diff --git a/policy/twpol-AROS.txt b/policy/twpol-AROS.txt index 7fa136c..edcb261 100644 --- a/policy/twpol-AROS.txt +++ b/policy/twpol-AROS.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,14 +97,14 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } @@ -112,21 +112,21 @@ Temporary = +pugt ; (rulename="OS Files",) { - AROS:System -> $(IgnoreNone); - AROS:Devs -> $(IgnoreNone); - AROS:Libs -> $(IgnoreNone); - AROS:Tools-> $(IgnoreNone); - AROS:Prefs -> $(IgnoreNone); - AROS:Utilities -> $(IgnoreNone); - AROS:WBStartup -> $(IgnoreNone); + AROS:System -> $(SEC_READONLY); + AROS:Devs -> $(SEC_READONLY); + AROS:Libs -> $(SEC_READONLY); + AROS:Tools-> $(SEC_READONLY); + AROS:Prefs -> $(SEC_READONLY); + AROS:Utilities -> $(SEC_READONLY); + AROS:WBStartup -> $(SEC_READONLY); } (rulename="Development Tools",) { - Work:Development -> $(IgnoreNone); + Work:Development -> $(SEC_READONLY); } (rulename="Extras",) { - Work:Extras -> $(IgnoreNone); + Work:Extras -> $(SEC_READONLY); } diff --git a/policy/twpol-GNU.txt b/policy/twpol-GNU.txt index 7c07bcf..baa9164 100644 --- a/policy/twpol-GNU.txt +++ b/policy/twpol-GNU.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,63 +97,63 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } ############################################################################## (rulename="Boot files",) { - /boot -> $(IgnoreNone) -a; + /boot -> $(SEC_READONLY) -a; } (rulename="Binary files",) { - /bin -> $(IgnoreNone) -a; - /usr/bin -> $(IgnoreNone) -a; - /usr/local/bin -> $(IgnoreNone) -a; + /bin -> $(SEC_READONLY) -a; + /usr/bin -> $(SEC_READONLY) -a; + /usr/local/bin -> $(SEC_READONLY) -a; } (rulename="Admin binaries",) { - /servers -> $(IgnoreNone) -a; - /sbin -> $(IgnoreNone) -a; - /usr/sbin -> $(IgnoreNone) -a; - /hurd -> $(IgnoreNone) -a; + /servers -> $(SEC_READONLY) -a; + /sbin -> $(SEC_READONLY) -a; + /usr/sbin -> $(SEC_READONLY) -a; + /hurd -> $(SEC_READONLY) -a; } (rulename="Libraries",) { - /lib -> $(IgnoreNone) -a; - /usr/lib -> $(IgnoreNone) -a; - /usr/local/lib -> $(IgnoreNone) -a; + /lib -> $(SEC_READONLY) -a; + /usr/lib -> $(SEC_READONLY) -a; + /usr/local/lib -> $(SEC_READONLY) -a; } (rulename="Etc",) { - /etc -> $(IgnoreNone) -a; - /usr/local/etc -> $(IgnoreNone) -a; + /etc -> $(SEC_READONLY) -a; + /usr/local/etc -> $(SEC_READONLY) -a; } (rulename="Dev",) { - /dev -> $(Device); + /dev -> $(SEC_DEVICE); } (rulename="Tmp",) { - /tmp -> $(Temporary); - /var/tmp -> $(Temporary); + /tmp -> $(SEC_TEMPORARY); + /var/tmp -> $(SEC_TEMPORARY); } (rulename="Log",) { - /var/log -> $(Growing); + /var/log -> $(SEC_GROWING); } diff --git a/policy/twpol-Haiku.txt b/policy/twpol-Haiku.txt index 21dd9b8..b77e308 100644 --- a/policy/twpol-Haiku.txt +++ b/policy/twpol-Haiku.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,14 +97,14 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } @@ -115,7 +115,7 @@ Temporary = +pugt ; # (rulename = "System Directory",) { - /boot/system -> $(IgnoreNone) -a; + /boot/system -> $(SEC_READONLY) -a; } @@ -123,10 +123,10 @@ Temporary = +pugt ; # (rulename = "Binary Directories",) { - /boot/home/config/bin -> $(IgnoreNone) -a; - /boot/common/bin -> $(IgnoreNone) -a; - /boot/apps -> $(IgnoreNone) -a; -# /boot/develop/tools/gnupro/bin -> $(IgnoreNone) -a; #uncomment to monitor dev tools if present + /boot/home/config/bin -> $(SEC_READONLY) -a; + /boot/common/bin -> $(SEC_READONLY) -a; + /boot/apps -> $(SEC_READONLY) -a; +# /boot/develop/tools/gnupro/bin -> $(SEC_READONLY) -a; #uncomment to monitor dev tools if present } @@ -134,45 +134,45 @@ Temporary = +pugt ; # (rulename = "Library Directories",) { - /boot/common/lib -> $(IgnoreNone) -a; - /boot/home/config/lib -> $(IgnoreNone) -a; + /boot/common/lib -> $(SEC_READONLY) -a; + /boot/home/config/lib -> $(SEC_READONLY) -a; } ### Other boot dirs ########################################################### # (rulename = "Boot Directories",) { - /boot/common/boot -> $(IgnoreNone) -a; - /boot/home/config/boot -> $(IgnoreNone) -a; + /boot/common/boot -> $(SEC_READONLY) -a; + /boot/home/config/boot -> $(SEC_READONLY) -a; } ### Settings ################################################################## # (rulename = "Settings",) { - /boot/common/settings -> $(IgnoreNone) -a; - /boot/common/data -> $(IgnoreNone) -a; - /boot/common/etc -> $(IgnoreNone) -a; - /boot/home/config/settings -> $(IgnoreNone) -a; + /boot/common/settings -> $(SEC_READONLY) -a; + /boot/common/data -> $(SEC_READONLY) -a; + /boot/common/etc -> $(SEC_READONLY) -a; + /boot/home/config/settings -> $(SEC_READONLY) -a; } # Logs ######################################################################## # (rulename = "Logs",) { - /boot/common/var/log -> $(Growing) -a; + /boot/common/var/log -> $(SEC_GROWING) -a; } # Dev ######################################################################### # (rulename = "Devices",) { - /dev -> $(Device) -a; + /dev -> $(SEC_DEVICE) -a; } # Temp dirs ######################### # (rulename = "Temp Directories",) { - /boot/common/cache/tmp -> $(Temporary) -a; + /boot/common/cache/tmp -> $(SEC_TEMPORARY) -a; } \ No newline at end of file diff --git a/policy/twpol-Minix.txt b/policy/twpol-Minix.txt index 76ac495..18ae8a9 100644 --- a/policy/twpol-Minix.txt +++ b/policy/twpol-Minix.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,80 +97,80 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } ############################################################################## (rulename="Boot files",) { - /boot -> $(IgnoreNone) -a; - /boot_monitor -> $(IgnoreNone) -a; - /boot.cfg -> $(IgnoreNone) -a; + /boot -> $(SEC_READONLY) -a; + /boot_monitor -> $(SEC_READONLY) -a; + /boot.cfg -> $(SEC_READONLY) -a; } (rulename="Binary files",) { - /bin -> $(IgnoreNone) -a; - /usr/bin -> $(IgnoreNone) -a; - /usr/local/bin -> $(IgnoreNone) -a; - /usr/pkg/bin -> $(IgnoreNone) -a; + /bin -> $(SEC_READONLY) -a; + /usr/bin -> $(SEC_READONLY) -a; + /usr/local/bin -> $(SEC_READONLY) -a; + /usr/pkg/bin -> $(SEC_READONLY) -a; } (rulename="Development",) { - /usr/pkg/gnu/bin -> $(IgnoreNone) -a; - /usr/pkg/i386-elf32-minix/bin -> $(IgnoreNone) -a; + /usr/pkg/gnu/bin -> $(SEC_READONLY) -a; + /usr/pkg/i386-elf32-minix/bin -> $(SEC_READONLY) -a; } (rulename="Libexec",) { - /usr/libexec -> $(IgnoreNone) -a; - /usr/pkg/libexec -> $(IgnoreNone) -a; + /usr/libexec -> $(SEC_READONLY) -a; + /usr/pkg/libexec -> $(SEC_READONLY) -a; } (rulename="Admin binaries",) { - /service -> $(IgnoreNone) -a; - /sbin -> $(IgnoreNone) -a; - /usr/sbin -> $(IgnoreNone) -a; - /usr/pkg/sbin -> $(IgnoreNone) -a; + /service -> $(SEC_READONLY) -a; + /sbin -> $(SEC_READONLY) -a; + /usr/sbin -> $(SEC_READONLY) -a; + /usr/pkg/sbin -> $(SEC_READONLY) -a; } (rulename="Libraries",) { - /lib -> $(IgnoreNone) -a; - /usr/lib -> $(IgnoreNone) -a; - /usr/pkg/lib -> $(IgnoreNone) -a; + /lib -> $(SEC_READONLY) -a; + /usr/lib -> $(SEC_READONLY) -a; + /usr/pkg/lib -> $(SEC_READONLY) -a; } (rulename="Etc",) { - /etc -> $(IgnoreNone) -a; - /usr/etc -> $(IgnoreNone) -a; - /usr/pkg/etc -> $(IgnoreNone) -a; + /etc -> $(SEC_READONLY) -a; + /usr/etc -> $(SEC_READONLY) -a; + /usr/pkg/etc -> $(SEC_READONLY) -a; } (rulename="Dev",) { - /dev -> $(Device); + /dev -> $(SEC_DEVICE); } (rulename="Tmp",) { - /tmp -> $(Temporary); - /var/tmp -> $(Temporary); - /usr/tmp -> $(Temporary); + /tmp -> $(SEC_TEMPORARY); + /var/tmp -> $(SEC_TEMPORARY); + /usr/tmp -> $(SEC_TEMPORARY); } (rulename="Log",) { - /var/log -> $(Growing); + /var/log -> $(SEC_GROWING); } diff --git a/policy/twpol-Syllable.txt b/policy/twpol-Syllable.txt index 034c26b..bbb1bd3 100644 --- a/policy/twpol-Syllable.txt +++ b/policy/twpol-Syllable.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,14 +97,14 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } @@ -115,7 +115,7 @@ Temporary = +pugt ; # (rulename = "System Directory",) { - /boot/system -> $(IgnoreNone) -a; + /boot/system -> $(SEC_READONLY) -a; } @@ -123,19 +123,19 @@ Temporary = +pugt ; # (rulename = "Binary Directories",) { - /boot/bin -> $(IgnoreNone) -a; - /usr/bin -> $(IgnoreNone) -a; - /usr/local/bin -> $(IgnoreNone) -a; - /boot/Applications -> $(IgnoreNone) -a; - /resources/index/bin -> $(IgnoreNone) -a; + /boot/bin -> $(SEC_READONLY) -a; + /usr/bin -> $(SEC_READONLY) -a; + /usr/local/bin -> $(SEC_READONLY) -a; + /boot/Applications -> $(SEC_READONLY) -a; + /resources/index/bin -> $(SEC_READONLY) -a; } (rulename = "Admin Binary Directories",) { - /usr/local/sbin -> $(IgnoreNone) -a; - /resources/index/sbin -> $(IgnoreNone) -a; - /usr/local/libexec -> $(IgnoreNone) -a; - /resources/index/libexec -> $(IgnoreNone) -a; + /usr/local/sbin -> $(SEC_READONLY) -a; + /resources/index/sbin -> $(SEC_READONLY) -a; + /usr/local/libexec -> $(SEC_READONLY) -a; + /resources/index/libexec -> $(SEC_READONLY) -a; } @@ -143,42 +143,42 @@ Temporary = +pugt ; # (rulename = "Library Directories",) { - /usr/local/lib -> $(IgnoreNone) -a; - /resources/index/lib -> $(IgnoreNone) -a; + /usr/local/lib -> $(SEC_READONLY) -a; + /resources/index/lib -> $(SEC_READONLY) -a; } ### Other boot dirs ########################################################### # (rulename = "Boot Directories",) { - /boot/boot/grub -> $(IgnoreNone) -a; + /boot/boot/grub -> $(SEC_READONLY) -a; } ### Settings ################################################################## # (rulename = "Settings",) { - /boot/etc -> $(IgnoreNone) -a; - /usr/local/etc -> $(IgnoreNone) -a; + /boot/etc -> $(SEC_READONLY) -a; + /usr/local/etc -> $(SEC_READONLY) -a; } # Logs ######################################################################## # (rulename = "Logs",) { - /var/log -> $(Growing) -a; + /var/log -> $(SEC_GROWING) -a; } # Dev ######################################################################### # (rulename = "Devices",) { - /dev -> $(Device) -a; + /dev -> $(SEC_DEVICE) -a; } # Temp dirs ######################### # (rulename = "Temp Directories",) { - /boot/tmp -> $(Temporary) -a; + /boot/tmp -> $(SEC_TEMPORARY) -a; } diff --git a/policy/twpol-skyos.txt b/policy/twpol-skyos.txt index b8c8cf3..0bd3c4e 100644 --- a/policy/twpol-skyos.txt +++ b/policy/twpol-skyos.txt @@ -56,13 +56,13 @@ HOSTNAME=; # ############################################################################## -#Device = +pugsdr-intlbamcCMSH ; -#Dynamic = +pinugtd-srlbamcCMSH ; -#Growing = +pinugtdl-srbamcCMSH ; -#IgnoreAll = -pinugtsdrlbamcCMSH ; -#IgnoreNone = +pinugtsdrbamcCMSH-l ; -#ReadOnly = +pinugtsdbmCM-rlacSH ; -Temporary = +pugt ; +SEC_DEVICE = +pugsdr-intlbamcCMSH ; +SEC_DYNAMIC = +pinugtd-srlbamcCMSH ; +SEC_GROWING = +pinugtdl-srbamcCMSH ; +SEC_IGNORE_ALL = -pinugtsdrlbamcCMSH ; +SEC_IGNORE_NONE = +pinugtsdrbamcCMSH-l ; +SEC_READONLY = +pinugtsdbmCM-rlacSH ; +SEC_TEMPORARY = +pugt ; @@section FS @@ -77,10 +77,10 @@ Temporary = +pugt ; rulename = "Tripwire Binaries", ) { - $(TWBIN)/siggen -> $(ReadOnly) ; - $(TWBIN)/tripwire -> $(ReadOnly) ; - $(TWBIN)/twadmin -> $(ReadOnly) ; - $(TWBIN)/twprint -> $(ReadOnly) ; + $(TWBIN)/siggen -> $(SEC_READONLY) ; + $(TWBIN)/tripwire -> $(SEC_READONLY) ; + $(TWBIN)/twadmin -> $(SEC_READONLY) ; + $(TWBIN)/twprint -> $(SEC_READONLY) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases @@ -97,14 +97,14 @@ Temporary = +pugt ; # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. - $(TWDB) -> $(Dynamic) -i ; - $(TWPOL)/tw.pol -> $(ReadOnly) -i ; - $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; - $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; - $(TWSKEY)/site.key -> $(ReadOnly) ; + $(TWDB) -> $(SEC_DYNAMIC) -i ; + $(TWPOL)/tw.pol -> $(SEC_READONLY) -i ; + $(TWPOL)/tw.cfg -> $(SEC_READONLY) -i ; + $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_READONLY) ; + $(TWSKEY)/site.key -> $(SEC_READONLY) ; # don't scan the individual reports - $(TWREPORT) -> $(Dynamic) (recurse=0) ; + $(TWREPORT) -> $(SEC_DYNAMIC) (recurse=0) ; } @@ -115,69 +115,69 @@ Temporary = +pugt ; # (rulename = "System Directory",) { - /boot/system -> $(IgnoreNone) -a; - /boot/system/registry.rsm -> $(IgnoreNone) -am; + /boot/system -> $(SEC_READONLY) -a; + /boot/system/registry.rsm -> $(SEC_READONLY) -am; } (rulename = "System Files",) { - /boot/kernel.sys -> $(IgnoreNone) -a; - /boot/kernel.dbg -> $(IgnoreNone) -a; - /boot/init.scr -> $(IgnoreNone) -a; - /boot/install.sif -> $(IgnoreNone) -a; + /boot/kernel.sys -> $(SEC_READONLY) -a; + /boot/kernel.dbg -> $(SEC_READONLY) -a; + /boot/init.scr -> $(SEC_READONLY) -a; + /boot/install.sif -> $(SEC_READONLY) -a; } ### Other bin dirs ############################################################ # (rulename = "Binary Directories",) { - /boot/programs -> $(IgnoreNone) -a; + /boot/programs -> $(SEC_READONLY) -a; } ### Other lib dirs ############################################################ # (rulename = "Library Directories",) { - /usr/lib -> $(IgnoreNone) -a; - /usr/local/lib -> $(IgnoreNone) -a; + /usr/lib -> $(SEC_READONLY) -a; + /usr/local/lib -> $(SEC_READONLY) -a; } ### Other boot dirs ########################################################### # (rulename = "Boot Directories",) { - /boot/boot/grub -> $(IgnoreNone) -a; + /boot/boot/grub -> $(SEC_READONLY) -a; } ### Settings ################################################################## # (rulename = "Settings",) { - /boot/programs/unix/etc -> $(IgnoreNone) -a; - /usr/local/etc -> $(IgnoreNone) -a; + /boot/programs/unix/etc -> $(SEC_READONLY) -a; + /usr/local/etc -> $(SEC_READONLY) -a; } # Logs ######################################################################## # (rulename = "Logs",) { - /var/log -> $(Growing) -a; + /var/log -> $(SEC_GROWING) -a; } # Dev ######################################################################### # (rulename = "Devices",) { - /dev -> $(Device) -a; - /fifo -> $(Device) -a; - /pty -> $(Device) -as; - /systeminterface -> $(Device) -a; - /umfs -> $(Device) -a; + /dev -> $(SEC_DEVICE) -a; + /fifo -> $(SEC_DEVICE) -a; + /pty -> $(SEC_DEVICE) -as; + /systeminterface -> $(SEC_DEVICE) -a; + /umfs -> $(SEC_DEVICE) -a; } # Temp dirs ######################### # (rulename = "Temp Directories",) { - /boot/temp -> $(Temporary) -a; + /boot/temp -> $(SEC_TEMPORARY) -a; }