPRE = i386-unknown-freebsd - #SYSPRE = i386-unknown-openbsd diff --git a/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp b/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp deleted file mode 100644 index 551cd1fb7a3e..000000000000 --- a/security/tripwire/files/patch-src::STLport-4.0::src::num_put_float.cpp +++ /dev/null @@ -1,11 +0,0 @@ ---- src/STLport-4.0/src/num_put_float.cpp.orig Sat Feb 24 19:44:14 2001 -+++ src/STLport-4.0/src/num_put_float.cpp Sat Oct 12 02:55:14 2002 -@@ -43,7 +43,7 @@ - - # ifdef __STL_UNIX - --# ifdef __OpenBSD__ -+# if defined(__OpenBSD__) || defined(__FreeBSD__) - # include <math.h> - # include <float.h> - # else diff --git a/security/tripwire/files/patch-src::core::msystem.cpp b/security/tripwire/files/patch-src::core::msystem.cpp deleted file mode 100644 index 5df1a0d36393..000000000000 --- a/security/tripwire/files/patch-src::core::msystem.cpp +++ /dev/null @@ -1,14 +0,0 @@ ---- src/core/msystem.cpp.orig Wed Aug 10 15:59:22 2005 -+++ src/core/msystem.cpp Wed Aug 10 17:00:19 2005 -@@ -951,8 +951,11 @@ - * ignore any signals until child dies - */ - for(i = 0; i < MAX_SIGNAL; i++) -+#ifdef __FreeBSD__ -+#define SIGCLD SIGCHLD -+#endif - #ifdef SIGCLD - if (i != SIGCLD) - #endif - savesig[i] = tw_sigign(i); - /* diff --git a/security/tripwire/files/patch-src::core::unix::file_unix.cpp b/security/tripwire/files/patch-src::core::unix::file_unix.cpp deleted file mode 100644 index d43cca7f771c..000000000000 --- a/security/tripwire/files/patch-src::core::unix::file_unix.cpp +++ /dev/null @@ -1,45 +0,0 @@ ---- src/core/unix/file_unix.cpp Sat Oct 28 04:15:21 2000 -+++ src/core/unix/file_unix.cpp Wed Jun 13 09:29:07 2001 -@@ -155,10 +155,15 @@ - if( flags & OPEN_CREATE ) - perm |= O_CREAT; - -+ mode_t openmode = 0664; -+ if ( flags & OPEN_EXCLUSIVE ) { -+ perm |= O_CREAT | O_EXCL; -+ openmode = (mode_t) 0600; // Make sure only root can read the file -+ } - // - // actually open the file - // -- int fh = _topen( sFileName.c_str(), perm, 0664 ); -+ int fh = _topen( sFileName.c_str(), perm, openmode ); - if( fh == -1 ) - { - throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) ); ---- src/core/file.h Sat Oct 28 04:15:20 2000 -+++ src/core/file.h Wed Jun 13 09:07:20 2001 -@@ -96,7 +96,8 @@ - OPEN_LOCKED_TEMP = 0x00000004, // the file should not be readable by other processes and should be removed when closed - OPEN_TRUNCATE = 0x00000008, // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE - OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set -- OPEN_TEXT = 0x00000020 -+ OPEN_TEXT = 0x00000020, -+ OPEN_EXCLUSIVE = 0x0000040 // Use O_CREAT | O_EXCL - }; - - //Ctor, Dtor, CpyCtor, Operator=: ---- src/core/archive.cpp Sat Feb 24 21:02:12 2001 -+++ src/core/archive.cpp Wed Jun 13 09:15:25 2001 -@@ -896,8 +896,9 @@ - // create file - - // set up flags -- uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE; -- if ( openFlags & FA_OPEN_TRUNCATE ) -+ uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE | cFile::OPEN_EXCLUSIVE; -+ -+ if ( openFlags & FA_OPEN_TRUNCATE ) - flags |= cFile::OPEN_TRUNCATE; - if ( openFlags & FA_OPEN_TEXT ) - flags |= cFile::OPEN_TEXT; diff --git a/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp b/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp deleted file mode 100644 index 14919a9e3ee0..000000000000 --- a/security/tripwire/files/patch-src::core::unix::unixfsservices.cpp +++ /dev/null @@ -1,31 +0,0 @@ ---- src/core/unix/unixfsservices.cpp.orig Sat Feb 24 11:02:12 2001 -+++ src/core/unix/unixfsservices.cpp Tue Jul 10 21:40:37 2001 -@@ -243,6 +243,7 @@ - { - char* pchTempFileName; - char szTemplate[MAXPATHLEN]; -+ int fd; - - #ifdef _UNICODE - // convert template from wide character to multi-byte string -@@ -253,13 +254,14 @@ - strcpy( szTemplate, strName.c_str() ); - #endif - -- // create temp filename -- pchTempFileName = mktemp( szTemplate ); -+ // create temp filename and check to see if mkstemp failed -+ if ((fd = mkstemp( szTemplate )) == -1) { -+ throw eFSServicesGeneric( strName ); -+ } else { -+ close(fd); -+ } -+ pchTempFileName = szTemplate; - -- //check to see if mktemp failed -- if ( pchTempFileName == NULL || strlen(pchTempFileName) == 0) { -- throw eFSServicesGeneric( strName ); -- } - - // change name so that it has the XXXXXX part filled in - #ifdef _UNICODE diff --git a/security/tripwire/files/patch-src::tripwire::mailmessage.cpp b/security/tripwire/files/patch-src::tripwire::mailmessage.cpp deleted file mode 100644 index f5566a087aa7..000000000000 --- a/security/tripwire/files/patch-src::tripwire::mailmessage.cpp +++ /dev/null @@ -1,11 +0,0 @@ ---- src/tripwire/mailmessage.cpp.orig Thu Jul 5 05:16:34 2001 -+++ src/tripwire/mailmessage.cpp Thu Jul 5 05:16:47 2001 -@@ -241,7 +241,7 @@ - time_t current_time = time(NULL); - tm = localtime ( ¤t_time ); - -- const TCHAR* szFormat = _T("%a %d %b %Y %H:%M:%S %z"); -+ const TCHAR* szFormat = _T("%a, %d %b %Y %H:%M:%S %z"); - - size_t numChars = _tcsftime( szDate, countof( szDate ), szFormat, tm ); - diff --git a/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp b/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp deleted file mode 100644 index f88afd69aea0..000000000000 --- a/security/tripwire/files/patch-src::tripwire::pipedmailmessage.cpp +++ /dev/null @@ -1,16 +0,0 @@ -Index: src/tripwire/pipedmailmessage.cpp -=================================================================== -retrieving revision 1.1 -retrieving revision 1.2 -diff -u -r1.1 -r1.2 ---- src/tripwire/pipedmailmessage.cpp 21 Jan 2001 00:46:48 -0000 1.1 -+++ src/tripwire/pipedmailmessage.cpp 26 May 2004 20:59:15 -0000 1.2 -@@ -180,7 +180,7 @@ - - void cPipedMailMessage::SendString( const TSTRING& s ) - { -- if( _ftprintf( mpFile, s.c_str() ) < 0 ) -+ if( _ftprintf( mpFile, "%s", s.c_str() ) < 0 ) - { - TOSTRINGSTREAM estr; - estr << TSS_GetString( cTripwire, tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND ) diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4 index 7be1442fa538..240a409d6079 100644 --- a/security/tripwire/files/twpol.m4 +++ b/security/tripwire/files/twpol.m4 @@ -3,6 +3,7 @@ # # $FreeBSD$ +# This file originally was repocopied from: ports/security/tripwire/files/twpol.txt,v 1.3 2005/08/09 18:24:15 cy Exp # # This is the example Tripwire Policy file. It is intended as a place to @@ -184,7 +185,9 @@ SIG_HI = 100 ; # Critical files that are significant point # -# FreeBSD Kernel +ifelse(eval(FREEBSD_VERSION<=4),1,`# FreeBSD Kernel +',`# FreeBSD Kernel and boot code +')dnl # ( @@ -192,15 +195,17 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { - # /boot is used by FreeBSD 5.X+ - /boot -> $(SEC_CRIT) ; - # /kernel is used by FreeBSD 4.X +ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /kernel is used by FreeBSD <=4.X /kernel -> $(SEC_CRIT) ; /kernel.old -> $(SEC_CRIT) ; /kernel.GENERIC -> $(SEC_CRIT) ; +',eval(FREEBSD_VERSION>=5),1,`dnl /boot is used by FreeBSD >=5.X + /boot -> $(SEC_CRIT) ; +') } +ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /modules and /lkm are used by FreeBSD <=4.X # # FreeBSD Modules # @@ -210,12 +215,17 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { - # /modules is used by FreeBSD 4.X +') +ifelse(eval(FREEBSD_VERSION<=3),1,`dnl /lkm is used by FreeBSD 2.X and 3.X + /lkm -> $(SEC_CRIT) (recurse = true) ; +',eval(FREEBSD_VERSION<=4),1,`dnl /modules is used by FreeBSD 4.X /modules -> $(SEC_CRIT) (recurse = true) ; /modules.old -> $(SEC_CRIT) (recurse = true) ; - # /lkm is used by FreeBSD 2.X and 3.X - # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld +') +dnl FreeBSD >=5.X puts modules in /boot/kernel +ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /modules and /lkm are used by FreeBSD <=4.X } +')dnl # @@ -255,7 +265,7 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { - # XXX Do we really need to verify the integrity of /dev on 5.X? +ifelse(eval(FREEBSD_VERSION<=4),1,`dnl /dev is devfs on FreeBSD >= 5.X /dev -> $(Device) (recurse = true) ; !/dev/vga ; !/dev/dri ; @@ -300,6 +310,7 @@ SIG_HI = 100 ; # Critical files that are significant point /dev/ttypu -> $(SEC_TTY) ; /dev/ttypv -> $(SEC_TTY) ; /dev/cuaa0 -> $(SEC_TTY) ; # modem +') } @@ -415,6 +426,7 @@ SIG_HI = 100 ; # Critical files that are significant point ! /usr/share/man/cat9 ; ! /usr/share/man/catl ; ! /usr/share/man/catn ; +ifelse(eval(FREEBSD_VERSION<=4),1,` /usr/share/perl/man -> $(SEC_CONFIG) ; !/usr/share/perl/man/whatis ; !/usr/share/perl/man/.glimpse_filenames ; @@ -428,19 +440,7 @@ SIG_HI = 100 ; # Critical files that are significant point !/usr/share/perl/man/.glimpse_turbo ; /usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ; ! /usr/share/perl/man/cat3 ; - /usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ; - ! /usr/local/lib/perl5/5.00503/man/whatis ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ; - /usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ; - ! /usr/local/lib/perl5/5.00503/man/cat3 ; +')dnl } diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt deleted file mode 100644 index 7be1442fa538..000000000000 --- a/security/tripwire/files/twpol.txt +++ /dev/null @@ -1,661 +0,0 @@ -# -# Policy file for FreeBSD -# -# $FreeBSD$ - - -# -# This is the example Tripwire Policy file. It is intended as a place to -# start creating your own custom Tripwire Policy file. Referring to it as -# well as the Tripwire Policy Guide should give you enough information to -# make a good custom Tripwire Policy file that better covers your -# configuration and security needs. A text version of this policy file is -# called twpol.txt. -# -# Note that this file is tuned to an install of FreeBSD using -# buildworld. If run unmodified, this file should create no errors on -# database creation, or violations on a subsiquent integrity check. -# However it is impossible for there to be one policy file for all machines, -# so this existing one errs on the side of security. Your FreeBSD -# configuration will most likey differ from the one our policy file was -# tuned to, and will therefore require some editing of the default -# Tripwire Policy file. -# -# The example policy file is best run with 'Loose Directory Checking' -# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration -# file. -# -# Email support is not included and must be added to this file. -# Add the 'emailto=' to the rule directive section of each rule (add a comma -# after the 'severity=' line and add an 'emailto=' and include the email -# addresses you want the violation reports to go to). Addresses are -# semi-colon delimited. -# - - - -# -# Global Variable Definitions -# -# These are defined at install time by the installation script. You may -# Manually edit these if you are using this file directly and not from the -# installation script itself. -# - -@@section GLOBAL -TWROOT=; -TWBIN=; -TWPOL=; -TWDB=; -TWSKEY=; -TWLKEY=; -TWREPORT=; -HOSTNAME=; - -@@section FS -SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change -SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set -SEC_BIN = $(ReadOnly) ; # Binaries that should not change -SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often -SEC_TTY = $(Dynamic)-ugp ; # Tty files that change ownership at login -SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership -SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership -SIG_LOW = 33 ; # Non-critical files that are of minimal security impact -SIG_MED = 66 ; # Non-critical files that are of significant security impact -SIG_HI = 100 ; # Critical files that are significant points of vulnerability - - -# Tripwire Binaries -( - rulename = "Tripwire Binaries", - severity = $(SIG_HI) -) -{ - $(TWBIN)/siggen -> $(SEC_BIN) ; - $(TWBIN)/tripwire -> $(SEC_BIN) ; - $(TWBIN)/twadmin -> $(SEC_BIN) ; - $(TWBIN)/twprint -> $(SEC_BIN) ; -} - -# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases -( - rulename = "Tripwire Data Files", - severity = $(SIG_HI) -) -{ - # NOTE: We remove the inode attribute because when Tripwire creates a backup, - # it does so by renaming the old file and creating a new one (which will - # have a new inode number). Inode is left turned on for keys, which shouldn't - # ever change. - - # NOTE: The first integrity check triggers this rule and each integrity check - # afterward triggers this rule until a database update is run, since the - # database file does not exist before that point. - - $(TWDB) -> $(SEC_CONFIG) -i ; - $(TWPOL)/tw.pol -> $(SEC_BIN) -i ; - $(TWPOL)/tw.cfg -> $(SEC_BIN) -i ; - $(TWPOL)/twcfg.txt -> $(SEC_BIN) ; - $(TWPOL)/twpol.txt -> $(SEC_BIN) ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ; - $(TWSKEY)/site.key -> $(SEC_BIN) ; - - #don't scan the individual reports - $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ; -} - - -# Tripwire HQ Connector Binaries -#( -# rulename = "Tripwire HQ Connector Binaries", -# severity = $(SIG_HI) -#) -#{ -# $(TWBIN)/hqagent -> $(SEC_BIN) ; -#} -# -# Tripwire HQ Connector - Configuration Files, Keys, and Logs - -# -# Note: File locations here are different than in a stock HQ Connector -# installation. This is because Tripwire 2.3 uses a different path -# structure than Tripwire 2.2.1. -# -# You may need to update your HQ Agent configuation file (or this policy -# file) to correct the paths. We have attempted to support the FHS standard -# here by placing the HQ Agent files similarly to the way Tripwire 2.3 -# places them. -# - -#( -# rulename = "Tripwire HQ Connector Data Files", -# severity = $(SIG_HI) -#) -#{ -# -# # NOTE: Removing the inode attribute because when Tripwire creates a backup -# # it does so by renaming the old file and creating a new one (which will -# # have a new inode number). Leaving inode turned on for keys, which -# # shouldn't ever change. -# -# -# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ; -# $(TWLKEY)/authentication.key -> $(SEC_BIN) ; -# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ; -# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ; -# -# # Uncomment if you have agent logging enabled. -# #/var/log/tripwire/agent.log -> $(SEC_LOG) ; -#} - - - -# Commonly accessed directories that should remain static with regards to owner and group -( - rulename = "Invariant Directories", - severity = $(SIG_MED) -) -{ - / -> $(SEC_INVARIANT) (recurse = false) ; - /home -> $(SEC_INVARIANT) (recurse = false) ; -} - -# -# First, root's "home" -# - -( - rulename = "Root's home", - severity = $(SIG_HI) -) -{ - # /.rhosts -> $(SEC_CRIT) ; - /.profile -> $(SEC_CRIT) ; - /.cshrc -> $(SEC_CRIT) ; - /.login -> $(SEC_CRIT) ; - # /.exrc -> $(SEC_CRIT) ; - # /.logout -> $(SEC_CRIT) ; - # /.forward -> $(SEC_CRIT) ; - /root -> $(SEC_CRIT) (recurse = true) ; - !/root/.history ; - !/root/.bash_history ; - # !/root/.lsof_SYSTEM_NAME ; # Uncomment if lsof is installed -} - - -# -# FreeBSD Kernel -# - -( - rulename = "FreeBSD Kernel", - severity = $(SIG_HI) -) -{ - # /boot is used by FreeBSD 5.X+ - /boot -> $(SEC_CRIT) ; - # /kernel is used by FreeBSD 4.X - /kernel -> $(SEC_CRIT) ; - /kernel.old -> $(SEC_CRIT) ; - /kernel.GENERIC -> $(SEC_CRIT) ; -} - - -# -# FreeBSD Modules -# - -( - rulename = "FreeBSD Modules", - severity = $(SIG_HI) -) -{ - # /modules is used by FreeBSD 4.X - /modules -> $(SEC_CRIT) (recurse = true) ; - /modules.old -> $(SEC_CRIT) (recurse = true) ; - # /lkm is used by FreeBSD 2.X and 3.X - # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld -} - - -# -# System Administration Programs -# - -( - rulename = "System Administration Programs", - severity = $(SIG_HI) -) -{ - /sbin -> $(SEC_CRIT) (recurse = true) ; - /usr/sbin -> $(SEC_CRIT) (recurse = true) ; -} - - -# -# User Utilities -# - -( - rulename = "User Utilities", - severity = $(SIG_HI) -) -{ - /bin -> $(SEC_CRIT) (recurse = true) ; - /usr/bin -> $(SEC_CRIT) (recurse = true) ; -} - - -# -# /dev -# - -( - rulename = "/dev", - severity = $(SIG_HI) -) -{ - # XXX Do we really need to verify the integrity of /dev on 5.X? - /dev -> $(Device) (recurse = true) ; - !/dev/vga ; - !/dev/dri ; - /dev/console -> $(SEC_TTY) ; - /dev/ttyv0 -> $(SEC_TTY) ; - /dev/ttyv1 -> $(SEC_TTY) ; - /dev/ttyv2 -> $(SEC_TTY) ; - /dev/ttyv3 -> $(SEC_TTY) ; - /dev/ttyv4 -> $(SEC_TTY) ; - /dev/ttyv5 -> $(SEC_TTY) ; - /dev/ttyv6 -> $(SEC_TTY) ; - /dev/ttyv7 -> $(SEC_TTY) ; - /dev/ttyp0 -> $(SEC_TTY) ; - /dev/ttyp1 -> $(SEC_TTY) ; - /dev/ttyp2 -> $(SEC_TTY) ; - /dev/ttyp3 -> $(SEC_TTY) ; - /dev/ttyp4 -> $(SEC_TTY) ; - /dev/ttyp5 -> $(SEC_TTY) ; - /dev/ttyp6 -> $(SEC_TTY) ; - /dev/ttyp7 -> $(SEC_TTY) ; - /dev/ttyp8 -> $(SEC_TTY) ; - /dev/ttyp9 -> $(SEC_TTY) ; - /dev/ttypa -> $(SEC_TTY) ; - /dev/ttypb -> $(SEC_TTY) ; - /dev/ttypc -> $(SEC_TTY) ; - /dev/ttypd -> $(SEC_TTY) ; - /dev/ttype -> $(SEC_TTY) ; - /dev/ttypf -> $(SEC_TTY) ; - /dev/ttypg -> $(SEC_TTY) ; - /dev/ttyph -> $(SEC_TTY) ; - /dev/ttypi -> $(SEC_TTY) ; - /dev/ttypj -> $(SEC_TTY) ; - /dev/ttypl -> $(SEC_TTY) ; - /dev/ttypm -> $(SEC_TTY) ; - /dev/ttypn -> $(SEC_TTY) ; - /dev/ttypo -> $(SEC_TTY) ; - /dev/ttypp -> $(SEC_TTY) ; - /dev/ttypq -> $(SEC_TTY) ; - /dev/ttypr -> $(SEC_TTY) ; - /dev/ttyps -> $(SEC_TTY) ; - /dev/ttypt -> $(SEC_TTY) ; - /dev/ttypu -> $(SEC_TTY) ; - /dev/ttypv -> $(SEC_TTY) ; - /dev/cuaa0 -> $(SEC_TTY) ; # modem -} - - -# -# /etc -# - -( - rulename = "/etc", - severity = $(SIG_HI) -) -{ - /etc -> $(SEC_CRIT) (recurse = true) ; - # /etc/mail/aliases -> $(SEC_CONFIG) ; - /etc/dumpdates -> $(SEC_CONFIG) ; - /etc/motd -> $(SEC_CONFIG) ; - !/etc/ppp/connect-errors ; - /etc/skeykeys -> $(SEC_CONFIG) ; - # Uncomment the following 4 lines if your password file does not change - # /etc/passwd -> $(SEC_CONFIG) ; - # /etc/master.passwd -> $(SEC_CONFIG) ; - # /etc/pwd.db -> $(SEC_CONFIG) ; - # /etc/spwd.db -> $(SEC_CONFIG) ; -} - - -# -# Copatibility (Linux) -# - -( - rulename = "Linux Compatibility", - severity = $(SIG_HI) -) -{ - /compat -> $(SEC_CRIT) (recurse = true) ; -# -# Uncomment the following if Linux compatibility is used. Replace -# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port -# installed. -# -#@@ifhost HOSTNAME1 || HOSTNAME2 -# /compat/linux/etc -> $(SEC_INVARIANT) (recurse = false) ; -# /compat/linux/etc/X11 -> $(SEC_CONFIG) (recurse = true) ; -# /compat/linux/etc/pam.d -> $(SEC_CONFIG) (recurse = true) ; -# /compat/linux/etc/profile.d -> $(SEC_CONFIG) (recurse = true) ; -# /compat/linux/etc/real -> $(SEC_CONFIG) (recurse = true) ; -# /compat/linux/etc/bashrc -> $(SEC_CONFIG) ; -# /compat/linux/etc/csh.login -> $(SEC_CONFIG) ; -# /compat/linux/etc/host.conf -> $(SEC_CONFIG) ; -# /compat/linux/etc/hosts.allow -> $(SEC_CONFIG) ; -# /compat/linux/etc/hosts.deny -> $(SEC_CONFIG) ; -# /compat/linux/etc/info-dir -> $(SEC_CONFIG) ; -# /compat/linux/etc/inputrc -> $(SEC_CONFIG) ; -# /compat/linux/etc/ld.so.conf -> $(SEC_CONFIG) ; -# /compat/linux/etc/nsswitch.conf -> $(SEC_CONFIG) ; -# /compat/linux/etc/profile -> $(SEC_CONFIG) ; -# /compat/linux/etc/redhat-release -> $(SEC_CONFIG) ; -# /compat/linux/etc/rpc -> $(SEC_CONFIG) ; -# /compat/linux/etc/securetty -> $(SEC_CONFIG) ; -# /compat/linux/etc/shells -> $(SEC_CONFIG) ; -# /compat/linux/etc/termcap -> $(SEC_CONFIG) ; -# /compat/linux/etc/yp.conf -> $(SEC_CONFIG) ; -# !/compat/linux/etc/ld.so.cache ; -# !/compat/linux/var/spool/mail ; -#@@endif -} - - -# -# Libraries, include files, and other system files -# - -( - rulename = "Libraries, include files, and other system files", - severity = $(SIG_HI) -) -{ - /usr/include -> $(SEC_CRIT) (recurse = true) ; - /usr/lib -> $(SEC_CRIT) (recurse = true) ; - /usr/libdata -> $(SEC_CRIT) (recurse = true) ; - /usr/libexec -> $(SEC_CRIT) (recurse = true) ; - /usr/share -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man -> $(SEC_CONFIG) ; - !/usr/share/man/whatis ; - !/usr/share/man/.glimpse_filenames ; - !/usr/share/man/.glimpse_filenames_index ; - !/usr/share/man/.glimpse_filetimes ; - !/usr/share/man/.glimpse_filters ; - !/usr/share/man/.glimpse_index ; - !/usr/share/man/.glimpse_messages ; - !/usr/share/man/.glimpse_partitions ; - !/usr/share/man/.glimpse_statistics ; - !/usr/share/man/.glimpse_turbo ; - /usr/share/man/man1 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man2 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man3 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man4 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man5 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man6 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man7 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man8 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/man9 -> $(SEC_CRIT) (recurse = true) ; - /usr/share/man/mann -> $(SEC_CRIT) (recurse = true) ; - ! /usr/share/man/cat1 ; - ! /usr/share/man/cat2 ; - ! /usr/share/man/cat3 ; - ! /usr/share/man/cat4 ; - ! /usr/share/man/cat5 ; - ! /usr/share/man/cat6 ; - ! /usr/share/man/cat7 ; - ! /usr/share/man/cat8 ; - ! /usr/share/man/cat9 ; - ! /usr/share/man/catl ; - ! /usr/share/man/catn ; - /usr/share/perl/man -> $(SEC_CONFIG) ; - !/usr/share/perl/man/whatis ; - !/usr/share/perl/man/.glimpse_filenames ; - !/usr/share/perl/man/.glimpse_filenames_index ; - !/usr/share/perl/man/.glimpse_filetimes ; - !/usr/share/perl/man/.glimpse_filters ; - !/usr/share/perl/man/.glimpse_index ; - !/usr/share/perl/man/.glimpse_messages ; - !/usr/share/perl/man/.glimpse_partitions ; - !/usr/share/perl/man/.glimpse_statistics ; - !/usr/share/perl/man/.glimpse_turbo ; - /usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ; - ! /usr/share/perl/man/cat3 ; - /usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ; - ! /usr/local/lib/perl5/5.00503/man/whatis ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ; - ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ; - /usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ; - ! /usr/local/lib/perl5/5.00503/man/cat3 ; -} - - -# -# X11R6 -# - -( - rulename = "X11R6", - severity = $(SIG_HI) -) -{ - /usr/X11R6 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/lib/X11/xdm -> $(SEC_CONFIG) (recurse = true) ; - !/usr/X11R6/lib/X11/xdm/xdm-errors ; - !/usr/X11R6/lib/X11/xdm/authdir/authfiles ; - !/usr/X11R6/lib/X11/xdm/xdm-pid ; - /usr/X11R6/lib/X11/xkb/compiled -> $(SEC_CONFIG) (recurse = true) ; - /usr/X11R6/man -> $(SEC_CONFIG) ; - !/usr/X11R6/man/whatis ; - !/usr/X11R6/man/.glimpse_filenames ; - !/usr/X11R6/man/.glimpse_filenames_index ; - !/usr/X11R6/man/.glimpse_filetimes ; - !/usr/X11R6/man/.glimpse_filters ; - !/usr/X11R6/man/.glimpse_index ; - !/usr/X11R6/man/.glimpse_messages ; - !/usr/X11R6/man/.glimpse_partitions ; - !/usr/X11R6/man/.glimpse_statistics ; - !/usr/X11R6/man/.glimpse_turbo ; - /usr/X11R6/man/man1 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man2 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man3 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man4 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man5 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man6 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man7 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man8 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/man9 -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/manl -> $(SEC_CRIT) (recurse = true) ; - /usr/X11R6/man/mann -> $(SEC_CRIT) (recurse = true) ; - ! /usr/X11R6/man/cat1 ; - ! /usr/X11R6/man/cat2 ; - ! /usr/X11R6/man/cat3 ; - ! /usr/X11R6/man/cat4 ; - ! /usr/X11R6/man/cat5 ; - ! /usr/X11R6/man/cat6 ; - ! /usr/X11R6/man/cat7 ; - ! /usr/X11R6/man/cat8 ; - ! /usr/X11R6/man/cat9 ; - ! /usr/X11R6/man/catl ; - ! /usr/X11R6/man/catn ; -} - - -# -# sources -# - -( - rulename = "Sources", - severity = $(SIG_HI) -) -{ - /usr/src -> $(SEC_CRIT) (recurse = true) ; - /usr/src/sys/compile -> $(SEC_CONFIG) (recurse = false) ; -} - - -# -# NIS -# - -( - rulename = "NIS", - severity = $(SIG_HI) -) -{ - /var/yp -> $(SEC_CRIT) (recurse = true) ; - !/var/yp/binding ; -} - - -# -# Temporary directories -# -( - rulename = "Temporary directories", - recurse = false, - severity = $(SIG_LOW) -) -{ - /usr/tmp -> $(SEC_INVARIANT) ; - /var/tmp -> $(SEC_INVARIANT) ; - /var/preserve -> $(SEC_INVARIANT) ; - /tmp -> $(SEC_INVARIANT) ; -} - -# -# Local files -# - -( - rulename = "Local files", - severity = $(SIG_MED) -) -{ - /usr/local/bin -> $(SEC_BIN) (recurse = true) ; - /usr/local/sbin -> $(SEC_BIN) (recurse = true) ; - /usr/local/etc -> $(SEC_BIN) (recurse = true) ; - /usr/local/lib -> $(SEC_BIN) (recurse = true ) ; - /usr/local/libexec -> $(SEC_BIN) (recurse = true ) ; - /usr/local/share -> $(SEC_BIN) (recurse = true ) ; - /usr/local/man -> $(SEC_CONFIG) ; - !/usr/local/man/whatis ; - !/usr/local/man/.glimpse_filenames ; - !/usr/local/man/.glimpse_filenames_index ; - !/usr/local/man/.glimpse_filetimes ; - !/usr/local/man/.glimpse_filters ; - !/usr/local/man/.glimpse_index ; - !/usr/local/man/.glimpse_messages ; - !/usr/local/man/.glimpse_partitions ; - !/usr/local/man/.glimpse_statistics ; - !/usr/local/man/.glimpse_turbo ; - /usr/local/man/man1 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man2 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man3 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man4 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man5 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man6 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man7 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man8 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/man9 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/manl -> $(SEC_CRIT) (recurse = true) ; - /usr/local/man/mann -> $(SEC_CRIT) (recurse = true) ; - ! /usr/local/man/cat1 ; - ! /usr/local/man/cat2 ; - ! /usr/local/man/cat3 ; - ! /usr/local/man/cat4 ; - ! /usr/local/man/cat5 ; - ! /usr/local/man/cat6 ; - ! /usr/local/man/cat7 ; - ! /usr/local/man/cat8 ; - ! /usr/local/man/cat9 ; - ! /usr/local/man/catl ; - ! /usr/local/man/catn ; - /usr/local/krb5 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man -> $(SEC_CONFIG) ; - !/usr/local/krb5/man/whatis ; - !/usr/local/krb5/man/.glimpse_filenames ; - !/usr/local/krb5/man/.glimpse_filenames_index ; - !/usr/local/krb5/man/.glimpse_filetimes ; - !/usr/local/krb5/man/.glimpse_filters ; - !/usr/local/krb5/man/.glimpse_index ; - !/usr/local/krb5/man/.glimpse_messages ; - !/usr/local/krb5/man/.glimpse_partitions ; - !/usr/local/krb5/man/.glimpse_statistics ; - !/usr/local/krb5/man/.glimpse_turbo ; - /usr/local/krb5/man/man1 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man2 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man3 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man4 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man5 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man6 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man7 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man8 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/man9 -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/manl -> $(SEC_CRIT) (recurse = true) ; - /usr/local/krb5/man/mann -> $(SEC_CRIT) (recurse = true) ; - ! /usr/local/krb5/man/cat1 ; - ! /usr/local/krb5/man/cat2 ; - ! /usr/local/krb5/man/cat3 ; - ! /usr/local/krb5/man/cat4 ; - ! /usr/local/krb5/man/cat5 ; - ! /usr/local/krb5/man/cat6 ; - ! /usr/local/krb5/man/cat7 ; - ! /usr/local/krb5/man/cat8 ; - ! /usr/local/krb5/man/cat9 ; - ! /usr/local/krb5/man/catl ; - ! /usr/local/krb5/man/catn ; - /usr/local/www -> $(SEC_CONFIG) (recurse = true) ; -} - - -( - rulename = "Security Control", - severity = $(SIG_HI) -) -{ - /etc/group -> $(SEC_CRIT) ; - /etc/crontab -> $(SEC_CRIT) ; -} - -#============================================================================= -# -# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, -# Inc. in the United States and other countries. All rights reserved. -# -# FreeBSD is a registered trademark of the FreeBSD Project Inc. -# -# UNIX is a registered trademark of The Open Group. -# -#============================================================================= -# -# Permission is granted to make and distribute verbatim copies of this document -# provided the copyright notice and this permission notice are preserved on all -# copies. -# -# Permission is granted to copy and distribute modified versions of this -# document under the conditions for verbatim copying, provided that the entire -# resulting derived work is distributed under the terms of a permission notice -# identical to this one. -# -# Permission is granted to copy and distribute translations of this document -# into another language, under the above conditions for modified versions, -# except that this permission notice may be stated in a translation approved by -# Tripwire, Inc. -# -# DCM diff --git a/security/tripwire/pkg-descr b/security/tripwire/pkg-descr index c0176a3905f3..1abf28d5bcae 100644 --- a/security/tripwire/pkg-descr +++ b/security/tripwire/pkg-descr @@ -4,12 +4,4 @@ Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. -If "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the -"make" command line, this port will write the tripwire database to -a floppy disk, which should then be write-protected and used as a -reference for future runs. The diskette should be formatted and -present in the "A" drive before starting the "make install" step. - -Joe Greco <jgreco@ns.sol.net> - WWW: http://sourceforge.net/projects/tripwire/ diff --git a/security/tripwire/pkg-plist b/security/tripwire/pkg-plist index 2cd6872d8e93..663033bbe4f7 100644 --- a/security/tripwire/pkg-plist +++ b/security/tripwire/pkg-plist @@ -2,8 +2,6 @@ sbin/tripwire sbin/twadmin sbin/twprint sbin/siggen -share/doc/tripwire/README -share/doc/tripwire/Release_Notes share/doc/tripwire/COPYING share/doc/tripwire/TRADEMARK share/doc/tripwire/policyguide.txt |