diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2005-08-09 18:24:15 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2005-08-09 18:24:15 +0000 |
| commit | bd60fa6a1b82cd2d813e2164613d0c2432748611 (patch) | |
| tree | 7f6841fafb789e996b41e55a0eaa0847e0e63653 /security/tripwire | |
| parent | 2b2c011d66c1ecb9e432c68453c8aa6f27b3e1d3 (diff) | |
Notes
Diffstat (limited to 'security/tripwire')
| -rw-r--r-- | security/tripwire/Makefile | 2 | ||||
| -rw-r--r-- | security/tripwire/files/twpol.m4 | 6 | ||||
| -rw-r--r-- | security/tripwire/files/twpol.txt | 6 |
3 files changed, 13 insertions, 1 deletions
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile index 9d9408ba4855..36d02cf6ed7c 100644 --- a/security/tripwire/Makefile +++ b/security/tripwire/Makefile @@ -7,7 +7,7 @@ PORTNAME= tripwire PORTVERSION= 2.3.1.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://download.sourceforge.net/tripwire/ DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.[0-9]*$/-&/:C/-\./-/} diff --git a/security/tripwire/files/twpol.m4 b/security/tripwire/files/twpol.m4 index edb5d6a2e9f1..7be1442fa538 100644 --- a/security/tripwire/files/twpol.m4 +++ b/security/tripwire/files/twpol.m4 @@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /boot is used by FreeBSD 5.X+ + /boot -> $(SEC_CRIT) ; + # /kernel is used by FreeBSD 4.X /kernel -> $(SEC_CRIT) ; /kernel.old -> $(SEC_CRIT) ; /kernel.GENERIC -> $(SEC_CRIT) ; @@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /modules is used by FreeBSD 4.X /modules -> $(SEC_CRIT) (recurse = true) ; /modules.old -> $(SEC_CRIT) (recurse = true) ; + # /lkm is used by FreeBSD 2.X and 3.X # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld } @@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # XXX Do we really need to verify the integrity of /dev on 5.X? /dev -> $(Device) (recurse = true) ; !/dev/vga ; !/dev/dri ; diff --git a/security/tripwire/files/twpol.txt b/security/tripwire/files/twpol.txt index edb5d6a2e9f1..7be1442fa538 100644 --- a/security/tripwire/files/twpol.txt +++ b/security/tripwire/files/twpol.txt @@ -192,6 +192,9 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /boot is used by FreeBSD 5.X+ + /boot -> $(SEC_CRIT) ; + # /kernel is used by FreeBSD 4.X /kernel -> $(SEC_CRIT) ; /kernel.old -> $(SEC_CRIT) ; /kernel.GENERIC -> $(SEC_CRIT) ; @@ -207,8 +210,10 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # /modules is used by FreeBSD 4.X /modules -> $(SEC_CRIT) (recurse = true) ; /modules.old -> $(SEC_CRIT) (recurse = true) ; + # /lkm is used by FreeBSD 2.X and 3.X # /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld } @@ -250,6 +255,7 @@ SIG_HI = 100 ; # Critical files that are significant point severity = $(SIG_HI) ) { + # XXX Do we really need to verify the integrity of /dev on 5.X? /dev -> $(Device) (recurse = true) ; !/dev/vga ; !/dev/dri ; |