colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #27 from Tripwire/dev/next 

Open Source Tripwire 2.4.3.6
This commit is contained in:
Brian Cox 2017-10-01 19:49:45 -07:00 committed by GitHub
parent 7af2781a19 d06b001efe
commit 80db91b4c1
537 changed files with 12205 additions and 4355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -3,7 +3,6 @@ config.h
config.h.in~
config.log
config.status
compile
autom4te.cache/
bin/
lib/
@ -21,6 +20,9 @@ src/test-harness/twtest
**/*.dll
**/*.exe
**/*~
**/*#
**/*.bak
**/.DS_Store
**/*.gcno
**/*.gcda
releases/

18
ChangeLog
View File

@ -1,3 +1,18 @@
2017-10-01 Brian Cox <bcox@tripwire.com>
* Update version to 2.4.3.6
* Fix & expand tests in Perl acceptance test framework
* Fix & expand twtest unit tests, & rework unit test mini-framework so theyre referenced by name, not some numeric ID, and list tests as “skipped" if they dont make any test assertions.
* Add configure options to enable coverage, profiling, & use /dev/urandom as RNG (all off by default)
* Add a list make target to list all make targets
* Remove dead code & add test coverage per gcov+lcov results
* Fix various memory issues pointed out by valgrind
* In examine-encryption mode, better reporting (& nonzero exit) if we can't find a keyfile for the examined file.
* More exception handling around individual objects & init/IC as a whole, since there have been occasional reports of uncaught exceptions during init or check, and so far havent been able to repro or figure out what circumstances it occurs under. (e.g. Github issue #25)
* Tweak install.sh so it can be run directly, not just thru 'make install' if you want. (Github issue #26)
* Improve native (non-Posixy) path handling on platforms that need it (DOS, AROS, RISC OS, Redox)
* New platforms: MirOS BSD, Bitrig, LibertyBSD, RISC OS, Redox
* Add default policies for HP-UX & various BSDs
2017-03-30 Brian Cox <bcox@tripwire.com>
* Bump version to 2.4.3.5
* Fix install-strip, check, uninstall, and distcheck make targets.
@ -35,7 +50,8 @@
* AROS: Correctly hide passphrases & delete temp files.
* Remove dead code & unused files.
* Optional RESOLVE_IDS_TO_NAMES option to disable uid/gid to name resolution, if needed.
* New --key-size option to twadmin --generate-keys, to generate 1024 (default) or 2048 bit El Gamal keys.
* New --key-size option to twadmin --generate-keys, to generate 1024 (default) or 2048 bit El Gamal keys.
2016-04-20 Brian Cox <bcox@tripwire.com>
* Bump version to 2.4.3.1
* Revive old 'twtest' unit test suite (such as it is); move _t.cpp files into twtest dir.

9
Makefile.am
View File

@ -14,5 +14,12 @@ uninstall-hook:
check:
rm -Rf $(top_srcdir)/src/test-harness/twtest
rm -Rf $(top_srcdir)/bin/TWTestData
cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
$(top_srcdir)/bin/twtest all
cd $(top_srcdir)/bin && ./twtest all
test: check
.PHONY: targets
targets:
@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs

22
Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -307,7 +307,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@ -547,7 +546,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@ -573,7 +572,7 @@ dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@ -591,7 +590,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@ -601,7 +600,7 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
@ -810,8 +809,15 @@ uninstall-hook:
check:
rm -Rf $(top_srcdir)/src/test-harness/twtest
rm -Rf $(top_srcdir)/bin/TWTestData
cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
$(top_srcdir)/bin/twtest all
cd $(top_srcdir)/bin && ./twtest all
test: check
.PHONY: targets
targets:
@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.

2
TRADEMARK
View File

@ -2,7 +2,7 @@ TRIPWIRE COPYRIGHT & TRADEMARK NOTICE
COPYRIGHT
The developer of the original code and/or files is Tripwire, Inc. Portions
created by Tripwire, Inc. are copyright 2000 Tripwire, Inc.
created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.
TRADEMARK
Tripwire is a registered trademark (the "Trademark") of Tripwire, Inc. All

46
aclocal.m4 vendored
View File

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
# Copyright (C) 2002-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.15], [],
m4_if([$1], [1.15.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.15])dnl
[AM_AUTOMAKE_VERSION([1.15.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -408,7 +408,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -605,7 +605,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -626,7 +626,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
# Copyright (C) 2003-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -647,7 +647,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -697,7 +697,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -738,7 +738,7 @@ fi
# Obsolete and "removed" macros, that must however still report explicit
# error messages when used, to smooth transition.
#
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -765,7 +765,7 @@ AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -794,7 +794,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -841,7 +841,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -860,7 +860,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -941,7 +941,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
# Copyright (C) 2009-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1001,7 +1001,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1029,7 +1029,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
# Copyright (C) 2006-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1048,7 +1048,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
# Copyright (C) 2004-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

348
compile Executable file
View File

@ -0,0 +1,348 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2016-01-11.22; # UTC
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

109
config.guess vendored
View File

@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2016 Free Software Foundation, Inc.
# Copyright 1992-2017 Free Software Foundation, Inc.
timestamp='2016-02-11'
timestamp='2017-09-16'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2016-02-11'
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# along with this program; if not, see <https://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -27,7 +27,7 @@ timestamp='2016-02-11'
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches to <config-patches@gnu.org>.
@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2016 Free Software Foundation, Inc.
Copyright 1992-2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -186,9 +186,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
# to ELF recently (or will in the future) and ABI.
case "${UNAME_MACHINE_ARCH}" in
arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
earm*)
os=netbsdelf
;;
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
@ -256,6 +259,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
*:Redox:*:*)
echo ${UNAME_MACHINE}-unknown-redox
exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@ -312,15 +318,6 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exitcode=$?
trap '' 0
exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
exit ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit ;;
@ -386,7 +383,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH=x86_64
@ -684,7 +681,7 @@ EOF
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
@ -701,7 +698,7 @@ EOF
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
HP_ARCH=hppa2.0w
@ -834,10 +831,11 @@ EOF
UNAME_PROCESSOR=`/usr/bin/uname -p`
case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
UNAME_PROCESSOR=x86_64 ;;
i386)
UNAME_PROCESSOR=i586 ;;
esac
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit ;;
*:MidnightBSD:*:*)
UNAME_PROCESSOR=`/usr/bin/uname -p`
@ -860,10 +858,6 @@ EOF
*:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
# uname -m includes "-pc" on this system.
echo ${UNAME_MACHINE}-mingw32
exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
@ -879,27 +873,12 @@ EOF
echo ia64-unknown-interix${UNAME_RELEASE}
exit ;;
esac ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
8664:Windows_NT:*)
echo x86_64-pc-mks
exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
exit ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit ;;
amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
echo x86_64-unknown-cygwin
exit ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
@ -909,7 +888,7 @@ EOF
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
@ -1006,6 +985,9 @@ EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
mips64el:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
openrisc*:Linux:*:*)
echo or1k-unknown-linux-${LIBC}
exit ;;
@ -1038,6 +1020,9 @@ EOF
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
riscv32:Linux:*:* | riscv64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
@ -1285,6 +1270,9 @@ EOF
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
SX-ACE:SUPER-UX:*:*)
echo sxace-nec-superux${UNAME_RELEASE}
exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@ -1300,14 +1288,21 @@ EOF
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
i386) UNAME_PROCESSOR=x86_64 ;;
powerpc) UNAME_PROCESSOR=powerpc64 ;;
esac
fi
# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_PPC >/dev/null
then
UNAME_PROCESSOR=powerpc
fi
fi
elif test "$UNAME_PROCESSOR" = i386 ; then
# Avoid executing cc on OS X 10.9, as it ships with a stub
@ -1331,15 +1326,18 @@ EOF
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
NEO-?:NONSTOP_KERNEL:*:*)
NEO-*:NONSTOP_KERNEL:*:*)
echo neo-tandem-nsk${UNAME_RELEASE}
exit ;;
NSE-*:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
NSR-*:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit ;;
NSX-*:NONSTOP_KERNEL:*:*)
echo nsx-tandem-nsk${UNAME_RELEASE}
exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
exit ;;
@ -1395,7 +1393,7 @@ EOF
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
@ -1414,18 +1412,17 @@ esac
cat >&2 <<EOF
$0: unable to guess system type
This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
This script (version $timestamp), has failed to recognize the
operating system you are using. If your script is old, overwrite *all*
copies of config.guess and config.sub with the latest versions from:
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
pertinent to <config-patches@gnu.org> in order to provide the needed
information to handle your system.
If $0 has already been updated, send the following data and any
information you think might be pertinent to config-patches@gnu.org to
provide the necessary information to handle your system.
config.guess timestamp = $timestamp

39
config.h.in
View File

@ -6,6 +6,9 @@
/* Compile with debug code */
#undef DEBUG
/* Enable use of /dev/urandom */
#undef ENABLE_DEV_URANDOM
/* this is the prefix for STL exception functions */
#undef EXCEPTION_NAMESPACE
@ -15,6 +18,21 @@
/* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */
#undef HAVE_COMMONCRYPTO_COMMONDIGEST_H
/* Has /dev/arandom */
#undef HAVE_DEV_ARANDOM
/* Has /dev/random */
#undef HAVE_DEV_RANDOM
/* Has /dev/urandom */
#undef HAVE_DEV_URANDOM
/* Define to 1 if you have the `door_create' function. */
#undef HAVE_DOOR_CREATE
/* Define to 1 if you have the <door.h> header file. */
#undef HAVE_DOOR_H
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
@ -54,6 +72,12 @@
/* Define to 1 if you have the <openssl/sha.h> header file. */
#undef HAVE_OPENSSL_SHA_H
/* Define to 1 if you have the `port_create' function. */
#undef HAVE_PORT_CREATE
/* Define to 1 if you have the <port.h> header file. */
#undef HAVE_PORT_H
/* Define to 1 if you have the `posix_fadvise' function. */
#undef HAVE_POSIX_FADVISE
@ -78,6 +102,15 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if `st_blocks' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLOCKS
/* Define to 1 if `st_rdev' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_RDEV
/* Define to 1 if you have the `swab' function. */
#undef HAVE_SWAB
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
@ -111,6 +144,9 @@
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <sys/unistd.h> header file. */
#undef HAVE_SYS_UNISTD_H
/* Define to 1 if you have the <sys/ustat.h> header file. */
#undef HAVE_SYS_USTAT_H
@ -165,6 +201,9 @@
/* The size of `long long', as computed by sizeof. */
#undef SIZEOF_LONG_LONG
/* The size of `time_t', as computed by sizeof. */
#undef SIZEOF_TIME_T
/* Don't use gethostbyname() on Solaris */
#undef SOLARIS_NO_GETHOSTBYNAME

63
config.sub vendored
View File

@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2016 Free Software Foundation, Inc.
# Copyright 1992-2017 Free Software Foundation, Inc.
timestamp='2016-01-01'
timestamp='2017-09-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2016-01-01'
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# along with this program; if not, see <https://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -33,7 +33,7 @@ timestamp='2016-01-01'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2016 Free Software Foundation, Inc.
Copyright 1992-2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -117,7 +117,7 @@ case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
kopensolaris*-gnu* | cloudabi*-eabi* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -229,9 +229,6 @@ case $os in
-ptx*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
;;
-windowsnt*)
os=`echo $os | sed -e 's/windowsnt/winnt/'`
;;
-psos*)
os=-psos
;;
@ -263,7 +260,7 @@ case $basic_machine in
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| i370 | i860 | i960 | ia16 | ia64 \
| ip2k | iq2000 \
| k1om \
| le32 | le64 \
@ -301,6 +298,7 @@ case $basic_machine in
| open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pru \
| pyramid \
| riscv32 | riscv64 \
| rl78 | rx \
@ -314,6 +312,7 @@ case $basic_machine in
| ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| wasm32 \
| we32k \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
@ -387,7 +386,7 @@ case $basic_machine in
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
| ip2k-* | iq2000-* \
| k1om-* \
| le32-* | le64-* \
@ -428,6 +427,7 @@ case $basic_machine in
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pru-* \
| pyramid-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
@ -444,6 +444,7 @@ case $basic_machine in
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| visium-* \
| wasm32-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
@ -643,6 +644,14 @@ case $basic_machine in
basic_machine=m68k-bull
os=-sysv3
;;
e500v[12])
basic_machine=powerpc-unknown
os=$os"spe"
;;
e500v[12]-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
os=$os"spe"
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
@ -938,6 +947,9 @@ case $basic_machine in
nsr-tandem)
basic_machine=nsr-tandem
;;
nsx-tandem)
basic_machine=nsx-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
@ -1022,7 +1034,7 @@ case $basic_machine in
ppc-* | ppcbe-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
ppcle | powerpclittle)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
@ -1032,7 +1044,7 @@ case $basic_machine in
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
ppc64le | powerpc64little)
basic_machine=powerpc64le-unknown
;;
ppc64le-* | powerpc64little-*)
@ -1233,6 +1245,9 @@ case $basic_machine in
basic_machine=a29k-wrs
os=-vxworks
;;
wasm32)
basic_machine=wasm32-unknown
;;
w65*)
basic_machine=w65-wdc
os=-none
@ -1241,6 +1256,9 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
x64)
basic_machine=x86_64-pc
;;
xbox)
basic_machine=i686-pc
os=-mingw32
@ -1348,8 +1366,8 @@ esac
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# First match some system type aliases that might get confused
# with valid system types.
# -solaris* is a basic system type, with this one exception.
-auroraux)
os=-auroraux
@ -1369,9 +1387,9 @@ case $os in
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
# First accept the basic system types.
# Now accept the basic system types.
# The portable systems comes first.
# Each alternative MUST END IN A *, to match a version number.
# Each alternative MUST end in a * to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
@ -1387,9 +1405,9 @@ case $os in
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
@ -1399,7 +1417,7 @@ case $os in
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
| -onefs* | -tirtos*)
| -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1531,6 +1549,8 @@ case $os in
;;
-nacl*)
;;
-ios)
;;
-none)
;;
*)
@ -1626,6 +1646,9 @@ case $basic_machine in
sparc-* | *-sun)
os=-sunos4.1.1
;;
pru-*)
os=-elf
;;
*-be)
os=-beos
;;

297
configure vendored
View File

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision: 2.4.3.5 .
# From configure.ac Revision: 2.4.3.6 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.5.
# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.6.
#
# Report bugs to <https://github.com/Tripwire/tripwire-open-source/issues>.
#
@ -584,8 +584,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='tripwire'
PACKAGE_TARNAME='tripwire'
PACKAGE_VERSION='2.4.3.5'
PACKAGE_STRING='tripwire 2.4.3.5'
PACKAGE_VERSION='2.4.3.6'
PACKAGE_STRING='tripwire 2.4.3.6'
PACKAGE_BUGREPORT='https://github.com/Tripwire/tripwire-open-source/issues'
PACKAGE_URL='https://github.com/Tripwire/tripwire-open-source'
@ -724,7 +724,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -751,6 +750,9 @@ enable_silent_rules
enable_extrawarnings
enable_static
enable_debug
enable_coverage
enable_profiling
enable_urandom
enable_dependency_tracking
enable_commoncrypto
enable_iconv
@ -810,7 +812,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1063,15 +1064,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1209,7 +1201,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1322,7 +1314,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures tripwire 2.4.3.5 to adapt to many kinds of systems.
\`configure' configures tripwire 2.4.3.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1362,7 +1354,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@ -1394,7 +1385,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of tripwire 2.4.3.5:";;
short | recursive ) echo "Configuration of tripwire 2.4.3.6:";;
esac
cat <<\_ACEOF
@ -1407,6 +1398,9 @@ Optional Features:
—-disable-extrawarnings do not compile with -Wextra warnings enabled
--enable-static compile static binaries
--enable-debug compile with debuging enabled
--enable-coverage enable code coverage
--enable-profiling enable profiling
--enable-urandom use /dev/urandom
--enable-dependency-tracking
do not reject slow dependency extractors
--disable-dependency-tracking
@ -1506,7 +1500,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
tripwire configure 2.4.3.5
tripwire configure 2.4.3.6
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2036,6 +2030,63 @@ rm -f conftest.val
} # ac_fn_c_compute_int
# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
# ----------------------------------------------------
# Tries to find if the field MEMBER exists in type AGGR, after including
# INCLUDES, setting cache variable VAR accordingly.
ac_fn_c_check_member ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
$as_echo_n "checking for $2.$3... " >&6; }
if eval \${$4+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$5
int
main ()
{
static $2 ac_aggr;
if (ac_aggr.$3)
return 0;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
eval "$4=yes"
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$5
int
main ()
{
static $2 ac_aggr;
if (sizeof ac_aggr.$3)
return 0;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
eval "$4=yes"
else
eval "$4=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
eval ac_res=\$$4
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_member
# ac_fn_c_try_link LINENO
# -----------------------
# Try to link conftest.$ac_ext, and return whether this succeeded.
@ -2393,7 +2444,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by tripwire $as_me 2.4.3.5, which was
It was created by tripwire $as_me 2.4.3.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3367,7 +3418,7 @@ fi
# Define the identity of the package.
PACKAGE='tripwire'
VERSION='2.4.3.5'
VERSION='2.4.3.6'
cat >>confdefs.h <<_ACEOF
@ -3462,6 +3513,10 @@ fi
ac_config_headers="$ac_config_headers config.h"
CFLAGS=${CFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
@ -3499,6 +3554,46 @@ then
$as_echo "#define DEBUG 1" >>confdefs.h
else
$as_echo "#define NDEBUG 1" >>confdefs.h
fi
# Check whether --enable-coverage was given.
if test "${enable_coverage+set}" = set; then :
enableval=$enable_coverage;
fi
if test "x$enable_coverage" = xyes
then
CFLAGS="${CFLAGS} --coverage"
CXXFLAGS="${CXXFLAGS} --coverage"
LDFLAGS="${LDFLAGS} --coverage"
fi
# Check whether --enable-profiling was given.
if test "${enable_profiling+set}" = set; then :
enableval=$enable_profiling;
fi
if test "x$enable_profiling" = xyes
then
CFLAGS="${CFLAGS} -pg"
CXXFLAGS="${CXXFLAGS} -pg"
LDFLAGS="${LDFLAGS} -pg"
fi
# Check whether --enable-urandom was given.
if test "${enable_urandom+set}" = set; then :
enableval=$enable_urandom;
fi
if test "x$enable_urandom" = xyes
then
$as_echo "#define ENABLE_DEV_URANDOM 1" >>confdefs.h
fi
ac_ext=c
@ -5531,7 +5626,20 @@ fi
done
for ac_header in unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h
for ac_header in unistd.h sys/unistd.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
for ac_header in syslog.h langinfo.h sys/statfs.h sys/select.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@ -6062,6 +6170,39 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
# The cast to long int works around a bug in the HP C Compiler
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
$as_echo_n "checking size of time_t... " >&6; }
if ${ac_cv_sizeof_time_t+:} false; then :
$as_echo_n "(cached) " >&6
else
if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "$ac_includes_default"; then :
else
if test "$ac_cv_type_time_t" = yes; then
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "cannot compute sizeof (time_t)
See \`config.log' for more details" "$LINENO" 5; }
else
ac_cv_sizeof_time_t=0
fi
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
$as_echo "$ac_cv_sizeof_time_t" >&6; }
cat >>confdefs.h <<_ACEOF
#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
_ACEOF
$as_echo "#define USES_1S_COMPLEMENT 0" >>confdefs.h
@ -6087,6 +6228,26 @@ $as_echo "#define IS_UNIX 1" >>confdefs.h
$as_echo "#define NDEBUG 1" >>confdefs.h
ac_fn_c_check_member "$LINENO" "struct stat" "st_rdev" "ac_cv_member_struct_stat_st_rdev" "$ac_includes_default"
if test "x$ac_cv_member_struct_stat_st_rdev" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_STRUCT_STAT_ST_RDEV 1
_ACEOF
fi
ac_fn_c_check_member "$LINENO" "struct stat" "st_blocks" "ac_cv_member_struct_stat_st_blocks" "$ac_includes_default"
if test "x$ac_cv_member_struct_stat_st_blocks" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_STRUCT_STAT_ST_BLOCKS 1
_ACEOF
fi
for ac_func in strftime gethostname gethostid
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@ -6111,6 +6272,17 @@ _ACEOF
fi
done
for ac_func in swab
do :
ac_fn_c_check_func "$LINENO" "swab" "ac_cv_func_swab"
if test "x$ac_cv_func_swab" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_SWAB 1
_ACEOF
fi
done
for ac_header in fcntl.h
do :
@ -6157,6 +6329,78 @@ done
fi
for ac_header in door.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "door.h" "ac_cv_header_door_h" "$ac_includes_default"
if test "x$ac_cv_header_door_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_DOOR_H 1
_ACEOF
for ac_func in door_create
do :
ac_fn_c_check_func "$LINENO" "door_create" "ac_cv_func_door_create"
if test "x$ac_cv_func_door_create" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_DOOR_CREATE 1
_ACEOF
fi
done
fi
done
for ac_header in port.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "port.h" "ac_cv_header_port_h" "$ac_includes_default"
if test "x$ac_cv_header_port_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_PORT_H 1
_ACEOF
for ac_func in port_create
do :
ac_fn_c_check_func "$LINENO" "port_create" "ac_cv_func_port_create"
if test "x$ac_cv_func_port_create" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_PORT_CREATE 1
_ACEOF
fi
done
fi
done
UNAME=`uname`
if [ $UNAME != "AROS" ]; then
if test -c "/dev/random"; then
$as_echo "#define HAVE_DEV_RANDOM 1" >>confdefs.h
fi
if test -c "/dev/urandom"; then
$as_echo "#define HAVE_DEV_URANDOM 1" >>confdefs.h
fi
if test -c "/dev/arandom"; then
$as_echo "#define HAVE_DEV_ARANDOM 1" >>confdefs.h
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lc" >&5
$as_echo_n "checking for socket in -lc... " >&6; }
@ -6859,6 +7103,9 @@ case $target in
;;
*-*-netbsd*)
;;
*-*-libertybsd*)
CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
;;
i[0-9]86-pc-linux*)
;;
sparc-*-linux*)
@ -7642,7 +7889,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by tripwire $as_me 2.4.3.5, which was
This file was extended by tripwire $as_me 2.4.3.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -7709,7 +7956,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
tripwire config.status 2.4.3.5
tripwire config.status 2.4.3.6
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

73
configure.ac
View File

@ -2,14 +2,14 @@ dnl Process this file with autoconf to produce a configure script.
dnl
dnl
AC_INIT([tripwire], [2.4.3.5], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
AC_INIT([tripwire], [2.4.3.6], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
AC_CONFIG_SRCDIR([src/tw/tw.cpp])
AC_CANONICAL_TARGET([])
AM_INIT_AUTOMAKE
AM_CONFIG_HEADER(config.h)
AC_COPYRIGHT([The developer of the original code and/or files is Tripwire, Inc. Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights reserved.])
AC_REVISION([$Revision: 2.4.3.5 $])
AC_REVISION([$Revision: 2.4.3.6 $])
dnl ###############
dnl Setup defaults
@ -40,6 +40,30 @@ then
CFLAGS="${CFLAGS} -g"
CXXFLAGS="${CXXFLAGS} -g"
AC_DEFINE(DEBUG, 1, [Compile with debug code])
else
AC_DEFINE(NDEBUG, 1, [Compile without debug code])
fi
AC_ARG_ENABLE(coverage, [ --enable-coverage enable code coverage])
if test "x$enable_coverage" = xyes
then
CFLAGS="${CFLAGS} --coverage"
CXXFLAGS="${CXXFLAGS} --coverage"
LDFLAGS="${LDFLAGS} --coverage"
fi
AC_ARG_ENABLE(profiling, [ --enable-profiling enable profiling])
if test "x$enable_profiling" = xyes
then
CFLAGS="${CFLAGS} -pg"
CXXFLAGS="${CXXFLAGS} -pg"
LDFLAGS="${LDFLAGS} -pg"
fi
AC_ARG_ENABLE(urandom, [ --enable-urandom use /dev/urandom])
if test "x$enable_urandom" = xyes
then
AC_DEFINE(ENABLE_DEV_URANDOM, 1, [Enable use of /dev/urandom])
fi
dnl ###################
@ -75,7 +99,8 @@ AC_CHECK_HEADERS(sys/mount.h,,,
#endif
]])
AC_CHECK_HEADERS(sys/ustat.h sys/sysmacros.h sys/syslog.h sys/socket.h)
AC_CHECK_HEADERS(unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h)
AC_CHECK_HEADERS(unistd.h sys/unistd.h)
AC_CHECK_HEADERS(syslog.h langinfo.h sys/statfs.h sys/select.h)
AC_CHECK_HEADERS(signum.h bits/signum.h, break )
AC_CHECK_HEADERS(stdarg.h varargs.h, break )
AC_CHECK_HEADERS(sys/utsname.h memory.h)
@ -97,6 +122,7 @@ AC_C_BIGENDIAN
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(long)
AC_CHECK_SIZEOF(long long)
AC_CHECK_SIZEOF(time_t)
dnl All platforms we support use 2's complement, are byte aligned, etc...
AC_DEFINE(USES_1S_COMPLEMENT, 0, [Uses one's complement])
@ -113,11 +139,15 @@ AC_DEFINE(IS_UNIX, 1, [Is a unix type platform])
dnl whether or not to generate debuging code?
AC_DEFINE(NDEBUG, 1, [don't generate debuging code])
dnl look for struct stat members that aren't always there
AC_CHECK_MEMBERS([struct stat.st_rdev, struct stat.st_blocks])
dnl #############################
dnl Checks for standard functions
dnl #############################
AC_CHECK_FUNCS(strftime gethostname gethostid)
AC_CHECK_FUNCS(mkstemp mktemp, break)
AC_CHECK_FUNCS(swab)
dnl check for posix_fadvise
AC_CHECK_HEADERS(fcntl.h, [AC_CHECK_FUNCS(posix_fadvise)])
@ -131,6 +161,40 @@ then
AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h)
fi
dnl check for door support (Solaris)
AC_CHECK_HEADERS(door.h, [AC_CHECK_FUNCS(door_create)])
dnl check for event port support (Solaris)
AC_CHECK_HEADERS(port.h, [AC_CHECK_FUNCS(port_create)])
dnl ##############################################
dnl check for various RNG/PRNG devices
dnl ##############################################
UNAME=`uname`
dnl ##############################################
dnl AROS pops up a "Please insert disk" dialog for /dev
dnl if script looks for devices (which don't exist)
dnl so don't even try looking.
dnl ##############################################
if [[ $UNAME != "AROS" ]]; then
if test -c "/dev/random"; then
AC_DEFINE(HAVE_DEV_RANDOM, [1], [Has /dev/random])
fi
if test -c "/dev/urandom"; then
AC_DEFINE(HAVE_DEV_URANDOM, [1], [Has /dev/urandom])
fi
if test -c "/dev/arandom"; then
AC_DEFINE(HAVE_DEV_ARANDOM, [1], [Has /dev/arandom])
fi
fi
dnl ##############################################
dnl Checks for various platform specific libraries
dnl ##############################################
@ -285,6 +349,9 @@ case $target in
;;
*-*-netbsd*)
;;
*-*-libertybsd*)
CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
;;
i[[0-9]]86-pc-linux*)
;;
sparc-*-linux*)

15
installer/install.sh
View File

@ -28,7 +28,7 @@ fi
## The usage message.
##-------------------------------------------------------
USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>]"
USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>] [-d <installdir>]"
##-------------------------------------------------------
## Figure out how to do an echo without newline.
@ -104,8 +104,10 @@ fi
## Miscellaneous configuration parameters.
##-------------------------------------------------------
# prefix
prefix="${prefix:=/usr}"
# set a few location variables if caller didn't pass them to us
prefix="${prefix:=/usr/local}"
sysconfdir="${sysconfdir:=/usr/local/etc}"
path_to_vi="${path_to_vi:=/usr/bin/vi}"
# License File name
TWLICENSEFILE="COPYING"
@ -178,6 +180,13 @@ while [ "x$1" != "x" ] ; do
exit 1 ;;
*) TW_LOCAL_PASS="$2"; shift ;;
esac ;;
-d) case "$2" in
"" | -*)
echo "Error: missing install dir with -d option." 1>&2
echo "$USAGE"
exit 1 ;;
*) prefix="$2"; sysconfdir="$2/bin"; shift ;;
esac ;;
-*) echo "Error: unknown argument $1" 1>&2
echo "$USAGE"
exit 1 ;;

18
lcov.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
if [ -d ./lcov ]; then
rm -Rf ./lcov
fi
if [ -e ./lcov.dat ]; then
rm ./lcov.dat
fi
if [ -e ./lcov.tgz ]; then
rm ./lcov.tgz
fi
lcov --capture --directory src --output-file ./lcov.dat
genhtml ./lcov.dat --output-directory lcov
tar -zcvf lcov.tgz lcov

5
man/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -284,7 +284,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@

5
man/man4/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@

5
man/man5/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@

5
man/man8/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@

2
policy/policyguide.txt
View File

@ -191,7 +191,7 @@ $(DIR1) -> $(param1); # It is also possible to do a
#=============================================================================
#
# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. All rights reserved.
#
# Linux is a registered trademark of Linus Torvalds.

292
policy/twpol-Bitrig.txt Normal file
View File

@ -0,0 +1,292 @@
##############################################################################
# ##
############################################################################## #
# # #
# Policy file for Bitrig 1.x # #
# (adapted from OpenBSD policy) # #
# ##
##############################################################################
##############################################################################
# ##
############################################################################## #
# # #
# Global Variable Definitions # #
# # #
# These are defined at install time by the installation script. You may # #
# manually edit these if you are using this file directly and not from the # #
# installation script itself. # #
# ##
##############################################################################
@@section GLOBAL
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;
##############################################################################
# Predefined Variables #
##############################################################################
#
# Property Masks
#
# - ignore the following properties
# + check the following properties
#
# a access timestamp (mutually exclusive with +CMSH)
# b number of blocks allocated
# c inode creation/modification timestamp
# d ID of device on which inode resides
# g group id of owner
# i inode number
# l growing files (logfiles for example)
# m modification timestamp
# n number of links
# p permission and file mode bits
# r ID of device pointed to by inode (valid only for device objects)
# s file size
# t file type
# u user id of owner
#
# C CRC-32 hash
# H HAVAL hash
# M MD5 hash
# S SHA hash
#
##############################################################################
Device = +pugsdr-intlbamcCMSH ;
Dynamic = +pinugtd-srlbamcCMSH ;
Growing = +pinugtdl-srbamcCMSH ;
IgnoreAll = -pinugtsdrlbamcCMSH ;
IgnoreNone = +pinugtsdrbamcCMSH-l ;
ReadOnly = +pinugtsdbmCM-rlacSH ;
Temporary = +pugt ;
@@section FS
########################################
# ##
######################################## #
# # #
# Tripwire Binaries and Data Files # #
# ##
########################################
# Tripwire Binaries
(
rulename = "Tripwire Binaries",
)
{
$(TWBIN)/siggen -> $(ReadOnly) ;
$(TWBIN)/tripwire -> $(ReadOnly) ;
$(TWBIN)/twadmin -> $(ReadOnly) ;
$(TWBIN)/twprint -> $(ReadOnly) ;
}
# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
rulename = "Tripwire Data Files",
)
{
# NOTE: We remove the inode attribute because when Tripwire creates a backup,
# it does so by renaming the old file and creating a new one (which will
# have a new inode number). Inode is left turned on for keys, which shouldn't
# ever change.
# NOTE: The first integrity check triggers this rule and each integrity check
# afterward triggers this rule until a database update is run, since the
# database file does not exist before that point.
$(TWDB) -> $(Dynamic) -i ;
$(TWPOL)/tw.pol -> $(ReadOnly) -i ;
$(TWPOL)/tw.cfg -> $(ReadOnly) -i ;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ;
$(TWSKEY)/site.key -> $(ReadOnly) ;
# don't scan the individual reports
$(TWREPORT) -> $(Dynamic) (recurse=0) ;
# In this configuration /usr/local is a symbolic link to /home/local.
# We want to ignore the following directories since they are already
# scanned using the real directory or mount point. Otherwise we see
# duplicates in the reports.
!/home/local ;
}
################################################
# ##
################################################ #
# # #
# OS Boot and Configuration Files # #
# ##
################################################
(
rulename = "OS Boot and Configuration Files",
)
{
/boot -> $(ReadOnly) ;
/bsd -> $(ReadOnly) ;
/etc -> $(IgnoreNone) -SHa ;
}
###################################################
# ##
################################################### #
# # #
# Mount Points # #
# ##
###################################################
(
rulename = "Mount Points",
)
{
/ -> $(ReadOnly) ;
/cdrom -> $(Dynamic) ;
/floppy -> $(Dynamic) ;
/home -> $(ReadOnly) ; # Modify as needed
/mnt -> $(Dynamic) ;
/usr -> $(ReadOnly) ;
/var -> $(ReadOnly) ;
}
###################################################
# ##
################################################### #
# # #
# Misc Top-Level Directories # #
# ##
###################################################
(
rulename = "Misc Top-Level Directories",
)
{
/altroot -> $(Dynamic) ;
/stand -> $(Dynamic) ;
}
################################################
# ##
################################################ #
# # #
# System Devices # #
# ##
################################################
(
rulename = "System Devices",
)
{
/dev -> $(Device) ;
/dev/fd -> $(Device) ;
/var/cron/tabs/.sock -> $(Device) ;
/var/empty/dev/log -> $(Device) ;
}
################################################
# ##
################################################ #
# # #
# OS Binaries and Libraries # #
# ##
################################################
(
rulename = "OS Binaries and Libraries",
)
{
/bin -> $(ReadOnly) ;
/sbin -> $(ReadOnly) ;
/usr/bin -> $(ReadOnly) ;
/usr/lib -> $(ReadOnly) ;
/usr/libexec -> $(ReadOnly) ;
/usr/sbin -> $(ReadOnly) ;
/usr/X11R6/bin -> $(ReadOnly) ;
/usr/X11R6/lib -> $(ReadOnly) ;
}
################################################
# ##
################################################ #
# # #
# Usr Local Files # #
# ##
################################################
#OK(
#OKrulename = "Usr Local Files",
#OK)
#OK{
#OK/usr/local -> $(ReadOnly) ;
#OK/usr/local/bin -> $(ReadOnly) ;
#OK/usr/local/doc -> $(ReadOnly) ;
#OK/usr/local/etc -> $(ReadOnly) ;
#OK/usr/local/include -> $(ReadOnly) ;
#OK/usr/local/info -> $(ReadOnly) ;
#OK/usr/local/lib -> $(ReadOnly) ;
#OK/usr/local/libdata -> $(ReadOnly) ;
#OK/usr/local/libexec -> $(ReadOnly) ;
#OK/usr/local/man -> $(ReadOnly) ;
#OK/usr/local/sbin -> $(ReadOnly) ;
#OK/usr/local/share -> $(ReadOnly) ;
#OK/usr/local/src -> $(ReadOnly) ;
#OK}
################################################
# ##
################################################ #
# # #
# Root Directory and Files # #
# ##
################################################
(
rulename = "Root Directory and Files",
)
{
/root -> $(IgnoreNone) -SHa ;
/root/.cshrc -> $(Dynamic) ;
/root/.profile -> $(Dynamic) ;
}
################################################
# ##
################################################ #
# # #
# Temporary Directories # #
# ##
################################################
(
rulename = "Temporary Directories",
)
{
/tmp -> $(Temporary) ;
/var/tmp -> $(Temporary) ;
}
################################################
# ##
################################################ #
# # #
# System and Boot Changes # #
# ##
################################################
(
rulename = "System and Boot Changes",
)
{
/var/backups -> $(Dynamic) -i ;
/var/db/host.random -> $(ReadOnly) -mCM ;
/var/cron -> $(Growing) -i ;
/var/log -> $(Growing) -i ;
/var/run -> $(Dynamic) -i ;
/var/mail -> $(Growing) ;
/var/msgs/bounds -> $(ReadOnly) -smbCM ;
/var/spool/clientmqueue -> $(Temporary) ;
/var/spool/mqueue -> $(Temporary) ;
}
#
# $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
#

656
policy/twpol-DragonFly.txt Normal file
View File

@ -0,0 +1,656 @@
#
# Policy file for DragonFly BSD
# (adapted from FreeBSD policy)
#
# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
#
# This is the example Tripwire Policy file. It is intended as a place to
# start creating your own custom Tripwire Policy file. Referring to it as
# well as the Tripwire Policy Guide should give you enough information to
# make a good custom Tripwire Policy file that better covers your
# configuration and security needs. A text version of this policy file is
# called twpol.txt.
#
# Note that this file is tuned to an install of FreeBSD using
# buildworld. If run unmodified, this file should create no errors on
# database creation, or violations on a subsiquent integrity check.
# However it is impossible for there to be one policy file for all machines,
# so this existing one errs on the side of security. Your FreeBSD
# configuration will most likey differ from the one our policy file was
# tuned to, and will therefore require some editing of the default
# Tripwire Policy file.
#
# The example policy file is best run with 'Loose Directory Checking'
# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
# file.
#
# Email support is not included and must be added to this file.
# Add the 'emailto=' to the rule directive section of each rule (add a comma
# after the 'severity=' line and add an 'emailto=' and include the email
# addresses you want the violation reports to go to). Addresses are
# semi-colon delimited.
#
#
# Global Variable Definitions
#
# These are defined at install time by the installation script. You may
# Manually edit these if you are using this file directly and not from the
# installation script itself.
#
@@section GLOBAL
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_TTY = $(Dynamic)-ugp ; # Tty files that change ownership at login
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
# Tripwire Binaries
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen -> $(SEC_BIN) ;
$(TWBIN)/tripwire -> $(SEC_BIN) ;
$(TWBIN)/twadmin -> $(SEC_BIN) ;
$(TWBIN)/twprint -> $(SEC_BIN) ;
}
# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
rulename = "Tripwire Data Files",
severity = $(SIG_HI)
)
{
# NOTE: We remove the inode attribute because when Tripwire creates a backup,
# it does so by renaming the old file and creating a new one (which will
# have a new inode number). Inode is left turned on for keys, which shouldn't
# ever change.
# NOTE: The first integrity check triggers this rule and each integrity check
# afterward triggers this rule until a database update is run, since the
# database file does not exist before that point.
$(TWDB) -> $(SEC_CONFIG) -i ;
$(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
$(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
$(TWPOL)/twcfg.txt -> $(SEC_BIN) ;
$(TWPOL)/twpol.txt -> $(SEC_BIN) ;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
$(TWSKEY)/site.key -> $(SEC_BIN) ;
#don't scan the individual reports
$(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
}
# Tripwire HQ Connector Binaries
#(
# rulename = "Tripwire HQ Connector Binaries",
# severity = $(SIG_HI)
#)
#{
# $(TWBIN)/hqagent -> $(SEC_BIN) ;
#}
#
# Tripwire HQ Connector - Configuration Files, Keys, and Logs
#
# Note: File locations here are different than in a stock HQ Connector
# installation. This is because Tripwire 2.3 uses a different path
# structure than Tripwire 2.2.1.
#
# You may need to update your HQ Agent configuation file (or this policy
# file) to correct the paths. We have attempted to support the FHS standard
# here by placing the HQ Agent files similarly to the way Tripwire 2.3
# places them.
#
#(
# rulename = "Tripwire HQ Connector Data Files",
# severity = $(SIG_HI)
#)
#{
#
# # NOTE: Removing the inode attribute because when Tripwire creates a backup
# # it does so by renaming the old file and creating a new one (which will
# # have a new inode number). Leaving inode turned on for keys, which
# # shouldn't ever change.
#
#
# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
# $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
#
# # Uncomment if you have agent logging enabled.
# #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
#}
# Commonly accessed directories that should remain static with regards to owner and group
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = false) ;
/home -> $(SEC_INVARIANT) (recurse = false) ;
}
#
# First, root's "home"
#
(
rulename = "Root's home",
severity = $(SIG_HI)
)
{
# /.rhosts -> $(SEC_CRIT) ;
/.profile -> $(SEC_CRIT) ;
/.cshrc -> $(SEC_CRIT) ;
/.login -> $(SEC_CRIT) ;
# /.exrc -> $(SEC_CRIT) ;
# /.logout -> $(SEC_CRIT) ;
# /.forward -> $(SEC_CRIT) ;
/root -> $(SEC_CRIT) (recurse = true) ;
!/root/.history ;
!/root/.bash_history ;
# !/root/.lsof_SYSTEM_NAME ; # Uncomment if lsof is installed
}
#
# FreeBSD Kernel
#
(
rulename = "FreeBSD Kernel",
severity = $(SIG_HI)
)
{
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
}
#
# FreeBSD Modules
#
(
rulename = "FreeBSD Modules",
severity = $(SIG_HI)
)
{
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
# /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
}
#
# System Administration Programs
#
(
rulename = "System Administration Programs",
severity = $(SIG_HI)
)
{
/sbin -> $(SEC_CRIT) (recurse = true) ;
/usr/sbin -> $(SEC_CRIT) (recurse = true) ;
}
#
# User Utilities
#
(
rulename = "User Utilities",
severity = $(SIG_HI)
)
{
/bin -> $(SEC_CRIT) (recurse = true) ;
/usr/bin -> $(SEC_CRIT) (recurse = true) ;
}
#
# /dev
#
(
rulename = "/dev",
severity = $(SIG_HI)
)
{
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;
/dev/console -> $(SEC_TTY) ;
/dev/ttyv0 -> $(SEC_TTY) ;
/dev/ttyv1 -> $(SEC_TTY) ;
/dev/ttyv2 -> $(SEC_TTY) ;
/dev/ttyv3 -> $(SEC_TTY) ;
/dev/ttyv4 -> $(SEC_TTY) ;
/dev/ttyv5 -> $(SEC_TTY) ;
/dev/ttyv6 -> $(SEC_TTY) ;
/dev/ttyv7 -> $(SEC_TTY) ;
/dev/ttyp0 -> $(SEC_TTY) ;
/dev/ttyp1 -> $(SEC_TTY) ;
/dev/ttyp2 -> $(SEC_TTY) ;
/dev/ttyp3 -> $(SEC_TTY) ;
/dev/ttyp4 -> $(SEC_TTY) ;
/dev/ttyp5 -> $(SEC_TTY) ;
/dev/ttyp6 -> $(SEC_TTY) ;
/dev/ttyp7 -> $(SEC_TTY) ;
/dev/ttyp8 -> $(SEC_TTY) ;
/dev/ttyp9 -> $(SEC_TTY) ;
/dev/ttypa -> $(SEC_TTY) ;
/dev/ttypb -> $(SEC_TTY) ;
/dev/ttypc -> $(SEC_TTY) ;
/dev/ttypd -> $(SEC_TTY) ;
/dev/ttype -> $(SEC_TTY) ;
/dev/ttypf -> $(SEC_TTY) ;
/dev/ttypg -> $(SEC_TTY) ;
/dev/ttyph -> $(SEC_TTY) ;
/dev/ttypi -> $(SEC_TTY) ;
/dev/ttypj -> $(SEC_TTY) ;
/dev/ttypl -> $(SEC_TTY) ;
/dev/ttypm -> $(SEC_TTY) ;
/dev/ttypn -> $(SEC_TTY) ;
/dev/ttypo -> $(SEC_TTY) ;
/dev/ttypp -> $(SEC_TTY) ;
/dev/ttypq -> $(SEC_TTY) ;
/dev/ttypr -> $(SEC_TTY) ;
/dev/ttyps -> $(SEC_TTY) ;
/dev/ttypt -> $(SEC_TTY) ;
/dev/ttypu -> $(SEC_TTY) ;
/dev/ttypv -> $(SEC_TTY) ;
/dev/cuaa0 -> $(SEC_TTY) ; # modem
}
#
# /etc
#
(
rulename = "/etc",
severity = $(SIG_HI)
)
{
/etc -> $(SEC_CRIT) (recurse = true) ;
# /etc/mail/aliases -> $(SEC_CONFIG) ;
/etc/dumpdates -> $(SEC_CONFIG) ;
/etc/motd -> $(SEC_CONFIG) ;
!/etc/ppp/connect-errors ;
/etc/skeykeys -> $(SEC_CONFIG) ;
# Uncomment the following 4 lines if your password file does not change
# /etc/passwd -> $(SEC_CONFIG) ;
# /etc/master.passwd -> $(SEC_CONFIG) ;
# /etc/pwd.db -> $(SEC_CONFIG) ;
# /etc/spwd.db -> $(SEC_CONFIG) ;
}
#
# Copatibility (Linux)
#
(
rulename = "Linux Compatibility",
severity = $(SIG_HI)
)
{
/compat -> $(SEC_CRIT) (recurse = true) ;
#
# Uncomment the following if Linux compatibility is used. Replace
# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
# installed.
#
#@@ifhost HOSTNAME1 || HOSTNAME2
# /compat/linux/etc -> $(SEC_INVARIANT) (recurse = false) ;
# /compat/linux/etc/X11 -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/pam.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/profile.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/real -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/bashrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/csh.login -> $(SEC_CONFIG) ;
# /compat/linux/etc/host.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.allow -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.deny -> $(SEC_CONFIG) ;
# /compat/linux/etc/info-dir -> $(SEC_CONFIG) ;
# /compat/linux/etc/inputrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/ld.so.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/nsswitch.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/profile -> $(SEC_CONFIG) ;
# /compat/linux/etc/redhat-release -> $(SEC_CONFIG) ;
# /compat/linux/etc/rpc -> $(SEC_CONFIG) ;
# /compat/linux/etc/securetty -> $(SEC_CONFIG) ;
# /compat/linux/etc/shells -> $(SEC_CONFIG) ;
# /compat/linux/etc/termcap -> $(SEC_CONFIG) ;
# /compat/linux/etc/yp.conf -> $(SEC_CONFIG) ;
# !/compat/linux/etc/ld.so.cache ;
# !/compat/linux/var/spool/mail ;
#@@endif
}
#
# Libraries, include files, and other system files
#
(
rulename = "Libraries, include files, and other system files",
severity = $(SIG_HI)
)
{
/usr/include -> $(SEC_CRIT) (recurse = true) ;
/usr/lib -> $(SEC_CRIT) (recurse = true) ;
/usr/libdata -> $(SEC_CRIT) (recurse = true) ;
/usr/libexec -> $(SEC_CRIT) (recurse = true) ;
/usr/share -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man -> $(SEC_CONFIG) ;
!/usr/share/man/whatis ;
!/usr/share/man/.glimpse_filenames ;
!/usr/share/man/.glimpse_filenames_index ;
!/usr/share/man/.glimpse_filetimes ;
!/usr/share/man/.glimpse_filters ;
!/usr/share/man/.glimpse_index ;
!/usr/share/man/.glimpse_messages ;
!/usr/share/man/.glimpse_partitions ;
!/usr/share/man/.glimpse_statistics ;
!/usr/share/man/.glimpse_turbo ;
/usr/share/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/man/cat1 ;
! /usr/share/man/cat2 ;
! /usr/share/man/cat3 ;
! /usr/share/man/cat4 ;
! /usr/share/man/cat5 ;
! /usr/share/man/cat6 ;
! /usr/share/man/cat7 ;
! /usr/share/man/cat8 ;
! /usr/share/man/cat9 ;
! /usr/share/man/catl ;
! /usr/share/man/catn ;
/usr/share/perl/man -> $(SEC_CONFIG) ;
!/usr/share/perl/man/whatis ;
!/usr/share/perl/man/.glimpse_filenames ;
!/usr/share/perl/man/.glimpse_filenames_index ;
!/usr/share/perl/man/.glimpse_filetimes ;
!/usr/share/perl/man/.glimpse_filters ;
!/usr/share/perl/man/.glimpse_index ;
!/usr/share/perl/man/.glimpse_messages ;
!/usr/share/perl/man/.glimpse_partitions ;
!/usr/share/perl/man/.glimpse_statistics ;
!/usr/share/perl/man/.glimpse_turbo ;
/usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/perl/man/cat3 ;
/usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ;
! /usr/local/lib/perl5/5.00503/man/whatis ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
/usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/lib/perl5/5.00503/man/cat3 ;
}
#
# X11R6
#
(
rulename = "X11R6",
severity = $(SIG_HI)
)
{
/usr/X11R6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/lib/X11/xdm -> $(SEC_CONFIG) (recurse = true) ;
!/usr/X11R6/lib/X11/xdm/xdm-errors ;
!/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
!/usr/X11R6/lib/X11/xdm/xdm-pid ;
/usr/X11R6/lib/X11/xkb/compiled -> $(SEC_CONFIG) (recurse = true) ;
/usr/X11R6/man -> $(SEC_CONFIG) ;
!/usr/X11R6/man/whatis ;
!/usr/X11R6/man/.glimpse_filenames ;
!/usr/X11R6/man/.glimpse_filenames_index ;
!/usr/X11R6/man/.glimpse_filetimes ;
!/usr/X11R6/man/.glimpse_filters ;
!/usr/X11R6/man/.glimpse_index ;
!/usr/X11R6/man/.glimpse_messages ;
!/usr/X11R6/man/.glimpse_partitions ;
!/usr/X11R6/man/.glimpse_statistics ;
!/usr/X11R6/man/.glimpse_turbo ;
/usr/X11R6/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/X11R6/man/cat1 ;
! /usr/X11R6/man/cat2 ;
! /usr/X11R6/man/cat3 ;
! /usr/X11R6/man/cat4 ;
! /usr/X11R6/man/cat5 ;
! /usr/X11R6/man/cat6 ;
! /usr/X11R6/man/cat7 ;
! /usr/X11R6/man/cat8 ;
! /usr/X11R6/man/cat9 ;
! /usr/X11R6/man/catl ;
! /usr/X11R6/man/catn ;
}
#
# sources
#
(
rulename = "Sources",
severity = $(SIG_HI)
)
{
/usr/src -> $(SEC_CRIT) (recurse = true) ;
/usr/src/sys/compile -> $(SEC_CONFIG) (recurse = false) ;
}
#
# NIS
#
(
rulename = "NIS",
severity = $(SIG_HI)
)
{
/var/yp -> $(SEC_CRIT) (recurse = true) ;
!/var/yp/binding ;
}
#
# Temporary directories
#
(
rulename = "Temporary directories",
recurse = false,
severity = $(SIG_LOW)
)
{
/usr/tmp -> $(SEC_INVARIANT) ;
/var/tmp -> $(SEC_INVARIANT) ;
/var/preserve -> $(SEC_INVARIANT) ;
/tmp -> $(SEC_INVARIANT) ;
}
#
# Local files
#
(
rulename = "Local files",
severity = $(SIG_MED)
)
{
/usr/local/bin -> $(SEC_BIN) (recurse = true) ;
/usr/local/sbin -> $(SEC_BIN) (recurse = true) ;
/usr/local/etc -> $(SEC_BIN) (recurse = true) ;
/usr/local/lib -> $(SEC_BIN) (recurse = true ) ;
/usr/local/libexec -> $(SEC_BIN) (recurse = true ) ;
/usr/local/share -> $(SEC_BIN) (recurse = true ) ;
/usr/local/man -> $(SEC_CONFIG) ;
!/usr/local/man/whatis ;
!/usr/local/man/.glimpse_filenames ;
!/usr/local/man/.glimpse_filenames_index ;
!/usr/local/man/.glimpse_filetimes ;
!/usr/local/man/.glimpse_filters ;
!/usr/local/man/.glimpse_index ;
!/usr/local/man/.glimpse_messages ;
!/usr/local/man/.glimpse_partitions ;
!/usr/local/man/.glimpse_statistics ;
!/usr/local/man/.glimpse_turbo ;
/usr/local/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/man/cat1 ;
! /usr/local/man/cat2 ;
! /usr/local/man/cat3 ;
! /usr/local/man/cat4 ;
! /usr/local/man/cat5 ;
! /usr/local/man/cat6 ;
! /usr/local/man/cat7 ;
! /usr/local/man/cat8 ;
! /usr/local/man/cat9 ;
! /usr/local/man/catl ;
! /usr/local/man/catn ;
/usr/local/krb5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man -> $(SEC_CONFIG) ;
!/usr/local/krb5/man/whatis ;
!/usr/local/krb5/man/.glimpse_filenames ;
!/usr/local/krb5/man/.glimpse_filenames_index ;
!/usr/local/krb5/man/.glimpse_filetimes ;
!/usr/local/krb5/man/.glimpse_filters ;
!/usr/local/krb5/man/.glimpse_index ;
!/usr/local/krb5/man/.glimpse_messages ;
!/usr/local/krb5/man/.glimpse_partitions ;
!/usr/local/krb5/man/.glimpse_statistics ;
!/usr/local/krb5/man/.glimpse_turbo ;
/usr/local/krb5/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/krb5/man/cat1 ;
! /usr/local/krb5/man/cat2 ;
! /usr/local/krb5/man/cat3 ;
! /usr/local/krb5/man/cat4 ;
! /usr/local/krb5/man/cat5 ;
! /usr/local/krb5/man/cat6 ;
! /usr/local/krb5/man/cat7 ;
! /usr/local/krb5/man/cat8 ;
! /usr/local/krb5/man/cat9 ;
! /usr/local/krb5/man/catl ;
! /usr/local/krb5/man/catn ;
/usr/local/www -> $(SEC_CONFIG) (recurse = true) ;
}
(
rulename = "Security Control",
severity = $(SIG_HI)
)
{
/etc/group -> $(SEC_CRIT) ;
/etc/crontab -> $(SEC_CRIT) ;
}
#=============================================================================
#
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. in the United States and other countries. All rights reserved.
#
# FreeBSD is a registered trademark of the FreeBSD Project Inc.
#
# UNIX is a registered trademark of The Open Group.
#
#=============================================================================
#
# Permission is granted to make and distribute verbatim copies of this document
# provided the copyright notice and this permission notice are preserved on all
# copies.
#
# Permission is granted to copy and distribute modified versions of this
# document under the conditions for verbatim copying, provided that the entire
# resulting derived work is distributed under the terms of a permission notice
# identical to this one.
#
# Permission is granted to copy and distribute translations of this document
# into another language, under the above conditions for modified versions,
# except that this permission notice may be stated in a translation approved by
# Tripwire, Inc.
#
# DCM

2
policy/twpol-FreeBSD.txt
View File

@ -629,7 +629,7 @@ SIG_HI = 100 ; # Critical files that are significant point
#=============================================================================
#
# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. in the United States and other countries. All rights reserved.
#
# FreeBSD is a registered trademark of the FreeBSD Project Inc.

2
policy/twpol-GENERIC.txt
View File

@ -1078,7 +1078,7 @@ SIG_HI = 100 ; # Critical files that are significant point
#=============================================================================
#
# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. in the United States and other countries. All rights reserved.
#
# Linux is a registered trademark of Linus Torvalds.

1106
policy/twpol-HP-UX.txt Normal file
View File

File diff suppressed because it is too large Load Diff

656
policy/twpol-MidnightBSD.txt Normal file
View File

@ -0,0 +1,656 @@
#
# Policy file for MidnightBSD
# (adapted from FreeBSD policy)
#
# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
#
# This is the example Tripwire Policy file. It is intended as a place to
# start creating your own custom Tripwire Policy file. Referring to it as
# well as the Tripwire Policy Guide should give you enough information to
# make a good custom Tripwire Policy file that better covers your
# configuration and security needs. A text version of this policy file is
# called twpol.txt.
#
# Note that this file is tuned to an install of FreeBSD using
# buildworld. If run unmodified, this file should create no errors on
# database creation, or violations on a subsiquent integrity check.
# However it is impossible for there to be one policy file for all machines,
# so this existing one errs on the side of security. Your FreeBSD
# configuration will most likey differ from the one our policy file was
# tuned to, and will therefore require some editing of the default
# Tripwire Policy file.
#
# The example policy file is best run with 'Loose Directory Checking'
# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
# file.
#
# Email support is not included and must be added to this file.
# Add the 'emailto=' to the rule directive section of each rule (add a comma
# after the 'severity=' line and add an 'emailto=' and include the email
# addresses you want the violation reports to go to). Addresses are
# semi-colon delimited.
#
#
# Global Variable Definitions
#
# These are defined at install time by the installation script. You may
# Manually edit these if you are using this file directly and not from the
# installation script itself.
#
@@section GLOBAL
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_TTY = $(Dynamic)-ugp ; # Tty files that change ownership at login
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
# Tripwire Binaries
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen -> $(SEC_BIN) ;
$(TWBIN)/tripwire -> $(SEC_BIN) ;
$(TWBIN)/twadmin -> $(SEC_BIN) ;
$(TWBIN)/twprint -> $(SEC_BIN) ;
}
# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
rulename = "Tripwire Data Files",
severity = $(SIG_HI)
)
{
# NOTE: We remove the inode attribute because when Tripwire creates a backup,
# it does so by renaming the old file and creating a new one (which will
# have a new inode number). Inode is left turned on for keys, which shouldn't
# ever change.
# NOTE: The first integrity check triggers this rule and each integrity check
# afterward triggers this rule until a database update is run, since the
# database file does not exist before that point.
$(TWDB) -> $(SEC_CONFIG) -i ;
$(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
$(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
$(TWPOL)/twcfg.txt -> $(SEC_BIN) ;
$(TWPOL)/twpol.txt -> $(SEC_BIN) ;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
$(TWSKEY)/site.key -> $(SEC_BIN) ;
#don't scan the individual reports
$(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
}
# Tripwire HQ Connector Binaries
#(
# rulename = "Tripwire HQ Connector Binaries",
# severity = $(SIG_HI)
#)
#{
# $(TWBIN)/hqagent -> $(SEC_BIN) ;
#}
#
# Tripwire HQ Connector - Configuration Files, Keys, and Logs
#
# Note: File locations here are different than in a stock HQ Connector
# installation. This is because Tripwire 2.3 uses a different path
# structure than Tripwire 2.2.1.
#
# You may need to update your HQ Agent configuation file (or this policy
# file) to correct the paths. We have attempted to support the FHS standard
# here by placing the HQ Agent files similarly to the way Tripwire 2.3
# places them.
#
#(
# rulename = "Tripwire HQ Connector Data Files",
# severity = $(SIG_HI)
#)
#{
#
# # NOTE: Removing the inode attribute because when Tripwire creates a backup
# # it does so by renaming the old file and creating a new one (which will
# # have a new inode number). Leaving inode turned on for keys, which
# # shouldn't ever change.
#
#
# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
# $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
#
# # Uncomment if you have agent logging enabled.
# #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
#}
# Commonly accessed directories that should remain static with regards to owner and group
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = false) ;
/home -> $(SEC_INVARIANT) (recurse = false) ;
}
#
# First, root's "home"
#
(
rulename = "Root's home",
severity = $(SIG_HI)
)
{
# /.rhosts -> $(SEC_CRIT) ;
/.profile -> $(SEC_CRIT) ;
/.cshrc -> $(SEC_CRIT) ;
/.login -> $(SEC_CRIT) ;
# /.exrc -> $(SEC_CRIT) ;
# /.logout -> $(SEC_CRIT) ;
# /.forward -> $(SEC_CRIT) ;
/root -> $(SEC_CRIT) (recurse = true) ;
!/root/.history ;
!/root/.bash_history ;
# !/root/.lsof_SYSTEM_NAME ; # Uncomment if lsof is installed
}
#
# FreeBSD Kernel
#
(
rulename = "FreeBSD Kernel",
severity = $(SIG_HI)
)
{
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
}
#
# FreeBSD Modules
#
(
rulename = "FreeBSD Modules",
severity = $(SIG_HI)
)
{
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
# /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
}
#
# System Administration Programs
#
(
rulename = "System Administration Programs",
severity = $(SIG_HI)
)
{
/sbin -> $(SEC_CRIT) (recurse = true) ;
/usr/sbin -> $(SEC_CRIT) (recurse = true) ;
}
#
# User Utilities
#
(
rulename = "User Utilities",
severity = $(SIG_HI)
)
{
/bin -> $(SEC_CRIT) (recurse = true) ;
/usr/bin -> $(SEC_CRIT) (recurse = true) ;
}
#
# /dev
#
(
rulename = "/dev",
severity = $(SIG_HI)
)
{
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;
/dev/console -> $(SEC_TTY) ;
/dev/ttyv0 -> $(SEC_TTY) ;
/dev/ttyv1 -> $(SEC_TTY) ;
/dev/ttyv2 -> $(SEC_TTY) ;
/dev/ttyv3 -> $(SEC_TTY) ;
/dev/ttyv4 -> $(SEC_TTY) ;
/dev/ttyv5 -> $(SEC_TTY) ;
/dev/ttyv6 -> $(SEC_TTY) ;
/dev/ttyv7 -> $(SEC_TTY) ;
/dev/ttyp0 -> $(SEC_TTY) ;
/dev/ttyp1 -> $(SEC_TTY) ;
/dev/ttyp2 -> $(SEC_TTY) ;
/dev/ttyp3 -> $(SEC_TTY) ;
/dev/ttyp4 -> $(SEC_TTY) ;
/dev/ttyp5 -> $(SEC_TTY) ;
/dev/ttyp6 -> $(SEC_TTY) ;
/dev/ttyp7 -> $(SEC_TTY) ;
/dev/ttyp8 -> $(SEC_TTY) ;
/dev/ttyp9 -> $(SEC_TTY) ;
/dev/ttypa -> $(SEC_TTY) ;
/dev/ttypb -> $(SEC_TTY) ;
/dev/ttypc -> $(SEC_TTY) ;
/dev/ttypd -> $(SEC_TTY) ;
/dev/ttype -> $(SEC_TTY) ;
/dev/ttypf -> $(SEC_TTY) ;
/dev/ttypg -> $(SEC_TTY) ;
/dev/ttyph -> $(SEC_TTY) ;
/dev/ttypi -> $(SEC_TTY) ;
/dev/ttypj -> $(SEC_TTY) ;
/dev/ttypl -> $(SEC_TTY) ;
/dev/ttypm -> $(SEC_TTY) ;
/dev/ttypn -> $(SEC_TTY) ;
/dev/ttypo -> $(SEC_TTY) ;
/dev/ttypp -> $(SEC_TTY) ;
/dev/ttypq -> $(SEC_TTY) ;
/dev/ttypr -> $(SEC_TTY) ;
/dev/ttyps -> $(SEC_TTY) ;
/dev/ttypt -> $(SEC_TTY) ;
/dev/ttypu -> $(SEC_TTY) ;
/dev/ttypv -> $(SEC_TTY) ;
/dev/cuaa0 -> $(SEC_TTY) ; # modem
}
#
# /etc
#
(
rulename = "/etc",
severity = $(SIG_HI)
)
{
/etc -> $(SEC_CRIT) (recurse = true) ;
# /etc/mail/aliases -> $(SEC_CONFIG) ;
/etc/dumpdates -> $(SEC_CONFIG) ;
/etc/motd -> $(SEC_CONFIG) ;
!/etc/ppp/connect-errors ;
/etc/skeykeys -> $(SEC_CONFIG) ;
# Uncomment the following 4 lines if your password file does not change
# /etc/passwd -> $(SEC_CONFIG) ;
# /etc/master.passwd -> $(SEC_CONFIG) ;
# /etc/pwd.db -> $(SEC_CONFIG) ;
# /etc/spwd.db -> $(SEC_CONFIG) ;
}
#
# Copatibility (Linux)
#
(
rulename = "Linux Compatibility",
severity = $(SIG_HI)
)
{
/compat -> $(SEC_CRIT) (recurse = true) ;
#
# Uncomment the following if Linux compatibility is used. Replace
# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
# installed.
#
#@@ifhost HOSTNAME1 || HOSTNAME2
# /compat/linux/etc -> $(SEC_INVARIANT) (recurse = false) ;
# /compat/linux/etc/X11 -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/pam.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/profile.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/real -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/bashrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/csh.login -> $(SEC_CONFIG) ;
# /compat/linux/etc/host.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.allow -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.deny -> $(SEC_CONFIG) ;
# /compat/linux/etc/info-dir -> $(SEC_CONFIG) ;
# /compat/linux/etc/inputrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/ld.so.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/nsswitch.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/profile -> $(SEC_CONFIG) ;
# /compat/linux/etc/redhat-release -> $(SEC_CONFIG) ;
# /compat/linux/etc/rpc -> $(SEC_CONFIG) ;
# /compat/linux/etc/securetty -> $(SEC_CONFIG) ;
# /compat/linux/etc/shells -> $(SEC_CONFIG) ;
# /compat/linux/etc/termcap -> $(SEC_CONFIG) ;
# /compat/linux/etc/yp.conf -> $(SEC_CONFIG) ;
# !/compat/linux/etc/ld.so.cache ;
# !/compat/linux/var/spool/mail ;
#@@endif
}
#
# Libraries, include files, and other system files
#
(
rulename = "Libraries, include files, and other system files",
severity = $(SIG_HI)
)
{
/usr/include -> $(SEC_CRIT) (recurse = true) ;
/usr/lib -> $(SEC_CRIT) (recurse = true) ;
/usr/libdata -> $(SEC_CRIT) (recurse = true) ;
/usr/libexec -> $(SEC_CRIT) (recurse = true) ;
/usr/share -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man -> $(SEC_CONFIG) ;
!/usr/share/man/whatis ;
!/usr/share/man/.glimpse_filenames ;
!/usr/share/man/.glimpse_filenames_index ;
!/usr/share/man/.glimpse_filetimes ;
!/usr/share/man/.glimpse_filters ;
!/usr/share/man/.glimpse_index ;
!/usr/share/man/.glimpse_messages ;
!/usr/share/man/.glimpse_partitions ;
!/usr/share/man/.glimpse_statistics ;
!/usr/share/man/.glimpse_turbo ;
/usr/share/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/man/cat1 ;
! /usr/share/man/cat2 ;
! /usr/share/man/cat3 ;
! /usr/share/man/cat4 ;
! /usr/share/man/cat5 ;
! /usr/share/man/cat6 ;
! /usr/share/man/cat7 ;
! /usr/share/man/cat8 ;
! /usr/share/man/cat9 ;
! /usr/share/man/catl ;
! /usr/share/man/catn ;
/usr/share/perl/man -> $(SEC_CONFIG) ;
!/usr/share/perl/man/whatis ;
!/usr/share/perl/man/.glimpse_filenames ;
!/usr/share/perl/man/.glimpse_filenames_index ;
!/usr/share/perl/man/.glimpse_filetimes ;
!/usr/share/perl/man/.glimpse_filters ;
!/usr/share/perl/man/.glimpse_index ;
!/usr/share/perl/man/.glimpse_messages ;
!/usr/share/perl/man/.glimpse_partitions ;
!/usr/share/perl/man/.glimpse_statistics ;
!/usr/share/perl/man/.glimpse_turbo ;
/usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/perl/man/cat3 ;
/usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ;
! /usr/local/lib/perl5/5.00503/man/whatis ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
/usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/lib/perl5/5.00503/man/cat3 ;
}
#
# X11R6
#
(
rulename = "X11R6",
severity = $(SIG_HI)
)
{
/usr/X11R6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/lib/X11/xdm -> $(SEC_CONFIG) (recurse = true) ;
!/usr/X11R6/lib/X11/xdm/xdm-errors ;
!/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
!/usr/X11R6/lib/X11/xdm/xdm-pid ;
/usr/X11R6/lib/X11/xkb/compiled -> $(SEC_CONFIG) (recurse = true) ;
/usr/X11R6/man -> $(SEC_CONFIG) ;
!/usr/X11R6/man/whatis ;
!/usr/X11R6/man/.glimpse_filenames ;
!/usr/X11R6/man/.glimpse_filenames_index ;
!/usr/X11R6/man/.glimpse_filetimes ;
!/usr/X11R6/man/.glimpse_filters ;
!/usr/X11R6/man/.glimpse_index ;
!/usr/X11R6/man/.glimpse_messages ;
!/usr/X11R6/man/.glimpse_partitions ;
!/usr/X11R6/man/.glimpse_statistics ;
!/usr/X11R6/man/.glimpse_turbo ;
/usr/X11R6/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/X11R6/man/cat1 ;
! /usr/X11R6/man/cat2 ;
! /usr/X11R6/man/cat3 ;
! /usr/X11R6/man/cat4 ;
! /usr/X11R6/man/cat5 ;
! /usr/X11R6/man/cat6 ;
! /usr/X11R6/man/cat7 ;
! /usr/X11R6/man/cat8 ;
! /usr/X11R6/man/cat9 ;
! /usr/X11R6/man/catl ;
! /usr/X11R6/man/catn ;
}
#
# sources
#
(
rulename = "Sources",
severity = $(SIG_HI)
)
{
/usr/src -> $(SEC_CRIT) (recurse = true) ;
/usr/src/sys/compile -> $(SEC_CONFIG) (recurse = false) ;
}
#
# NIS
#
(
rulename = "NIS",
severity = $(SIG_HI)
)
{
/var/yp -> $(SEC_CRIT) (recurse = true) ;
!/var/yp/binding ;
}
#
# Temporary directories
#
(
rulename = "Temporary directories",
recurse = false,
severity = $(SIG_LOW)
)
{
/usr/tmp -> $(SEC_INVARIANT) ;
/var/tmp -> $(SEC_INVARIANT) ;
/var/preserve -> $(SEC_INVARIANT) ;
/tmp -> $(SEC_INVARIANT) ;
}
#
# Local files
#
(
rulename = "Local files",
severity = $(SIG_MED)
)
{
/usr/local/bin -> $(SEC_BIN) (recurse = true) ;
/usr/local/sbin -> $(SEC_BIN) (recurse = true) ;
/usr/local/etc -> $(SEC_BIN) (recurse = true) ;
/usr/local/lib -> $(SEC_BIN) (recurse = true ) ;
/usr/local/libexec -> $(SEC_BIN) (recurse = true ) ;
/usr/local/share -> $(SEC_BIN) (recurse = true ) ;
/usr/local/man -> $(SEC_CONFIG) ;
!/usr/local/man/whatis ;
!/usr/local/man/.glimpse_filenames ;
!/usr/local/man/.glimpse_filenames_index ;
!/usr/local/man/.glimpse_filetimes ;
!/usr/local/man/.glimpse_filters ;
!/usr/local/man/.glimpse_index ;
!/usr/local/man/.glimpse_messages ;
!/usr/local/man/.glimpse_partitions ;
!/usr/local/man/.glimpse_statistics ;
!/usr/local/man/.glimpse_turbo ;
/usr/local/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/man/cat1 ;
! /usr/local/man/cat2 ;
! /usr/local/man/cat3 ;
! /usr/local/man/cat4 ;
! /usr/local/man/cat5 ;
! /usr/local/man/cat6 ;
! /usr/local/man/cat7 ;
! /usr/local/man/cat8 ;
! /usr/local/man/cat9 ;
! /usr/local/man/catl ;
! /usr/local/man/catn ;
/usr/local/krb5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man -> $(SEC_CONFIG) ;
!/usr/local/krb5/man/whatis ;
!/usr/local/krb5/man/.glimpse_filenames ;
!/usr/local/krb5/man/.glimpse_filenames_index ;
!/usr/local/krb5/man/.glimpse_filetimes ;
!/usr/local/krb5/man/.glimpse_filters ;
!/usr/local/krb5/man/.glimpse_index ;
!/usr/local/krb5/man/.glimpse_messages ;
!/usr/local/krb5/man/.glimpse_partitions ;
!/usr/local/krb5/man/.glimpse_statistics ;
!/usr/local/krb5/man/.glimpse_turbo ;
/usr/local/krb5/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/krb5/man/cat1 ;
! /usr/local/krb5/man/cat2 ;
! /usr/local/krb5/man/cat3 ;
! /usr/local/krb5/man/cat4 ;
! /usr/local/krb5/man/cat5 ;
! /usr/local/krb5/man/cat6 ;
! /usr/local/krb5/man/cat7 ;
! /usr/local/krb5/man/cat8 ;
! /usr/local/krb5/man/cat9 ;
! /usr/local/krb5/man/catl ;
! /usr/local/krb5/man/catn ;
/usr/local/www -> $(SEC_CONFIG) (recurse = true) ;
}
(
rulename = "Security Control",
severity = $(SIG_HI)
)
{
/etc/group -> $(SEC_CRIT) ;
/etc/crontab -> $(SEC_CRIT) ;
}
#=============================================================================
#
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. in the United States and other countries. All rights reserved.
#
# FreeBSD is a registered trademark of the FreeBSD Project Inc.
#
# UNIX is a registered trademark of The Open Group.
#
#=============================================================================
#
# Permission is granted to make and distribute verbatim copies of this document
# provided the copyright notice and this permission notice are preserved on all
# copies.
#
# Permission is granted to copy and distribute modified versions of this
# document under the conditions for verbatim copying, provided that the entire
# resulting derived work is distributed under the terms of a permission notice
# identical to this one.
#
# Permission is granted to copy and distribute translations of this document
# into another language, under the above conditions for modified versions,
# except that this permission notice may be stated in a translation approved by
# Tripwire, Inc.
#
# DCM

292
policy/twpol-MirBSD.txt Normal file
View File

@ -0,0 +1,292 @@
##############################################################################
# ##
############################################################################## #
# # #
# Policy file for MirOS BSD # #
# (adapted from OpenBSD policy) # #
# ##
##############################################################################
##############################################################################
# ##
############################################################################## #
# # #
# Global Variable Definitions # #
# # #
# These are defined at install time by the installation script. You may # #
# manually edit these if you are using this file directly and not from the # #
# installation script itself. # #
# ##
##############################################################################
@@section GLOBAL
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;
##############################################################################
# Predefined Variables #
##############################################################################
#
# Property Masks
#
# - ignore the following properties
# + check the following properties
#
# a access timestamp (mutually exclusive with +CMSH)
# b number of blocks allocated
# c inode creation/modification timestamp
# d ID of device on which inode resides
# g group id of owner
# i inode number
# l growing files (logfiles for example)
# m modification timestamp
# n number of links
# p permission and file mode bits
# r ID of device pointed to by inode (valid only for device objects)
# s file size
# t file type
# u user id of owner
#
# C CRC-32 hash
# H HAVAL hash
# M MD5 hash
# S SHA hash
#
##############################################################################
Device = +pugsdr-intlbamcCMSH ;
Dynamic = +pinugtd-srlbamcCMSH ;
Growing = +pinugtdl-srbamcCMSH ;
IgnoreAll = -pinugtsdrlbamcCMSH ;
IgnoreNone = +pinugtsdrbamcCMSH-l ;
ReadOnly = +pinugtsdbmCM-rlacSH ;
Temporary = +pugt ;
@@section FS
########################################
# ##
######################################## #
# # #
# Tripwire Binaries and Data Files # #
# ##
########################################
# Tripwire Binaries
(
rulename = "Tripwire Binaries",
)
{
$(TWBIN)/siggen -> $(ReadOnly) ;
$(TWBIN)/tripwire -> $(ReadOnly) ;
$(TWBIN)/twadmin -> $(ReadOnly) ;
$(TWBIN)/twprint -> $(ReadOnly) ;
}
# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
rulename = "Tripwire Data Files",
)
{
# NOTE: We remove the inode attribute because when Tripwire creates a backup,
# it does so by renaming the old file and creating a new one (which will
# have a new inode number). Inode is left turned on for keys, which shouldn't
# ever change.
# NOTE: The first integrity check triggers this rule and each integrity check
# afterward triggers this rule until a database update is run, since the
# database file does not exist before that point.
$(TWDB) -> $(Dynamic) -i ;
$(TWPOL)/tw.pol -> $(ReadOnly) -i ;
$(TWPOL)/tw.cfg -> $(ReadOnly) -i ;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ;
$(TWSKEY)/site.key -> $(ReadOnly) ;
# don't scan the individual reports
$(TWREPORT) -> $(Dynamic) (recurse=0) ;
# In this configuration /usr/local is a symbolic link to /home/local.
# We want to ignore the following directories since they are already
# scanned using the real directory or mount point. Otherwise we see
# duplicates in the reports.
!/home/local ;
}
################################################
# ##
################################################ #
# # #
# OS Boot and Configuration Files # #
# ##
################################################
(
rulename = "OS Boot and Configuration Files",
)
{
/boot -> $(ReadOnly) ;
/bsd -> $(ReadOnly) ;
/etc -> $(IgnoreNone) -SHa ;
}
###################################################
# ##
################################################### #
# # #
# Mount Points # #
# ##
###################################################
(
rulename = "Mount Points",
)
{
/ -> $(ReadOnly) ;
/cdrom -> $(Dynamic) ;
/floppy -> $(Dynamic) ;
/home -> $(ReadOnly) ; # Modify as needed
/mnt -> $(Dynamic) ;
/usr -> $(ReadOnly) ;
/var -> $(ReadOnly) ;
}
###################################################
# ##
################################################### #
# # #
# Misc Top-Level Directories # #
# ##
###################################################
(
rulename = "Misc Top-Level Directories",
)
{
/altroot -> $(Dynamic) ;
/stand -> $(Dynamic) ;
}
################################################
# ##
################################################ #
# # #
# System Devices # #
# ##
################################################
(
rulename = "System Devices",
)
{
/dev -> $(Device) ;
/dev/fd -> $(Device) ;
/var/cron/tabs/.sock -> $(Device) ;
/var/empty/dev/log -> $(Device) ;
}
################################################
# ##
################################################ #
# # #
# OS Binaries and Libraries # #
# ##
################################################
(
rulename = "OS Binaries and Libraries",
)
{
/bin -> $(ReadOnly) ;
/sbin -> $(ReadOnly) ;
/usr/bin -> $(ReadOnly) ;
/usr/lib -> $(ReadOnly) ;
/usr/libexec -> $(ReadOnly) ;
/usr/sbin -> $(ReadOnly) ;
/usr/X11R6/bin -> $(ReadOnly) ;
/usr/X11R6/lib -> $(ReadOnly) ;
}
################################################
# ##
################################################ #
# # #
# Usr Local Files # #
# ##
################################################
#OK(
#OKrulename = "Usr Local Files",
#OK)
#OK{
#OK/usr/local -> $(ReadOnly) ;
#OK/usr/local/bin -> $(ReadOnly) ;
#OK/usr/local/doc -> $(ReadOnly) ;
#OK/usr/local/etc -> $(ReadOnly) ;
#OK/usr/local/include -> $(ReadOnly) ;
#OK/usr/local/info -> $(ReadOnly) ;
#OK/usr/local/lib -> $(ReadOnly) ;
#OK/usr/local/libdata -> $(ReadOnly) ;
#OK/usr/local/libexec -> $(ReadOnly) ;
#OK/usr/local/man -> $(ReadOnly) ;
#OK/usr/local/sbin -> $(ReadOnly) ;
#OK/usr/local/share -> $(ReadOnly) ;
#OK/usr/local/src -> $(ReadOnly) ;
#OK}
################################################
# ##
################################################ #
# # #
# Root Directory and Files # #
# ##
################################################
(
rulename = "Root Directory and Files",
)
{
/root -> $(IgnoreNone) -SHa ;
/root/.cshrc -> $(Dynamic) ;
/root/.profile -> $(Dynamic) ;
}
################################################
# ##
################################################ #
# # #
# Temporary Directories # #
# ##
################################################
(
rulename = "Temporary Directories",
)
{
/tmp -> $(Temporary) ;
/var/tmp -> $(Temporary) ;
}
################################################
# ##
################################################ #
# # #
# System and Boot Changes # #
# ##
################################################
(
rulename = "System and Boot Changes",
)
{
/var/backups -> $(Dynamic) -i ;
/var/db/host.random -> $(ReadOnly) -mCM ;
/var/cron -> $(Growing) -i ;
/var/log -> $(Growing) -i ;
/var/run -> $(Dynamic) -i ;
/var/mail -> $(Growing) ;
/var/msgs/bounds -> $(ReadOnly) -smbCM ;
/var/spool/clientmqueue -> $(Temporary) ;
/var/spool/mqueue -> $(Temporary) ;
}
#
# $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
#

656
policy/twpol-NetBSD.txt Normal file
View File

@ -0,0 +1,656 @@
#
# Policy file for NetBSD
# (adapted from FreeBSD policy)
#
# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
#
# This is the example Tripwire Policy file. It is intended as a place to
# start creating your own custom Tripwire Policy file. Referring to it as
# well as the Tripwire Policy Guide should give you enough information to
# make a good custom Tripwire Policy file that better covers your
# configuration and security needs. A text version of this policy file is
# called twpol.txt.
#
# Note that this file is tuned to an install of FreeBSD using
# buildworld. If run unmodified, this file should create no errors on
# database creation, or violations on a subsiquent integrity check.
# However it is impossible for there to be one policy file for all machines,
# so this existing one errs on the side of security. Your FreeBSD
# configuration will most likey differ from the one our policy file was
# tuned to, and will therefore require some editing of the default
# Tripwire Policy file.
#
# The example policy file is best run with 'Loose Directory Checking'
# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
# file.
#
# Email support is not included and must be added to this file.
# Add the 'emailto=' to the rule directive section of each rule (add a comma
# after the 'severity=' line and add an 'emailto=' and include the email
# addresses you want the violation reports to go to). Addresses are
# semi-colon delimited.
#
#
# Global Variable Definitions
#
# These are defined at install time by the installation script. You may
# Manually edit these if you are using this file directly and not from the
# installation script itself.
#
@@section GLOBAL
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_TTY = $(Dynamic)-ugp ; # Tty files that change ownership at login
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
# Tripwire Binaries
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen -> $(SEC_BIN) ;
$(TWBIN)/tripwire -> $(SEC_BIN) ;
$(TWBIN)/twadmin -> $(SEC_BIN) ;
$(TWBIN)/twprint -> $(SEC_BIN) ;
}
# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
rulename = "Tripwire Data Files",
severity = $(SIG_HI)
)
{
# NOTE: We remove the inode attribute because when Tripwire creates a backup,
# it does so by renaming the old file and creating a new one (which will
# have a new inode number). Inode is left turned on for keys, which shouldn't
# ever change.
# NOTE: The first integrity check triggers this rule and each integrity check
# afterward triggers this rule until a database update is run, since the
# database file does not exist before that point.
$(TWDB) -> $(SEC_CONFIG) -i ;
$(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
$(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
$(TWPOL)/twcfg.txt -> $(SEC_BIN) ;
$(TWPOL)/twpol.txt -> $(SEC_BIN) ;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
$(TWSKEY)/site.key -> $(SEC_BIN) ;
#don't scan the individual reports
$(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
}
# Tripwire HQ Connector Binaries
#(
# rulename = "Tripwire HQ Connector Binaries",
# severity = $(SIG_HI)
#)
#{
# $(TWBIN)/hqagent -> $(SEC_BIN) ;
#}
#
# Tripwire HQ Connector - Configuration Files, Keys, and Logs
#
# Note: File locations here are different than in a stock HQ Connector
# installation. This is because Tripwire 2.3 uses a different path
# structure than Tripwire 2.2.1.
#
# You may need to update your HQ Agent configuation file (or this policy
# file) to correct the paths. We have attempted to support the FHS standard
# here by placing the HQ Agent files similarly to the way Tripwire 2.3
# places them.
#
#(
# rulename = "Tripwire HQ Connector Data Files",
# severity = $(SIG_HI)
#)
#{
#
# # NOTE: Removing the inode attribute because when Tripwire creates a backup
# # it does so by renaming the old file and creating a new one (which will
# # have a new inode number). Leaving inode turned on for keys, which
# # shouldn't ever change.
#
#
# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
# $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
#
# # Uncomment if you have agent logging enabled.
# #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
#}
# Commonly accessed directories that should remain static with regards to owner and group
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = false) ;
/home -> $(SEC_INVARIANT) (recurse = false) ;
}
#
# First, root's "home"
#
(
rulename = "Root's home",
severity = $(SIG_HI)
)
{
# /.rhosts -> $(SEC_CRIT) ;
/.profile -> $(SEC_CRIT) ;
/.cshrc -> $(SEC_CRIT) ;
/.login -> $(SEC_CRIT) ;
# /.exrc -> $(SEC_CRIT) ;
# /.logout -> $(SEC_CRIT) ;
# /.forward -> $(SEC_CRIT) ;
/root -> $(SEC_CRIT) (recurse = true) ;
!/root/.history ;
!/root/.bash_history ;
# !/root/.lsof_SYSTEM_NAME ; # Uncomment if lsof is installed
}
#
# FreeBSD Kernel
#
(
rulename = "FreeBSD Kernel",
severity = $(SIG_HI)
)
{
/kernel -> $(SEC_CRIT) ;
/kernel.old -> $(SEC_CRIT) ;
/kernel.GENERIC -> $(SEC_CRIT) ;
}
#
# FreeBSD Modules
#
(
rulename = "FreeBSD Modules",
severity = $(SIG_HI)
)
{
/modules -> $(SEC_CRIT) (recurse = true) ;
/modules.old -> $(SEC_CRIT) (recurse = true) ;
# /lkm -> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
}
#
# System Administration Programs
#
(
rulename = "System Administration Programs",
severity = $(SIG_HI)
)
{
/sbin -> $(SEC_CRIT) (recurse = true) ;
/usr/sbin -> $(SEC_CRIT) (recurse = true) ;
}
#
# User Utilities
#
(
rulename = "User Utilities",
severity = $(SIG_HI)
)
{
/bin -> $(SEC_CRIT) (recurse = true) ;
/usr/bin -> $(SEC_CRIT) (recurse = true) ;
}
#
# /dev
#
(
rulename = "/dev",
severity = $(SIG_HI)
)
{
/dev -> $(Device) (recurse = true) ;
!/dev/vga ;
!/dev/dri ;
/dev/console -> $(SEC_TTY) ;
/dev/ttyv0 -> $(SEC_TTY) ;
/dev/ttyv1 -> $(SEC_TTY) ;
/dev/ttyv2 -> $(SEC_TTY) ;
/dev/ttyv3 -> $(SEC_TTY) ;
/dev/ttyv4 -> $(SEC_TTY) ;
/dev/ttyv5 -> $(SEC_TTY) ;
/dev/ttyv6 -> $(SEC_TTY) ;
/dev/ttyv7 -> $(SEC_TTY) ;
/dev/ttyp0 -> $(SEC_TTY) ;
/dev/ttyp1 -> $(SEC_TTY) ;
/dev/ttyp2 -> $(SEC_TTY) ;
/dev/ttyp3 -> $(SEC_TTY) ;
/dev/ttyp4 -> $(SEC_TTY) ;
/dev/ttyp5 -> $(SEC_TTY) ;
/dev/ttyp6 -> $(SEC_TTY) ;
/dev/ttyp7 -> $(SEC_TTY) ;
/dev/ttyp8 -> $(SEC_TTY) ;
/dev/ttyp9 -> $(SEC_TTY) ;
/dev/ttypa -> $(SEC_TTY) ;
/dev/ttypb -> $(SEC_TTY) ;
/dev/ttypc -> $(SEC_TTY) ;
/dev/ttypd -> $(SEC_TTY) ;
/dev/ttype -> $(SEC_TTY) ;
/dev/ttypf -> $(SEC_TTY) ;
/dev/ttypg -> $(SEC_TTY) ;
/dev/ttyph -> $(SEC_TTY) ;
/dev/ttypi -> $(SEC_TTY) ;
/dev/ttypj -> $(SEC_TTY) ;
/dev/ttypl -> $(SEC_TTY) ;
/dev/ttypm -> $(SEC_TTY) ;
/dev/ttypn -> $(SEC_TTY) ;
/dev/ttypo -> $(SEC_TTY) ;
/dev/ttypp -> $(SEC_TTY) ;
/dev/ttypq -> $(SEC_TTY) ;
/dev/ttypr -> $(SEC_TTY) ;
/dev/ttyps -> $(SEC_TTY) ;
/dev/ttypt -> $(SEC_TTY) ;
/dev/ttypu -> $(SEC_TTY) ;
/dev/ttypv -> $(SEC_TTY) ;
/dev/cuaa0 -> $(SEC_TTY) ; # modem
}
#
# /etc
#
(
rulename = "/etc",
severity = $(SIG_HI)
)
{
/etc -> $(SEC_CRIT) (recurse = true) ;
# /etc/mail/aliases -> $(SEC_CONFIG) ;
/etc/dumpdates -> $(SEC_CONFIG) ;
/etc/motd -> $(SEC_CONFIG) ;
!/etc/ppp/connect-errors ;
/etc/skeykeys -> $(SEC_CONFIG) ;
# Uncomment the following 4 lines if your password file does not change
# /etc/passwd -> $(SEC_CONFIG) ;
# /etc/master.passwd -> $(SEC_CONFIG) ;
# /etc/pwd.db -> $(SEC_CONFIG) ;
# /etc/spwd.db -> $(SEC_CONFIG) ;
}
#
# Copatibility (Linux)
#
(
rulename = "Linux Compatibility",
severity = $(SIG_HI)
)
{
/compat -> $(SEC_CRIT) (recurse = true) ;
#
# Uncomment the following if Linux compatibility is used. Replace
# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
# installed.
#
#@@ifhost HOSTNAME1 || HOSTNAME2
# /compat/linux/etc -> $(SEC_INVARIANT) (recurse = false) ;
# /compat/linux/etc/X11 -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/pam.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/profile.d -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/real -> $(SEC_CONFIG) (recurse = true) ;
# /compat/linux/etc/bashrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/csh.login -> $(SEC_CONFIG) ;
# /compat/linux/etc/host.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.allow -> $(SEC_CONFIG) ;
# /compat/linux/etc/hosts.deny -> $(SEC_CONFIG) ;
# /compat/linux/etc/info-dir -> $(SEC_CONFIG) ;
# /compat/linux/etc/inputrc -> $(SEC_CONFIG) ;
# /compat/linux/etc/ld.so.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/nsswitch.conf -> $(SEC_CONFIG) ;
# /compat/linux/etc/profile -> $(SEC_CONFIG) ;
# /compat/linux/etc/redhat-release -> $(SEC_CONFIG) ;
# /compat/linux/etc/rpc -> $(SEC_CONFIG) ;
# /compat/linux/etc/securetty -> $(SEC_CONFIG) ;
# /compat/linux/etc/shells -> $(SEC_CONFIG) ;
# /compat/linux/etc/termcap -> $(SEC_CONFIG) ;
# /compat/linux/etc/yp.conf -> $(SEC_CONFIG) ;
# !/compat/linux/etc/ld.so.cache ;
# !/compat/linux/var/spool/mail ;
#@@endif
}
#
# Libraries, include files, and other system files
#
(
rulename = "Libraries, include files, and other system files",
severity = $(SIG_HI)
)
{
/usr/include -> $(SEC_CRIT) (recurse = true) ;
/usr/lib -> $(SEC_CRIT) (recurse = true) ;
/usr/libdata -> $(SEC_CRIT) (recurse = true) ;
/usr/libexec -> $(SEC_CRIT) (recurse = true) ;
/usr/share -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man -> $(SEC_CONFIG) ;
!/usr/share/man/whatis ;
!/usr/share/man/.glimpse_filenames ;
!/usr/share/man/.glimpse_filenames_index ;
!/usr/share/man/.glimpse_filetimes ;
!/usr/share/man/.glimpse_filters ;
!/usr/share/man/.glimpse_index ;
!/usr/share/man/.glimpse_messages ;
!/usr/share/man/.glimpse_partitions ;
!/usr/share/man/.glimpse_statistics ;
!/usr/share/man/.glimpse_turbo ;
/usr/share/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/share/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/man/cat1 ;
! /usr/share/man/cat2 ;
! /usr/share/man/cat3 ;
! /usr/share/man/cat4 ;
! /usr/share/man/cat5 ;
! /usr/share/man/cat6 ;
! /usr/share/man/cat7 ;
! /usr/share/man/cat8 ;
! /usr/share/man/cat9 ;
! /usr/share/man/catl ;
! /usr/share/man/catn ;
/usr/share/perl/man -> $(SEC_CONFIG) ;
!/usr/share/perl/man/whatis ;
!/usr/share/perl/man/.glimpse_filenames ;
!/usr/share/perl/man/.glimpse_filenames_index ;
!/usr/share/perl/man/.glimpse_filetimes ;
!/usr/share/perl/man/.glimpse_filters ;
!/usr/share/perl/man/.glimpse_index ;
!/usr/share/perl/man/.glimpse_messages ;
!/usr/share/perl/man/.glimpse_partitions ;
!/usr/share/perl/man/.glimpse_statistics ;
!/usr/share/perl/man/.glimpse_turbo ;
/usr/share/perl/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/share/perl/man/cat3 ;
/usr/local/lib/perl5/5.00503/man -> $(SEC_CONFIG) ;
! /usr/local/lib/perl5/5.00503/man/whatis ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
/usr/local/lib/perl5/5.00503/man/man3 -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/lib/perl5/5.00503/man/cat3 ;
}
#
# X11R6
#
(
rulename = "X11R6",
severity = $(SIG_HI)
)
{
/usr/X11R6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/lib/X11/xdm -> $(SEC_CONFIG) (recurse = true) ;
!/usr/X11R6/lib/X11/xdm/xdm-errors ;
!/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
!/usr/X11R6/lib/X11/xdm/xdm-pid ;
/usr/X11R6/lib/X11/xkb/compiled -> $(SEC_CONFIG) (recurse = true) ;
/usr/X11R6/man -> $(SEC_CONFIG) ;
!/usr/X11R6/man/whatis ;
!/usr/X11R6/man/.glimpse_filenames ;
!/usr/X11R6/man/.glimpse_filenames_index ;
!/usr/X11R6/man/.glimpse_filetimes ;
!/usr/X11R6/man/.glimpse_filters ;
!/usr/X11R6/man/.glimpse_index ;
!/usr/X11R6/man/.glimpse_messages ;
!/usr/X11R6/man/.glimpse_partitions ;
!/usr/X11R6/man/.glimpse_statistics ;
!/usr/X11R6/man/.glimpse_turbo ;
/usr/X11R6/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/X11R6/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/X11R6/man/cat1 ;
! /usr/X11R6/man/cat2 ;
! /usr/X11R6/man/cat3 ;
! /usr/X11R6/man/cat4 ;
! /usr/X11R6/man/cat5 ;
! /usr/X11R6/man/cat6 ;
! /usr/X11R6/man/cat7 ;
! /usr/X11R6/man/cat8 ;
! /usr/X11R6/man/cat9 ;
! /usr/X11R6/man/catl ;
! /usr/X11R6/man/catn ;
}
#
# sources
#
(
rulename = "Sources",
severity = $(SIG_HI)
)
{
/usr/src -> $(SEC_CRIT) (recurse = true) ;
/usr/src/sys/compile -> $(SEC_CONFIG) (recurse = false) ;
}
#
# NIS
#
(
rulename = "NIS",
severity = $(SIG_HI)
)
{
/var/yp -> $(SEC_CRIT) (recurse = true) ;
!/var/yp/binding ;
}
#
# Temporary directories
#
(
rulename = "Temporary directories",
recurse = false,
severity = $(SIG_LOW)
)
{
/usr/tmp -> $(SEC_INVARIANT) ;
/var/tmp -> $(SEC_INVARIANT) ;
/var/preserve -> $(SEC_INVARIANT) ;
/tmp -> $(SEC_INVARIANT) ;
}
#
# Local files
#
(
rulename = "Local files",
severity = $(SIG_MED)
)
{
/usr/local/bin -> $(SEC_BIN) (recurse = true) ;
/usr/local/sbin -> $(SEC_BIN) (recurse = true) ;
/usr/local/etc -> $(SEC_BIN) (recurse = true) ;
/usr/local/lib -> $(SEC_BIN) (recurse = true ) ;
/usr/local/libexec -> $(SEC_BIN) (recurse = true ) ;
/usr/local/share -> $(SEC_BIN) (recurse = true ) ;
/usr/local/man -> $(SEC_CONFIG) ;
!/usr/local/man/whatis ;
!/usr/local/man/.glimpse_filenames ;
!/usr/local/man/.glimpse_filenames_index ;
!/usr/local/man/.glimpse_filetimes ;
!/usr/local/man/.glimpse_filters ;
!/usr/local/man/.glimpse_index ;
!/usr/local/man/.glimpse_messages ;
!/usr/local/man/.glimpse_partitions ;
!/usr/local/man/.glimpse_statistics ;
!/usr/local/man/.glimpse_turbo ;
/usr/local/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/man/cat1 ;
! /usr/local/man/cat2 ;
! /usr/local/man/cat3 ;
! /usr/local/man/cat4 ;
! /usr/local/man/cat5 ;
! /usr/local/man/cat6 ;
! /usr/local/man/cat7 ;
! /usr/local/man/cat8 ;
! /usr/local/man/cat9 ;
! /usr/local/man/catl ;
! /usr/local/man/catn ;
/usr/local/krb5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man -> $(SEC_CONFIG) ;
!/usr/local/krb5/man/whatis ;
!/usr/local/krb5/man/.glimpse_filenames ;
!/usr/local/krb5/man/.glimpse_filenames_index ;
!/usr/local/krb5/man/.glimpse_filetimes ;
!/usr/local/krb5/man/.glimpse_filters ;
!/usr/local/krb5/man/.glimpse_index ;
!/usr/local/krb5/man/.glimpse_messages ;
!/usr/local/krb5/man/.glimpse_partitions ;
!/usr/local/krb5/man/.glimpse_statistics ;
!/usr/local/krb5/man/.glimpse_turbo ;
/usr/local/krb5/man/man1 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man2 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man3 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man4 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man5 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man6 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man7 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man8 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/man9 -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/manl -> $(SEC_CRIT) (recurse = true) ;
/usr/local/krb5/man/mann -> $(SEC_CRIT) (recurse = true) ;
! /usr/local/krb5/man/cat1 ;
! /usr/local/krb5/man/cat2 ;
! /usr/local/krb5/man/cat3 ;
! /usr/local/krb5/man/cat4 ;
! /usr/local/krb5/man/cat5 ;
! /usr/local/krb5/man/cat6 ;
! /usr/local/krb5/man/cat7 ;
! /usr/local/krb5/man/cat8 ;
! /usr/local/krb5/man/cat9 ;
! /usr/local/krb5/man/catl ;
! /usr/local/krb5/man/catn ;
/usr/local/www -> $(SEC_CONFIG) (recurse = true) ;
}
(
rulename = "Security Control",
severity = $(SIG_HI)
)
{
/etc/group -> $(SEC_CRIT) ;
/etc/crontab -> $(SEC_CRIT) ;
}
#=============================================================================
#
# Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
# Inc. in the United States and other countries. All rights reserved.
#
# FreeBSD is a registered trademark of the FreeBSD Project Inc.
#
# UNIX is a registered trademark of The Open Group.
#
#=============================================================================
#
# Permission is granted to make and distribute verbatim copies of this document
# provided the copyright notice and this permission notice are preserved on all
# copies.
#
# Permission is granted to copy and distribute modified versions of this
# document under the conditions for verbatim copying, provided that the entire
# resulting derived work is distributed under the terms of a permission notice
# identical to this one.
#
# Permission is granted to copy and distribute translations of this document
# into another language, under the above conditions for modified versions,
# except that this permission notice may be stated in a translation approved by
# Tripwire, Inc.
#
# DCM

4
src/Makefile.am
View File

@ -8,3 +8,7 @@ install:
uninstall:
true
clean-local: clean-local-check
.PHONY: clean-local-check
clean-local-check:
-rm -rf test-harness/twtest

33
src/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -282,7 +282,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@ -520,7 +519,7 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic mostlyclean-am
clean-am: clean-generic clean-local mostlyclean-am
distclean: distclean-recursive
-rm -f Makefile
@ -587,16 +586,17 @@ uninstall-am:
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic cscopelist-am ctags ctags-am \
distclean distclean-generic distclean-tags distdir dvi dvi-am \
html html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags tags-am uninstall uninstall-am
check-am clean clean-generic clean-local cscopelist-am ctags \
ctags-am distclean distclean-generic distclean-tags distdir \
dvi dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am
.PRECIOUS: Makefile
@ -607,6 +607,11 @@ install:
uninstall:
true
clean-local: clean-local-check
.PHONY: clean-local-check
clean-local-check:
-rm -rf test-harness/twtest
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

11
src/core/Makefile.am
View File

@ -9,25 +9,25 @@ libcore_a_SOURCES = \
archive.cpp charutil.cpp \
cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp \
corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp \
displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp \
growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp \
refcountobj.cpp serializable.cpp serializer.cpp \
serializerimpl.cpp serializerutil.cpp serstring.cpp \
srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp \
timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp \
timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp \
unixexcept.cpp usernotify.cpp usernotifystdout.cpp \
wchar16.cpp
libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h \
core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h \
displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h \
fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h \
ntmbs.h package.h platform.h refcountobj.h resources.h \
ntmbs.h package.h platform.h refcountobj.h resources.h \
serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h \
tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h \
tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h \
twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
usernotify.h usernotifystdout.h wchar16.h
@ -35,6 +35,7 @@ libcore_a_LIBADD = @CORE_CRYPT_O@
libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
DEFS = @DEFS@ # This gets rid of the -I. so AM_CPPFLAGS must be more explicit
CLEANFILES = *.gcno *.gcda
all: $(noinst_LIBRARIES)
$(AR) ru ../../lib/libtripwire.a $(libcore_a_OBJECTS) $(libcore_a_LIBADD)

27
src/core/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -113,8 +113,8 @@ am_libcore_a_OBJECTS = file_unix.$(OBJEXT) unixfsservices.$(OBJEXT) \
archive.$(OBJEXT) charutil.$(OBJEXT) cmdlineparser.$(OBJEXT) \
codeconvert.$(OBJEXT) core.$(OBJEXT) coreerrors.$(OBJEXT) \
corestrings.$(OBJEXT) crc32.$(OBJEXT) debug.$(OBJEXT) \
displayencoder.$(OBJEXT) displayutil.$(OBJEXT) error.$(OBJEXT) \
errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
displayencoder.$(OBJEXT) displayutil.$(OBJEXT) epoch.$(OBJEXT) \
error.$(OBJEXT) errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
errorutil.$(OBJEXT) fileerror.$(OBJEXT) fileheader.$(OBJEXT) \
fsservices.$(OBJEXT) growheap.$(OBJEXT) hashtable.$(OBJEXT) \
haval.$(OBJEXT) msystem.$(OBJEXT) ntmbs.$(OBJEXT) \
@ -122,9 +122,9 @@ am_libcore_a_OBJECTS = file_unix.$(OBJEXT) unixfsservices.$(OBJEXT) \
serializer.$(OBJEXT) serializerimpl.$(OBJEXT) \
serializerutil.$(OBJEXT) serstring.$(OBJEXT) \
srefcountobj.$(OBJEXT) srefcounttbl.$(OBJEXT) \
stdcore.$(OBJEXT) stringutil.$(OBJEXT) timebomb.$(OBJEXT) \
timeconvert.$(OBJEXT) tw_signal.$(OBJEXT) twlimits.$(OBJEXT) \
twlocale.$(OBJEXT) unixexcept.$(OBJEXT) usernotify.$(OBJEXT) \
stdcore.$(OBJEXT) stringutil.$(OBJEXT) timeconvert.$(OBJEXT) \
tw_signal.$(OBJEXT) twlimits.$(OBJEXT) twlocale.$(OBJEXT) \
unixexcept.$(OBJEXT) usernotify.$(OBJEXT) \
usernotifystdout.$(OBJEXT) wchar16.$(OBJEXT)
libcore_a_OBJECTS = $(am_libcore_a_OBJECTS)
AM_V_P = $(am__v_P_@AM_V@)
@ -313,7 +313,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@ -335,30 +334,31 @@ libcore_a_SOURCES = \
archive.cpp charutil.cpp \
cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp \
corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp \
displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp \
growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp \
refcountobj.cpp serializable.cpp serializer.cpp \
serializerimpl.cpp serializerutil.cpp serstring.cpp \
srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp \
timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp \
timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp \
unixexcept.cpp usernotify.cpp usernotifystdout.cpp \
wchar16.cpp
libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h \
core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h \
displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h \
fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h \
ntmbs.h package.h platform.h refcountobj.h resources.h \
ntmbs.h package.h platform.h refcountobj.h resources.h \
serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h \
tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h \
tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h \
twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
usernotify.h usernotifystdout.h wchar16.h
libcore_a_LIBADD = @CORE_CRYPT_O@
libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
CLEANFILES = *.gcno *.gcda
all: all-am
.SUFFIXES:
@ -545,6 +545,7 @@ install-strip:
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)

26
src/core/archive.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -51,28 +51,6 @@
#include "corestrings.h" // for: STR_ERR2_ARCH_CRYPTO_ERR
//=============================================================================
// Utility Functions
//=============================================================================
///////////////////////////////////////////////////////////////////////////////
// util_IsDir -- returns true if a given file is a directory
///////////////////////////////////////////////////////////////////////////////
bool util_IsDir( const TSTRING& fileName )
{
cFSStatArgs s;
try
{
iFSServices::GetInstance()->Stat( fileName, s );
}
catch( eFSServices )
{
return false;
}
return( s.mFileType == cFSStatArgs::TY_DIR );
}
//=============================================================================
// eArchiveCrypto
//=============================================================================
@ -421,7 +399,7 @@ void cMemoryArchive::AllocateMemory(int len) // throw(eArchive)
{
// grow the buffer
// only error if we are in debug mode
#ifdef _DEBUG
#ifdef DEBUG
if (len > mMaxAllocatedLen)
ThrowAndAssert(eArchiveOutOfMem());
#endif

2
src/core/archive.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

4
src/core/charutil.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -150,4 +150,4 @@ bool cCharUtil::PopNextChar( TSTRING::const_iterator& cur,
return f;
}
// eof: charutil.cpp

2
src/core/charutil.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

8
src/core/cmdlineparser.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -78,14 +78,14 @@ void cCmdLineParser::AddArg(int argId, const TSTRING& arg, const TSTRING& alias,
///////////////////////////////////////////////////////////////////////////////
// Clear
///////////////////////////////////////////////////////////////////////////////
void cCmdLineParser::Clear()
/*void cCmdLineParser::Clear()
{
mLastArgInfo.mId = -1;
mLastArgInfo.mNumParams = PARAM_INVALID;
mArgTable.Clear();
mArgData.clear();
mMutExList.clear();
}
}*/
///////////////////////////////////////////////////////////////////////////////
// Parse
@ -378,7 +378,7 @@ void cCmdLineParser::AddDependency(int argId1, int argId2, bool mutual )
///////////////////////////////////////////////////////////////////////////////
// TraceContents
///////////////////////////////////////////////////////////////////////////////
#ifdef _DEBUG
#ifdef DEBUG
void cCmdLineParser::TraceContents(int dl)
{
cDebug d("cCmdLineParser::TraceContents");

6
src/core/cmdlineparser.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -132,14 +132,14 @@ public:
// the input was invalid in some way; the actual error can be determined by calling
// GetErrorInfo() below.
void Clear();
// void Clear();
// clear out all information that this class contains
bool LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) const;
// given an argId, fill out the strings with the argument and alias strings. Returns false
// if the argId cannot be found. This method is not very fast, so don't use it often.
#ifdef _DEBUG
#ifdef DEBUG
void TraceContents(int dl = -1) ;
#endif
private:

12
src/core/codeconvert.cpp
View File

@ -1,6 +1,6 @@
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -111,6 +111,12 @@ iCodeConverter* iCodeConverter::GetInstance()
return m_pInst;
}
void iCodeConverter::Finit()
{
delete m_pInst;
m_pInst = 0;
}
iCodeConverter* iCodeConverter::CreateConverter()
{
cDebug d("iCodeConverter::CreateConverter()");
@ -496,7 +502,7 @@ namespace /*Unique*/
d.TraceDebug( "Converted to: %s\n", util_output_bytes( (void*)pConvertedTo, nTo ).c_str() );
char aBuffer[ MB_LEN_MAX ];
#ifdef _DEBUG
#ifdef DEBUG
for( size_t foo = 0; foo < sizeof( aBuffer ); foo++ )
aBuffer[ foo ] = 0xCD;
#endif
@ -651,7 +657,7 @@ namespace /*Unique*/
{
cDebug d( "tss_Converter< BufferT, SourceT >()" );
#ifdef _DEBUG
#ifdef DEBUG
for( size_t s = nBufferItems; s; s-- )
pBuffer[s] = 0xCD;
d.TraceDebug( "sizeof buffer: %d, sizeof source: %d\n", sizeof( BufferT ), sizeof( SourceT ) );

4
src/core/codeconvert.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -93,6 +93,8 @@ class iCodeConverter
public:
static iCodeConverter* GetInstance(); // Singleton
static void Finit();
/// Subclass Responsibilities

7
src/core/core.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -60,5 +60,8 @@ cCore::cCore()
iCodeConverter::GetInstance();
}
cCore::~cCore()
{
iCodeConverter::Finit();
}
// eof: core.cpp

3
src/core/core.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -54,6 +54,7 @@ TSS_BeginPackage( cCore )
public:
cCore();
~cCore();
TSS_EndPackage( cCore )

2
src/core/coreerrors.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/coreerrors.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

4
src/core/corestrings.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -70,4 +70,4 @@ TSS_BeginStringtable( cCore )
TSS_EndStringtable( cCore )
// eof: corestrings.cpp

2
src/core/corestrings.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/crc32.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/crc32.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

4
src/core/debug.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -307,7 +307,7 @@ void cDebug::DebugOut( const char* lpOutputString, ... )
vsnprintf(buf, 2048, lpOutputString, args);
va_end(args);
#ifdef _DEBUG
#ifdef DEBUG
TCERR << buf;
#endif //_DEBUG

6
src/core/debug.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -156,11 +156,11 @@ private:
#endif
};
#ifdef _DEBUG
#ifdef DEBUG
#define TRACE cDebug::DebugOut
#else
#define TRACE 1 ? (void)0 : cDebug::DebugOut
#endif // _DEBUG
#endif // DEBUG
//////////////////////////////////////////////////////////////////////////////////
// inline implementation

5
src/core/displayencoder.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -653,6 +653,9 @@ cEncoder::cEncoder( int e, int f )
cEncoder::~cEncoder()
{
sack_type::iterator itr;
for( itr = m_encodings.begin(); itr != m_encodings.end(); ++itr)
delete *itr;
}
bool cEncoder::RoundTrip() const

2
src/core/displayencoder.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

4
src/core/displayutil.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -97,4 +97,4 @@ TSTRING cDisplayUtil::FormatMultiLineString( const TSTRING& str, int nOffset, in
return( sstr.str() );
}
// eof: displayutil.cpp

2
src/core/displayutil.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

38
src/core/timebomb.cpp → src/core/epoch.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -30,44 +30,21 @@
// info@tripwire.org or www.tripwire.org.
//
///////////////////////////////////////////////////////////////////////////////
// timebomb.h
// epoch.h
#include "stdcore.h"
#include "timebomb.h"
#include "epoch.h"
#include <time.h>
#include <iostream>
#include "timeconvert.h"
#include "corestrings.h"
///////////////////////////////////////////////////////////////////////////////
// TimeBombExploded() -- Call from main(). Prints out timebomb message and
// returns true if main() should exit.
//
bool TimeBombExploded()
bool CheckEpoch()
{
#if SIZEOF_TIME_T == 4
struct tm time_struct;
/*
memset(&time_struct, 0, sizeof(time_struct));
time_struct.tm_mday = 25;
time_struct.tm_mon = 0;
time_struct.tm_year = 99;
int64 begin = cTimeUtil::DateToTime( &time_struct );
memset(&time_struct, 0, sizeof(time_struct));
time_struct.tm_mday = 1;
time_struct.tm_mon = 4;
time_struct.tm_year = 99;
int64 end = cTimeUtil::DateToTime( &time_struct );
int64 now = time(0);
if (now < begin || now > end)
{
std::cerr << "This beta version of Tripwire(R) has expired.\n";
return true;
}
*/
// Many functions will fail as we approach the end of the epoch
// Rather than crashing, we will exit with a nice message
memset(&time_struct, 0, sizeof(time_struct));
@ -83,5 +60,8 @@ bool TimeBombExploded()
}
return false;
#else
return false;
#endif
}

12
src/core/timebomb.h → src/core/epoch.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -30,16 +30,16 @@
// info@tripwire.org or www.tripwire.org.
//
///////////////////////////////////////////////////////////////////////////////
// timebomb.h
// epoch.h
#ifndef __TIMEBOMB_H
#define __TIMEBOMB_H
#ifndef __EPOCH_H
#define __EPOCH_H
///////////////////////////////////////////////////////////////////////////////
// TimeBombExploded() -- Call from main(). Prints out timebomb message and
// CheckEpoch() -- Call from main(). Prints out timebomb message and
// returns true if main() should exit.
//
bool TimeBombExploded();
bool CheckEpoch();
#endif

2
src/core/error.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/error.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/errorbucket.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/errorbucketimpl.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/errorbucketimpl.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/errorgeneral.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

6
src/core/errortable.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -35,7 +35,7 @@
#include "stdcore.h"
#include "errortable.h"
#ifdef _DEBUG
#ifdef DEBUG
#include "package.h"
#include "corestrings.h"
#endif
@ -52,7 +52,7 @@ cErrorTable* cErrorTable::GetInstance()
///////////////////////////////////////////////////////////////////////////////
// AssertMsgValidity
///////////////////////////////////////////////////////////////////////////////
#ifdef _DEBUG
#ifdef DEBUG
void cErrorTable::AssertMsgValidity(const TCHAR* msg)
{
// Check to see that the first part of this error message is not too long.

6
src/core/errortable.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -66,14 +66,14 @@ public:
static cErrorTable* GetInstance();
private:
#ifdef _DEBUG
#ifdef DEBUG
static void AssertMsgValidity(const TCHAR* msg);
#endif
};
inline void cErrorTable::Put( const eError& e, const TCHAR* msg )
{
#ifdef _DEBUG
#ifdef DEBUG
AssertMsgValidity(msg);
#endif

2
src/core/errorutil.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/errorutil.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

40
src/core/file.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -138,13 +138,47 @@ public:
};
#if USES_DEVICE_PATH
class cDevicePath
class cDosPath
{
public:
static TSTRING AsPosix(const TSTRING& in);
static TSTRING AsNative(const TSTRING& in);
static bool IsAbsolutePath(const TSTRING& in);
static TSTRING BackupName(const TSTRING& in);
};
class cArosPath
{
public:
static TSTRING AsPosix(const TSTRING& in);
static TSTRING AsNative(const TSTRING& in);
static bool IsAbsolutePath(const TSTRING& in);
};
class cRiscosPath
{
public:
static TSTRING AsPosix(const TSTRING& in);
static TSTRING AsNative(const TSTRING& in);
static bool IsAbsolutePath(const TSTRING& in);
};
class cRedoxPath
{
public:
static TSTRING AsPosix(const TSTRING& in);
static TSTRING AsNative(const TSTRING& in);
static bool IsAbsolutePath(const TSTRING& in);
};
#if IS_DOS_DJGPP
#define cDevicePath cDosPath
#elif IS_AROS
#define cDevicePath cArosPath
#elif IS_RISCOS
#define cDevicePath cRiscosPath
#elif IS_REDOX
#define cDevicePath cRedoxPath
#endif

258
src/core/file_unix.cpp
View File

@ -1,6 +1,6 @@
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -62,6 +62,10 @@
#include "core/fsservices.h"
#include "core/errorutil.h"
#if IS_RISCOS
#include <unixlib/local.h>
#endif
///////////////////////////////////////////////////////////////////////////
// cFile_i : Insulated implementation for cFile objects.
///////////////////////////////////////////////////////////////////////////
@ -79,28 +83,28 @@ struct cFile_i
//Ctor
cFile_i::cFile_i() :
mpCurrStream(NULL)
m_fd(-1), mpCurrStream(NULL), mFlags(0)
{}
//Dtor
cFile_i::~cFile_i()
{
if (mpCurrStream != NULL)
fclose( mpCurrStream );
mpCurrStream = NULL;
#if IS_AROS
if( mFlags & cFile::OPEN_LOCKED_TEMP )
{
// unlink this file
if( 0 != unlink(mFileName.c_str()))
{
throw( eFileOpen( mFileName, iFSServices::GetInstance()->GetErrString() ) );
}
}
#endif
fclose( mpCurrStream );
mpCurrStream = NULL;
mFileName.empty();
#if !CAN_UNLINK_WHILE_OPEN // so unlink after close instead
if( mFlags & cFile::OPEN_LOCKED_TEMP )
{
// unlink this file
if( 0 != unlink(mFileName.c_str()))
{
throw( eFileOpen( mFileName, iFSServices::GetInstance()->GetErrString() ) );
}
}
#endif
}
}
///////////////////////////////////////////////////////////////////////////
@ -205,7 +209,7 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
}
mpData->m_fd = fh;
#if !IS_AROS
#if CAN_UNLINK_WHILE_OPEN
if( flags & OPEN_LOCKED_TEMP )
{
// unlink this file
@ -322,7 +326,7 @@ cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
if (fseeko( mpData->mpCurrStream, offset, apiFrom ) != 0)
{
#ifdef _DEBUG
#ifdef DEBUG
cDebug d("cFile::Seek");
d.TraceDebug("Seek failed!\n");
#endif
@ -449,31 +453,46 @@ void cFile::Truncate( File_t offset ) // throw(eFile)
}
#if USES_DEVICE_PATH
// For paths of type DH0:/dir/file
TSTRING cDevicePath::AsPosix( const TSTRING& in )
/////////////////////////////////////////////////////////////////////////
// Platform path conversion methods
/////////////////////////////////////////////////////////////////////////
bool cDosPath::IsAbsolutePath(const TSTRING& in)
{
if (in.empty())
return false;
if (in[0] == '/')
return true;
if (in.length() >= 2 && in[1] == ':')
return true;
return false;
}
// For paths of type C:\DOS
TSTRING cDosPath::AsPosix( const TSTRING& in )
{
if (in[0] == '/')
{
return in;
}
#if IS_DOS_DJGPP
TSTRING out = "/dev/" + in;
TSTRING out = (cDosPath::IsAbsolutePath(in)) ? ("/dev/" + in) : in;
std::replace(out.begin(), out.end(), '\\', '/');
#else
TSTRING out = '/' + in;
#endif
std::replace(out.begin(), out.end(), ':', '/');
out.erase( std::remove(out.begin(), out.end(), ':'), out.end());
return out;
}
TSTRING cDevicePath::AsNative( const TSTRING& in )
TSTRING cDosPath::AsNative( const TSTRING& in )
{
if (in[0] != '/')
{
return in;
}
#if IS_DOS_DJGPP
if (in.find("/dev") != 0 || in.length() < 6)
return in;
@ -482,18 +501,181 @@ TSTRING cDevicePath::AsNative( const TSTRING& in )
if (in.length() >= 8)
out.append(in.substr(7));
return out;
#elif IS_AROS
int x = 1;
for ( x; in[x] == '/' && x<in.length(); x++);
TSTRING out = in.substr(x);
std::replace(out.begin(), out.end(), '/', '\\');
return out;
}
TSTRING cDosPath::BackupName( const TSTRING& in )
{
TSTRING out = in;
std::string::size_type pos = out.find_last_of("\\");
if( std::string::npos == pos)
return in;
TSTRING path = in.substr(0, pos);
TSTRING name = in.substr(pos,9);
std::replace(name.begin(), name.end(), '.', '_');
path.append(name);
return path;
}
/////////////////////////////////////////////////////////////////////////
bool cArosPath::IsAbsolutePath(const TSTRING& in)
{
if (in.empty())
return false;
if (in[0] == '/')
return true;
if (in.find(":") != std::string::npos)
return true;
return false;
}
// For paths of type DH0:dir/file
TSTRING cArosPath::AsPosix( const TSTRING& in )
{
if (in[0] == '/')
{
return in;
}
TSTRING out = IsAbsolutePath(in) ? '/' + in : in;
std::replace(out.begin(), out.end(), ':', '/');
return out;
}
TSTRING cArosPath::AsNative( const TSTRING& in )
{
if (in[0] != '/')
{
return in;
}
std::string::size_type drive = in.find_first_not_of("/");
TSTRING out = (drive != std::string::npos) ? in.substr(drive) : in;
TSTRING::size_type t = out.find_first_of('/');
out[t] = ':';
if(t != std::string::npos)
out[t] = ':';
else
out.append(":");
return out;
}
/////////////////////////////////////////////////////////////////////////
bool cRiscosPath::IsAbsolutePath(const TSTRING& in)
{
if (in.empty())
return false;
if (in[0] == '/')
return true;
if (in.find("$") != std::string::npos)
return true;
return false;
}
// For paths of type SDFS::Volume.$.dir.file
TSTRING cRiscosPath::AsPosix( const TSTRING& in )
{
#if IS_RISCOS
if (in[0] == '/')
{
return in;
}
TSTRING out;
char* unixified = __unixify(in.c_str(), 0,0,0,0);
if(unixified)
{
out.assign(unixified);
free(unixified);
return out;
}
return in;
#else
return in;
#endif
}
}
TSTRING cRiscosPath::AsNative( const TSTRING& in )
{
#if IS_RISCOS
if (in[0] != '/')
{
return in;
}
TSTRING out;
int buf_size = in.length() + 100; // examples pad by 100
std::vector<char> buf(buf_size);
__riscosify(in.c_str(), 0,0, &buf[0], buf_size, 0);
if(buf[0])
{
out.assign(&buf[0]);
return out;
}
return in;
#else
return in;
#endif
}
/////////////////////////////////////////////////////////////////////////
bool cRedoxPath::IsAbsolutePath(const TSTRING& in)
{
if (in.empty())
return false;
if (in[0] == '/')
return true;
if (in.find(":") != std::string::npos)
return true;
return false;
}
// For paths of type file:/dir/file
TSTRING cRedoxPath::AsPosix( const TSTRING& in )
{
if (in[0] == '/')
{
return in;
}
TSTRING out = IsAbsolutePath(in) ? '/' + in : in;
std::string::size_type colon = out.find_first_of(":");
if( colon != std::string::npos )
out.erase(colon, 1);
return out;
}
TSTRING cRedoxPath::AsNative( const TSTRING& in )
{
if (in[0] != '/')
{
return in;
}
std::string::size_type drive = in.find_first_not_of("/");
TSTRING out = (drive != std::string::npos) ? in.substr(drive) : in;
TSTRING::size_type slash = out.find_first_of('/');
if(slash != std::string::npos)
out.insert(slash, ":");
else
out.append(":/");
return out;
}

2
src/core/fileerror.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/fileerror.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

6
src/core/fileheader.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -111,7 +111,7 @@ void cFileHeaderID::Write(iSerializer* pSerializer) const // throw (eSerializer,
cFileHeader::cFileHeader()
: mVersion(0)
{
#ifdef _DEBUG
#ifdef DEBUG
mEncoding = LAST_ENCODING; // set to invalid value so we can assert on write
#else
mEncoding = NO_ENCODING;
@ -213,7 +213,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, eArchive)
{
#ifdef _DEBUG
#ifdef DEBUG
// check that we set some values
cFileHeaderID id;
ASSERT(mID != id);

2
src/core/fileheader.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/fixedfilebuf.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/fsservices.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

7
src/core/fsservices.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -133,7 +133,8 @@ struct cFSStatArgs {
TY_FIFO,
TY_SOCK,
TY_DOOR,
TY_PORT
TY_PORT,
TY_NAMED
};
// attr is fs dependent?
@ -290,8 +291,6 @@ class iFSServices
virtual bool Rename( const TSTRING& strOldName, const TSTRING& strNewName, bool fOverWrite = true ) const = 0;
// rename a file
virtual bool GetOwnerForFile( const TSTRING& tstrFilename, TSTRING& tstrUser ) const = 0;
virtual bool GetGroupForFile( const TSTRING& tstrFilename, TSTRING& tstrGroup ) const = 0;
virtual bool GetUserName( uid_t user_id, TSTRING& tstrUser ) const = 0;
virtual bool GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const = 0;

2
src/core/growheap.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/growheap.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/hashtable.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

19
src/core/hashtable.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -172,7 +172,7 @@ public:
int32 GetNumValues() const { return mValuesInTable; };
// returns number of table entries filled
#ifdef _DEBUG
#ifdef DEBUG
void TraceDiagnostics() const;
// traces hash table statistics
#endif
@ -254,10 +254,14 @@ inline void cHashTableIter<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::SeekNextV
{
if(mpCurNode)
mpCurNode = mpCurNode->next;
//mCurIndex++;
while((! mpCurNode) && (mCurIndex < mHashTable.mTableSize))
// if we're out of range, bail out w/o incrementing index
if(mCurIndex >= mHashTable.mTableSize)
return;
while((! mpCurNode) && (++mCurIndex < mHashTable.mTableSize))
{
mpCurNode = mHashTable.mTable[++mCurIndex];
mpCurNode = mHashTable.mTable[mCurIndex];
}
}
@ -316,6 +320,7 @@ cHashTable<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::~cHashTable()
}
}
}
delete [] mTable;
}
////////////////////////////////////////////////////////////////////////////////
@ -503,7 +508,7 @@ uint32 cHashTable<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::Hash( const KEY_TY
return hindex;
}
#ifdef _DEBUG
#ifdef DEBUG
template <class KEY_TYPE, class VAL_TYPE, class COMPARE_OP, class CONVERTER>
void cHashTable<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::TraceDiagnostics() const
@ -537,7 +542,7 @@ void cHashTable<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::TraceDiagnostics() c
d.TraceDebug("-- Slots with >1 item: %d (%lf %%)\n",numMultiSlot, ((double)numMultiSlot / (double)slotsFilled) * 100.0);
d.TraceDebug("--------------------------------------------------\n");
}
#endif // _DEBUG
#endif // DEBUG
#endif //__HASHTABLE_H

4
src/core/haval.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -275,6 +275,7 @@ static uint8 padding[128] = { /* constants for padding */
} \
}
#if 0 //unused in OST
/* hash a string */
void haval_string (char *string, uint8 fingerprint[FPTLEN >> 3])
@ -330,6 +331,7 @@ void haval_stdin ()
putchar(fingerprint[i]);
}
}
#endif
/* initialization */
void haval_start (haval_state *state)

6
src/core/haval.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -117,10 +117,12 @@ typedef struct {
#define P_(s) s
//Old prototyping stuff... I will ignore it for now.
#if 0 //unused in OST
void haval_string P_((char *, uint8 *)); /* hash a string */
int haval_file P_((char *, uint8 *)); /* hash a file */
void haval_stdin P_((void)); /* filter -- hash input from stdin */
#endif
void haval_start P_((haval_state *)); /* initialization */
void haval_hash P_((haval_state* state, uint8* str, int str_len));
void haval_end P_((haval_state *, uint8 *)); /* finalization */

2
src/core/md5.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/md5.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

11
src/core/msystem.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -78,7 +78,7 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <time.h>
#if defined(HAVE_MALLOC_H)
#if HAVE_MALLOC_H && !IS_AROS
#include <malloc.h>
#endif
#include <string.h>
@ -94,6 +94,13 @@
#include <assert.h>
#include "msystem.h"
#if IS_REDOX
#define setuid(x) sleep(0)
#define setgid(x) sleep(0)
#endif
/*
* signal type
*/

2
src/core/msystem.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/ntdbs.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

6
src/core/ntmbs.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -46,7 +46,7 @@
// Module-wide Helpers
//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#ifndef TSS_Raise // Should add file and line info in _DEBUG mode!!!!
#ifndef TSS_Raise // Should add file and line info in DEBUG mode!!!!
#define TSS_Raise( Xcpt, pkg, ids ) \
throw Xcpt( TSS_GetString( pkg, ids ) )
@ -244,5 +244,5 @@ tss::mbscount( const_ntmbs_t psz )
return nCount;
}
// eof: ntmbs.cpp

2
src/core/ntmbs.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

8
src/core/package.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -142,17 +142,17 @@
Messages m_messages // Decare a Stringtable
#ifdef _DEBUG
#ifdef DEBUG
#define TSS_BeginStringtable( pkg ) \
void pkg::LoadStrings() \
{ cDebug d( #pkg "::LoadStrings()" ); \
d.TraceDebug("Loading strings for " #pkg " package.\n"); \
Messages::Pair astr[] = { // Define a Stringtable
#else // _DEBUG
#else // DEBUG
#define TSS_BeginStringtable( pkg ) \
void pkg::LoadStrings() \
{ Messages::Pair astr[] = { // Define a Stringtable
#endif // _DEBUG
#endif // DEBUG
#define TSS_EndStringtable( pkg ) \
}; m_messages.Put( \

75
src/core/platform.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -64,6 +64,9 @@
#define OS_DARWIN 0x0304
#define OS_DRAGONFLYBSD 0x0305
#define OS_MIDNIGHTBSD 0x0306
#define OS_MIRBSD 0x0307
#define OS_BITRIG 0x0308
#define OS_LIBERTYBSD 0x0309
#define OS_SOLARIS 0x0400
#define OS_AIX 0x0401
@ -80,6 +83,9 @@
#define OS_MINT 0x0507
#define OS_AROS 0x0508
#define OS_RTEMS 0x0509
#define OS_RISCOS 0x050A
#define OS_REDOX 0x050B
#define OS_QNX 0x050C
#define COMP_UNKNOWN 0
#define COMP_GCC 0x0001
@ -130,8 +136,18 @@
#elif defined(__linux__)
#define OS OS_LINUX
#define IS_LINUX 1
// A herd of BSDs. Have to detect MidnightBSD before FreeBSD, and MirOS & Bitrig before OpenBSD
// because they also define symbols for their ancestor BSDs.
#elif defined(__DragonFly__)
#define OS OS_DRAGONFLYBSD
#define IS_DRAGONFLYBSD 1
#elif defined(__MidnightBSD__)
#define OS OS_MIDNIGHTBSD
#define IS_MIDNIGHTBSD 1
#elif defined(__FreeBSD__)
#define OS OS_FREEBSD
#define IS_FREEBSD 1
@ -140,6 +156,18 @@
#define OS OS_NETBSD
#define IS_NETBSD 1
#elif defined(__MirBSD__)
#define OS OS_MIRBSD
#define IS_MIRBSD 1
#elif defined(__Bitrig__)
#define OS OS_BITRIG
#define IS_BITRIG 1
#elif defined(TW_LibertyBSD)
#define OS OS_LIBERTYBSD
#define IS_LIBERTYBSD 1
#elif defined(__OpenBSD__)
#define OS OS_OPENBSD
#define IS_OPENBSD 1
@ -148,14 +176,6 @@
#define OS OS_DARWIN
#define IS_DARWIN 1
#elif defined(__DragonFly__)
#define OS OS_DRAGONFLYBSD
#define IS_DRAGONFLYBSD 1
#elif defined(__MidnightBSD__)
#define OS OS_MIDNIGHTBSD
#define IS_MIDNIGHTBSD 1
#elif defined(__sun)
#define OS OS_SOLARIS
@ -209,14 +229,23 @@
#elif defined(__AROS__)
#define OS OS_AROS
#define IS_AROS 1
#elif defined(__rtems__)
#define OS OS_RTEMS
#define IS_RTEMS 1
#else
// OK for OS not to resolve, it's being phased out.
// #error Unknown OS
#elif defined(__riscos__)
#define OS OS_RISCOS
#define IS_RISCOS 1
#elif defined(__redox__)
#define OS OS_REDOX
#define IS_REDOX 1
#elif defined(__QNX__)
#define OS OS_QNX
#define IS_QNX 1
#endif
@ -297,19 +326,21 @@
#define SUPPORTS_MEMBER_TEMPLATES ( ! IS_SUNPRO )
#define SUPPORTS_EXPLICIT_TEMPLATE_FUNC_INST ( ! IS_SUNPRO )
#define SUPPORTS_ST_BLOCKS (!IS_DOS_DJGPP)
#define SUPPORTS_POSIX_SIGNALS (!IS_DOS_DJGPP)
#define SUPPORTS_NETWORKING (!IS_SORTIX && !IS_DOS_DJGPP)
#define SUPPORTS_SYSLOG (HAVE_SYSLOG_H && !IS_SKYOS)
#define NEEDS_SWAB_IMPL (IS_SYLLABLE || IS_ANDROID || IS_SORTIX)
#define SUPPORTS_NETWORKING (!IS_SORTIX && !IS_DOS_DJGPP && !IS_REDOX)
#define SUPPORTS_SYSLOG (HAVE_SYSLOG_H && !IS_SKYOS && !IS_RISCOS)
#define NEEDS_SWAB_IMPL (IS_CYGWIN || IS_SYLLABLE || IS_ANDROID || IS_SORTIX)
#define USES_MBLEN (!IS_ANDROID && !IS_AROS)
#define USES_DEVICE_PATH (IS_AROS || IS_DOS_DJGPP)
#define USES_DEVICE_PATH (IS_AROS || IS_DOS_DJGPP || IS_RISCOS || IS_REDOX)
#define ICONV_CONST_SOURCE (IS_MINIX)
#define SUPPORTS_DIRECT_IO (IS_LINUX)
// Linux is the only platform where direct i/o hashing has been tested & works properly so far.
#define SUPPORTS_TERMIOS (!IS_RTEMS)
#define SUPPORTS_TERMIOS (!IS_RTEMS && !IS_REDOX)
// RTEMS errors are probably just a buildsys issue & this will change or go away.
// Redox will probably implement this in the future.
#define CAN_UNLINK_WHILE_OPEN (!IS_AROS && !IS_RISCOS && !IS_REDOX && !IS_DOS_DJGPP)
#define SUPPORTS_DOUBLE_SLASH_PATH (IS_CYGWIN)
// POSIX standard says paths beginning with 2 slashes are "implementation defined"
@ -318,6 +349,8 @@
// which uses this syntax for UNC paths. So we'll allow leading double slashes there, but
// continue removing them on all other platforms
#define USE_DEV_URANDOM (HAVE_DEV_URANDOM && ENABLE_DEV_URANDOM)
//=============================================================================
// Miscellaneous
//

14
src/core/refcountobj.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -41,7 +41,7 @@
#include "errorutil.h"
#ifdef _DEBUG
#ifdef DEBUG
int cRefCountObj::objectCounter = 0;
int cRefCountObj::referenceCounter = 0;
@ -68,7 +68,7 @@ struct cRefCountObj_Debug
}
} gRefCountObj_Debug;
#endif // _DEBUG
#endif // DEBUG
cRefCountObj::cRefCountObj()
{
@ -76,7 +76,7 @@ cRefCountObj::cRefCountObj()
//std::cout << "Allocated RefObj(" << std::hex << (int)this << ")\n";
#ifdef _DEBUG
#ifdef DEBUG
++objectCounter;
++referenceCounter;
@ -95,7 +95,7 @@ cRefCountObj::~cRefCountObj()
//std::cout << "Deleted RefObj(" << std::hex << (int)this << ")\n";
#ifdef _DEBUG
#ifdef DEBUG
--objectCounter;
cDebug d("cRefCountObj::~cRefCountObj");
d.TraceNever("Object Destroyed[%p] %s Objects Left = %d\n", this, typeid(*this).name(), objectCounter);
@ -128,7 +128,7 @@ void cRefCountObj::AddRef() const
++mRefCount;
#ifdef _DEBUG
#ifdef DEBUG
++referenceCounter;
#endif
}
@ -140,7 +140,7 @@ void cRefCountObj::Release() const
Delete();
}
#ifdef _DEBUG
#ifdef DEBUG
--referenceCounter;
#endif
}

4
src/core/refcountobj.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -77,7 +77,7 @@ protected:
private:
mutable int mRefCount;
#ifdef _DEBUG
#ifdef DEBUG
private:
static int objectCounter;
static int referenceCounter;

4
src/core/resources.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -241,7 +241,7 @@ Resource_Class::Get( ConstKeyRef id ) const
if ( at == m_table.end() )
{
#ifdef _DEBUG
#ifdef DEBUG
std::cerr << "*** Error Resource_Class::Get() [" __FILE__ ":" << __LINE__ << "]: Resource not found\n";
#endif

2
src/core/serializable.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/serializable.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/serializer.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/serializer.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

4
src/core/serializerimpl.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//
@ -274,7 +274,7 @@ iTypedSerializable* cSerializerImpl::ReadObjectDynCreate()
// unable to find the creation function...
d.TraceError("Unable to find creation function for non-ref counted object %d\n", crc);
TOSTRINGSTREAM str;
#ifdef _DEBUG
#ifdef DEBUG
// Let's only report the actual crc in debug mode
str << (int32)crc << std::ends;
#endif

2
src/core/serializerimpl.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/serializerutil.cpp
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

2
src/core/serializerutil.h
View File

@ -1,6 +1,6 @@
//
// The developer of the original code and/or files is Tripwire, Inc.
// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
// Portions created by Tripwire, Inc. are copyright (C) 2000-2017 Tripwire,
// Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
// reserved.
//

Some files were not shown because too many files have changed in this diff Show More