diff options
author | John Polstra <jdp@FreeBSD.org> | 1997-04-01 04:44:00 +0000 |
---|---|---|
committer | John Polstra <jdp@FreeBSD.org> | 1997-04-01 04:44:00 +0000 |
commit | 28d7af23c3c29b0f6071d83da4a3d7cb8e408b51 (patch) | |
tree | dcff73f445c4afea3223fd189ee78889fba6cec5 /security | |
parent | 16be91f502701c33ccbfd067a00322622969bf0f (diff) | |
download | ports-28d7af23c3c29b0f6071d83da4a3d7cb8e408b51.tar.gz ports-28d7af23c3c29b0f6071d83da4a3d7cb8e408b51.zip |
Notes
Diffstat (limited to 'security')
33 files changed, 1116 insertions, 0 deletions
diff --git a/security/tripwire-131/Makefile b/security/tripwire-131/Makefile new file mode 100644 index 000000000000..83ab0b135de9 --- /dev/null +++ b/security/tripwire-131/Makefile @@ -0,0 +1,49 @@ +# New ports collection makefile for: tripwire +# Version required: 1.2 +# Date created: 31 Mar 1997 +# Whom: Joe Greco <jgreco@ns.sol.net> +# +# $Id$ +# + +DISTNAME= tripwire-1.2 +CATEGORIES= security net +MASTER_SITES= ftp://info.cert.org/pub/tools/tripwire/ +EXTRACT_SUFX= .tar.Z + +MAINTAINER= jgreco@ns.sol.net + +MAN5= tw.config.5 +MAN8= siggen.8 tripwire.8 +NO_CDROM= "cannot be redistributed for more than the cost of duplication" +NO_PACKAGE= "requires local database to be built" +RESTRICTED= "contains crypto class algorithms" + +post-extract: + @ (cd work; tar xf T1.2.tar) + +pre-configure: + @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2 + +post-install: + @ ${MKDIR} /var/adm/tcheck + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config + @ ${ECHO} Creating tripwire database + @ (cd /var/adm/tcheck; tripwire -initialize) +.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES + @ disklabel -w -B /dev/rfd0c fd1440 + @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c + @ mount /dev/fd0c /mnt + @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire + @ chmod 555 /mnt/tripwire + @ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config + @ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \ + > /mnt/tw.db_`hostname`.gz + @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck + @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip + @ umount /mnt + @ ${ECHO} Do not forget to remove and write-protect the floppy. +.endif + +.include <bsd.port.mk> diff --git a/security/tripwire-131/distinfo b/security/tripwire-131/distinfo new file mode 100644 index 000000000000..99144795d9b7 --- /dev/null +++ b/security/tripwire-131/distinfo @@ -0,0 +1 @@ +MD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88 diff --git a/security/tripwire-131/files/conf-freebsd2.h b/security/tripwire-131/files/conf-freebsd2.h new file mode 100644 index 000000000000..e97290da4786 --- /dev/null +++ b/security/tripwire-131/files/conf-freebsd2.h @@ -0,0 +1,55 @@ +/* $Id$ */ + +/* + * conf-freebsd2.h + * + * Tripwire configuration file + * + * Joe Greco + * sol.net Network Services + * Derived from the other BSD config.h's + */ + +/*** + *** Operating System specifics + *** + *** If the answer to a question in the comment is "Yes", then + *** change the corresponding "#undef" to a "#define" + ***/ + +/* + * is your OS a System V derivitive? if so, what version? + * (e.g., define SYSV 4) + */ + +#undef SYSV + +/* + * does your system have a <malloc.h> like System V? + */ + +#undef MALLOCH + +/* + * does your system have a <stdlib.h> like POSIX says you should? + */ + +#define STDLIBH + +/* + * does your system use readdir(3) that returns (struct dirent *)? + */ + +#define DIRENT + +/* + * is #include <string.h> ok? (as opposed to <strings.h>) + */ + +#define STRINGH + +/* + * does your system have gethostname(2) (instead of uname(2))? + */ + +#define GETHOSTNAME diff --git a/security/tripwire-131/files/patch-aa b/security/tripwire-131/files/patch-aa new file mode 100644 index 000000000000..81238bf9ae3a --- /dev/null +++ b/security/tripwire-131/files/patch-aa @@ -0,0 +1,38 @@ +*** include/config.h.orig Fri Jul 15 06:02:52 1994 +--- include/config.h Sun Dec 31 18:56:20 1989 +*************** +*** 17,23 **** + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-svr4.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +--- 17,23 ---- + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-freebsd2.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +*************** +*** 103,110 **** + #endif + */ + +! #define CONFIG_PATH "/tmp/genek" +! #define DATABASE_PATH "/tmp/genek" + + /******* name of Tripwire files ************************************** + * +--- 103,110 ---- + #endif + */ + +! # define CONFIG_PATH "/var/adm/tcheck" +! # define DATABASE_PATH "/var/adm/tcheck/databases" + + /******* name of Tripwire files ************************************** + * diff --git a/security/tripwire-131/files/patch-ab b/security/tripwire-131/files/patch-ab new file mode 100644 index 000000000000..b7db1c46c099 --- /dev/null +++ b/security/tripwire-131/files/patch-ab @@ -0,0 +1,43 @@ +*** Makefile.orig Mon Jul 25 10:59:41 1994 +--- Makefile Thu Jan 2 12:04:35 1997 +*************** +*** 12,21 **** + ### + + # destination directory for final executables +! DESTDIR = /secureplace/bin + + # destination for man pages +! MANDIR = /usr/man + + # system utilities + LEX = lex +--- 12,21 ---- + ### + + # destination directory for final executables +! DESTDIR = /usr/local/bin + + # destination for man pages +! MANDIR = /usr/local/man + + # system utilities + LEX = lex +*************** +*** 60,66 **** + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) +--- 60,67 ---- + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= -static +! #LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) diff --git a/security/tripwire-131/files/patch-ac b/security/tripwire-131/files/patch-ac new file mode 100644 index 000000000000..bad090157860 --- /dev/null +++ b/security/tripwire-131/files/patch-ac @@ -0,0 +1,16 @@ +This patch eliminates a compiler warning about LITTLE_ENDIAN begin +redefined. + +*** sigs/sha/sha.c.orig Mon Jul 25 08:46:45 1994 +--- sigs/sha/sha.c Mon Mar 31 19:55:23 1997 +*************** +*** 47,52 **** +--- 47,54 ---- + #include "sha.h" + + #if BYTEORDER == 0x1234 ++ #undef BIG_ENDIAN ++ #undef LITTLE_ENDIAN + #define LITTLE_ENDIAN + #endif + diff --git a/security/tripwire-131/files/tw.conf.freebsd2 b/security/tripwire-131/files/tw.conf.freebsd2 new file mode 100644 index 000000000000..3af8fa548d0f --- /dev/null +++ b/security/tripwire-131/files/tw.conf.freebsd2 @@ -0,0 +1,149 @@ +# $Id$ +# +# tripwire.config +# Generic version for FreeBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's "home" +=/ L +/.rhosts R # may not exist +/.profile R # may not exist +/.cshrc R # may not exist +/.login R # may not exist +/.exrc R # may not exist +/.logout R # may not exist +/.forward R # may not exist + +# Unix itself +/kernel R + +# /bin +/bin R-2 + +# /dev +/dev L + +# /etc +/etc R-2 +/etc/aliases L +/etc/dumpdates L +/etc/motd L + +# my passwd database should be static at time of system build. yours may +# not be, if not, uncomment the lines below. + +# /etc/passwd L +# /etc/master.passwd L +# /etc/pwd.db L +# /etc/spwd.db L + +# /home +=/home + +# /lkm +/lkm R-2 + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /stand +/stand R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libdata R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/local/lib R-2 + +/usr/local/libexec R-2 + +/usr/local/sbin R-2 + +/usr/local/share R-2 + +/usr/sbin R-2 + +/usr/share R-2 + +########################################### diff --git a/security/tripwire-131/files/twcheck b/security/tripwire-131/files/twcheck new file mode 100644 index 000000000000..a4dffd2b61c9 --- /dev/null +++ b/security/tripwire-131/files/twcheck @@ -0,0 +1,3 @@ +#! /bin/sh - + +./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config diff --git a/security/tripwire-131/pkg-comment b/security/tripwire-131/pkg-comment new file mode 100644 index 000000000000..246b5375df52 --- /dev/null +++ b/security/tripwire-131/pkg-comment @@ -0,0 +1 @@ +File system security and verification program. diff --git a/security/tripwire-131/pkg-descr b/security/tripwire-131/pkg-descr new file mode 100644 index 000000000000..06132f876d9b --- /dev/null +++ b/security/tripwire-131/pkg-descr @@ -0,0 +1,13 @@ +Tripwire is a tool that aids system administrators and +users in monitoring a designated set of files for any changes. +Used with system files on a regular (e.g., daily) basis, Tripwire +can notify system administrators of corrupted or tampered files, +so damage control measures can be taken in a timely manner. + +If "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the +"make" command line, this port will write the tripwire database to +a floppy disk, which should then be write-protected and used as a +reference for future runs. The diskette should be formatted and +present in the "A" drive before starting the "make install" step. + +Joe Greco <jgreco@ns.sol.net> diff --git a/security/tripwire-131/pkg-plist b/security/tripwire-131/pkg-plist new file mode 100644 index 000000000000..c22cb5607b45 --- /dev/null +++ b/security/tripwire-131/pkg-plist @@ -0,0 +1,4 @@ +bin/tripwire +man/man5/tw.config.5.gz +man/man8/siggen.8.gz +man/man8/tripwire.8.gz diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile new file mode 100644 index 000000000000..83ab0b135de9 --- /dev/null +++ b/security/tripwire/Makefile @@ -0,0 +1,49 @@ +# New ports collection makefile for: tripwire +# Version required: 1.2 +# Date created: 31 Mar 1997 +# Whom: Joe Greco <jgreco@ns.sol.net> +# +# $Id$ +# + +DISTNAME= tripwire-1.2 +CATEGORIES= security net +MASTER_SITES= ftp://info.cert.org/pub/tools/tripwire/ +EXTRACT_SUFX= .tar.Z + +MAINTAINER= jgreco@ns.sol.net + +MAN5= tw.config.5 +MAN8= siggen.8 tripwire.8 +NO_CDROM= "cannot be redistributed for more than the cost of duplication" +NO_PACKAGE= "requires local database to be built" +RESTRICTED= "contains crypto class algorithms" + +post-extract: + @ (cd work; tar xf T1.2.tar) + +pre-configure: + @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2 + +post-install: + @ ${MKDIR} /var/adm/tcheck + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config + @ ${ECHO} Creating tripwire database + @ (cd /var/adm/tcheck; tripwire -initialize) +.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES + @ disklabel -w -B /dev/rfd0c fd1440 + @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c + @ mount /dev/fd0c /mnt + @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire + @ chmod 555 /mnt/tripwire + @ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config + @ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \ + > /mnt/tw.db_`hostname`.gz + @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck + @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip + @ umount /mnt + @ ${ECHO} Do not forget to remove and write-protect the floppy. +.endif + +.include <bsd.port.mk> diff --git a/security/tripwire/distinfo b/security/tripwire/distinfo new file mode 100644 index 000000000000..99144795d9b7 --- /dev/null +++ b/security/tripwire/distinfo @@ -0,0 +1 @@ +MD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88 diff --git a/security/tripwire/files/conf-freebsd2.h b/security/tripwire/files/conf-freebsd2.h new file mode 100644 index 000000000000..e97290da4786 --- /dev/null +++ b/security/tripwire/files/conf-freebsd2.h @@ -0,0 +1,55 @@ +/* $Id$ */ + +/* + * conf-freebsd2.h + * + * Tripwire configuration file + * + * Joe Greco + * sol.net Network Services + * Derived from the other BSD config.h's + */ + +/*** + *** Operating System specifics + *** + *** If the answer to a question in the comment is "Yes", then + *** change the corresponding "#undef" to a "#define" + ***/ + +/* + * is your OS a System V derivitive? if so, what version? + * (e.g., define SYSV 4) + */ + +#undef SYSV + +/* + * does your system have a <malloc.h> like System V? + */ + +#undef MALLOCH + +/* + * does your system have a <stdlib.h> like POSIX says you should? + */ + +#define STDLIBH + +/* + * does your system use readdir(3) that returns (struct dirent *)? + */ + +#define DIRENT + +/* + * is #include <string.h> ok? (as opposed to <strings.h>) + */ + +#define STRINGH + +/* + * does your system have gethostname(2) (instead of uname(2))? + */ + +#define GETHOSTNAME diff --git a/security/tripwire/files/patch-aa b/security/tripwire/files/patch-aa new file mode 100644 index 000000000000..81238bf9ae3a --- /dev/null +++ b/security/tripwire/files/patch-aa @@ -0,0 +1,38 @@ +*** include/config.h.orig Fri Jul 15 06:02:52 1994 +--- include/config.h Sun Dec 31 18:56:20 1989 +*************** +*** 17,23 **** + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-svr4.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +--- 17,23 ---- + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-freebsd2.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +*************** +*** 103,110 **** + #endif + */ + +! #define CONFIG_PATH "/tmp/genek" +! #define DATABASE_PATH "/tmp/genek" + + /******* name of Tripwire files ************************************** + * +--- 103,110 ---- + #endif + */ + +! # define CONFIG_PATH "/var/adm/tcheck" +! # define DATABASE_PATH "/var/adm/tcheck/databases" + + /******* name of Tripwire files ************************************** + * diff --git a/security/tripwire/files/patch-ab b/security/tripwire/files/patch-ab new file mode 100644 index 000000000000..b7db1c46c099 --- /dev/null +++ b/security/tripwire/files/patch-ab @@ -0,0 +1,43 @@ +*** Makefile.orig Mon Jul 25 10:59:41 1994 +--- Makefile Thu Jan 2 12:04:35 1997 +*************** +*** 12,21 **** + ### + + # destination directory for final executables +! DESTDIR = /secureplace/bin + + # destination for man pages +! MANDIR = /usr/man + + # system utilities + LEX = lex +--- 12,21 ---- + ### + + # destination directory for final executables +! DESTDIR = /usr/local/bin + + # destination for man pages +! MANDIR = /usr/local/man + + # system utilities + LEX = lex +*************** +*** 60,66 **** + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) +--- 60,67 ---- + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= -static +! #LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) diff --git a/security/tripwire/files/patch-ac b/security/tripwire/files/patch-ac new file mode 100644 index 000000000000..bad090157860 --- /dev/null +++ b/security/tripwire/files/patch-ac @@ -0,0 +1,16 @@ +This patch eliminates a compiler warning about LITTLE_ENDIAN begin +redefined. + +*** sigs/sha/sha.c.orig Mon Jul 25 08:46:45 1994 +--- sigs/sha/sha.c Mon Mar 31 19:55:23 1997 +*************** +*** 47,52 **** +--- 47,54 ---- + #include "sha.h" + + #if BYTEORDER == 0x1234 ++ #undef BIG_ENDIAN ++ #undef LITTLE_ENDIAN + #define LITTLE_ENDIAN + #endif + diff --git a/security/tripwire/files/tw.conf.freebsd2 b/security/tripwire/files/tw.conf.freebsd2 new file mode 100644 index 000000000000..3af8fa548d0f --- /dev/null +++ b/security/tripwire/files/tw.conf.freebsd2 @@ -0,0 +1,149 @@ +# $Id$ +# +# tripwire.config +# Generic version for FreeBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's "home" +=/ L +/.rhosts R # may not exist +/.profile R # may not exist +/.cshrc R # may not exist +/.login R # may not exist +/.exrc R # may not exist +/.logout R # may not exist +/.forward R # may not exist + +# Unix itself +/kernel R + +# /bin +/bin R-2 + +# /dev +/dev L + +# /etc +/etc R-2 +/etc/aliases L +/etc/dumpdates L +/etc/motd L + +# my passwd database should be static at time of system build. yours may +# not be, if not, uncomment the lines below. + +# /etc/passwd L +# /etc/master.passwd L +# /etc/pwd.db L +# /etc/spwd.db L + +# /home +=/home + +# /lkm +/lkm R-2 + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /stand +/stand R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libdata R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/local/lib R-2 + +/usr/local/libexec R-2 + +/usr/local/sbin R-2 + +/usr/local/share R-2 + +/usr/sbin R-2 + +/usr/share R-2 + +########################################### diff --git a/security/tripwire/files/twcheck b/security/tripwire/files/twcheck new file mode 100644 index 000000000000..a4dffd2b61c9 --- /dev/null +++ b/security/tripwire/files/twcheck @@ -0,0 +1,3 @@ +#! /bin/sh - + +./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config diff --git a/security/tripwire/pkg-comment b/security/tripwire/pkg-comment new file mode 100644 index 000000000000..246b5375df52 --- /dev/null +++ b/security/tripwire/pkg-comment @@ -0,0 +1 @@ +File system security and verification program. diff --git a/security/tripwire/pkg-descr b/security/tripwire/pkg-descr new file mode 100644 index 000000000000..06132f876d9b --- /dev/null +++ b/security/tripwire/pkg-descr @@ -0,0 +1,13 @@ +Tripwire is a tool that aids system administrators and +users in monitoring a designated set of files for any changes. +Used with system files on a regular (e.g., daily) basis, Tripwire +can notify system administrators of corrupted or tampered files, +so damage control measures can be taken in a timely manner. + +If "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the +"make" command line, this port will write the tripwire database to +a floppy disk, which should then be write-protected and used as a +reference for future runs. The diskette should be formatted and +present in the "A" drive before starting the "make install" step. + +Joe Greco <jgreco@ns.sol.net> diff --git a/security/tripwire/pkg-plist b/security/tripwire/pkg-plist new file mode 100644 index 000000000000..c22cb5607b45 --- /dev/null +++ b/security/tripwire/pkg-plist @@ -0,0 +1,4 @@ +bin/tripwire +man/man5/tw.config.5.gz +man/man8/siggen.8.gz +man/man8/tripwire.8.gz diff --git a/security/tripwire12/Makefile b/security/tripwire12/Makefile new file mode 100644 index 000000000000..83ab0b135de9 --- /dev/null +++ b/security/tripwire12/Makefile @@ -0,0 +1,49 @@ +# New ports collection makefile for: tripwire +# Version required: 1.2 +# Date created: 31 Mar 1997 +# Whom: Joe Greco <jgreco@ns.sol.net> +# +# $Id$ +# + +DISTNAME= tripwire-1.2 +CATEGORIES= security net +MASTER_SITES= ftp://info.cert.org/pub/tools/tripwire/ +EXTRACT_SUFX= .tar.Z + +MAINTAINER= jgreco@ns.sol.net + +MAN5= tw.config.5 +MAN8= siggen.8 tripwire.8 +NO_CDROM= "cannot be redistributed for more than the cost of duplication" +NO_PACKAGE= "requires local database to be built" +RESTRICTED= "contains crypto class algorithms" + +post-extract: + @ (cd work; tar xf T1.2.tar) + +pre-configure: + @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2 + +post-install: + @ ${MKDIR} /var/adm/tcheck + @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config + @ ${ECHO} Creating tripwire database + @ (cd /var/adm/tcheck; tripwire -initialize) +.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES + @ disklabel -w -B /dev/rfd0c fd1440 + @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c + @ mount /dev/fd0c /mnt + @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire + @ chmod 555 /mnt/tripwire + @ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config + @ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \ + > /mnt/tw.db_`hostname`.gz + @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck + @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip + @ umount /mnt + @ ${ECHO} Do not forget to remove and write-protect the floppy. +.endif + +.include <bsd.port.mk> diff --git a/security/tripwire12/distinfo b/security/tripwire12/distinfo new file mode 100644 index 000000000000..99144795d9b7 --- /dev/null +++ b/security/tripwire12/distinfo @@ -0,0 +1 @@ +MD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88 diff --git a/security/tripwire12/files/conf-freebsd2.h b/security/tripwire12/files/conf-freebsd2.h new file mode 100644 index 000000000000..e97290da4786 --- /dev/null +++ b/security/tripwire12/files/conf-freebsd2.h @@ -0,0 +1,55 @@ +/* $Id$ */ + +/* + * conf-freebsd2.h + * + * Tripwire configuration file + * + * Joe Greco + * sol.net Network Services + * Derived from the other BSD config.h's + */ + +/*** + *** Operating System specifics + *** + *** If the answer to a question in the comment is "Yes", then + *** change the corresponding "#undef" to a "#define" + ***/ + +/* + * is your OS a System V derivitive? if so, what version? + * (e.g., define SYSV 4) + */ + +#undef SYSV + +/* + * does your system have a <malloc.h> like System V? + */ + +#undef MALLOCH + +/* + * does your system have a <stdlib.h> like POSIX says you should? + */ + +#define STDLIBH + +/* + * does your system use readdir(3) that returns (struct dirent *)? + */ + +#define DIRENT + +/* + * is #include <string.h> ok? (as opposed to <strings.h>) + */ + +#define STRINGH + +/* + * does your system have gethostname(2) (instead of uname(2))? + */ + +#define GETHOSTNAME diff --git a/security/tripwire12/files/patch-aa b/security/tripwire12/files/patch-aa new file mode 100644 index 000000000000..81238bf9ae3a --- /dev/null +++ b/security/tripwire12/files/patch-aa @@ -0,0 +1,38 @@ +*** include/config.h.orig Fri Jul 15 06:02:52 1994 +--- include/config.h Sun Dec 31 18:56:20 1989 +*************** +*** 17,23 **** + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-svr4.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +--- 17,23 ---- + *** file that corresponds with your operating system. + ***/ + +! #include "../configs/conf-freebsd2.h" + + #ifdef TW_TYPE32 + typedef TW_TYPE32 int32; +*************** +*** 103,110 **** + #endif + */ + +! #define CONFIG_PATH "/tmp/genek" +! #define DATABASE_PATH "/tmp/genek" + + /******* name of Tripwire files ************************************** + * +--- 103,110 ---- + #endif + */ + +! # define CONFIG_PATH "/var/adm/tcheck" +! # define DATABASE_PATH "/var/adm/tcheck/databases" + + /******* name of Tripwire files ************************************** + * diff --git a/security/tripwire12/files/patch-ab b/security/tripwire12/files/patch-ab new file mode 100644 index 000000000000..b7db1c46c099 --- /dev/null +++ b/security/tripwire12/files/patch-ab @@ -0,0 +1,43 @@ +*** Makefile.orig Mon Jul 25 10:59:41 1994 +--- Makefile Thu Jan 2 12:04:35 1997 +*************** +*** 12,21 **** + ### + + # destination directory for final executables +! DESTDIR = /secureplace/bin + + # destination for man pages +! MANDIR = /usr/man + + # system utilities + LEX = lex +--- 12,21 ---- + ### + + # destination directory for final executables +! DESTDIR = /usr/local/bin + + # destination for man pages +! MANDIR = /usr/local/man + + # system utilities + LEX = lex +*************** +*** 60,66 **** + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) +--- 60,67 ---- + #CPP = /lib/cpp # on older systems + + # make sure libraries are not linked dynamically (as a security measure) +! LDFLAGS= -static +! #LDFLAGS= # common + #LDFLAGS= -non_shared # OSF/1 + #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire + # on Solaris 2.3) diff --git a/security/tripwire12/files/patch-ac b/security/tripwire12/files/patch-ac new file mode 100644 index 000000000000..bad090157860 --- /dev/null +++ b/security/tripwire12/files/patch-ac @@ -0,0 +1,16 @@ +This patch eliminates a compiler warning about LITTLE_ENDIAN begin +redefined. + +*** sigs/sha/sha.c.orig Mon Jul 25 08:46:45 1994 +--- sigs/sha/sha.c Mon Mar 31 19:55:23 1997 +*************** +*** 47,52 **** +--- 47,54 ---- + #include "sha.h" + + #if BYTEORDER == 0x1234 ++ #undef BIG_ENDIAN ++ #undef LITTLE_ENDIAN + #define LITTLE_ENDIAN + #endif + diff --git a/security/tripwire12/files/tw.conf.freebsd2 b/security/tripwire12/files/tw.conf.freebsd2 new file mode 100644 index 000000000000..3af8fa548d0f --- /dev/null +++ b/security/tripwire12/files/tw.conf.freebsd2 @@ -0,0 +1,149 @@ +# $Id$ +# +# tripwire.config +# Generic version for FreeBSD +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam12] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner 1: signature 1 +# g : group id of owner 2: signature 2 +# s : size of file +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +pinugsm12-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: (default) R : [R]ead-only (+pinugsm12-a) +# L : [L]og file (+pinug-sam12) +# N : ignore [N]othing (+pinusgsamc12) +# E : ignore [E]verything (-pinusgsamc12) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+ug +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbitant +# protection is not needed. (See README and design document for further +# details.) +# + +# First, root's "home" +=/ L +/.rhosts R # may not exist +/.profile R # may not exist +/.cshrc R # may not exist +/.login R # may not exist +/.exrc R # may not exist +/.logout R # may not exist +/.forward R # may not exist + +# Unix itself +/kernel R + +# /bin +/bin R-2 + +# /dev +/dev L + +# /etc +/etc R-2 +/etc/aliases L +/etc/dumpdates L +/etc/motd L + +# my passwd database should be static at time of system build. yours may +# not be, if not, uncomment the lines below. + +# /etc/passwd L +# /etc/master.passwd L +# /etc/pwd.db L +# /etc/spwd.db L + +# /home +=/home + +# /lkm +/lkm R-2 + +# /root +/root R-2 +/root/.history L + +# /sbin +/sbin R-2 + +# /stand +/stand R-2 + +# /usr/bin +/usr/bin R-2 + +/usr/include R-12 + +/usr/lib R-2 + +/usr/libdata R-2 + +/usr/libexec R-2 + +/usr/local/bin R-2 + +/usr/local/etc L + +/usr/local/lib R-2 + +/usr/local/libexec R-2 + +/usr/local/sbin R-2 + +/usr/local/share R-2 + +/usr/sbin R-2 + +/usr/share R-2 + +########################################### diff --git a/security/tripwire12/files/twcheck b/security/tripwire12/files/twcheck new file mode 100644 index 000000000000..a4dffd2b61c9 --- /dev/null +++ b/security/tripwire12/files/twcheck @@ -0,0 +1,3 @@ +#! /bin/sh - + +./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config diff --git a/security/tripwire12/pkg-comment b/security/tripwire12/pkg-comment new file mode 100644 index 000000000000..246b5375df52 --- /dev/null +++ b/security/tripwire12/pkg-comment @@ -0,0 +1 @@ +File system security and verification program. diff --git a/security/tripwire12/pkg-descr b/security/tripwire12/pkg-descr new file mode 100644 index 000000000000..06132f876d9b --- /dev/null +++ b/security/tripwire12/pkg-descr @@ -0,0 +1,13 @@ +Tripwire is a tool that aids system administrators and +users in monitoring a designated set of files for any changes. +Used with system files on a regular (e.g., daily) basis, Tripwire +can notify system administrators of corrupted or tampered files, +so damage control measures can be taken in a timely manner. + +If "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the +"make" command line, this port will write the tripwire database to +a floppy disk, which should then be write-protected and used as a +reference for future runs. The diskette should be formatted and +present in the "A" drive before starting the "make install" step. + +Joe Greco <jgreco@ns.sol.net> diff --git a/security/tripwire12/pkg-plist b/security/tripwire12/pkg-plist new file mode 100644 index 000000000000..c22cb5607b45 --- /dev/null +++ b/security/tripwire12/pkg-plist @@ -0,0 +1,4 @@ +bin/tripwire +man/man5/tw.config.5.gz +man/man8/siggen.8.gz +man/man8/tripwire.8.gz |