Add a default policy for Haiku

2018-02-18 00:33:48 -08:00 · 2018-02-18 00:33:48 -08:00 · 96616b2751
parent 9c645498e2
commit 96616b2751
1 changed files with 178 additions and 0 deletions
--- a/policy/twpol-Haiku.txt
+++ b/policy/twpol-Haiku.txt
@ -0,0 +1,178 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for Haiku                              ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+#Device        = +pugsdr-intlbamcCMSH ;
+#Dynamic       = +pinugtd-srlbamcCMSH ;
+#Growing       = +pinugtdl-srbamcCMSH ;
+#IgnoreAll     = -pinugtsdrlbamcCMSH ;
+#IgnoreNone    = +pinugtsdrbamcCMSH-l ;
+#ReadOnly      = +pinugtsdbmCM-rlacSH ;
+Temporary     = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(ReadOnly) ;
+  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
+  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
+  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(Dynamic) -i ;
+  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
+  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
+  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+}
+
+
+##############################################################################
+
+
+### System dir ###############################################################
+#
+(rulename = "System Directory",)
+{
+   /boot/system -> $(IgnoreNone) -a;
+}
+
+
+### Other bin dirs ############################################################
+#
+(rulename = "Binary Directories",)
+{
+  /boot/home/config/bin -> $(IgnoreNone) -a;
+  /boot/common/bin -> $(IgnoreNone) -a;
+  /boot/apps -> $(IgnoreNone) -a;
+# /boot/develop/tools/gnupro/bin -> $(IgnoreNone) -a; #uncomment to monitor dev tools if present
+}
+
+
+### Other lib dirs ############################################################
+#
+(rulename = "Library Directories",)
+{
+  /boot/common/lib -> $(IgnoreNone) -a;
+  /boot/home/config/lib -> $(IgnoreNone) -a;
+}
+
+### Other boot dirs ###########################################################
+#
+(rulename = "Boot Directories",)
+{
+  /boot/common/boot -> $(IgnoreNone) -a;
+  /boot/home/config/boot -> $(IgnoreNone) -a;
+}
+
+### Settings ##################################################################
+#
+(rulename = "Settings",)
+{
+  /boot/common/settings -> $(IgnoreNone) -a;
+  /boot/common/data -> $(IgnoreNone) -a;
+  /boot/common/etc -> $(IgnoreNone) -a;
+  /boot/home/config/settings -> $(IgnoreNone) -a;
+}
+
+# Logs ########################################################################
+#
+(rulename = "Logs",)
+{
+  /boot/common/var/log -> $(Growing) -a;
+}
+
+# Dev #########################################################################
+#
+(rulename = "Devices",)
+{
+  /dev -> $(Device) -a;
+}
+
+# Temp dirs #########################
+#
+(rulename = "Temp Directories",)
+{
+  /boot/common/cache/tmp -> $(Temporary) -a;
+}