Use SEC_ naming convention w/ Solaris policy

policy/twpol-SunOS.txt

@@ -2,7 +2,8 @@
  #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                        Policy file for Solaris 8                           # #
+#                      Tripwire 2.4 policy for Solaris                       # #
+#                             updated March 2018                             # #
 #                                                                            ##
 ##############################################################################
 
@@ -61,13 +62,13 @@ HOSTNAME=;
 #
 ##############################################################################
 
-Device        = +pugsdr-intlbamcCMSH ;
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
-Dynamic       = +pinugtd-srlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
-Growing       = +pinugtdl-srbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
-IgnoreAll     = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
-ReadOnly      = +pinugtsdbmCM-rlacSH ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
-Temporary     = +pugt ;
+SEC_TEMPORARY     = +pugt ;
 
 @@section FS 
 
@@ -84,10 +85,10 @@ Temporary     = +pugt ;
   rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(ReadOnly) ;
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
-  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
-  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
-  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@@ -104,14 +105,14 @@ Temporary     = +pugt ;
   # afterward triggers this rule until a database update is run, since the
   # database file does not exist before that point.
 
-  $(TWDB)                              -> $(Dynamic) -i ;
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
-  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
-  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
-  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
 
   # don't scan the individual reports
-  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 
   # In this configuration /usr/local is a symbolic link to /home/local.
   # We want to ignore the following directories since they are already
@@ -132,8 +133,8 @@ Temporary     = +pugt ;
   rulename = "OS Boot and Configuration Files",
 )
 {
-  /etc                          -> $(IgnoreNone) -SHa ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
-  /kernel		        -> $(ReadOnly) ;
+  /kernel		        -> $(SEC_READONLY) ;
 }
 
   ###################################################
@@ -147,13 +148,13 @@ Temporary     = +pugt ;
   rulename = "Mount Points",
 )
 {
-  /                             -> $(ReadOnly) ;
+  /                             -> $(SEC_READONLY) ;
-  /cdrom                        -> $(Dynamic) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
-  /home                         -> $(ReadOnly) ;
+  /home                         -> $(SEC_READONLY) ;
-  /mnt                          -> $(Dynamic) ;
+  /mnt                          -> $(SEC_DYNAMIC) ;
-  /usr                          -> $(ReadOnly) ;
+  /usr                          -> $(SEC_READONLY) ;
-  /var                          -> $(ReadOnly) ;
+  /var                          -> $(SEC_READONLY) ;
-  /opt                          -> $(ReadOnly) ;
+  /opt                          -> $(SEC_READONLY) ;
 }
 
   ###################################################
@@ -167,7 +168,7 @@ Temporary     = +pugt ;
   rulename = "Misc Top-Level Directories",
 )
 {
-  /lost+found                   -> $(ReadOnly) ;
+  /lost+found                   -> $(SEC_READONLY) ;
 }
 
   ################################################
@@ -181,8 +182,8 @@ Temporary     = +pugt ;
   rulename = "System Devices",
 )
 {
-  /dev                          -> $(Device) ;
+  /dev                          -> $(SEC_DEVICE) ;
-  /devices                      -> $(Device) ;
+  /devices                      -> $(SEC_DEVICE) ;
 }
 
   ################################################
@@ -196,12 +197,12 @@ Temporary     = +pugt ;
   rulename = "OS Binaries and Libraries",
 )
 {
-  /sbin                         -> $(ReadOnly) ;
+  /sbin                         -> $(SEC_READONLY) ;
-  /usr/bin                      -> $(ReadOnly) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
-  /usr/lib                      -> $(ReadOnly) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
-  /usr/sbin                     -> $(ReadOnly) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
-  /usr/openwin/bin              -> $(ReadOnly) ;
+  /usr/openwin/bin              -> $(SEC_READONLY) ;
-  /usr/openwin/lib              -> $(ReadOnly) ;
+  /usr/openwin/lib              -> $(SEC_READONLY) ;
 }
 
   ################################################
@@ -216,9 +217,9 @@ Temporary     = +pugt ;
 )
 {
   ! /.netscape/cache ; 
-  /.bash_history	         -> $(ReadOnly) -smbCM;
+  /.bash_history	         -> $(SEC_READONLY) -smbCM;
-  /.sh_history                   -> $(Dynamic) ;
+  /.sh_history                   -> $(SEC_DYNAMIC) ;
-  /.Xauthority                   -> $(ReadOnly) ;
+  /.Xauthority                   -> $(SEC_READONLY) ;
 }
 
   ################################################
@@ -232,8 +233,8 @@ Temporary     = +pugt ;
   rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(Temporary) ;
+  /tmp                          -> $(SEC_TEMPORARY) ;
-  /var/tmp                      -> $(Temporary) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }
 
   ################################################
@@ -295,17 +296,17 @@ Temporary     = +pugt ;
   rulename = "System and Boot Changes",
 )
 {
-  /etc/.pwd.lock		   -> $(ReadOnly) -cm;
+  /etc/.pwd.lock		   -> $(SEC_READONLY) -cm;
-  /etc/coreadm.conf		   -> $(ReadOnly) -cm;
+  /etc/coreadm.conf		   -> $(SEC_READONLY) -cm;
-  /var/adm                         -> $(Growing) -i;
+  /var/adm                         -> $(SEC_GROWING) -i;
-  #/var/backups                    -> $(Dynamic) -i ;
+  #/var/backups                    -> $(SEC_DYNAMIC) -i ;
-  /var/cron/log                    -> $(Growing) -i ;
+  /var/cron/log                    -> $(SEC_GROWING) -i ;
-  #/var/db/host.random             -> $(ReadOnly) -mCM ;
+  #/var/db/host.random             -> $(SEC_READONLY) -mCM ;
-  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
+  #/var/db/locate.database         -> $(SEC_READONLY) -misCM ;
-  /var/log                         -> $(Growing) -i ;
+  /var/log                         -> $(SEC_GROWING) -i ;
-  #/var/run                        -> $(Dynamic) -i ;
+  #/var/run                        -> $(SEC_DYNAMIC) -i ;
-  #/var/mail                       -> $(Growing) ;
+  #/var/mail                       -> $(SEC_GROWING) ;
-  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
+  #/var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
   !/var/sendmail ;
   !/var/spool/clientmqueue ;
   !/var/spool/mqueue ;