Set theme jekyll-theme-minimal

Merge pull request #34 from crdotson/patch-1
fix create policy command line
2019-03-16 12:30:30 -07:00 · 2018-11-29 23:31:25 -08:00 · 2018-11-29 12:29:02 -05:00 · 2018-04-25 00:15:22 -07:00 · 2018-04-24 15:08:55 -04:00 · 2018-03-30 23:05:50 -07:00
577 changed files with 39658 additions and 30582 deletions
--- a/.clang-format
+++ b/.clang-format
@ -0,0 +1,115 @@
+---
+Language:        Cpp
+
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: true
+AlignConsecutiveDeclarations: true
+AlignEscapedNewlines: Left
+AlignOperands:   true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: false
+BinPackParameters: false
+BraceWrapping:   
+  AfterClass:      true
+  AfterControlStatement: true
+  AfterEnum:       true
+  AfterFunction:   true
+  AfterNamespace:  true
+  AfterObjCDeclaration: true
+  AfterStruct:     true
+  AfterUnion:      true
+  AfterExternBlock: true
+  BeforeCatch:     true
+  BeforeElse:      true
+  IndentBraces:    false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+BreakBeforeInheritanceComma: false
+BreakBeforeTernaryOperators: false
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeColon
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit:     120
+CommentPragmas:  '^ IWYU pragma:'
+CompactNamespaces: false
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DerivePointerAlignment: false
+DisableFormat:   false
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:   
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IncludeBlocks:   Preserve
+IncludeCategories: 
+  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority:        2
+  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
+    Priority:        3
+  - Regex:           '.*'
+    Priority:        1
+IncludeIsMainRegex: '(Test)?$'
+IndentCaseLabels: false
+IndentPPDirectives: AfterHash
+IndentWidth:     4
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 2
+NamespaceIndentation: None
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Left
+RawStringFormats: 
+  - Delimiter:       pb
+    Language:        TextProto
+    BasedOnStyle:    google
+ReflowComments:  false
+SortIncludes:    false
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: false
+SpaceAfterTemplateKeyword: false
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeParens: ControlStatements
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard:        Auto
+TabWidth:        4
+UseTab:          Never
+...
+
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,6 @@ config.h
 config.h.in~
 config.log
 config.status
-compile
 autom4te.cache/
 bin/
 lib/
@ -12,6 +11,7 @@ src/tripwire/tripwire
 src/twadmin/twadmin
 src/twprint/twprint
 src/twtest/twtest
+src/test-harness/twtest
 **/Makefile
 **/*.o
 **/*.dylib
@ -20,6 +20,9 @@ src/twtest/twtest
 **/*.dll
 **/*.exe
 **/*~
+**/*#
 **/*.bak
 **/.DS_Store
+**/*.gcno
+**/*.gcda
 releases/
--- a/39
+++ b/39
@ -1,3 +1,39 @@
+2018-03-24 Brian Cox <bcox@tripwire.com>
+	* Update version to 2.4.3.7
+	* Provide a useful README.md (Github issue #17).
+	* Document return codes in man pages (Github issue #28).
+	* Update install script after testing on additional platforms.
+	* Provide default policies for more operating systems, and update some existing policies
+	* Usability tweaks to twtest.
+	* Fix email reporting on Syllable
+	* Update copyright dates to 2018
+	* Clean up code style with clang-format, & add a custom style that approximates existing OST usage.
+	* Add -t / --output-level option to print-db mode, for consistency w/ print-report mode.
+	* Add object list support to print-report mode, for consistency w/ print-db mode.
+
+2017-10-01 Brian Cox <bcox@tripwire.com>
+	* Update version to 2.4.3.6
+	* Fix & expand tests in Perl acceptance test framework
+	* Fix & expand twtest unit tests, & rework unit test mini-framework so they’re referenced by name, not some numeric ID, and list tests as “skipped" if they don’t make any test assertions.
+	* Add configure options to enable coverage, profiling, & use /dev/urandom as RNG (all off by default)
+	* Add a ‘list’ make target to list all make targets
+	* Remove dead code & add test coverage per gcov+lcov results
+	* Fix various memory issues pointed out by valgrind
+	* In examine-encryption mode, better reporting (& nonzero exit) if we can't find a keyfile for the examined file.
+	* More exception handling around individual objects & init/IC as a whole, since there have been occasional reports of uncaught exceptions during init or check, and so far haven’t been able to repro or figure out what circumstances it occurs under. (e.g. Github issue #25)
+	* Tweak install.sh so it can be run directly, not just thru 'make install' if you want. (Github issue #26)
+	* Improve native (non-Posixy) path handling on platforms that need it (DOS, AROS, RISC OS, Redox)
+	* New platforms:  MirOS BSD, Bitrig, LibertyBSD, RISC OS, Redox
+	* Add default policies for HP-UX & various BSDs
+
+2017-03-30 Brian Cox <bcox@tripwire.com>
+	* Bump version to 2.4.3.5
+	* Fix ‘install-strip’, ‘check’, ‘uninstall’, and ‘distcheck’ make targets.
+	* Fix GCC 7.0.x warnings; use std::unique_ptr instead of deprecated std::auto_ptr where available.
+	* Add ‘--disable-extrawarnings’ configure option, for old compilers that don’t support the ’-Wextra’ compile option.
+	* Clean up unit tests & enable disabled tests.
+	* Address more static analyzer warnings, including from CppCheck & Flawfinder
+
 2017-03-05 Brian Cox <bcox@tripwire.com>
 	* Bump version to 2.4.3.4
 	* Fix issue with printing level 2 reports, introduced by fixing a Clang static analyzer quibble in 2.4.3.3. Sigh.
@ -27,7 +63,8 @@
 	* AROS: Correctly hide passphrases & delete temp files.
 	* Remove dead code & unused files.
 	* Optional RESOLVE_IDS_TO_NAMES option to disable uid/gid to name resolution, if needed.
-	* New --key-size option to twadmin --generate-keys, to generate 1024 (default) or 2048 bit El Gamal keys.  
+	* New --key-size option to twadmin --generate-keys, to generate 1024 (default) or 2048 bit El Gamal keys. 
+	
 2016-04-20 Brian Cox <bcox@tripwire.com>
 	* Bump version to 2.4.3.1
 	* Revive old 'twtest' unit test suite (such as it is); move _t.cpp files into twtest dir.
--- a/Makefile.am
+++ b/Makefile.am
@ -3,7 +3,23 @@ SUBDIRS = man src
 EXTRA_DIST = COMMERCIAL MAINTAINERS TRADEMARK LICENSE Packaging ReadMe-2.4.3 README.md autogen.sh autogen.sh.README touchconfig.sh contrib policy installer

 install-data-hook:
-	export INSTALL_STRIP_FLAG
+	INSTALL_STRIP_FLAG="$(INSTALL_STRIP_FLAG)" \
 	prefix="$(prefix)" sysconfdir="$(sysconfdir)" \
-        path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
-        ./installer/install.sh
+	path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
+	$(top_srcdir)/installer/install.sh
+
+uninstall-hook:
+	rm -f ${prefix}/sbin/tripwire $(prefix)/sbin/twadmin $(prefix)/sbin/twprint $(prefix)/sbin/siggen
+	rm -Rf $(prefix)/doc
+
+check:
+	rm -Rf $(top_srcdir)/src/test-harness/twtest
+	rm -Rf $(top_srcdir)/bin/TWTestData
+	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
+	cd $(top_srcdir)/bin && ./twtest all
+
+test: check
+
+.PHONY: targets
+targets:
+	@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs
--- a/Makefile.in
+++ b/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -307,7 +307,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -547,7 +546,7 @@ distdir: $(DISTFILES)
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
 	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
 	$(am__post_remove_distdir)

 dist-bzip2: distdir
@ -573,7 +572,7 @@ dist-shar: distdir
 	@echo WARNING: "Support for shar distribution archives is" \
 	               "deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
 	$(am__post_remove_distdir)

 dist-zip: distdir
@ -591,7 +590,7 @@ dist dist-all:
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
 	*.tar.lz*) \
@ -601,7 +600,7 @@ distcheck: dist
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
@ -774,9 +773,10 @@ ps: ps-recursive
 ps-am:

 uninstall-am:
-
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 .MAKE: $(am__recursive_targets) all install-am install-data-am \
-	install-strip
+	install-strip uninstall-am

 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
 	am--refresh check check-am clean clean-cscope clean-generic \
@ -792,16 +792,32 @@ uninstall-am:
 	install-strip installcheck installcheck-am installdirs \
 	installdirs-am maintainer-clean maintainer-clean-generic \
 	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
-	tags-am uninstall uninstall-am
+	tags-am uninstall uninstall-am uninstall-hook

 .PRECIOUS: Makefile


 install-data-hook:
-	export INSTALL_STRIP_FLAG
+	INSTALL_STRIP_FLAG="$(INSTALL_STRIP_FLAG)" \
 	prefix="$(prefix)" sysconfdir="$(sysconfdir)" \
-        path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
-        ./installer/install.sh
+	path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
+	$(top_srcdir)/installer/install.sh
+
+uninstall-hook:
+	rm -f ${prefix}/sbin/tripwire $(prefix)/sbin/twadmin $(prefix)/sbin/twprint $(prefix)/sbin/siggen
+	rm -Rf $(prefix)/doc
+
+check:
+	rm -Rf $(top_srcdir)/src/test-harness/twtest
+	rm -Rf $(top_srcdir)/bin/TWTestData
+	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
+	cd $(top_srcdir)/bin && ./twtest all
+
+test: check
+
+.PHONY: targets
+targets:
+	@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs

 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/18
+++ b/18
@ -9,10 +9,6 @@ Packaging for Open Source Tripwire is maintained by various third parties:
 * Debian: https://tracker.debian.org/pkg/tripwire

 * Gentoo: https://packages.gentoo.org/packages/app-admin/tripwire
-    Gentoo also has an SELinux policy for OST:
-    https://packages.gentoo.org/packages/sec-policy/selinux-tripwire
-
- * Chef cookbook: https://github.com/rackspace-cookbooks/rackspace_tripwire

 * FreeBSD Ports: http://svnweb.freebsd.org/ports/head/security/tripwire/

@ -23,5 +19,19 @@ Packaging for Open Source Tripwire is maintained by various third parties:
 * NetBSD pkgsrc: http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/tripwire/README.html
    NOTE: At present (April 2016) pkgsrc only provides the obsolete Tripwire 1.2, from the mid-1990s.
    That version lacks contemporary hash algorithms, and you probably don't want to use it.
+    There's an unfinished pkgsrc port for OST 2.3+ here, if someone who understands pkgsrc
+    is looking for a fun(?) project: http://pkgsrc.se/wip/tripwire2


+A few third party projects that might be useful with OST
+
+ * Chef cookbook: https://github.com/rackspace-cookbooks/rackspace_tripwire
+
+ * Puppet module: https://github.com/razorsedge/puppet-tripwire
+
+ * SELinux policies from Tresys: https://github.com/TresysTechnology/refpolicy-contrib/blob/master/tripwire.te
+   (and related .fc and .if files in the same repo)
+
+ * A Gentoo SELinux policy, different from the one above: https://packages.gentoo.org/packages/sec-policy/selinux-tripwire
+
+ * An experimental(?) Dockerfile for CentOS: https://hub.docker.com/r/prateeknischal/tripwire-play/
--- a/README.md
+++ b/README.md
@ -1,5 +1,179 @@
-#Open Source Tripwire<sup>®</sup> 
+# Open Source Tripwire<sup>®</sup>

-Open Source Tripwire<sup>®</sup> software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com) in 2000.
+Open Source Tripwire<sup>®</sup> is a security and data integrity tool for monitoring and alerting on file & directory changes. This project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com) in 2000.

-Open Source Tripwire is suitable for monitoring a small number of Linux servers, where centralized control and reporting is not needed and professional support or system automation is not a requirement. 
+## Overview
+A Tripwire check compares the current filesystem state against a known baseline state, and alerts on any changes it detects.  The baseline and check behavior are controlled by a policy file, which specifies which files or directories to monitor, and which attributes to monitor on them, such as hashes, file permissions, and ownership.
+
+When an expected change occurs, such as upgrading a package, the baseline database can be updated to the new known-good state.  The policy can also be updated, for example to reduce noise or cover a newly installed package.
+
+## Getting Started
+
+This section covers manual setup of Open Source Tripwire.  If installing via an RPM or Debian package, or via **make install**, a setup script will walk the user through the initial setup steps (key generation thru policy creation) and these will not need to be done by hand.
+
+### Generating Keys
+The first step is to generate site and local key files.  This is necessary because Tripwire policy, configuration, and database files are signed by default, and report files may also be signed.  The site key is used to sign config and policy files, while databases and reports are signed with the local key.  The idea here is that multiple machines can share a site key, but each will have its own local key.  The policy and config files can then be created once and distributed across these machines.
+
+A common practice is to include the hostname in the local key filename, as follows:
+
+```
+./twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key
+./twadmin --generate-keys -S /etc/tripwire/site.key
+```
+
+### Creating a configuration file
+The next step is to create a Tripwire config file.  The config file contains a variety of settings including the locations of Tripwire binaries and key files, email report settings, and parameters that control baseline/check behavior.  These settings are explained in detail in the **twconfig(4)** manual page.
+
+This command line reads and validates the config text in /path/to/twcfg.txt, writes the results to tw.cfg, and signs the resulting file with the provided site key:
+
+```
+./twadmin --create-cfgfile -S /path/to/site.key /path/to/twcfg.txt
+```
+### Generating a policy file
+
+Now it's time to configure which files & directories OST will monitor.  A few simple examples of policy rules:
+
+```
+/start/point -> $(IgnoreNone); # Get all attributes for this dir tree
+/another/start -> +pinugS; # Get selected attributes for this dir tree
+!/start/point/subdir/to/ignore; # Don't monitor this dir tree
+```
+The Tripwire policy language is documented in detail in the **twpolicy(4)** manual page, and default policies for most common operating systems are available in the OST project's policy subdirectory.
+
+```
+./twadmin --create-polfile -S /path/to/site.key /etc/tripwire/twpol.txt
+```
+
+### Creating a baseline
+
+The next step is to baseline the system for the first time.  This step is necessary even if the previous steps are handled by a setup/install script.
+
+```
+./tripwire --init
+```
+This creates a database file in the configured directory, typically a file with a .twd extension in /var/lib/tripwire.  The optional **--verbose** argument to init mode lists files and directories as they're being scanned.
+
+### Running a check
+```
+./tripwire --check
+```
+This runs a check, again with an optional **--verbose** option that displays what it's doing.  Scan results are written to standard out, as well as a report file, which typically has a .twr extension and lives in /var/lib/tripwire/report.  If email reporting is enabled, emails will be sent at the end of the check.
+
+A common way to use OST is to set up a cron job to run checks periodically, emailing results to an administrative account.  Note that the OST install script currently does not create any cron jobs, and this will need to be done by hand.
+
+### Printing a report
+```
+./twprint -m r -t [0-4] -r /path/to/reportfile.twr
+```
+The -t argument specifies the level of report verbosity, where 0 is a single line summary of the report contents, and 4 displays all gathered attributes on all changed objects.  The report level defaults to 3 if not specified on the command line or via the REPORTLEVEL config file option.
+
+Databases can be also printed with:
+
+```
+./twprint -m d -d /path/to/database.twd
+```
+
+### Updating a database
+The simplest form of update updates the database with all the changes in a report file:
+
+```
+./tripwire --update --accept-all
+```
+
+While a
+```
+./tripwire --update
+```
+brings up a text report in the user's preferred editor (as configured in the config file's EDITOR option), with a checkbox next to each detected change.  After saving and exiting the editor, the database will only be updated for those objects that remain selected with an **[x]**.
+
+### Updating a policy
+Policy update mode modifies the current Tripwire policy without losing existing baselines.
+
+```
+./tripwire --update-policy updated-policy.txt
+```
+
+A check is run with the new policy as part of the update process.  If this check detects changes, the default behavior is to display the changes and exit without updating the policy or database.  To accept the changes and continue with the policy update, use the **-Z low** / **--secure-mode low** command line option.
+
+### Testing the email configuration
+To test email configuration:
+
+```
+./tripwire --test --email user@domain.tld
+```
+This sends a test email to the specified address, using the email settings specified in the config file.
+
+## Building OST
+
+### Prerequisites
+
+A C++ compiler.  It's known to build with gcc and clang; OST should work with gcc versions as old as 2.95.2, although gcc older than version 3.1 will need an external STLPort package.
+
+A POSIX-like operating system, including Linux, macOS, various BSDs, Solaris, AIX, HP-UX, Minix, Haiku, GNU/Hurd, and others.  Windows users can build OST under Cygwin, although this does not provide support for monitoring the Registry or any Windows-specific file attributes.
+
+Perl 5+ is needed to run the project's test suite.
+
+### Configuring & Building
+
+OST uses a standard automake build, so the first configuration step will generally be:
+```
+./configure
+```
+
+Additional compiler arguments (such as Debian hardening options), non-default paths, and other options can be set up in this step.  A ```./configure --help``` lists the available configuration options.
+
+The ```--prefix=/some/path``` option controls where a subsequent ```make install``` will install to, and where Tripwire binaries will look for a configuration file.
+
+The ```--enable-static``` option causes the build to create statically linked binaries.  This is often used as a security enhancement, so that Tripwire will not rely on the shared libraries on the machine.  This is not possible on all platforms, as some (like macOS and Solaris) don't provide the necessary static libraries to link against.
+
+Note that Linux systems that use NSS for name lookups will still employ shared libraries behind the scenes even when the OST binaries are statically linked.  There have been occasional reports of segfaults when trying to do a name lookup in these circumstances, particularly when the binary was built on a different machine or it's trying to do an LDAP or NIS name lookup.  If this occurs, there are two ways to work around it:  Either switch to dynamic binaries, or set the Tripwire config file option ```RESOLVE_IDS_TO_NAMES=false```, which tells OST to just watch numeric user & group IDs and not perform name lookups.
+
+If the configure or make step fails with errors about the automake/autoconf version, it may be necessary to run the script
+```./touchconfig.sh```
+before building the project.  This script simply touches files in the correct order such that their last change times are not all identical, and that they're different in the right order.
+
+Then just
+```make```
+to build the project.
+
+## Running the test suites
+
+the ```make check``` make target runs two things:  The acceptance test suite in the src/test-harness directory, and unit tests by running twtest, which is built in the bin directory along with other Tripwire binaries.  These tests can also be run separately:
+```./twtest``` runs all unit tests, while ```./twtest list``` lists all available tests.
+```./twtest Groupname``` runs all tests in a group, and
+```./twtest Groupname/Testname``` just runs the specified test.
+
+
+To run the acceptance tests manually, cd to the src/test-harness directory and run ```perl ./twtest.pl```.
+
+
+## Deployment
+
+The ```make install``` target installs OST to the configured location, and ```make install-strip``` installs and removes symbols from the Tripwire binaries.  A ```make dist``` creates a gzipped source bundle.
+
+## Authors
+
+* [Tripwire, Inc.](http://www.tripwire.com)
+
+
+## License
+
+The developer of the original code and/or files is Tripwire, Inc.
+Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.
+Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
+
+This program is free software.  The contents of this file are subject to the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.  You may redistribute it and/or modify it only in compliance with the GNU General Public License.
+
+This program is distributed in the hope that it will be useful.  However,
+this program is distributed "AS-IS" WITHOUT ANY WARRANTY; INCLUDING THE
+IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+Please see the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc.,
+59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Nothing in the GNU General Public License or any other license to use the
+code or files shall permit you to use Tripwire's trademarks, service marks, or other intellectual property without Tripwire's prior written consent.
+
+If you have any questions, please contact Tripwire, Inc. at either
+info@tripwire.org or www.tripwire.org.
--- a/ReadMe-2.4.3
+++ b/ReadMe-2.4.3
@ -1,4 +1,14 @@
-What's new in Open Source Tripwire 2.4.3.2:
+What's new in Open Source Tripwire 2.4.3.x:
+
+* Useful ‘install-strip’, ‘check’, ‘uninstall’ & ‘distcheck’ make targets as of OST 2.4.3.5.  Check target invokes both the test-harness framework and twtest unit tests.
+
+* Verify OST builds without errors w/ GCC 7.0.x; fix new warnings from the new compiler, including deprecation warnings; use std::unique_ptr instead of std::auto_ptr where available.
+
+* Add ‘--disable-extrawarnings’ configure option, for old compilers that don’t support the ’-Wextra’ compile option.
+
+* Clean up unit tests, enable various disabled tests, make results more useful.
+
+* Additional cleanup due to static analysis tool results (CppCheck, Flawfinder, Clang analyzer).

 * OST now includes optional iconv support when configured with --enable-iconv.
 When enabled, binary database & report files store paths as UTF-16, making these files more
@ -29,11 +39,6 @@ specifying a build directory outside the source dir now works as expected.
 * Assorted platform tweaks:  Add DOS/FreeDOS + DJGPP as a new platform; support Cygwin
 //host/share/path syntax for UNC paths; passphrase & tempfile fixes for AROS.

-
-======================================
-
-What was new in earlier 2.4.3 versions:
-
 * This update fixes compilation errors on modern compilers (GCC 4.7+ and LLVM/clang), 
 as well as some additional errors encountered on various platforms.  This is intended
 to supersede patches against 2.4.2.x, e.g. http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html
@ -66,15 +71,22 @@ defined incorrectly otherwise.
 The update has been tested on a variety of platforms: 

 Linuxes
- CentOS 7 (amd64) + gcc 4.8.5
- Ubuntu 14.0.4 (amd64) + gcc 4.x
- RHEL 3.4 (Itanium) + gcc 3.4.3
 - Alpine Linux 3.3.3 + gcc 5.3.0
- Android 6.0 (arm) + gcc 4.9
- Raspbian 7 (wheezy) (armv6l) + gcc 4.6.3
- openSuSE Tumbleweed (20160408) (i586) + gcc 5.3.1
- RHEL 6.0 (powerpc64) + gcc 4.4.4
+- Alpine Linux 3.5.1 + gcc 6.2.1
+- Arch Linux 232 + gcc 6.3.1
+- Amazon Linux AMI 2016.09 + gcc 4.8.3
+- Android 6.0 (arm) + gcc 4.9 (NDK)
+- CentOS 7 (amd64) + gcc 4.8.5
 - Fedora 24 Alpha 7 (amd64) + gcc 6.0.0
+- Fedora 27 Rawhide (amd64) + gcc 7.0.1
+- Raspbian 7 (wheezy) (armv6l) + gcc 4.6.3
+- RHEL 3.4 (Itanium) + gcc 3.4.3
+- RHEL 6.0 (powerpc64) + gcc 4.4.4
+- openSuSE Tumbleweed (20160408) (i586) + gcc 5.3.1
+- Oracle Linux 6.8 + gcc 4.4.7
+- Ubuntu 14.0.4 (amd64) + gcc 4.x
+- Ubuntu 16.0.4 (amd64) + gcc 5.4.0
+- Wind River Pulsar Linux 8 + gcc 5.2.0

 OSX
 - Mac OS X 10.11 + LLVM 7.0.2 / clang-700.1.81
@ -90,7 +102,7 @@ BSDs
 UNIXes
 - Solaris 10 SPARC + gcc 3.4.6
 - Solaris 10 x86 + gcc 3.4.3
- OpenIndiana 151 + gcc 4.8.5 [an OpenSolaris/illumos distro]
+- OpenIndiana 151 + gcc 4.8.5
 - AIX 5.2 + gcc 4.3.1
 - HP-UX 11.23 + gcc 4.2.3

--- a/2
+++ b/2
@ -2,7 +2,7 @@ TRIPWIRE COPYRIGHT & TRADEMARK NOTICE

 COPYRIGHT
 The developer of the original code and/or files is Tripwire, Inc.  Portions
-created by Tripwire, Inc. are copyright 2000 Tripwire, Inc. 
+created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc. 

 TRADEMARK
 Tripwire is a registered trademark (the "Trademark") of Tripwire, Inc.  All
--- a/_config.yml
+++ b/_config.yml
@ -0,0 +1 @@
+theme: jekyll-theme-minimal
--- a/aclocal.m4
+++ b/aclocal.m4
@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.15 -*- Autoconf -*-
+# generated automatically by aclocal 1.15.1 -*- Autoconf -*-

-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.

 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -20,7 +20,7 @@ You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])

-# Copyright (C) 2002-2014 Free Software Foundation, Inc.
+# Copyright (C) 2002-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
 [am__api_version='1.15'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.15], [],
+m4_if([$1], [1.15.1], [],
      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])

@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.15])dnl
+[AM_AUTOMAKE_VERSION([1.15.1])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])

 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`

 # AM_CONDITIONAL                                            -*- Autoconf -*-

-# Copyright (C) 1997-2014 Free Software Foundation, Inc.
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])

-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl

 # Generate code to set up dependency tracking.              -*- Autoconf -*-

-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -408,7 +408,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],

 # Do all the work for Automake.                             -*- Autoconf -*-

-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -605,7 +605,7 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -626,7 +626,7 @@ if test x"${install_sh+set}" != xset; then
 fi
 AC_SUBST([install_sh])])

-# Copyright (C) 2003-2014 Free Software Foundation, Inc.
+# Copyright (C) 2003-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -647,7 +647,7 @@ AC_SUBST([am__leading_dot])])

 # Check to see how 'make' treats includes.	            -*- Autoconf -*-

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -697,7 +697,7 @@ rm -f confinc confmf

 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-

-# Copyright (C) 1997-2014 Free Software Foundation, Inc.
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -738,7 +738,7 @@ fi
 # Obsolete and "removed" macros, that must however still report explicit
 # error messages when used, to smooth transition.
 #
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -765,7 +765,7 @@ AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])

 # Helper functions for option handling.                     -*- Autoconf -*-

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -794,7 +794,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])

-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -841,7 +841,7 @@ AC_LANG_POP([C])])
 # For backward compatibility.
 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -860,7 +860,7 @@ AC_DEFUN([AM_RUN_LOG],

 # Check to make sure that the build environment is sane.    -*- Autoconf -*-

-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -941,7 +941,7 @@ AC_CONFIG_COMMANDS_PRE(
 rm -f conftest.file
 ])

-# Copyright (C) 2009-2014 Free Software Foundation, Inc.
+# Copyright (C) 2009-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1001,7 +1001,7 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])

-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1029,7 +1029,7 @@ fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])

-# Copyright (C) 2006-2014 Free Software Foundation, Inc.
+# Copyright (C) 2006-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1048,7 +1048,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])

 # Check how to create a tarball.                            -*- Autoconf -*-

-# Copyright (C) 2004-2014 Free Software Foundation, Inc.
+# Copyright (C) 2004-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
--- a/348
+++ b/348
@ -0,0 +1,348 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2016-01-11.22; # UTC
+
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" ""	$nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+  file=$1
+  case $file in
+    / | /[!/]*) # absolute file, and not a UNC file
+      if test -z "$file_conv"; then
+	# lazily determine how to convert abs files
+	case `uname -s` in
+	  MINGW*)
+	    file_conv=mingw
+	    ;;
+	  CYGWIN*)
+	    file_conv=cygwin
+	    ;;
+	  *)
+	    file_conv=wine
+	    ;;
+	esac
+      fi
+      case $file_conv/,$2, in
+	*,$file_conv,*)
+	  ;;
+	mingw/*)
+	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+	  ;;
+	cygwin/*)
+	  file=`cygpath -m "$file" || echo "$file"`
+	  ;;
+	wine/*)
+	  file=`winepath -w "$file" || echo "$file"`
+	  ;;
+      esac
+      ;;
+  esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+  func_file_conv "$1"
+  if test -z "$lib_path"; then
+    lib_path=$file
+  else
+    lib_path="$lib_path;$file"
+  fi
+  linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+  lib=$1
+  found=no
+  save_IFS=$IFS
+  IFS=';'
+  for dir in $lib_path $LIB
+  do
+    IFS=$save_IFS
+    if $shared && test -f "$dir/$lib.dll.lib"; then
+      found=yes
+      lib=$dir/$lib.dll.lib
+      break
+    fi
+    if test -f "$dir/$lib.lib"; then
+      found=yes
+      lib=$dir/$lib.lib
+      break
+    fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
+  done
+  IFS=$save_IFS
+
+  if test "$found" != yes; then
+    lib=$lib.lib
+  fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+  # Assume a capable shell
+  lib_path=
+  shared=:
+  linker_opts=
+  for arg
+  do
+    if test -n "$eat"; then
+      eat=
+    else
+      case $1 in
+	-o)
+	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
+	  eat=1
+	  case $2 in
+	    *.o | *.[oO][bB][jJ])
+	      func_file_conv "$2"
+	      set x "$@" -Fo"$file"
+	      shift
+	      ;;
+	    *)
+	      func_file_conv "$2"
+	      set x "$@" -Fe"$file"
+	      shift
+	      ;;
+	  esac
+	  ;;
+	-I)
+	  eat=1
+	  func_file_conv "$2" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-I*)
+	  func_file_conv "${1#-I}" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-l)
+	  eat=1
+	  func_cl_dashl "$2"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-l*)
+	  func_cl_dashl "${1#-l}"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-L)
+	  eat=1
+	  func_cl_dashL "$2"
+	  ;;
+	-L*)
+	  func_cl_dashL "${1#-L}"
+	  ;;
+	-static)
+	  shared=false
+	  ;;
+	-Wl,*)
+	  arg=${1#-Wl,}
+	  save_ifs="$IFS"; IFS=','
+	  for flag in $arg; do
+	    IFS="$save_ifs"
+	    linker_opts="$linker_opts $flag"
+	  done
+	  IFS="$save_ifs"
+	  ;;
+	-Xlinker)
+	  eat=1
+	  linker_opts="$linker_opts $2"
+	  ;;
+	-*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+	  func_file_conv "$1"
+	  set x "$@" -Tp"$file"
+	  shift
+	  ;;
+	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+	  func_file_conv "$1" mingw
+	  set x "$@" "$file"
+	  shift
+	  ;;
+	*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+      esac
+    fi
+    shift
+  done
+  if test -n "$linker_opts"; then
+    linker_opts="-link$linker_opts"
+  fi
+  exec "$@" $linker_opts
+  exit 1
+}
+
+eat=
+
+case $1 in
+  '')
+     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+  icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
+    func_cl_wrapper "$@"      # Doesn't return...
+    ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as 'compile cc -o foo foo.c'.
+	# So we strip '-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no '-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # '.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
--- a/config.guess
+++ b/config.guess
@ -1,8 +1,8 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
+#   Copyright 1992-2017 Free Software Foundation, Inc.

-timestamp='2016-02-11'
+timestamp='2017-09-16'

 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2016-02-11'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@ -27,7 +27,7 @@ timestamp='2016-02-11'
 # Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
 #
 # You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 #
 # Please send patches to <config-patches@gnu.org>.

@ -50,7 +50,7 @@ version="\
 GNU config.guess ($timestamp)

 Originally written by Per Bothner.
-Copyright 1992-2016 Free Software Foundation, Inc.
+Copyright 1992-2017 Free Software Foundation, Inc.

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -186,9 +186,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
-	# to ELF recently, or will in the future.
+	# to ELF recently (or will in the future) and ABI.
 	case "${UNAME_MACHINE_ARCH}" in
-	    arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
+	    earm*)
+		os=netbsdelf
+		;;
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
 		eval $set_cc_for_build
 		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
 			| grep -q __ELF__
@ -256,6 +259,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
    *:Sortix:*:*)
 	echo ${UNAME_MACHINE}-unknown-sortix
 	exit ;;
+    *:Redox:*:*)
+	echo ${UNAME_MACHINE}-unknown-redox
+	exit ;;
    alpha:OSF1:*:*)
 	case $UNAME_RELEASE in
 	*4.0)
@ -312,15 +318,6 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	exitcode=$?
 	trap '' 0
 	exit $exitcode ;;
-    Alpha\ *:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# Should we change UNAME_MACHINE based on the output of uname instead
-	# of the specific Alpha model?
-	echo alpha-pc-interix
-	exit ;;
-    21064:Windows_NT:50:3)
-	echo alpha-dec-winnt3.5
-	exit ;;
    Amiga*:UNIX_System_V:4.0:*)
 	echo m68k-unknown-sysv4
 	exit ;;
@ -386,7 +383,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	# This test works for both compilers.
 	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
 		grep IS_64BIT_ARCH >/dev/null
 	    then
 		SUN_ARCH=x86_64
@ -684,7 +681,7 @@ EOF
 		    exit (0);
 		}
 EOF
-		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
 		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		fi ;;
 	esac
@ -701,7 +698,7 @@ EOF
 	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
 	    # => hppa64-hp-hpux11.23

-	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
 		grep -q __LP64__
 	    then
 		HP_ARCH=hppa2.0w
@ -834,10 +831,11 @@ EOF
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
 	case ${UNAME_PROCESSOR} in
 	    amd64)
-		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    *)
-		echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+		UNAME_PROCESSOR=x86_64 ;;
+	    i386)
+		UNAME_PROCESSOR=i586 ;;
 	esac
+	echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
 	exit ;;
    *:MidnightBSD:*:*)
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
@ -860,10 +858,6 @@ EOF
    *:MSYS*:*)
 	echo ${UNAME_MACHINE}-pc-msys
 	exit ;;
-    i*:windows32*:*)
-	# uname -m includes "-pc" on this system.
-	echo ${UNAME_MACHINE}-mingw32
-	exit ;;
    i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
 	exit ;;
@ -879,27 +873,12 @@ EOF
 		echo ia64-unknown-interix${UNAME_RELEASE}
 		exit ;;
 	esac ;;
-    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
-	echo i${UNAME_MACHINE}-pc-mks
-	exit ;;
-    8664:Windows_NT:*)
-	echo x86_64-pc-mks
-	exit ;;
-    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
-	# UNAME_MACHINE based on the output of uname instead of i386?
-	echo i586-pc-interix
-	exit ;;
    i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
 	exit ;;
    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
 	echo x86_64-unknown-cygwin
 	exit ;;
-    p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin
-	exit ;;
    prep*:SunOS:5.*:*)
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit ;;
@ -909,7 +888,7 @@ EOF
 	exit ;;
    *:GNU/*:*:*)
 	# other systems with GNU libc and userland
-	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
 	exit ;;
    i*86:Minix:*:*)
 	echo ${UNAME_MACHINE}-pc-minix
@ -1006,6 +985,9 @@ EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
 	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
 	;;
+    mips64el:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
    openrisc*:Linux:*:*)
 	echo or1k-unknown-linux-${LIBC}
 	exit ;;
@ -1038,6 +1020,9 @@ EOF
    ppcle:Linux:*:*)
 	echo powerpcle-unknown-linux-${LIBC}
 	exit ;;
+    riscv32:Linux:*:* | riscv64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
    s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
 	exit ;;
@ -1285,6 +1270,9 @@ EOF
    SX-8R:SUPER-UX:*:*)
 	echo sx8r-nec-superux${UNAME_RELEASE}
 	exit ;;
+    SX-ACE:SUPER-UX:*:*)
+	echo sxace-nec-superux${UNAME_RELEASE}
+	exit ;;
    Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
 	exit ;;
@ -1300,14 +1288,21 @@ EOF
 	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
 	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		    (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
-		    grep IS_64BIT_ARCH >/dev/null
+		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		       grep IS_64BIT_ARCH >/dev/null
 		then
 		    case $UNAME_PROCESSOR in
 			i386) UNAME_PROCESSOR=x86_64 ;;
 			powerpc) UNAME_PROCESSOR=powerpc64 ;;
 		    esac
 		fi
+		# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+		if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		       grep IS_PPC >/dev/null
+		then
+		    UNAME_PROCESSOR=powerpc
+		fi
 	    fi
 	elif test "$UNAME_PROCESSOR" = i386 ; then
 	    # Avoid executing cc on OS X 10.9, as it ships with a stub
@ -1331,15 +1326,18 @@ EOF
    *:QNX:*:4*)
 	echo i386-pc-qnx
 	exit ;;
-    NEO-?:NONSTOP_KERNEL:*:*)
+    NEO-*:NONSTOP_KERNEL:*:*)
 	echo neo-tandem-nsk${UNAME_RELEASE}
 	exit ;;
    NSE-*:NONSTOP_KERNEL:*:*)
 	echo nse-tandem-nsk${UNAME_RELEASE}
 	exit ;;
-    NSR-?:NONSTOP_KERNEL:*:*)
+    NSR-*:NONSTOP_KERNEL:*:*)
 	echo nsr-tandem-nsk${UNAME_RELEASE}
 	exit ;;
+    NSX-*:NONSTOP_KERNEL:*:*)
+	echo nsx-tandem-nsk${UNAME_RELEASE}
+	exit ;;
    *:NonStop-UX:*:*)
 	echo mips-compaq-nonstopux
 	exit ;;
@ -1395,7 +1393,7 @@ EOF
 	echo i386-pc-xenix
 	exit ;;
    i*86:skyos:*:*)
-	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
 	exit ;;
    i*86:rdos:*:*)
 	echo ${UNAME_MACHINE}-pc-rdos
@ -1414,18 +1412,17 @@ esac
 cat >&2 <<EOF
 $0: unable to guess system type

-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite *all*
+copies of config.guess and config.sub with the latest versions from:

-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 and
-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub

-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.

 config.guess timestamp = $timestamp

--- a/config.h.in
+++ b/config.h.in
@ -6,6 +6,9 @@
 /* Compile with debug code */
 #undef DEBUG

+/* Enable use of /dev/urandom */
+#undef ENABLE_DEV_URANDOM
+
 /* this is the prefix for STL exception functions */
 #undef EXCEPTION_NAMESPACE

@ -15,6 +18,21 @@
 /* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */
 #undef HAVE_COMMONCRYPTO_COMMONDIGEST_H

+/* Has /dev/arandom */
+#undef HAVE_DEV_ARANDOM
+
+/* Has /dev/random */
+#undef HAVE_DEV_RANDOM
+
+/* Has /dev/urandom */
+#undef HAVE_DEV_URANDOM
+
+/* Define to 1 if you have the `door_create' function. */
+#undef HAVE_DOOR_CREATE
+
+/* Define to 1 if you have the <door.h> header file. */
+#undef HAVE_DOOR_H
+
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H

@ -54,6 +72,12 @@
 /* Define to 1 if you have the <openssl/sha.h> header file. */
 #undef HAVE_OPENSSL_SHA_H

+/* Define to 1 if you have the `port_create' function. */
+#undef HAVE_PORT_CREATE
+
+/* Define to 1 if you have the <port.h> header file. */
+#undef HAVE_PORT_H
+
 /* Define to 1 if you have the `posix_fadvise' function. */
 #undef HAVE_POSIX_FADVISE

@ -78,6 +102,15 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H

+/* Define to 1 if `st_blocks' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_BLOCKS
+
+/* Define to 1 if `st_rdev' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_RDEV
+
+/* Define to 1 if you have the `swab' function. */
+#undef HAVE_SWAB
+
 /* Define to 1 if you have the <syslog.h> header file. */
 #undef HAVE_SYSLOG_H

@ -111,6 +144,9 @@
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H

+/* Define to 1 if you have the <sys/unistd.h> header file. */
+#undef HAVE_SYS_UNISTD_H
+
 /* Define to 1 if you have the <sys/ustat.h> header file. */
 #undef HAVE_SYS_USTAT_H

@ -165,6 +201,9 @@
 /* The size of `long long', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG

+/* The size of `time_t', as computed by sizeof. */
+#undef SIZEOF_TIME_T
+
 /* Don't use gethostbyname() on Solaris */
 #undef SOLARIS_NO_GETHOSTBYNAME

--- a/config.sub
+++ b/config.sub
@ -1,8 +1,8 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
+#   Copyright 1992-2017 Free Software Foundation, Inc.

-timestamp='2016-01-01'
+timestamp='2017-09-22'

 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2016-01-01'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@ -33,7 +33,7 @@ timestamp='2016-01-01'
 # Otherwise, we print the canonical config type on stdout and succeed.

 # You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub

 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)

-Copyright 1992-2016 Free Software Foundation, Inc.
+Copyright 1992-2017 Free Software Foundation, Inc.

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -117,7 +117,7 @@ case $maybe_os in
  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
-  kopensolaris*-gnu* | \
+  kopensolaris*-gnu* | cloudabi*-eabi* | \
  storm-chaos* | os2-emx* | rtmk-nova*)
    os=-$maybe_os
    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -229,9 +229,6 @@ case $os in
 	-ptx*)
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
 		;;
-	-windowsnt*)
-		os=`echo $os | sed -e 's/windowsnt/winnt/'`
-		;;
 	-psos*)
 		os=-psos
 		;;
@ -263,7 +260,7 @@ case $basic_machine in
 	| fido | fr30 | frv | ft32 \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| hexagon \
-	| i370 | i860 | i960 | ia64 \
+	| i370 | i860 | i960 | ia16 | ia64 \
 	| ip2k | iq2000 \
 	| k1om \
 	| le32 | le64 \
@ -301,6 +298,7 @@ case $basic_machine in
 	| open8 | or1k | or1knd | or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle \
+	| pru \
 	| pyramid \
 	| riscv32 | riscv64 \
 	| rl78 | rx \
@ -314,6 +312,7 @@ case $basic_machine in
 	| ubicom32 \
 	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
 	| visium \
+	| wasm32 \
 	| we32k \
 	| x86 | xc16x | xstormy16 | xtensa \
 	| z8k | z80)
@ -387,7 +386,7 @@ case $basic_machine in
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| hexagon-* \
-	| i*86-* | i860-* | i960-* | ia64-* \
+	| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
 	| ip2k-* | iq2000-* \
 	| k1om-* \
 	| le32-* | le64-* \
@ -428,6 +427,7 @@ case $basic_machine in
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+	| pru-* \
 	| pyramid-* \
 	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
@ -444,6 +444,7 @@ case $basic_machine in
 	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
 	| vax-* \
 	| visium-* \
+	| wasm32-* \
 	| we32k-* \
 	| x86-* | x86_64-* | xc16x-* | xps100-* \
 	| xstormy16-* | xtensa*-* \
@ -643,6 +644,14 @@ case $basic_machine in
 		basic_machine=m68k-bull
 		os=-sysv3
 		;;
+	e500v[12])
+		basic_machine=powerpc-unknown
+		os=$os"spe"
+		;;
+	e500v[12]-*)
+		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=$os"spe"
+		;;
 	ebmon29k)
 		basic_machine=a29k-amd
 		os=-ebmon
@ -938,6 +947,9 @@ case $basic_machine in
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
+	nsx-tandem)
+		basic_machine=nsx-tandem
+		;;
 	op50n-* | op60c-*)
 		basic_machine=hppa1.1-oki
 		os=-proelf
@ -1022,7 +1034,7 @@ case $basic_machine in
 	ppc-* | ppcbe-*)
 		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppcle | powerpclittle | ppc-le | powerpc-little)
+	ppcle | powerpclittle)
 		basic_machine=powerpcle-unknown
 		;;
 	ppcle-* | powerpclittle-*)
@ -1032,7 +1044,7 @@ case $basic_machine in
 		;;
 	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+	ppc64le | powerpc64little)
 		basic_machine=powerpc64le-unknown
 		;;
 	ppc64le-* | powerpc64little-*)
@ -1233,6 +1245,9 @@ case $basic_machine in
 		basic_machine=a29k-wrs
 		os=-vxworks
 		;;
+	wasm32)
+		basic_machine=wasm32-unknown
+		;;
 	w65*)
 		basic_machine=w65-wdc
 		os=-none
@ -1241,6 +1256,9 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
+	x64)
+		basic_machine=x86_64-pc
+		;;
 	xbox)
 		basic_machine=i686-pc
 		os=-mingw32
@ -1348,8 +1366,8 @@ esac
 if [ x"$os" != x"" ]
 then
 case $os in
-	# First match some system type aliases
-	# that might get confused with valid system types.
+	# First match some system type aliases that might get confused
+	# with valid system types.
 	# -solaris* is a basic system type, with this one exception.
 	-auroraux)
 		os=-auroraux
@ -1369,9 +1387,9 @@ case $os in
 	-gnu/linux*)
 		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
 		;;
-	# First accept the basic system types.
+	# Now accept the basic system types.
 	# The portable systems comes first.
-	# Each alternative MUST END IN A *, to match a version number.
+	# Each alternative MUST end in a * to match a version number.
 	# -sysv* is not here because it comes later, after sysvr4.
 	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
 	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
@ -1387,9 +1405,9 @@ case $os in
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
 	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
 	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
 	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
@ -1399,7 +1417,7 @@ case $os in
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
 	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos*)
+	      | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@ -1531,6 +1549,8 @@ case $os in
 		;;
 	-nacl*)
 		;;
+	-ios)
+		;;
 	-none)
 		;;
 	*)
@ -1626,6 +1646,9 @@ case $basic_machine in
 	sparc-* | *-sun)
 		os=-sunos4.1.1
 		;;
+	pru-*)
+		os=-elf
+		;;
 	*-be)
 		os=-beos
 		;;
--- a/322
+++ b/322
@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac Revision: 2.4.3.4 .
+# From configure.ac Revision: 2.4.3.7 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.4.
+# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.7.
 #
 # Report bugs to <https://github.com/Tripwire/tripwire-open-source/issues>.
 #
@ -12,7 +12,7 @@
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
 #
-# The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
+# The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
 ## -------------------- ##
 ## M4sh Initialization. ##
 ## -------------------- ##
@ -584,8 +584,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tripwire'
 PACKAGE_TARNAME='tripwire'
-PACKAGE_VERSION='2.4.3.4'
-PACKAGE_STRING='tripwire 2.4.3.4'
+PACKAGE_VERSION='2.4.3.7'
+PACKAGE_STRING='tripwire 2.4.3.7'
 PACKAGE_BUGREPORT='https://github.com/Tripwire/tripwire-open-source/issues'
 PACKAGE_URL='https://github.com/Tripwire/tripwire-open-source'

@ -724,7 +724,6 @@ infodir
 docdir
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@ -748,8 +747,12 @@ ac_subst_files=''
 ac_user_opts='
 enable_option_checking
 enable_silent_rules
+enable_extrawarnings
 enable_static
 enable_debug
+enable_coverage
+enable_profiling
+enable_urandom
 enable_dependency_tracking
 enable_commoncrypto
 enable_iconv
@ -809,7 +812,6 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1062,15 +1064,6 @@ do
  | -silent | --silent | --silen | --sile | --sil)
    silent=yes ;;

-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
-
  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
    ac_prev=sbindir ;;
  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1208,7 +1201,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir runstatedir
+		libdir localedir mandir
 do
  eval ac_val=\$$ac_var
  # Remove trailing slashes.
@ -1321,7 +1314,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures tripwire 2.4.3.4 to adapt to many kinds of systems.
+\`configure' configures tripwire 2.4.3.7 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1361,7 +1354,6 @@ Fine tuning of the installation directories:
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@ -1393,7 +1385,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of tripwire 2.4.3.4:";;
+     short | recursive ) echo "Configuration of tripwire 2.4.3.7:";;
   esac
  cat <<\_ACEOF

@ -1403,8 +1395,12 @@ Optional Features:
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-silent-rules   less verbose build output (undo: "make V=1")
  --disable-silent-rules  verbose build output (undo: "make V=0")
+  —-disable-extrawarnings do not compile with -Wextra warnings enabled
  --enable-static         compile static binaries
  --enable-debug          compile with debuging enabled
+  --enable-coverage       enable code coverage
+  --enable-profiling      enable profiling
+  --enable-urandom        use /dev/urandom
  --enable-dependency-tracking
                          do not reject slow dependency extractors
  --disable-dependency-tracking
@ -1504,14 +1500,14 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-tripwire configure 2.4.3.4
+tripwire configure 2.4.3.7
 generated by GNU Autoconf 2.69

 Copyright (C) 2012 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.

-The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
+The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
 _ACEOF
  exit
 fi
@ -2034,6 +2030,63 @@ rm -f conftest.val

 } # ac_fn_c_compute_int

+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+$as_echo_n "checking for $2.$3... " >&6; }
+if eval \${$4+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$4=yes"
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$4=yes"
+else
+  eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$4
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_member
+
 # ac_fn_c_try_link LINENO
 # -----------------------
 # Try to link conftest.$ac_ext, and return whether this succeeded.
@ -2391,7 +2444,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by tripwire $as_me 2.4.3.4, which was
+It was created by tripwire $as_me 2.4.3.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@
@ -3365,7 +3418,7 @@ fi

 # Define the identity of the package.
 PACKAGE='tripwire'
- VERSION='2.4.3.4'
+ VERSION='2.4.3.7'


 cat >>confdefs.h <<_ACEOF
@ -3464,11 +3517,21 @@ ac_config_headers="$ac_config_headers config.h"



-rm -f src/tripwire/syslog.h 2> /dev/null
-chmod 755 install-sh 2> /dev/null
+CFLAGS=${CFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}

-CFLAGS=${CFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
-CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+
+# This is primarily to support old compilers that don’t understand -Wextra
+# Check whether --enable-extrawarnings was given.
+if test "${enable_extrawarnings+set}" = set; then :
+  enableval=$enable_extrawarnings;
+fi
+
+if test "x$enable_extrawarnings" != "xno"
+then
+   CFLAGS="${CFLAGS} -Wextra -Wno-unused-parameter"
+   CXXFLAGS="${CXXFLAGS} -Wextra -Wno-unused-parameter"
+fi

 # Check whether --enable-static was given.
 if test "${enable_static+set}" = set; then :
@ -3478,6 +3541,7 @@ fi
 if test "x$enable_static" = xyes
 then LDFLAGS="${LDFLAGS} -static"
 fi
+
 # Check whether --enable-debug was given.
 if test "${enable_debug+set}" = set; then :
  enableval=$enable_debug;
@ -3490,6 +3554,46 @@ then

 $as_echo "#define DEBUG 1" >>confdefs.h

+else
+
+$as_echo "#define NDEBUG 1" >>confdefs.h
+
+fi
+
+# Check whether --enable-coverage was given.
+if test "${enable_coverage+set}" = set; then :
+  enableval=$enable_coverage;
+fi
+
+if test "x$enable_coverage" = xyes
+then
+   CFLAGS="${CFLAGS} --coverage"
+   CXXFLAGS="${CXXFLAGS} --coverage"
+   LDFLAGS="${LDFLAGS} --coverage"
+fi
+
+# Check whether --enable-profiling was given.
+if test "${enable_profiling+set}" = set; then :
+  enableval=$enable_profiling;
+fi
+
+if test "x$enable_profiling" = xyes
+then
+   CFLAGS="${CFLAGS} -pg"
+   CXXFLAGS="${CXXFLAGS} -pg"
+   LDFLAGS="${LDFLAGS} -pg"
+fi
+
+# Check whether --enable-urandom was given.
+if test "${enable_urandom+set}" = set; then :
+  enableval=$enable_urandom;
+fi
+
+if test "x$enable_urandom" = xyes
+then
+
+$as_echo "#define ENABLE_DEV_URANDOM 1" >>confdefs.h
+
 fi

 ac_ext=c
@ -4349,7 +4453,7 @@ if test -z "$CXX"; then
    CXX=$CCC
  else
    if test -n "$ac_tool_prefix"; then
-  for ac_prog in g++ clang++ sunCC aCC xlC_r xlC cl.exe
+  for ac_prog in g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe
  do
    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
@ -4393,7 +4497,7 @@ fi
 fi
 if test -z "$CXX"; then
  ac_ct_CXX=$CXX
-  for ac_prog in g++ clang++ sunCC aCC xlC_r xlC cl.exe
+  for ac_prog in g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe
 do
  # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
@ -5522,7 +5626,20 @@ fi

 done

-for ac_header in unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h
+for ac_header in unistd.h sys/unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in syslog.h langinfo.h sys/statfs.h sys/select.h
 do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@ -6053,6 +6170,39 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF


+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
+$as_echo_n "checking size of time_t... " >&6; }
+if ${ac_cv_sizeof_time_t+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_time_t" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (time_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_time_t=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
+$as_echo "$ac_cv_sizeof_time_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
+_ACEOF
+
+


 $as_echo "#define USES_1S_COMPLEMENT 0" >>confdefs.h
@ -6078,6 +6228,26 @@ $as_echo "#define IS_UNIX 1" >>confdefs.h
 $as_echo "#define NDEBUG 1" >>confdefs.h


+ac_fn_c_check_member "$LINENO" "struct stat" "st_rdev" "ac_cv_member_struct_stat_st_rdev" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_rdev" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_STAT_ST_RDEV 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct stat" "st_blocks" "ac_cv_member_struct_stat_st_blocks" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_blocks" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_STAT_ST_BLOCKS 1
+_ACEOF
+
+
+fi
+
+
 for ac_func in strftime gethostname gethostid
 do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@ -6102,6 +6272,17 @@ _ACEOF
 fi
 done

+for ac_func in swab
+do :
+  ac_fn_c_check_func "$LINENO" "swab" "ac_cv_func_swab"
+if test "x$ac_cv_func_swab" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SWAB 1
+_ACEOF
+
+fi
+done
+

 for ac_header in fcntl.h
 do :
@ -6148,6 +6329,78 @@ done

 fi

+for ac_header in door.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "door.h" "ac_cv_header_door_h" "$ac_includes_default"
+if test "x$ac_cv_header_door_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DOOR_H 1
+_ACEOF
+ for ac_func in door_create
+do :
+  ac_fn_c_check_func "$LINENO" "door_create" "ac_cv_func_door_create"
+if test "x$ac_cv_func_door_create" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DOOR_CREATE 1
+_ACEOF
+
+fi
+done
+
+fi
+
+done
+
+
+for ac_header in port.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "port.h" "ac_cv_header_port_h" "$ac_includes_default"
+if test "x$ac_cv_header_port_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_PORT_H 1
+_ACEOF
+ for ac_func in port_create
+do :
+  ac_fn_c_check_func "$LINENO" "port_create" "ac_cv_func_port_create"
+if test "x$ac_cv_func_port_create" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_PORT_CREATE 1
+_ACEOF
+
+fi
+done
+
+fi
+
+done
+
+
+
+UNAME=`uname`
+
+
+if [ $UNAME != "AROS" ]; then
+
+  if test -c "/dev/random"; then
+
+$as_echo "#define HAVE_DEV_RANDOM 1" >>confdefs.h
+
+  fi
+
+  if test -c "/dev/urandom"; then
+
+$as_echo "#define HAVE_DEV_URANDOM 1" >>confdefs.h
+
+  fi
+
+  if test -c "/dev/arandom"; then
+
+$as_echo "#define HAVE_DEV_ARANDOM 1" >>confdefs.h
+
+  fi
+
+fi
+

 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lc" >&5
 $as_echo_n "checking for socket in -lc... " >&6; }
@ -6850,6 +7103,9 @@ case $target in
 		;;
 	*-*-netbsd*)
 		;;
+	*-*-libertybsd*)
+		CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
+		;;
 	i[0-9]86-pc-linux*)
 		;;
 	sparc-*-linux*)
@ -7633,7 +7889,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tripwire $as_me 2.4.3.4, which was
+This file was extended by tripwire $as_me 2.4.3.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -7700,7 +7956,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tripwire config.status 2.4.3.4
+tripwire config.status 2.4.3.7
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

--- a/configure.ac
+++ b/configure.ac
@ -2,47 +2,75 @@ dnl Process this file with autoconf to produce a configure script.
 dnl
 dnl

-AC_INIT([tripwire], [2.4.3.4], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
+AC_INIT([tripwire], [2.4.3.7], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
 AC_CONFIG_SRCDIR([src/tw/tw.cpp])
 AC_CANONICAL_TARGET([])
 AM_INIT_AUTOMAKE
 AM_CONFIG_HEADER(config.h)

-AC_COPYRIGHT([The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.])
-AC_REVISION([$Revision: 2.4.3.4 $])
-
-dnl #################################
-dnl Cleanup Cruft Leftover From Patch
-dnl #################################
-rm -f src/tripwire/syslog.h 2> /dev/null
-chmod 755 install-sh 2> /dev/null
+AC_COPYRIGHT([The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.])
+AC_REVISION([$Revision: 2.4.3.7 $])

 dnl ###############
 dnl Setup defaults
 dnl ###############
-CFLAGS=${CFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
-CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+CFLAGS=${CFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}

 dnl #####################
 dnl Configuration options
 dnl #####################
+
+# This is primarily to support old compilers that don’t understand -Wextra
+AC_ARG_ENABLE(extrawarnings,  [  —-disable-extrawarnings do not compile with -Wextra warnings enabled])
+if test "x$enable_extrawarnings" != "xno"
+then
+   CFLAGS="${CFLAGS} -Wextra -Wno-unused-parameter"
+   CXXFLAGS="${CXXFLAGS} -Wextra -Wno-unused-parameter"
+fi
+
 AC_ARG_ENABLE(static, [  --enable-static         compile static binaries])
 if test "x$enable_static" = xyes
 then LDFLAGS="${LDFLAGS} -static"
 fi
+
 AC_ARG_ENABLE(debug,  [  --enable-debug          compile with debuging enabled])
 if test "x$enable_debug" = xyes
 then
   CFLAGS="${CFLAGS} -g"
   CXXFLAGS="${CXXFLAGS} -g"
   AC_DEFINE(DEBUG, 1, [Compile with debug code])
+else
+   AC_DEFINE(NDEBUG, 1, [Compile without debug code])
+fi
+
+AC_ARG_ENABLE(coverage, [  --enable-coverage       enable code coverage])
+if test "x$enable_coverage" = xyes
+then
+   CFLAGS="${CFLAGS} --coverage"
+   CXXFLAGS="${CXXFLAGS} --coverage"
+   LDFLAGS="${LDFLAGS} --coverage"
+fi
+
+AC_ARG_ENABLE(profiling, [  --enable-profiling      enable profiling])
+if test "x$enable_profiling" = xyes
+then
+   CFLAGS="${CFLAGS} -pg"
+   CXXFLAGS="${CXXFLAGS} -pg"
+   LDFLAGS="${LDFLAGS} -pg"
+fi
+
+AC_ARG_ENABLE(urandom,  [  --enable-urandom        use /dev/urandom])
+if test "x$enable_urandom" = xyes
+then
+   AC_DEFINE(ENABLE_DEV_URANDOM, 1, [Enable use of /dev/urandom])
 fi

 dnl ###################
 dnl Checks for programs
 dnl ###################
 AC_PROG_CC([gcc clang suncc aCC xlC_r xlC cl.exe])
-AC_PROG_CXX([g++ clang++ sunCC aCC xlC_r xlC cl.exe])
+AC_PROG_CXX([g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe])
 AC_PROG_RANLIB
 AC_PROG_YACC
 AC_PROG_LN_S
@ -71,7 +99,8 @@ AC_CHECK_HEADERS(sys/mount.h,,,
 #endif
 ]])
 AC_CHECK_HEADERS(sys/ustat.h sys/sysmacros.h sys/syslog.h sys/socket.h)
-AC_CHECK_HEADERS(unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h)
+AC_CHECK_HEADERS(unistd.h sys/unistd.h)
+AC_CHECK_HEADERS(syslog.h langinfo.h sys/statfs.h sys/select.h)
 AC_CHECK_HEADERS(signum.h bits/signum.h, break )
 AC_CHECK_HEADERS(stdarg.h varargs.h, break )
 AC_CHECK_HEADERS(sys/utsname.h memory.h)
@ -93,6 +122,7 @@ AC_C_BIGENDIAN
 AC_CHECK_SIZEOF(int)
 AC_CHECK_SIZEOF(long)
 AC_CHECK_SIZEOF(long long)
+AC_CHECK_SIZEOF(time_t)

 dnl All platforms we support use 2's complement, are byte aligned, etc...
 AC_DEFINE(USES_1S_COMPLEMENT, 0, [Uses one's complement])
@ -109,11 +139,15 @@ AC_DEFINE(IS_UNIX, 1, [Is a unix type platform])
 dnl whether or not to generate debuging code?
 AC_DEFINE(NDEBUG, 1, [don't generate debuging code])

+dnl look for struct stat members that aren't always there
+AC_CHECK_MEMBERS([struct stat.st_rdev, struct stat.st_blocks])
+
 dnl #############################
 dnl Checks for standard functions
 dnl #############################
 AC_CHECK_FUNCS(strftime gethostname gethostid)
 AC_CHECK_FUNCS(mkstemp mktemp, break)
+AC_CHECK_FUNCS(swab)

 dnl check for posix_fadvise
 AC_CHECK_HEADERS(fcntl.h, [AC_CHECK_FUNCS(posix_fadvise)])
@ -127,6 +161,40 @@ then
  AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h)
 fi

+dnl check for door support (Solaris)
+AC_CHECK_HEADERS(door.h, [AC_CHECK_FUNCS(door_create)])
+
+dnl check for event port support (Solaris)
+AC_CHECK_HEADERS(port.h, [AC_CHECK_FUNCS(port_create)])
+
+dnl ##############################################  
+dnl check for various RNG/PRNG devices
+dnl ##############################################  
+
+UNAME=`uname`
+
+dnl ############################################## 
+dnl AROS pops up a "Please insert disk" dialog for /dev
+dnl if script looks for devices (which don't exist)
+dnl so don't even try looking.
+dnl ############################################## 
+
+if [[ $UNAME != "AROS" ]]; then
+
+  if test -c "/dev/random"; then
+    AC_DEFINE(HAVE_DEV_RANDOM, [1], [Has /dev/random])
+  fi
+
+  if test -c "/dev/urandom"; then
+    AC_DEFINE(HAVE_DEV_URANDOM, [1], [Has /dev/urandom])
+  fi
+
+  if test -c "/dev/arandom"; then
+    AC_DEFINE(HAVE_DEV_ARANDOM, [1], [Has /dev/arandom])
+  fi
+
+fi
+
 dnl ##############################################
 dnl Checks for various platform specific libraries
 dnl ##############################################
@ -281,6 +349,9 @@ case $target in
 		;;
 	*-*-netbsd*)
 		;;
+	*-*-libertybsd*)
+		CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
+		;;
 	i[[0-9]]86-pc-linux*)
 		;;
 	sparc-*-linux*)
--- a/installer/install.sh
+++ b/installer/install.sh
@ -17,7 +17,7 @@
 ## from Larry Wall's metaconfig.
 ##-------------------------------------------------------

-PATH='.:/bin:/usr/bin'
+PATH=".:/bin:/usr/bin:/usr/local/bin:$PATH"
 export PATH || (echo 'You must use sh to run this script'; kill $$)
 if [ ! -t 0 ] ; then
 	echo "Say 'sh install.sh', not 'sh < install.sh'"
@ -28,7 +28,7 @@ fi
 ## The usage message.
 ##-------------------------------------------------------

-USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>]"
+USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>] [-d <installdir>]"

 ##-------------------------------------------------------
 ## Figure out how to do an echo without newline.
@ -42,18 +42,6 @@ else
 	c=""
 fi

-##-------------------------------------------------------
-## Better have a copy of tar!
-## If /bin/sh does not exist or is not readable (seems
-## fairly unlikely), then this will fail.
-##-------------------------------------------------------
-
-(tar cvf /dev/null /bin/sh) 2> /dev/null 1>&2
-if [ $? -ne 0 ]; then
-    echo "tar command not found -- aborting install."
-	exit 1
-fi
-
 ##-------------------------------------------------------
 ## Can't live without sed.
 ##-------------------------------------------------------
@ -78,52 +66,24 @@ for p in $awknames; do
 	fi
 done

-##-------------------------------------------------------
-## Does this system have a copy of grep we can use?
-## Some greps don't return status (amazing, huh?),
-## so we look for a copy of grep that
-## returns 0 status for an exact match
-## returns 0 status for a case-insensitive match
-## returns 0 status for a wildcard match
-## returns non-zero status for a failed match
-##-------------------------------------------------------
-
-GREP=""
-grepnames="grep egrep"
-lcgrepstr="findensiemich"     # all lower case
-mcgrepstr="FindenSieMich"     # mixed case
-wcgrepstr="sie.ich$"          # wild card match
-nogrepstr="WoBistDu"          # should not be able to find this
-for p in $grepnames; do
-	(echo "$lcgrepstr" | $p "$lcgrepstr") 2> /dev/null 1>&2
-	if [ $? -eq 0 ]; then
-		(echo "$lcgrepstr" | $p -i "$mcgrepstr") 2> /dev/null 1>&2
-		if [ $? -eq 0 ]; then
-			(echo "$lcgrepstr" | $p "$wcgrepstr") 2> /dev/null 1>&2
-			if [ $? -eq 0 ]; then
-				(echo "$lcgrepstr" | $p "$nogrepstr") 2> /dev/null 1>&2
-				if [ $? -ne 0 ]; then
-					GREP=$p
-					break
-				fi
-			fi
-		fi
-	fi
-done
-
 ##-------------------------------------------------------
 ## Does this system have a pager that we can use?
 ## Use cat if desperate.
 ##-------------------------------------------------------

 MORE="cat"
-morenames="more less cat"
+morenames="less more most pg cat"
 for p in $morenames; do
-	($p $0 < /dev/null) 2> /dev/null 1>&2
-	if [ $? -eq 0 ]; then
-		MORE=$p
-		break
-	fi
+    pagerpath=`command -v $p`
+
+    if [ -z $pagerpath ]; then
+        continue
+    fi
+
+    if [ -x $pagerpath ]; then
+        MORE=$pagerpath
+        break
+    fi
 done

 ##-------------------------------------------------------
@ -144,8 +104,10 @@ fi
 ## Miscellaneous configuration parameters.
 ##-------------------------------------------------------

-# prefix
-prefix="${prefix:=/usr}"
+# set a few location variables if caller didn't pass them to us
+prefix="${prefix:=/usr/local}"
+sysconfdir="${sysconfdir:=/usr/local/etc}"
+path_to_vi="${path_to_vi:=/usr/bin/vi}"

 # License File name
 TWLICENSEFILE="COPYING"
@ -192,10 +154,16 @@ TAR_DIR=${TAR_DIR:-${START_DIR}}

 OS=`uname -s`
 POLICYSRC="twpol-${OS:=GENERIC}.txt"
-if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]
-then POLICYSRC="twpol-GENERIC.txt"
+if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]; then
+    OS=`uname -o`
+    POLICYSRC="twpol-${OS:=GENERIC}.txt"
 fi

+if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]; then
+    POLICYSRC="twpol-GENERIC.txt"
+fi
+
+
 ##-------------------------------------------------------
 ## Parse the command line.
 ##-------------------------------------------------------
@ -218,6 +186,13 @@ while [ "x$1" != "x" ] ; do
 		exit 1 ;;
 	    *) TW_LOCAL_PASS="$2"; shift ;;
 	    esac ;;
+        -d) case "$2" in
+            "" | -*)
+                echo "Error: missing install dir with -d option." 1>&2
+                echo "$USAGE"
+                exit 1 ;;
+            *) prefix="$2"; sysconfdir="$2/bin"; shift ;;
+            esac ;;
 	-*) echo "Error: unknown argument $1" 1>&2
 	    echo "$USAGE"
 	    exit 1 ;;
@ -243,9 +218,8 @@ cat << END_OF_TEXT
 Installer program for:
 Tripwire(R) 2.4 Open Source

-Copyright (C) 1998-2000 Tripwire (R) Security Systems, Inc.  Tripwire (R)
-is a registered trademark of the Purdue Research Foundation and is
-licensed exclusively to Tripwire (R) Security Systems, Inc.
+Copyright (C) 1998-2017 Tripwire, Inc.
+Tripwire is a registered trademark of Tripwire, Inc. All rights reserved.

 END_OF_TEXT

@ -417,15 +391,49 @@ else
 ##-------------------------------------------------------
 ## Verify that the specified editor program exists
 ##-------------------------------------------------------
- 
-TWEDITOR=${TWEDITOR:-'/bin/vi'}
+
+# If user specified an editor in $path_to_vi or $TWEDITOR, try that first.
+# $path_to_vi defaults to /usr/bin/vi, so we usually succeed here.
+#
+if [ -n ${TWEDITOR} ]; then
+    TWEDITOR_PATH=`command -v $TWEDITOR`
+fi
+
+# If user's environment includes $EDITOR, try that next
+if [ -n ${EDITOR} ] && [ -z ${TWEDITOR_PATH} ]; then
+    TWEDITOR_PATH=`command -v $EDITOR`
+fi
+
+# Ok, now search path for vi
+if [ -z ${TWEDITOR_PATH} ]; then
+    TWEDITOR_PATH=`command -v vi`
+fi
+
+# Try vim in case there isn't a link named vi
+if [ -z ${TWEDITOR_PATH} ]; then
+    TWEDITOR_PATH=`command -v vim`
+fi
+
+# No vi/vim? See if nano is present
+if [ -z ${TWEDITOR_PATH} ]; then
+    TWEDITOR_PATH=`command -v nano`
+fi
+
+# No vi or nano? See if emacs is available
+if [ -z ${TWEDITOR_PATH} ]; then
+    TWEDITOR_PATH=`command -v emacs`
+fi
+
+if [ -n ${TWEDITOR_PATH} ]; then
+    TWEDITOR=$TWEDITOR_PATH
+fi

 if [ -x ${TWEDITOR} ]; then
-        echo "${TWEDITOR} exists.  Continuing installation."
-        echo
+    echo "${TWEDITOR} exists.  Continuing installation."
+    echo
 else
-        echo "${TWEDITOR} does not exist.  Exiting."
-        exit 1
+    echo "${TWEDITOR} not found. Continuing, but your configuration may need to be edited after installation."
+    echo
 fi

 ##-------------------------------------------------------
@ -584,9 +592,12 @@ f10=' ff=${POLICYSRC} ; d="/policy" ; dd=$TWPOLICY ; rr=0640 '
 #f16=' ff=twadmin.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
 #f17=' ff=twintro.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
 #f18=' ff=twprint.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
+f19=' ff=COMMERCIAL ; d="" ; dd=$TWDOCS ; rr=0444 '
+f20=' ff=ReadMe-2.4.3 ; d="" ; dd=$TWDOCS ; rr=0444 '
+f21=' ff=ChangeLog ; d="" ; dd=$TWDOCS ; rr=0444 '

 # Binaries and manpages are already installed by the install target
-loosefiles="f3 f4 f5 f6 f7 f8 f9 f10"
+loosefiles="f3 f4 f5 f6 f7 f8 f9 f10 f19 f20 f21"

 for i in $loosefiles; do
 	eval "eval \"\$$i\""
@ -607,7 +618,9 @@ done

 if [ -n "$INSTALL_STRIP_FLAG" ] ; then
  echo "INSTALL_STRIP_FLAG is set, stripping binaries"
-  strip "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint" 
+  chmod u+w "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint"
+  strip "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint"
+  chmod u-w "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint"
 fi

 #Make extra sure we don't install the unit test binary to sbin
@ -923,7 +936,7 @@ cat << END_OF_TEXT
 ----------------------------------------------
 The installation succeeded.

-Please refer to $README_LOC
+Please refer to documentation in $TWDOCS
 for release information and to the printed user documentation
 for further instructions on using Tripwire 2.4 Open Source.

--- a/lcov.sh
+++ b/lcov.sh
@ -0,0 +1,18 @@
+#!/bin/sh
+
+if [ -d ./lcov ]; then
+  rm -Rf ./lcov
+fi
+
+if [ -e ./lcov.dat ]; then
+  rm ./lcov.dat
+fi
+
+if [ -e ./lcov.tgz ]; then
+  rm ./lcov.tgz
+fi
+
+lcov --capture --directory src --output-file ./lcov.dat
+genhtml ./lcov.dat --output-directory lcov
+tar -zcvf lcov.tgz lcov
+
--- a/man/Makefile.in
+++ b/man/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -284,7 +284,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man4/Makefile.in
+++ b/man/man4/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man4/twconfig.4
+++ b/man/man4/twconfig.4
@ -35,7 +35,7 @@
 ..
 .nh
 .ad l
-.TH TWCONFIG 4 "1 July 2000"
+.TH TWCONFIG 4 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
 twconfig \- \fITripwire\fP configuration file reference
 .SH DESCRIPTION
@ -215,6 +215,15 @@ parameter; reports displayed by other modes and other commands
 are not affected.
 .br
 Initial value:  \fI3\fP
+.IP \f(CWDBPRINTLEVEL\fP
+Specifies the default level of report produced by the \fBtwprint
+\(hy\(hyprint\(hydbfile\fP mode. Valid values for this option are 0 to
+2. The output
+level specified by this option can be overridden with the (\fB\(hyt\fP\ or\ \fB\(hy\(hyoutput\(hylevel\fP) option on the command line. If
+this variable is not included in the configuration file, the default
+output level is 2.
+.br
+Initial value:  \fI2\fP
 .IP \f(CWHASH_DIRECT_IO\fP
 Use direct i/o when hashing files. (Linux-only as of OST 2.4.3.2) 
 .br
@ -302,7 +311,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man4/twpolicy.4
+++ b/man/man4/twpolicy.4
@ -36,7 +36,7 @@
 .\"
 .nh
 .ad l
-.TH TWPOLICY 4 "1 July 2000"
+.TH TWPOLICY 4 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
 twpolicy \- \fITripwire\fP policy file reference
 .SH DESCRIPTION
@ -537,7 +537,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man5/Makefile.in
+++ b/man/man5/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man5/twfiles.5
+++ b/man/man5/twfiles.5
@ -25,7 +25,7 @@
 .\"
 .nh
 .ad l
-.TH TWFILES 5 "1 July 2000"
+.TH TWFILES 5 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
 twfiles \- overview of files used by \fITripwire\fR and file backup process
 .\"
@ -112,7 +112,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/Makefile.in
+++ b/man/man8/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,7 +256,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man8/siggen.8
+++ b/man/man8/siggen.8
@ -2,9 +2,9 @@
 .\" Do not move or remove previous line.
 .\" Used by some man commands to know that tbl should be used.
 .nh
-.TH SIGGEN 8 "19 Feb 2004"
+.TH SIGGEN 8 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
-siggen \- signature gathering routine for Tripwire
+siggen \- signature gathering utility for Tripwire
 .SH SYNOPSIS
 .B siggen
 [
@ -54,6 +54,8 @@ Display Haval value, a 128-bit hash code.
 .TP
 .IR file1 " [ " "file2... " ]
 List of filesystem objects for which to display values.
+.SH EXIT STATUS
+\fBsiggen\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B siggen
@ -67,7 +69,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/tripwire.8
+++ b/man/man8/tripwire.8
@ -36,9 +36,9 @@
 .\"
 .nh
 .ad l
-.TH TRIPWIRE 8 "1 July 2000"
+.TH TRIPWIRE 8 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
-tripwire \- a file integrity checker for \s-1UNIX\s0 systems
+tripwire \- a file integrity checker for \s-1UNIX-like\s0 systems
 .SH SYNOPSIS
 .B tripwire
 .RB "{ " "-m i" " | " "--init" " } "  
@ -554,6 +554,19 @@ Mode selector.
 Use the specified email address.  This parameter must
 be supplied when test mode is used. Only one address
 may be specified.
+.SH EXIT STATUS
+.SS Integrity Checking Mode
+\fBtripwire\fP exits 0 if no changes are detected. Otherwise the exit value is a bit mask:
+.TP
+\fB1\fP At least one file or directory has been added.
+.TP
+\fB2\fP At least one file or directory has been modified.
+.TP
+\fB4\fP At least one file or directory has been modified.
+.TP
+\fB8\fP Error(s) occurred during the check.
+.SS All Other Modes
+\fBtripwire\fP exits 0 on success, 8 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B tripwire
@ -567,7 +580,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR twadmin (8),
--- a/man/man8/twadmin.8
+++ b/man/man8/twadmin.8
@ -17,7 +17,7 @@
 .in \\n(.iu
 ..
 .ad l
-.TH TWADMIN 8 "1 July 2000"
+.TH TWADMIN 8 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
 twadmin \- Tripwire administrative and utility tool
 .SH SYNOPSIS
@ -538,6 +538,8 @@ file.
 Specify passphrase used to decrypt the private key in the specified sitekey
 file.
 .\" *****************************************
+.SH EXIT STATUS
+\fBtwadmin\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B twadmin
@ -551,7 +553,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/twintro.8
+++ b/man/man8/twintro.8
@ -16,12 +16,12 @@
 .\"
 .nh
 .ad l
-.TH TWINTRO 8 "1 July 2000"
+.TH TWINTRO 8 "04 Jan 2018" "Open Source Tripwire 2.4"
 .SH NAME
 twintro \- introduction to \fITripwire\fP software
 .SH DESCRIPTION
 .PP
-\fITripwire 2.4\fP is a file integrity assessment product for Linux networks.  Rather than preventing an intruder or virus
+\fITripwire 2.4\fP is a file integrity assessment tool for UNIX-like systems.  Rather than preventing an intruder or virus
 from attacking system files, \fITripwire\fP detects intrusions when
 they do occur. By comparing system files and directories against a
 previously stored "baseline" database, \fITripwire\fP finds any
@ -99,7 +99,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR tripwire (8),
 .BR twadmin (8),
--- a/man/man8/twprint.8
+++ b/man/man8/twprint.8
@ -2,7 +2,7 @@
 .\" Do not move or remove previous line.
 .\" Used by some man commands to know that tbl should be used.
 .ad l
-.TH TWPRINT 8 "1 July 2000"
+.TH TWPRINT 8 "04 Jan 2018" "Open Source Tripwire 2.4"
 .nh
 .SH NAME
 twprint \- Tripwire database and report printer
@ -10,6 +10,9 @@ twprint \- Tripwire database and report printer
 .B twprint
 .RB "{ " "-m r" " | " "--print-report" " } "
 .RI "[ " options... " ]"
+.if n .br
+.if n .ti +.5i
+.RI " [ " "object1" " [ " "object2..." " ]]"
 .br
 .B twprint
 .RB "{ " "-m d" " | " "--print-dbfile" " } "
@ -59,6 +62,7 @@ lbw(1.2i) lb.
 -L \fIlocalkey\fP	--local-keyfile \fIlocalkey\fP
 -t \fR{ 0|1|2|3|4 }\fP	--report-level \fR{ 0|1|2|3|4 }\fP
 .TE
+.RI "[ " "object1" " [ " "object2..." " ]]"
 .RE
 .TP
 .BR "\(hym r" ", " --print-report
@ -83,10 +87,15 @@ Print the specified report file.
 Use the specified local key file to perform verification
 with reports which are signed.
 .TP
-.BI \(hyt " level\fR, " --report-level " level
+.BI \(hyt " level\fR, " --report-level " level"
 Specifies the detail level of the printed report, overriding the
 \f(CWREPORTLEVEL\fP variable in the configuration
 file. \fIlevel\fR must be a number from 0\ to\ 4.
+.TP
+.RI "[ " "object1" " [ " "object2..." " ]]"
+List of filesystem objects in the report to print. If no
+objects are specified, every object in the report will
+be printed. 
 .\" *****************************************
 .SS Database printing mode:
 .RS 0.4i
@ -100,6 +109,7 @@ lbw(1.2i) lb.
 -c \fIcfgfile\fP	--cfgfile \fIcfgfile\fP
 -d \fIdatabase\fP	--dbfile \fIdatabase\fP
 -L \fIlocalkey\fP	--local-keyfile \fIlocalkey\fP
+-t \fR{ 0|1|2 }\fP	--output-level \fR{ 0|1|2 }\fP
 .TE
 .RI "[ " "object1" " [ " "object2..." " ]]"
 .RE
@ -125,6 +135,11 @@ Print the specified database file.
 .BI \(hyL " localkey\fR, " --local-keyfile " localkey"
 Use the specified local key file to read the database.
 .TP
+.BI \(hyt " level\fR, " --output-level " level"
+Specifies the detail level of the printed database, overriding the
+\f(CWDBPRINTLEVEL\fP variable in the configuration
+file. \fIlevel\fR must be a number from 0\ to\ 2.
+.TP
 .RI "[ " "object1" " [ " "object2..." " ]]"
 List of filesystem objects in the database to print. If no
 objects are specified, every object in the database will
@ -132,6 +147,8 @@ be printed. The format for a list of objects is:
 .if n .I "section: objname objname... section: objname..."
 .if t .br
 .if t .I "section: objectname objectname... section: objectname..."
+.SH EXIT STATUS
+\fBtwprint\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B twprint
@ -145,7 +162,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/policy/policyguide.txt
+++ b/policy/policyguide.txt
@ -191,7 +191,7 @@ $(DIR1) -> $(param1);                   # It is also possible to do a

 #=============================================================================
 #
-# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. All rights reserved.
 #
 # Linux is a registered trademark of Linus Torvalds.
--- a/policy/twpol-AIX.txt
+++ b/policy/twpol-AIX.txt
@ -60,13 +60,14 @@ HOSTNAME=;
 #
 ##############################################################################

-Device        = +pugsdr-intlbamcCMSH ;
-Dynamic       = +pinugtd-srlbamcCMSH ;
-Growing       = +pinugtdl-srbamcCMSH ;
-IgnoreAll     = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-ReadOnly      = +pinugtsdbmCM-rlacSH ;
-Temporary     = +pugt ;
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+

@@section FS 

@ -83,10 +84,10 @@ Temporary     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }

 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -103,14 +104,14 @@ Temporary     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.

-  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;

  # don't scan the individual reports
-  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }

  ################################################
@ -124,7 +125,7 @@ Temporary     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /etc                          -> $(IgnoreNone) -SHa ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
 }

  ###################################################
@ -138,9 +139,9 @@ Temporary     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(ReadOnly) ;
-  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(ReadOnly) ;
+  /                             -> $(SEC_READONLY) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
 }

  ###################################################
@ -154,10 +155,10 @@ Temporary     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /lost+found                   -> $(ReadOnly) ;
-  /hacmplocal                   -> $(ReadOnly) ;
-  /homelocal                    -> $(ReadOnly) ;
-  /opt                          -> $(ReadOnly) ;
+  /lost+found                   -> $(SEC_READONLY) ;
+  /hacmplocal                   -> $(SEC_READONLY) ;
+  /homelocal                    -> $(SEC_READONLY) ;
+  /opt                          -> $(SEC_READONLY) ;
  !/var/adm/csd	;
 }

@ -172,7 +173,7 @@ Temporary     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(Device) ;
+  /dev                          -> $(SEC_DEVICE) ;
 }

  ################################################
@ -186,10 +187,10 @@ Temporary     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(ReadOnly) ;
-  /usr/sbin                     -> $(ReadOnly) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
 }

  ################################################
@ -203,11 +204,11 @@ Temporary     = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  #/.dtprofile                    -> $(Dynamic) ;
+  #/.dtprofile                    -> $(SEC_DYNAMIC) ;
  ! /.netscape/cache ; 
-  /.netscape/history.dat         -> $(Dynamic) ;
-  /.sh_history                   -> $(Dynamic) ;
-  #/.Xauthority                   -> $(ReadOnly) ;
+  /.netscape/history.dat         -> $(SEC_DYNAMIC) ;
+  /.sh_history                   -> $(SEC_DYNAMIC) ;
+  #/.Xauthority                   -> $(SEC_READONLY) ;
 }

  ################################################
@ -221,8 +222,8 @@ Temporary     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(Temporary) ;
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }

  ################################################
@ -251,31 +252,31 @@ Temporary     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /etc/es/objrepos		-> $(ReadOnly) -SHacm ;
-  /etc/es/objrepos/HACMPresource -> $(ReadOnly) -SHCMcm ;
-  /etc/lpp/diagnostics/data 	-> $(ReadOnly) -SHCMacm ;
-  /etc/ntp.drift		-> $(ReadOnly) -SHiacm ;
+  /etc/es/objrepos		-> $(SEC_READONLY) -SHacm ;
+  /etc/es/objrepos/HACMPresource -> $(SEC_READONLY) -SHCMcm ;
+  /etc/lpp/diagnostics/data 	-> $(SEC_READONLY) -SHCMacm ;
+  /etc/ntp.drift		-> $(SEC_READONLY) -SHiacm ;
  !/etc/objrepos ;
-  /etc/security			-> $(ReadOnly) -SHacm ;
-  /usr/es/adm/cluster.log	-> $(ReadOnly) -SHCMsbm ;
-  /usr/es/sbin/cluster/etc/objrepos/active -> $(ReadOnly) -SHim ;
+  /etc/security			-> $(SEC_READONLY) -SHacm ;
+  /usr/es/adm/cluster.log	-> $(SEC_READONLY) -SHCMsbm ;
+  /usr/es/sbin/cluster/etc/objrepos/active -> $(SEC_READONLY) -SHim ;
  !/usr/etc/sbin/cluster/history ;
-  /usr/share/lib/objrepos      -> $(ReadOnly) -m ;
-  /usr/lib/objrepos      -> $(ReadOnly) -m ;
+  /usr/share/lib/objrepos      -> $(SEC_READONLY) -m ;
+  /usr/lib/objrepos      -> $(SEC_READONLY) -m ;
  !/var/adm/SPlogs ;
-  /var/ha/log                      -> $(Growing) -i ;
+  /var/ha/log                      -> $(SEC_GROWING) -i ;
  !/var/adm ;
  !/var/ct ;

-  #/var/backups                    -> $(Dynamic) -i ;
-  #/var/db/host.random             -> $(ReadOnly) -mCM ;
-  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
-  #/var/cron                       -> $(Growing) -i ;
-  #/var/log                        -> $(Growing) -i ;
-  #/var/run                        -> $(Dynamic) -i ;
-  #/var/mail                       -> $(Growing) ;
-  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
-  #/var/spool/clientmqueue         -> $(Temporary) ;
-  #/var/spool/mqueue               -> $(Temporary) ;
+  #/var/backups                    -> $(SEC_DYNAMIC) -i ;
+  #/var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  #/var/db/locate.database         -> $(SEC_READONLY) -misCM ;
+  #/var/cron                       -> $(SEC_GROWING) -i ;
+  #/var/log                        -> $(SEC_GROWING) -i ;
+  #/var/run                        -> $(SEC_DYNAMIC) -i ;
+  #/var/mail                       -> $(SEC_GROWING) ;
+  #/var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  #/var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  #/var/spool/mqueue               -> $(SEC_TEMPORARY) ;
  #!/var/tmp/vi.recover ;           # perl script periodically removes this
 }
--- a/policy/twpol-AROS.txt
+++ b/policy/twpol-AROS.txt
@ -0,0 +1,132 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for AROS                               ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+
+##############################################################################
+
+(rulename="OS Files",)
+{
+  AROS:System -> $(SEC_READONLY);
+  AROS:Devs -> $(SEC_READONLY);
+  AROS:Libs -> $(SEC_READONLY);
+  AROS:Tools-> $(SEC_READONLY);
+  AROS:Prefs -> $(SEC_READONLY);
+  AROS:Utilities -> $(SEC_READONLY);
+  AROS:WBStartup -> $(SEC_READONLY);
+}
+
+(rulename="Development Tools",)
+{
+  Work:Development -> $(SEC_READONLY);
+}
+
+(rulename="Extras",)
+{
+  Work:Extras -> $(SEC_READONLY);
+}
--- a/policy/twpol-Bitrig.txt
+++ b/policy/twpol-Bitrig.txt
@ -0,0 +1,292 @@
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+#                      Tripwire 2.4 policy for Bitrig                        # #
+#                            updated March 2018                              # #
+#                                                                            ##
+##############################################################################
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# Global Variable Definitions                                                # #
+#                                                                            # #
+# These are defined at install time by the installation script.  You may     # #
+# manually edit these if you are using this file directly and not from the   # #
+# installation script itself.                                                # #
+#                                                                            ##
+##############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+  ##############################################################################
+ #  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+@@section FS 
+
+  ########################################
+ #                                      ##
+######################################## #
+#                                      # #
+#  Tripwire Binaries and Data Files    # #
+#                                      ##
+########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+
+  # In this configuration /usr/local is a symbolic link to /home/local.
+  # We want to ignore the following directories since they are already
+  # scanned using the real directory or mount point.  Otherwise we see
+  # duplicates in the reports.
+
+  !/home/local ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Boot and Configuration Files             # #
+#                                              ##
+################################################
+(
+  rulename = "OS Boot and Configuration Files",
+)
+{
+  /boot                         -> $(SEC_READONLY) ;
+  /bsd                          -> $(SEC_READONLY) ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Mount Points                                   # #
+#                                                 ##
+###################################################
+(
+  rulename = "Mount Points",
+)
+{
+  /                             -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(SEC_DYNAMIC) ;
+  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /mnt                          -> $(SEC_DYNAMIC) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Misc Top-Level Directories                     # #
+#                                                 ##
+###################################################
+(
+  rulename = "Misc Top-Level Directories",
+)
+{
+  /altroot                      -> $(SEC_DYNAMIC) ;
+  /stand                        -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#   System Devices                             # #
+#                                              ##
+################################################
+(
+  rulename = "System Devices",
+)
+{
+  /dev                          -> $(SEC_DEVICE) ;
+  /dev/fd                       -> $(SEC_DEVICE) ;
+  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
+  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Binaries and Libraries                   # #   
+#                                              ##
+################################################
+(
+  rulename = "OS Binaries and Libraries",
+)
+{
+  /bin                          -> $(SEC_READONLY) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/X11R6/bin                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(SEC_READONLY) ;
+}
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Usr Local Files                             # #   
+#                                              ##
+################################################
+#OK(
+  #OKrulename = "Usr Local Files",
+#OK)
+#OK{
+  #OK/usr/local                    -> $(SEC_READONLY) ;
+  #OK/usr/local/bin                -> $(SEC_READONLY) ;
+  #OK/usr/local/doc                -> $(SEC_READONLY) ;
+  #OK/usr/local/etc                -> $(SEC_READONLY) ;
+  #OK/usr/local/include            -> $(SEC_READONLY) ;
+  #OK/usr/local/info               -> $(SEC_READONLY) ;
+  #OK/usr/local/lib                -> $(SEC_READONLY) ;
+  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
+  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
+  #OK/usr/local/man                -> $(SEC_READONLY) ;
+  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
+  #OK/usr/local/share              -> $(SEC_READONLY) ;
+  #OK/usr/local/src                -> $(SEC_READONLY) ;
+#OK}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Root Directory and Files                    # #
+#                                              ##
+################################################
+(
+  rulename = "Root Directory and Files",
+)
+{
+  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
+  /root/.profile                 -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Temporary Directories                       # #
+#                                              ##
+################################################
+(
+  rulename = "Temporary Directories",
+)
+{
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  System and Boot Changes                     # #
+#                                              ##
+################################################
+(
+  rulename = "System and Boot Changes",
+)
+{
+  /var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  /var/cron                       -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/mail                       -> $(SEC_GROWING) ;
+  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
+}
+
+#
+# $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
+#
--- a/policy/twpol-Cygwin.txt
+++ b/policy/twpol-Cygwin.txt
@ -0,0 +1,163 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for Cygwin                             ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+##############################################################################
+
+(rulename="Binary files",)
+{
+  /bin -> $(SEC_READONLY) -a;
+  /usr/bin -> $(SEC_READONLY) -a;
+  /usr/local/bin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Development",)
+{
+  /usr/x86_64-pc-cygwin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Libexec",)
+{
+  /usr/libexec -> $(SEC_READONLY) -a;
+}
+
+(rulename="Admin binaries",)
+{
+  /sbin -> $(SEC_READONLY) -a;
+  /usr/sbin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Libraries",)
+{
+  /lib -> $(SEC_READONLY) -a;
+  /usr/lib -> $(SEC_READONLY) -a;
+  /usr/local/lib -> $(SEC_READONLY) -a;
+}
+
+(rulename="Etc",)
+{
+  /etc -> $(SEC_READONLY) -a;
+  /usr/local/etc -> $(SEC_READONLY) -a;
+}
+
+(rulename="Dev",)
+{
+  /dev -> $(SEC_DEVICE);
+}
+
+(rulename="Tmp",)
+{
+  /tmp -> $(SEC_TEMPORARY);
+  /var/tmp -> $(SEC_TEMPORARY);
+  /usr/tmp -> $(SEC_TEMPORARY);
+}
+
+(rulename="Log",)
+{
+  /var/log -> $(SEC_GROWING);
+}
--- a/policy/twpol-Darwin.txt
+++ b/policy/twpol-Darwin.txt
@ -2,8 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                    Policy file for Mac OS X                                # #
-#                        September 3, 2003                                   # #
+#                 Tripwire 2.4 policy for Mac OS X                           # #
+#                       updated March 2018                                   # #
 #                                                                            ##
 ##############################################################################

@ -28,7 +28,7 @@ TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
-#USER1=frodo ;
+HOSTNAME=;


  ##############################################################################
@ -67,9 +67,10 @@ SEC_DYNAMIC       = +pinugt-dsrlbamcCMSH ;
 SEC_READONLY      = +pinugtsbmCM-drlacSH ;
 SEC_GROWING       = +pinugtl-dsrbamcCMSH ;

-IgnoreAll     = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-Temporary     = +pugt ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_TEMPORARY     = +pugt ;
+

@@section FS 

@ -109,7 +110,7 @@ Temporary     = +pugt ;
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
-  $(TWLKEY)/local.key                  -> $(SEC_READONLY) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;

  # don't scan the individual reports
@ -129,14 +130,14 @@ Temporary     = +pugt ;
  rulename = "OS Boot and Configuration Files", severity=100
 )
 {
-  /mach.sym                               -> $(SEC_READONLY)-im ;
+ #/mach.sym                               -> $(SEC_READONLY)-im ;
  /mach_kernel                            -> $(SEC_READONLY) ;
  /private/etc                            -> $(SEC_READONLY)-m ;

 #/private/etc/appletalk.cfg              -> $(SEC_READONLY)-im ;
 #/private/etc/appletalk.nvram.en0        -> $(SEC_DYNAMIC) ;
  /private/etc/cups/certs                 -> $(SEC_DYNAMIC) -i(recurse=0) ;
-  /private/etc/smb.conf                   -> $(SEC_READONLY)-im ;
+ #/private/etc/smb.conf                   -> $(SEC_READONLY)-im ;

  /Library                                -> $(SEC_READONLY) ;
  /System                                 -> $(SEC_READONLY) ;
@ -182,8 +183,6 @@ Temporary     = +pugt ;
 )
 {
  /dev                          -> $(SEC_DEVICE)(recurse=0) ;
- #/private/var/cron/tabs/.sock  -> $(SEC_DEVICE) ; 
-
 }

  ################################################
@ -203,8 +202,8 @@ Temporary     = +pugt ;
  /usr/lib                      -> $(SEC_READONLY) ;
  /usr/libexec                  -> $(SEC_READONLY) ;
  /usr/sbin                     -> $(SEC_READONLY) ;
- #/usr/X11R6                    -> $(SEC_READONLY)(recurse=2) ;   # May not be present
- #/usr/X11R6/man                -> $(SEC_DYNAMIC)-i(recurse=1) ;  # May not be present
+  /usr/X11                      -> $(SEC_READONLY)(recurse=2) ;   # May not be present
+ #/usr/X11/man                  -> $(SEC_DYNAMIC)-i(recurse=1) ;  # May not be present
  /usr/share                    -> $(SEC_READONLY) ;
  /usr/share/man                -> $(SEC_DYNAMIC)-i(recurse=1) ;

@ -223,12 +222,6 @@ Temporary     = +pugt ;
 )
 {
   /Applications                -> $(SEC_READONLY)-im(recurse=2) ;
-  "/Applications (Mac OS 9)"    -> $(SEC_READONLY) ;
-
-
-  !/Applications/Internet/P2P/Downloads ;
-  !/Applications/Games/"Warcraft III Folder"/Save ;
-
 }

  ################################################
@ -243,10 +236,19 @@ Temporary     = +pugt ;
 )
 {
  /usr/local                    -> $(SEC_READONLY) ;
- #/usr/local/bin                -> $(SEC_READONLY) ;
+  /usr/local/sbin               -> $(SEC_READONLY) ;
+  /usr/local/bin                -> $(SEC_READONLY) ;
+  /usr/local/include            -> $(SEC_READONLY) ;
+  /usr/local/opt                -> $(SEC_READONLY) ;
+  /usr/local/libexec            -> $(SEC_READONLY) ;
+  /usr/local/lib                -> $(SEC_READONLY) ;
  /usr/local/etc                -> $(SEC_READONLY) ;
- #/usr/local/sbin               -> $(SEC_READONLY) ;
- #/usr/local/share              -> $(SEC_READONLY) ;
+  /usr/local/share              -> $(SEC_READONLY) ;
+  /usr/local/man                -> $(SEC_READONLY) ;
+  /usr/local/Frameworks         -> $(SEC_READONLY) ;
+  # Homebrew
+  /usr/local/.git               -> $(SEC_READONLY) ;
+  /usr/local/Cellar             -> $(SEC_READONLY) ;
 }


@ -263,24 +265,26 @@ Temporary     = +pugt ;
 {
  /private/tmp                                 -> $(SEC_DYNAMIC)-in(recurse=0) ;

+  /private/tftpboot                            -> $(SEC_READONLY)-i ;
+
  /private/var                                 -> $(SEC_READONLY)-i ;
  /private/var/backups                         -> $(SEC_READONLY)-imc(severity=100) ;
 #/private/var/backups/local.nidump            -> $(SEC_DYNAMIC) -i(severity=100) ;
 #/private/var/cron                            -> $(SEC_DYNAMIC) -i ;
  /private/var/db                              -> $(SEC_READONLY)-im ;
  /private/var/db/BootCache.playlist           -> $(SEC_DYNAMIC) -i ;
-  /private/var/db/netinfo/local.nidb/Store.384 -> $(SEC_READONLY)-imc(severity=100) ;
+ #/private/var/db/netinfo/local.nidb/Store.384 -> $(SEC_READONLY)-imc(severity=100) ;
 #/private/var/db/netinfo/local.nidb/Store.672 -> $(SEC_READONLY)-imc(severity=100) ;
-  /private/var/db/prebindOnDemandBadFiles      -> $(SEC_DYNAMIC) -i ;
+ #/private/var/db/prebindOnDemandBadFiles      -> $(SEC_DYNAMIC) -i ;
  /private/var/log                             -> $(SEC_DYNAMIC) -i ;
 #/private/var/mail                            -> $(SEC_DYNAMIC) ;
  /private/var/msgs/bounds                     -> $(SEC_READONLY)-smbCM ;
  /private/var/root/Library/Caches             -> $(SEC_DYNAMIC) -i ;
  /private/var/run                             -> $(SEC_DYNAMIC) -i(rulename="Running Services") ;
 #/private/var/slp.regfile                     -> $(SEC_READONLY)-im ;
-  /private/var/spool/clientmqueue              -> $(SEC_DYNAMIC)(recurse=0) ;
+ #/private/var/spool/clientmqueue              -> $(SEC_DYNAMIC)(recurse=0) ;
  /private/var/spool/mqueue                    -> $(SEC_DYNAMIC)(recurse=0) ;
-  /private/var/spool/lock                      -> $(SEC_DYNAMIC) -i(recurse=1) ;
+ #/private/var/spool/lock                      -> $(SEC_DYNAMIC) -i(recurse=1) ;
  /private/var/spool/cups                      -> $(SEC_DYNAMIC) -i(recurse=0) ;
  /private/var/tmp                             -> $(SEC_DYNAMIC) -i(recurse=0) ;
  /private/var/vm                              -> $(SEC_DYNAMIC)(recurse=0) ;
@ -294,37 +298,19 @@ Temporary     = +pugt ;
 !/private/var/db/dhcpd_leases ;
 !/private/var/db/locate.database ;
 !/private/var/db/SystemEntropyCache ;
+ !/private/var/db/mds/messages/se_SecurityMessages ;
 !/private/var/db/samba/secrets.tdb ;
-
+ !/private/var/db/ntp.drift ;
+ !/private/var/folders ;
+ !/private/var/vm/sleepimage ;
+ !/private/var/vm/swap0 ;
+ !/private/var/vm/swap[1-9][0-9]* ;
+ # Sophos
+ !/Library/Caches/com.sophos.sau ;
+ !/Library/Caches/com.sophos.sxld ;
 }


-
-  ################################################
- #                                              ##
-################################################ #
-#                                              # #
-#  Classic Environment                         # #
-#                                              ##
-################################################
-(
-  rulename = "Classic Environment", severity=100
-)
-{
-
-  /"System Folder"                     -> $(SEC_READONLY) ;
-  /"System Folder"/Preferences         -> $(SEC_DYNAMIC)-i(recurse=0) ;
-  /"System Folder"/Extensions          -> $(SEC_READONLY)-im ;
-  /"System Folder/Apple Menu Items"   -> $(SEC_READONLY)-im(recurse=0) ;
-  /"System Folder"/Clipboard           -> $(SEC_DYNAMIC) ;
-
- !/"System Folder"/VolumeNameIconPict ;
-
-}
-
-
-
-
  ###################################################
 #                                                 ##
 ################################################### #
@ -375,7 +361,3 @@ Temporary     = +pugt ;
 #!"/Users/$(USER1)/.lpoptions" ;
 #!"/Users/$(USER1)/.Trash" ;
 }
-
-#
-# JTI
-#
--- a/policy/twpol-DragonFly.txt
+++ b/policy/twpol-DragonFly.txt
@ -0,0 +1,664 @@
+#
+#                       Policy file for DragonFly BSD
+#                         (adapted from FreeBSD policy)
+#
+# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
+# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
+
+#
+# This is the example Tripwire Policy file.  It is intended as a place to
+# start creating your own custom Tripwire Policy file.  Referring to it as
+# well as the Tripwire Policy Guide should give you enough information to
+# make a good custom Tripwire Policy file that better covers your
+# configuration and security needs.  A text version of this policy file is
+# called twpol.txt.
+#
+# Note that this file is tuned to an install of FreeBSD using
+# buildworld.  If run unmodified, this file should create no errors on
+# database creation, or violations on a subsiquent integrity check.
+# However it is impossible for there to be one policy file for all machines,
+# so this existing one errs on the side of security.  Your FreeBSD
+# configuration will most likey differ from the one our policy file was
+# tuned to, and will therefore require some editing of the default
+# Tripwire Policy file.
+#
+# The example policy file is best run with 'Loose Directory Checking'
+# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
+# file.
+#
+# Email support is not included and must be added to this file.
+# Add the 'emailto=' to the rule directive section of each rule (add a comma
+# after the 'severity=' line and add an 'emailto=' and include the email
+# addresses you want the violation reports to go to).  Addresses are
+# semi-colon delimited.
+#
+
+
+
+#
+# Global Variable Definitions
+#
+# These are defined at install time by the installation script.  You may
+# Manually edit these if you are using this file directly and not from the
+# installation script itself.
+#
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+@@section FS
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
+SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
+SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
+SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
+SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
+
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+  severity = $(SIG_HI)
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
+  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
+  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
+  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+  severity = $(SIG_HI)
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_CONFIG) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
+  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
+  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
+
+  #don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
+}
+
+
+# Tripwire HQ Connector Binaries
+#(
+#  rulename = "Tripwire HQ Connector Binaries",
+#  severity = $(SIG_HI)
+#)
+#{
+#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
+#}
+#
+# Tripwire HQ Connector - Configuration Files, Keys, and Logs
+
+#
+# Note: File locations here are different than in a stock HQ Connector
+# installation.  This is because Tripwire 2.3 uses a different path
+# structure than Tripwire 2.2.1.
+#
+# You may need to update your HQ Agent configuation file (or this policy
+# file) to correct the paths.  We have attempted to support the FHS standard
+# here by placing the HQ Agent files similarly to the way Tripwire 2.3
+# places them.
+#
+
+#(
+#  rulename = "Tripwire HQ Connector Data Files",
+#  severity = $(SIG_HI)
+#)
+#{
+#
+# # NOTE: Removing the inode attribute because when Tripwire creates a backup
+# # it does so by renaming the old file and creating a new one (which will
+# # have a new inode number).  Leaving inode turned on for keys, which
+# # shouldn't ever change.
+#
+#
+#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
+#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
+#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
+#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
+#
+#  # Uncomment if you have agent logging enabled.
+#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
+#}
+
+
+
+# Commonly accessed directories that should remain static with regards to owner and group
+(
+  rulename = "Invariant Directories",
+  severity = $(SIG_MED)
+)
+{
+  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
+  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
+}
+
+#
+# First, root's "home"
+#
+
+(
+  rulename = "Root's home",
+  severity = $(SIG_HI)
+)
+{
+  # /.rhosts				-> $(SEC_CRIT) ;
+  /.profile				-> $(SEC_CRIT) ;
+  /.cshrc				-> $(SEC_CRIT) ;
+  /.login				-> $(SEC_CRIT) ;
+  # /.exrc				-> $(SEC_CRIT) ;
+  # /.logout				-> $(SEC_CRIT) ;
+  # /.forward				-> $(SEC_CRIT) ;
+  /root					-> $(SEC_CRIT) (recurse = true) ;
+  !/root/.history ;
+  !/root/.bash_history ;
+  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
+}
+
+
+#
+# FreeBSD Kernel
+#
+
+(
+  rulename = "FreeBSD Kernel",
+  severity = $(SIG_HI)
+)
+{
+  /kernel				-> $(SEC_CRIT) ;
+  /kernel.old				-> $(SEC_CRIT) ;
+  /kernel.GENERIC			-> $(SEC_CRIT) ;
+}
+
+
+#
+# FreeBSD Modules
+#
+
+(
+  rulename = "FreeBSD Modules",
+  severity = $(SIG_HI)
+)
+{
+  /modules				-> $(SEC_CRIT) (recurse = true) ;
+  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
+  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
+}
+
+
+#
+# System Administration Programs
+#
+
+(
+  rulename = "System Administration Programs",
+  severity = $(SIG_HI)
+)
+{
+  /sbin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# User Utilities
+#
+
+(
+  rulename = "User Utilities",
+  severity = $(SIG_HI)
+)
+{
+  /bin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# /dev
+#
+
+(
+  rulename = "/dev",
+  severity = $(SIG_HI)
+)
+{
+  /dev					-> $(Device) (recurse = true) ;
+  !/dev/vga ;
+  !/dev/dri ;
+  /dev/console				-> $(SEC_TTY) ;
+  /dev/ttyv0				-> $(SEC_TTY) ;
+  /dev/ttyv1				-> $(SEC_TTY) ;
+  /dev/ttyv2				-> $(SEC_TTY) ;
+  /dev/ttyv3				-> $(SEC_TTY) ;
+  /dev/ttyv4				-> $(SEC_TTY) ;
+  /dev/ttyv5				-> $(SEC_TTY) ;
+  /dev/ttyv6				-> $(SEC_TTY) ;
+  /dev/ttyv7				-> $(SEC_TTY) ;
+  /dev/ttyp0				-> $(SEC_TTY) ;
+  /dev/ttyp1				-> $(SEC_TTY) ;
+  /dev/ttyp2				-> $(SEC_TTY) ;
+  /dev/ttyp3				-> $(SEC_TTY) ;
+  /dev/ttyp4				-> $(SEC_TTY) ;
+  /dev/ttyp5				-> $(SEC_TTY) ;
+  /dev/ttyp6				-> $(SEC_TTY) ;
+  /dev/ttyp7				-> $(SEC_TTY) ;
+  /dev/ttyp8				-> $(SEC_TTY) ;
+  /dev/ttyp9				-> $(SEC_TTY) ;
+  /dev/ttypa				-> $(SEC_TTY) ;
+  /dev/ttypb				-> $(SEC_TTY) ;
+  /dev/ttypc				-> $(SEC_TTY) ;
+  /dev/ttypd				-> $(SEC_TTY) ;
+  /dev/ttype				-> $(SEC_TTY) ;
+  /dev/ttypf				-> $(SEC_TTY) ;
+  /dev/ttypg				-> $(SEC_TTY) ;
+  /dev/ttyph				-> $(SEC_TTY) ;
+  /dev/ttypi				-> $(SEC_TTY) ;
+  /dev/ttypj				-> $(SEC_TTY) ;
+  /dev/ttypl				-> $(SEC_TTY) ;
+  /dev/ttypm				-> $(SEC_TTY) ;
+  /dev/ttypn				-> $(SEC_TTY) ;
+  /dev/ttypo				-> $(SEC_TTY) ;
+  /dev/ttypp				-> $(SEC_TTY) ;
+  /dev/ttypq				-> $(SEC_TTY) ;
+  /dev/ttypr				-> $(SEC_TTY) ;
+  /dev/ttyps				-> $(SEC_TTY) ;
+  /dev/ttypt				-> $(SEC_TTY) ;
+  /dev/ttypu				-> $(SEC_TTY) ;
+  /dev/ttypv				-> $(SEC_TTY) ;
+  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
+}
+
+
+#
+# /etc
+#
+
+(
+  rulename = "/etc",
+  severity = $(SIG_HI)
+)
+{
+  /etc					-> $(SEC_CRIT) (recurse = true) ;
+  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
+  /etc/dumpdates			-> $(SEC_CONFIG) ;
+  /etc/motd				-> $(SEC_CONFIG) ;
+  !/etc/ppp/connect-errors ;
+  /etc/skeykeys				-> $(SEC_CONFIG) ;
+  # Uncomment the following 4 lines if your password file does not change
+  # /etc/passwd				-> $(SEC_CONFIG) ;
+  # /etc/master.passwd			-> $(SEC_CONFIG) ;
+  # /etc/pwd.db				-> $(SEC_CONFIG) ;
+  # /etc/spwd.db			-> $(SEC_CONFIG) ;
+}
+
+
+#
+# Copatibility (Linux)
+#
+
+(
+  rulename = "Linux Compatibility",
+  severity = $(SIG_HI)
+)
+{
+  /compat				-> $(SEC_CRIT) (recurse = true) ;
+#
+# Uncomment the following if Linux compatibility is used.  Replace
+# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
+# installed.
+#
+#@@ifhost HOSTNAME1 || HOSTNAME2
+#  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
+#  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
+#  !/compat/linux/etc/ld.so.cache ;
+#  !/compat/linux/var/spool/mail ;
+#@@endif
+}
+
+
+#
+# Libraries, include files, and other system files
+#
+
+(
+  rulename = "Libraries, include files, and other system files",
+  severity = $(SIG_HI)
+)
+{
+  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man			-> $(SEC_CONFIG) ;
+  !/usr/share/man/whatis ;
+  !/usr/share/man/.glimpse_filenames ;
+  !/usr/share/man/.glimpse_filenames_index ;
+  !/usr/share/man/.glimpse_filetimes ;
+  !/usr/share/man/.glimpse_filters ;
+  !/usr/share/man/.glimpse_index ;
+  !/usr/share/man/.glimpse_messages ;
+  !/usr/share/man/.glimpse_partitions ;
+  !/usr/share/man/.glimpse_statistics ;
+  !/usr/share/man/.glimpse_turbo ;
+  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/man/cat1 ;
+  ! /usr/share/man/cat2 ;
+  ! /usr/share/man/cat3 ;
+  ! /usr/share/man/cat4 ;
+  ! /usr/share/man/cat5 ;
+  ! /usr/share/man/cat6 ;
+  ! /usr/share/man/cat7 ;
+  ! /usr/share/man/cat8 ;
+  ! /usr/share/man/cat9 ;
+  ! /usr/share/man/catl ;
+  ! /usr/share/man/catn ;
+  /usr/share/perl/man			-> $(SEC_CONFIG) ;
+  !/usr/share/perl/man/whatis ;
+  !/usr/share/perl/man/.glimpse_filenames ;
+  !/usr/share/perl/man/.glimpse_filenames_index ;
+  !/usr/share/perl/man/.glimpse_filetimes ;
+  !/usr/share/perl/man/.glimpse_filters ;
+  !/usr/share/perl/man/.glimpse_index ;
+  !/usr/share/perl/man/.glimpse_messages ;
+  !/usr/share/perl/man/.glimpse_partitions ;
+  !/usr/share/perl/man/.glimpse_statistics ;
+  !/usr/share/perl/man/.glimpse_turbo ;
+  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/perl/man/cat3 ;
+  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
+  ! /usr/local/lib/perl5/5.00503/man/whatis ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
+  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
+}
+
+
+#
+# X11R6
+#
+
+(
+  rulename = "X11R6",
+  severity = $(SIG_HI)
+)
+{
+  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
+  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
+  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
+  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
+  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
+  /usr/X11R6/man			-> $(SEC_CONFIG) ;
+  !/usr/X11R6/man/whatis ;
+  !/usr/X11R6/man/.glimpse_filenames ;
+  !/usr/X11R6/man/.glimpse_filenames_index ;
+  !/usr/X11R6/man/.glimpse_filetimes ;
+  !/usr/X11R6/man/.glimpse_filters ;
+  !/usr/X11R6/man/.glimpse_index ;
+  !/usr/X11R6/man/.glimpse_messages ;
+  !/usr/X11R6/man/.glimpse_partitions ;
+  !/usr/X11R6/man/.glimpse_statistics ;
+  !/usr/X11R6/man/.glimpse_turbo ;
+  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/X11R6/man/cat1 ;
+  ! /usr/X11R6/man/cat2 ;
+  ! /usr/X11R6/man/cat3 ;
+  ! /usr/X11R6/man/cat4 ;
+  ! /usr/X11R6/man/cat5 ;
+  ! /usr/X11R6/man/cat6 ;
+  ! /usr/X11R6/man/cat7 ;
+  ! /usr/X11R6/man/cat8 ;
+  ! /usr/X11R6/man/cat9 ;
+  ! /usr/X11R6/man/catl ;
+  ! /usr/X11R6/man/catn ;
+}
+
+
+#
+# sources
+#
+
+(
+  rulename = "Sources",
+  severity = $(SIG_HI)
+)
+{
+  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
+}
+
+
+#
+# NIS
+#
+
+(
+  rulename = "NIS",
+  severity = $(SIG_HI)
+)
+{
+  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
+  !/var/yp/binding ;
+}
+
+
+#
+# Temporary directories
+#
+(
+  rulename = "Temporary directories",
+  recurse = false,
+  severity = $(SIG_LOW)
+)
+{
+  /usr/tmp                             -> $(SEC_INVARIANT) ;
+  /var/tmp                             -> $(SEC_INVARIANT) ;
+  /var/preserve                        -> $(SEC_INVARIANT) ;
+  /tmp                                 -> $(SEC_INVARIANT) ;
+}
+
+#
+# Local files
+#
+
+(
+  rulename = "Local files",
+  severity = $(SIG_MED)
+)
+{
+  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/man			-> $(SEC_CONFIG) ;
+  !/usr/local/man/whatis ;
+  !/usr/local/man/.glimpse_filenames ;
+  !/usr/local/man/.glimpse_filenames_index ;
+  !/usr/local/man/.glimpse_filetimes ;
+  !/usr/local/man/.glimpse_filters ;
+  !/usr/local/man/.glimpse_index ;
+  !/usr/local/man/.glimpse_messages ;
+  !/usr/local/man/.glimpse_partitions ;
+  !/usr/local/man/.glimpse_statistics ;
+  !/usr/local/man/.glimpse_turbo ;
+  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/man/cat1 ;
+  ! /usr/local/man/cat2 ;
+  ! /usr/local/man/cat3 ;
+  ! /usr/local/man/cat4 ;
+  ! /usr/local/man/cat5 ;
+  ! /usr/local/man/cat6 ;
+  ! /usr/local/man/cat7 ;
+  ! /usr/local/man/cat8 ;
+  ! /usr/local/man/cat9 ;
+  ! /usr/local/man/catl ;
+  ! /usr/local/man/catn ;
+  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
+  !/usr/local/krb5/man/whatis ;
+  !/usr/local/krb5/man/.glimpse_filenames ;
+  !/usr/local/krb5/man/.glimpse_filenames_index ;
+  !/usr/local/krb5/man/.glimpse_filetimes ;
+  !/usr/local/krb5/man/.glimpse_filters ;
+  !/usr/local/krb5/man/.glimpse_index ;
+  !/usr/local/krb5/man/.glimpse_messages ;
+  !/usr/local/krb5/man/.glimpse_partitions ;
+  !/usr/local/krb5/man/.glimpse_statistics ;
+  !/usr/local/krb5/man/.glimpse_turbo ;
+  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/krb5/man/cat1 ;
+  ! /usr/local/krb5/man/cat2 ;
+  ! /usr/local/krb5/man/cat3 ;
+  ! /usr/local/krb5/man/cat4 ;
+  ! /usr/local/krb5/man/cat5 ;
+  ! /usr/local/krb5/man/cat6 ;
+  ! /usr/local/krb5/man/cat7 ;
+  ! /usr/local/krb5/man/cat8 ;
+  ! /usr/local/krb5/man/cat9 ;
+  ! /usr/local/krb5/man/catl ;
+  ! /usr/local/krb5/man/catn ;
+  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
+}
+
+
+(
+  rulename = "Security Control",
+  severity = $(SIG_HI)
+)
+{
+  /etc/group                           -> $(SEC_CRIT) ;
+  /etc/crontab                         -> $(SEC_CRIT) ;
+}
+
+#=============================================================================
+#
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Inc. in the United States and other countries. All rights reserved.
+#
+# FreeBSD is a registered trademark of the FreeBSD Project Inc.
+#
+# UNIX is a registered trademark of The Open Group.
+#
+#=============================================================================
+#
+# Permission is granted to make and distribute verbatim copies of this document
+# provided the copyright notice and this permission notice are preserved on all
+# copies.
+#
+# Permission is granted to copy and distribute modified versions of this
+# document under the conditions for verbatim copying, provided that the entire
+# resulting derived work is distributed under the terms of a permission notice
+# identical to this one.
+#
+# Permission is granted to copy and distribute translations of this document
+# into another language, under the above conditions for modified versions,
+# except that this permission notice may be stated in a translation approved by
+# Tripwire, Inc.
+#
+# DCM
--- a/policy/twpol-FreeBSD.txt
+++ b/policy/twpol-FreeBSD.txt
@ -53,16 +53,24 @@ TWREPORT=;
 HOSTNAME=;

@@section FS
-SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
-SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
-SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
-SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
-SEC_TTY    = $(Dynamic)-ugp ;        # Tty files that change ownership at login
-SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
-SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
-SIG_LOW       = 33 ;                 # Non-critical files that are of minimal security impact
-SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
-SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
+SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
+SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
+SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
+SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability


 # Tripwire Binaries
@ -629,7 +637,7 @@ SIG_HI        = 100 ;                # Critical files that are significant point

 #=============================================================================
 #
-# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # FreeBSD is a registered trademark of the FreeBSD Project Inc.
--- a/policy/twpol-GENERIC.txt
+++ b/policy/twpol-GENERIC.txt
@ -65,15 +65,24 @@ TWREPORT=;
 HOSTNAME=;

@@section FS
-SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
-SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
-SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
-SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
-SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
-SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
-SIG_LOW       = 33 ;                 # Non-critical files that are of minimal security impact
-SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
-SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
+SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
+SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
+SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
+SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability


 # Tripwire Binaries
@ -114,56 +123,6 @@ SIG_HI        = 100 ;                # Critical files that are significant point
 }


-# Tripwire HQ Connector Binaries
-#(
-#  rulename = "Tripwire HQ Connector Binaries",
-#  severity = $(SIG_HI)
-#)
-#{
-#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
-#}
-#
-# Tripwire HQ Connector - Configuration Files, Keys, and Logs
-
-  ##############################################################################
- #                                                                            ##
-############################################################################## #
-#                                                                            # #
-# Note: File locations here are different than in a stock HQ Connector       # #
-# installation.  This is because Tripwire 2.3 uses a different path          # #
-# structure than Tripwire 2.2.1.                                             # #
-#                                                                            # #
-# You may need to update your HQ Agent configuation file (or this policy     # #
-# file) to correct the paths.  We have attempted to support the FHS standard # #
-# here by placing the HQ Agent files similarly to the way Tripwire 2.3       # #
-# places them.                                                               # #
-#                                                                            ##
-##############################################################################
-
-#(
-#  rulename = "Tripwire HQ Connector Data Files",
-#  severity = $(SIG_HI)
-#)
-#{
-#   #############################################################################
-#  ##############################################################################
-#  # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
-#  # it does so by renaming the old file and creating a new one (which will    ##
-#  # have a new inode number).  Leaving inode turned on for keys, which        ##
-#  # shouldn't ever change.                                                    ##
-#  #############################################################################
-#
-#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
-#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
-#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
-#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
-#
-#  # Uncomment if you have agent logging enabled.
-#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
-#}
-
-
-
 # Commonly accessed directories that should remain static with regards to owner and group
 (
  rulename = "Invariant Directories",
@ -1078,7 +1037,7 @@ SIG_HI        = 100 ;                # Critical files that are significant point

 #=============================================================================
 #
-# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # Linux is a registered trademark of Linus Torvalds.
--- a/policy/twpol-GNU.txt
+++ b/policy/twpol-GNU.txt
@ -0,0 +1,159 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for GNU/Hurd                           ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+##############################################################################
+
+(rulename="Boot files",)
+{
+  /boot -> $(SEC_READONLY) -a;
+}
+
+(rulename="Binary files",)
+{
+  /bin -> $(SEC_READONLY) -a;
+  /usr/bin -> $(SEC_READONLY) -a;
+  /usr/local/bin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Admin binaries",)
+{
+  /servers -> $(SEC_READONLY) -a;
+  /sbin -> $(SEC_READONLY) -a;
+  /usr/sbin -> $(SEC_READONLY) -a;
+  /hurd -> $(SEC_READONLY) -a;
+}
+
+(rulename="Libraries",)
+{
+  /lib -> $(SEC_READONLY) -a;
+  /usr/lib -> $(SEC_READONLY) -a;
+  /usr/local/lib -> $(SEC_READONLY) -a;
+}
+
+(rulename="Etc",)
+{
+  /etc -> $(SEC_READONLY) -a;
+  /usr/local/etc -> $(SEC_READONLY) -a;
+}
+
+(rulename="Dev",)
+{
+  /dev -> $(SEC_DEVICE);
+}
+
+(rulename="Tmp",)
+{
+  /tmp -> $(SEC_TEMPORARY);
+  /var/tmp -> $(SEC_TEMPORARY);
+}
+
+(rulename="Log",)
+{
+  /var/log -> $(SEC_GROWING);
+}
--- a/policy/twpol-HP-UX.txt
+++ b/policy/twpol-HP-UX.txt
--- a/policy/twpol-Haiku.txt
+++ b/policy/twpol-Haiku.txt
@ -0,0 +1,178 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for Haiku                              ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+
+##############################################################################
+
+
+### System dir ###############################################################
+#
+(rulename = "System Directory",)
+{
+   /boot/system -> $(SEC_READONLY) -a;
+}
+
+
+### Other bin dirs ############################################################
+#
+(rulename = "Binary Directories",)
+{
+  /boot/home/config/bin -> $(SEC_READONLY) -a;
+  /boot/common/bin -> $(SEC_READONLY) -a;
+  /boot/apps -> $(SEC_READONLY) -a;
+# /boot/develop/tools/gnupro/bin -> $(SEC_READONLY) -a; #uncomment to monitor dev tools if present
+}
+
+
+### Other lib dirs ############################################################
+#
+(rulename = "Library Directories",)
+{
+  /boot/common/lib -> $(SEC_READONLY) -a;
+  /boot/home/config/lib -> $(SEC_READONLY) -a;
+}
+
+### Other boot dirs ###########################################################
+#
+(rulename = "Boot Directories",)
+{
+  /boot/common/boot -> $(SEC_READONLY) -a;
+  /boot/home/config/boot -> $(SEC_READONLY) -a;
+}
+
+### Settings ##################################################################
+#
+(rulename = "Settings",)
+{
+  /boot/common/settings -> $(SEC_READONLY) -a;
+  /boot/common/data -> $(SEC_READONLY) -a;
+  /boot/common/etc -> $(SEC_READONLY) -a;
+  /boot/home/config/settings -> $(SEC_READONLY) -a;
+}
+
+# Logs ########################################################################
+#
+(rulename = "Logs",)
+{
+  /boot/common/var/log -> $(SEC_GROWING) -a;
+}
+
+# Dev #########################################################################
+#
+(rulename = "Devices",)
+{
+  /dev -> $(SEC_DEVICE) -a;
+}
+
+# Temp dirs #########################
+#
+(rulename = "Temp Directories",)
+{
+  /boot/common/cache/tmp -> $(SEC_TEMPORARY) -a;
+}
--- a/policy/twpol-LibertyBSD.txt
+++ b/policy/twpol-LibertyBSD.txt
@ -0,0 +1,292 @@
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+#                     Tripwire 2.4 policy for LibertyBSD                     # #
+#                            updated March 2018                              # #
+#                                                                            ##
+##############################################################################
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# Global Variable Definitions                                                # #
+#                                                                            # #
+# These are defined at install time by the installation script.  You may     # #
+# manually edit these if you are using this file directly and not from the   # #
+# installation script itself.                                                # #
+#                                                                            ##
+##############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+  ##############################################################################
+ #  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+@@section FS 
+
+  ########################################
+ #                                      ##
+######################################## #
+#                                      # #
+#  Tripwire Binaries and Data Files    # #
+#                                      ##
+########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+
+  # In this configuration /usr/local is a symbolic link to /home/local.
+  # We want to ignore the following directories since they are already
+  # scanned using the real directory or mount point.  Otherwise we see
+  # duplicates in the reports.
+
+  !/home/local ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Boot and Configuration Files             # #
+#                                              ##
+################################################
+(
+  rulename = "OS Boot and Configuration Files",
+)
+{
+  /boot                         -> $(SEC_READONLY) ;
+  /bsd                          -> $(SEC_READONLY) ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Mount Points                                   # #
+#                                                 ##
+###################################################
+(
+  rulename = "Mount Points",
+)
+{
+  /                             -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(SEC_DYNAMIC) ;
+  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /mnt                          -> $(SEC_DYNAMIC) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Misc Top-Level Directories                     # #
+#                                                 ##
+###################################################
+(
+  rulename = "Misc Top-Level Directories",
+)
+{
+  /altroot                      -> $(SEC_DYNAMIC) ;
+  /stand                        -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#   System Devices                             # #
+#                                              ##
+################################################
+(
+  rulename = "System Devices",
+)
+{
+  /dev                          -> $(SEC_DEVICE) ;
+  /dev/fd                       -> $(SEC_DEVICE) ;
+  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
+  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Binaries and Libraries                   # #   
+#                                              ##
+################################################
+(
+  rulename = "OS Binaries and Libraries",
+)
+{
+  /bin                          -> $(SEC_READONLY) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/X11R6/bin                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(SEC_READONLY) ;
+}
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Usr Local Files                             # #   
+#                                              ##
+################################################
+#OK(
+  #OKrulename = "Usr Local Files",
+#OK)
+#OK{
+  #OK/usr/local                    -> $(SEC_READONLY) ;
+  #OK/usr/local/bin                -> $(SEC_READONLY) ;
+  #OK/usr/local/doc                -> $(SEC_READONLY) ;
+  #OK/usr/local/etc                -> $(SEC_READONLY) ;
+  #OK/usr/local/include            -> $(SEC_READONLY) ;
+  #OK/usr/local/info               -> $(SEC_READONLY) ;
+  #OK/usr/local/lib                -> $(SEC_READONLY) ;
+  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
+  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
+  #OK/usr/local/man                -> $(SEC_READONLY) ;
+  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
+  #OK/usr/local/share              -> $(SEC_READONLY) ;
+  #OK/usr/local/src                -> $(SEC_READONLY) ;
+#OK}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Root Directory and Files                    # #
+#                                              ##
+################################################
+(
+  rulename = "Root Directory and Files",
+)
+{
+  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
+  /root/.profile                 -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Temporary Directories                       # #
+#                                              ##
+################################################
+(
+  rulename = "Temporary Directories",
+)
+{
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  System and Boot Changes                     # #
+#                                              ##
+################################################
+(
+  rulename = "System and Boot Changes",
+)
+{
+  /var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  /var/cron                       -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/mail                       -> $(SEC_GROWING) ;
+  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
+}
+
+#
+# $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
+#
--- a/policy/twpol-Linux.txt
+++ b/policy/twpol-Linux.txt
@ -2,7 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                    Policy file for Red Hat Linux                           # #
+#                    Tripwire 2.4 policy for Linux (RPM)                     # #
+#                             updated March 2018                             # #
 #                                                                            ##
 ##############################################################################

@ -59,13 +60,13 @@ HOSTNAME=;
 #
 ##############################################################################

-Device        = +pugsdr-intlbamcCMSH ;
-Dynamic       = +pinugtd-srlbamcCMSH ;
-Growing       = +pinugtdl-srbamcCMSH ;
-IgnoreAll     = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-ReadOnly      = +pinugtsdbmCM-rlacSH ;
-Temporary     = +pugt ;
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;

@@section FS 

@ -82,10 +83,10 @@ Temporary     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }

 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -102,14 +103,14 @@ Temporary     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.

-  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;

  # don't scan the individual reports
-  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }

  ################################################
@ -123,10 +124,10 @@ Temporary     = +pugt ;
  rulename = "RPM Checksum Files",
 )
 {
-  /var/lib/rpm                  -> $(ReadOnly);
-  /var/lib/rpm/__db.001         -> $(Dynamic) ;
-  /var/lib/rpm/__db.002         -> $(Dynamic) ;
-  /var/lib/rpm/__db.003         -> $(Dynamic) ;
+  /var/lib/rpm                  -> $(SEC_READONLY);
+  /var/lib/rpm/__db.001         -> $(SEC_DYNAMIC) ;
+  /var/lib/rpm/__db.002         -> $(SEC_DYNAMIC) ;
+  /var/lib/rpm/__db.003         -> $(SEC_DYNAMIC) ;
 }

  ################################################
@ -140,18 +141,18 @@ Temporary     = +pugt ;
  rulename = "Global Configuration Files",
 )
 {
-  /etc                           -> $(IgnoreNone) -SHa ;
-  /etc/adjtime                   -> $(Dynamic) ;
-  /etc/aliases.db                -> $(Dynamic) ;
-  /etc/bashrc                    -> $(Dynamic) ;
-  /etc/csh.cshrc                 -> $(Dynamic) ;
-  /etc/csh.login                 -> $(Dynamic) ;
-  /etc/mail/statistics           -> $(Growing) ;
-  /etc/profile                   -> $(Dynamic) -i ;
-  /etc/mtab                      -> $(Dynamic) -i ;
-  /etc/rc.d                      -> $(IgnoreNone) -SHa ;
-  /etc/sysconfig                 -> $(IgnoreNone) -SHa ;
-  /etc/sysconfig/hwconf          -> $(Dynamic) -m ;
+  /etc                           -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc/adjtime                   -> $(SEC_DYNAMIC) ;
+  /etc/aliases.db                -> $(SEC_DYNAMIC) ;
+  /etc/bashrc                    -> $(SEC_DYNAMIC) ;
+  /etc/csh.cshrc                 -> $(SEC_DYNAMIC) ;
+  /etc/csh.login                 -> $(SEC_DYNAMIC) ;
+  /etc/mail/statistics           -> $(SEC_GROWING) ;
+  /etc/profile                   -> $(SEC_DYNAMIC) -i ;
+  /etc/mtab                      -> $(SEC_DYNAMIC) -i ;
+  /etc/rc.d                      -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc/sysconfig                 -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc/sysconfig/hwconf          -> $(SEC_DYNAMIC) -m ;
 }

  ################################################
@ -165,10 +166,10 @@ Temporary     = +pugt ;
  rulename = "OS Boot Files and Mount Points",
 )
 {
-  /boot                         -> $(ReadOnly) ;
-  /cdrom                        -> $(Dynamic) ;
-  /floppy                       -> $(Dynamic) ;
-  /mnt                          -> $(Dynamic) ;
+  /boot                         -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(SEC_DYNAMIC) ;
+  /mnt                          -> $(SEC_DYNAMIC) ;
 }

  ################################################
@ -182,12 +183,12 @@ Temporary     = +pugt ;
  rulename = "OS Devices and Misc Directories",
 )
 {
-  /dev                          -> $(Device) ;
-  /initrd                       -> $(Dynamic) ;
-  /opt                          -> $(Dynamic) ;
-  /lost+found                   -> $(Dynamic) ;
-  /var/lost+found               -> $(Dynamic) ;
-  /home/lost+found              -> $(Dynamic) ;
+  /dev                          -> $(SEC_DEVICE) ;
+  /initrd                       -> $(SEC_DYNAMIC) ;
+  /opt                          -> $(SEC_DYNAMIC) ;
+  /lost+found                   -> $(SEC_DYNAMIC) ;
+  /var/lost+found               -> $(SEC_DYNAMIC) ;
+  /home/lost+found              -> $(SEC_DYNAMIC) ;
  !/dev/pts ;			 # Ignore this file
  !/dev/shm ;			 # Ignore this file
 }
@ -203,14 +204,14 @@ Temporary     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /bin                          -> $(ReadOnly) ;
-  /lib                          -> $(ReadOnly) ;
-  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(ReadOnly) ;
-  /usr/libexec                  -> $(ReadOnly) ;
-  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/X11R6/lib                -> $(ReadOnly) ;
+  /bin                          -> $(SEC_READONLY) ;
+  /lib                          -> $(SEC_READONLY) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(SEC_READONLY) ;
 }
  ################################################
 #                                              ##
@ -224,19 +225,19 @@ Temporary     = +pugt ;
 )
 {
  !/home/local;
-  /usr/local                    -> $(ReadOnly) ;
-  /usr/local/bin                -> $(ReadOnly) ;
-  /usr/local/doc                -> $(ReadOnly) ;
-  /usr/local/etc                -> $(ReadOnly) ;
-  /usr/local/games              -> $(ReadOnly) ;
-  /usr/local/include            -> $(ReadOnly) ;
-  /usr/local/lib                -> $(ReadOnly) ;
-  /usr/local/libexec            -> $(ReadOnly) ;
-  /usr/local/man                -> $(ReadOnly) ;
-  /usr/local/sbin               -> $(ReadOnly) ;
-  /usr/local/share              -> $(ReadOnly) ;
-  /usr/local/src                -> $(ReadOnly) ;
-  /usr/local/sysinfo            -> $(ReadOnly) ;
+  /usr/local                    -> $(SEC_READONLY) ;
+  /usr/local/bin                -> $(SEC_READONLY) ;
+  /usr/local/doc                -> $(SEC_READONLY) ;
+  /usr/local/etc                -> $(SEC_READONLY) ;
+  /usr/local/games              -> $(SEC_READONLY) ;
+  /usr/local/include            -> $(SEC_READONLY) ;
+  /usr/local/lib                -> $(SEC_READONLY) ;
+  /usr/local/libexec            -> $(SEC_READONLY) ;
+  /usr/local/man                -> $(SEC_READONLY) ;
+  /usr/local/sbin               -> $(SEC_READONLY) ;
+  /usr/local/share              -> $(SEC_READONLY) ;
+  /usr/local/src                -> $(SEC_READONLY) ;
+  /usr/local/sysinfo            -> $(SEC_READONLY) ;
 }

  ################################################
@ -250,29 +251,29 @@ Temporary     = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  /root                         -> $(IgnoreNone) -SHa ;
-  /root/.bashrc                 -> $(Dynamic) ;
-  /root/.bash_history           -> $(Dynamic) ;
-  #/root/.bash_logout            -> $(Dynamic) ;
-  /root/.bash_profile           -> $(Dynamic) ;
-  /root/.cshrc                  -> $(Dynamic) ;
-  #/root/.enlightenment          -> $(Dynamic) ;
-  #/root/.esd-auth               -> $(Dynamic) ;
+  /root                         -> $(SEC_IGNORE_NONE) -SHa ;
+  /root/.bashrc                 -> $(SEC_DYNAMIC) ;
+  /root/.bash_history           -> $(SEC_DYNAMIC) ;
+  #/root/.bash_logout            -> $(SEC_DYNAMIC) ;
+  /root/.bash_profile           -> $(SEC_DYNAMIC) ;
+  /root/.cshrc                  -> $(SEC_DYNAMIC) ;
+  #/root/.enlightenment          -> $(SEC_DYNAMIC) ;
+  #/root/.esd-auth               -> $(SEC_DYNAMIC) ;
  !/root/.gconf ;
  !/root/.gconfd ;
-  #/root/.gnome                  -> $(Dynamic) ;
-  #/root/.gnome-desktop          -> $(Dynamic) ;
-  #/root/.gnome2                 -> $(Dynamic) ;
-  #/root/.gtkrc                  -> $(Dynamic) ;
-  #/root/.gtkrc-1.2-gnome2       -> $(Dynamic) ;
-  #/root/.metacity               -> $(Dynamic) ;
-  #/root/.nautilus               -> $(Dynamic) ;
-  #/root/.rhn-applet.conf        -> $(Dynamic) ;
-  #/root/.tcshrc                 -> $(Dynamic) ;
-  #/root/.xauth                  -> $(Dynamic) ;
-  #/root/.ICEauthority           -> $(Dynamic) ;
-  #/root/.Xauthority             -> $(Dynamic) -i ;
-  #/root/.Xresources             -> $(Dynamic) ;
+  #/root/.gnome                  -> $(SEC_DYNAMIC) ;
+  #/root/.gnome-desktop          -> $(SEC_DYNAMIC) ;
+  #/root/.gnome2                 -> $(SEC_DYNAMIC) ;
+  #/root/.gtkrc                  -> $(SEC_DYNAMIC) ;
+  #/root/.gtkrc-1.2-gnome2       -> $(SEC_DYNAMIC) ;
+  #/root/.metacity               -> $(SEC_DYNAMIC) ;
+  #/root/.nautilus               -> $(SEC_DYNAMIC) ;
+  #/root/.rhn-applet.conf        -> $(SEC_DYNAMIC) ;
+  #/root/.tcshrc                 -> $(SEC_DYNAMIC) ;
+  #/root/.xauth                  -> $(SEC_DYNAMIC) ;
+  #/root/.ICEauthority           -> $(SEC_DYNAMIC) ;
+  #/root/.Xauthority             -> $(SEC_DYNAMIC) -i ;
+  #/root/.Xresources             -> $(SEC_DYNAMIC) ;
 }

  ################################################
@ -286,12 +287,12 @@ Temporary     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /usr/tmp                      -> $(Temporary) ;
-  /var/tmp                      -> $(Temporary) ;
-  /tmp                          -> $(Temporary) ;
-  #/tmp/.fam-socket              -> $(Temporary) ;
-  #/tmp/.ICE-unix                -> $(Temporary) ;
-  #/tmp/.X11-unix                -> $(Temporary) ;
+  /usr/tmp                      -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  #/tmp/.fam-socket              -> $(SEC_TEMPORARY) ;
+  #/tmp/.ICE-unix                -> $(SEC_TEMPORARY) ;
+  #/tmp/.X11-unix                -> $(SEC_TEMPORARY) ;
  !/tmp/orbit-root ;
 }

@ -306,21 +307,21 @@ Temporary     = +pugt ;
  rulename = "System Boot Changes",
 )
 {
-  /.autofsck                    -> $(Dynamic) -m ;
-  /var/cache/man/whatis         -> $(Growing) ;
-  /var/lib/logrotate.status     -> $(Growing) ;
-  #/var/lib/nfs/statd            -> $(Growing) ;
+  /.autofsck                    -> $(SEC_DYNAMIC) -m ;
+  /var/cache/man/whatis         -> $(SEC_GROWING) ;
+  /var/lib/logrotate.status     -> $(SEC_GROWING) ;
+  #/var/lib/nfs/statd            -> $(SEC_GROWING) ;
  !/var/lib/random-seed ;
-  #/var/lib/slocate/slocate.db    -> $(Growing) -is ;
-  /var/lock/subsys                -> $(Dynamic) -i ;
-  /var/log                        -> $(Growing) -i ;
+  #/var/lib/slocate/slocate.db    -> $(SEC_GROWING) -is ;
+  /var/lock/subsys                -> $(SEC_DYNAMIC) -i ;
+  /var/log                        -> $(SEC_GROWING) -i ;
  !/var/log/sa;
  !/var/log/cisco;
-  /var/run                        -> $(Dynamic) -i ;
-  /etc/cron.daily                 -> $(Growing);
-  /etc/cron.weekly                -> $(Growing);
-  /etc/cron.monthly               -> $(Growing);
-  /var/spool/mail                 -> $(Growing);
+  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /etc/cron.daily                 -> $(SEC_GROWING);
+  /etc/cron.weekly                -> $(SEC_GROWING);
+  /etc/cron.monthly               -> $(SEC_GROWING);
+  /var/spool/mail                 -> $(SEC_GROWING);
 }

  ################################################
@ -334,10 +335,10 @@ Temporary     = +pugt ;
  rulename = "Monitor Filesystems",
 )
 {
-  /                             -> $(ReadOnly) ;
-  /home                         -> $(ReadOnly) ;  # Modify as needed
-  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(ReadOnly) ;
+  /                             -> $(SEC_READONLY) ;
+  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
 }

  ################################################
--- a/policy/twpol-MidnightBSD.txt
+++ b/policy/twpol-MidnightBSD.txt
@ -0,0 +1,664 @@
+#
+#                       Policy file for MidnightBSD
+#                         (adapted from FreeBSD policy)
+#
+# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
+# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
+
+#
+# This is the example Tripwire Policy file.  It is intended as a place to
+# start creating your own custom Tripwire Policy file.  Referring to it as
+# well as the Tripwire Policy Guide should give you enough information to
+# make a good custom Tripwire Policy file that better covers your
+# configuration and security needs.  A text version of this policy file is
+# called twpol.txt.
+#
+# Note that this file is tuned to an install of FreeBSD using
+# buildworld.  If run unmodified, this file should create no errors on
+# database creation, or violations on a subsiquent integrity check.
+# However it is impossible for there to be one policy file for all machines,
+# so this existing one errs on the side of security.  Your FreeBSD
+# configuration will most likey differ from the one our policy file was
+# tuned to, and will therefore require some editing of the default
+# Tripwire Policy file.
+#
+# The example policy file is best run with 'Loose Directory Checking'
+# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
+# file.
+#
+# Email support is not included and must be added to this file.
+# Add the 'emailto=' to the rule directive section of each rule (add a comma
+# after the 'severity=' line and add an 'emailto=' and include the email
+# addresses you want the violation reports to go to).  Addresses are
+# semi-colon delimited.
+#
+
+
+
+#
+# Global Variable Definitions
+#
+# These are defined at install time by the installation script.  You may
+# Manually edit these if you are using this file directly and not from the
+# installation script itself.
+#
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+@@section FS
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
+SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
+SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
+SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
+SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
+
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+  severity = $(SIG_HI)
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
+  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
+  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
+  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+  severity = $(SIG_HI)
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_CONFIG) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
+  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
+  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
+
+  #don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
+}
+
+
+# Tripwire HQ Connector Binaries
+#(
+#  rulename = "Tripwire HQ Connector Binaries",
+#  severity = $(SIG_HI)
+#)
+#{
+#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
+#}
+#
+# Tripwire HQ Connector - Configuration Files, Keys, and Logs
+
+#
+# Note: File locations here are different than in a stock HQ Connector
+# installation.  This is because Tripwire 2.3 uses a different path
+# structure than Tripwire 2.2.1.
+#
+# You may need to update your HQ Agent configuation file (or this policy
+# file) to correct the paths.  We have attempted to support the FHS standard
+# here by placing the HQ Agent files similarly to the way Tripwire 2.3
+# places them.
+#
+
+#(
+#  rulename = "Tripwire HQ Connector Data Files",
+#  severity = $(SIG_HI)
+#)
+#{
+#
+# # NOTE: Removing the inode attribute because when Tripwire creates a backup
+# # it does so by renaming the old file and creating a new one (which will
+# # have a new inode number).  Leaving inode turned on for keys, which
+# # shouldn't ever change.
+#
+#
+#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
+#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
+#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
+#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
+#
+#  # Uncomment if you have agent logging enabled.
+#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
+#}
+
+
+
+# Commonly accessed directories that should remain static with regards to owner and group
+(
+  rulename = "Invariant Directories",
+  severity = $(SIG_MED)
+)
+{
+  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
+  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
+}
+
+#
+# First, root's "home"
+#
+
+(
+  rulename = "Root's home",
+  severity = $(SIG_HI)
+)
+{
+  # /.rhosts				-> $(SEC_CRIT) ;
+  /.profile				-> $(SEC_CRIT) ;
+  /.cshrc				-> $(SEC_CRIT) ;
+  /.login				-> $(SEC_CRIT) ;
+  # /.exrc				-> $(SEC_CRIT) ;
+  # /.logout				-> $(SEC_CRIT) ;
+  # /.forward				-> $(SEC_CRIT) ;
+  /root					-> $(SEC_CRIT) (recurse = true) ;
+  !/root/.history ;
+  !/root/.bash_history ;
+  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
+}
+
+
+#
+# FreeBSD Kernel
+#
+
+(
+  rulename = "FreeBSD Kernel",
+  severity = $(SIG_HI)
+)
+{
+  /kernel				-> $(SEC_CRIT) ;
+  /kernel.old				-> $(SEC_CRIT) ;
+  /kernel.GENERIC			-> $(SEC_CRIT) ;
+}
+
+
+#
+# FreeBSD Modules
+#
+
+(
+  rulename = "FreeBSD Modules",
+  severity = $(SIG_HI)
+)
+{
+  /modules				-> $(SEC_CRIT) (recurse = true) ;
+  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
+  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
+}
+
+
+#
+# System Administration Programs
+#
+
+(
+  rulename = "System Administration Programs",
+  severity = $(SIG_HI)
+)
+{
+  /sbin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# User Utilities
+#
+
+(
+  rulename = "User Utilities",
+  severity = $(SIG_HI)
+)
+{
+  /bin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# /dev
+#
+
+(
+  rulename = "/dev",
+  severity = $(SIG_HI)
+)
+{
+  /dev					-> $(Device) (recurse = true) ;
+  !/dev/vga ;
+  !/dev/dri ;
+  /dev/console				-> $(SEC_TTY) ;
+  /dev/ttyv0				-> $(SEC_TTY) ;
+  /dev/ttyv1				-> $(SEC_TTY) ;
+  /dev/ttyv2				-> $(SEC_TTY) ;
+  /dev/ttyv3				-> $(SEC_TTY) ;
+  /dev/ttyv4				-> $(SEC_TTY) ;
+  /dev/ttyv5				-> $(SEC_TTY) ;
+  /dev/ttyv6				-> $(SEC_TTY) ;
+  /dev/ttyv7				-> $(SEC_TTY) ;
+  /dev/ttyp0				-> $(SEC_TTY) ;
+  /dev/ttyp1				-> $(SEC_TTY) ;
+  /dev/ttyp2				-> $(SEC_TTY) ;
+  /dev/ttyp3				-> $(SEC_TTY) ;
+  /dev/ttyp4				-> $(SEC_TTY) ;
+  /dev/ttyp5				-> $(SEC_TTY) ;
+  /dev/ttyp6				-> $(SEC_TTY) ;
+  /dev/ttyp7				-> $(SEC_TTY) ;
+  /dev/ttyp8				-> $(SEC_TTY) ;
+  /dev/ttyp9				-> $(SEC_TTY) ;
+  /dev/ttypa				-> $(SEC_TTY) ;
+  /dev/ttypb				-> $(SEC_TTY) ;
+  /dev/ttypc				-> $(SEC_TTY) ;
+  /dev/ttypd				-> $(SEC_TTY) ;
+  /dev/ttype				-> $(SEC_TTY) ;
+  /dev/ttypf				-> $(SEC_TTY) ;
+  /dev/ttypg				-> $(SEC_TTY) ;
+  /dev/ttyph				-> $(SEC_TTY) ;
+  /dev/ttypi				-> $(SEC_TTY) ;
+  /dev/ttypj				-> $(SEC_TTY) ;
+  /dev/ttypl				-> $(SEC_TTY) ;
+  /dev/ttypm				-> $(SEC_TTY) ;
+  /dev/ttypn				-> $(SEC_TTY) ;
+  /dev/ttypo				-> $(SEC_TTY) ;
+  /dev/ttypp				-> $(SEC_TTY) ;
+  /dev/ttypq				-> $(SEC_TTY) ;
+  /dev/ttypr				-> $(SEC_TTY) ;
+  /dev/ttyps				-> $(SEC_TTY) ;
+  /dev/ttypt				-> $(SEC_TTY) ;
+  /dev/ttypu				-> $(SEC_TTY) ;
+  /dev/ttypv				-> $(SEC_TTY) ;
+  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
+}
+
+
+#
+# /etc
+#
+
+(
+  rulename = "/etc",
+  severity = $(SIG_HI)
+)
+{
+  /etc					-> $(SEC_CRIT) (recurse = true) ;
+  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
+  /etc/dumpdates			-> $(SEC_CONFIG) ;
+  /etc/motd				-> $(SEC_CONFIG) ;
+  !/etc/ppp/connect-errors ;
+  /etc/skeykeys				-> $(SEC_CONFIG) ;
+  # Uncomment the following 4 lines if your password file does not change
+  # /etc/passwd				-> $(SEC_CONFIG) ;
+  # /etc/master.passwd			-> $(SEC_CONFIG) ;
+  # /etc/pwd.db				-> $(SEC_CONFIG) ;
+  # /etc/spwd.db			-> $(SEC_CONFIG) ;
+}
+
+
+#
+# Copatibility (Linux)
+#
+
+(
+  rulename = "Linux Compatibility",
+  severity = $(SIG_HI)
+)
+{
+  /compat				-> $(SEC_CRIT) (recurse = true) ;
+#
+# Uncomment the following if Linux compatibility is used.  Replace
+# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
+# installed.
+#
+#@@ifhost HOSTNAME1 || HOSTNAME2
+#  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
+#  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
+#  !/compat/linux/etc/ld.so.cache ;
+#  !/compat/linux/var/spool/mail ;
+#@@endif
+}
+
+
+#
+# Libraries, include files, and other system files
+#
+
+(
+  rulename = "Libraries, include files, and other system files",
+  severity = $(SIG_HI)
+)
+{
+  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man			-> $(SEC_CONFIG) ;
+  !/usr/share/man/whatis ;
+  !/usr/share/man/.glimpse_filenames ;
+  !/usr/share/man/.glimpse_filenames_index ;
+  !/usr/share/man/.glimpse_filetimes ;
+  !/usr/share/man/.glimpse_filters ;
+  !/usr/share/man/.glimpse_index ;
+  !/usr/share/man/.glimpse_messages ;
+  !/usr/share/man/.glimpse_partitions ;
+  !/usr/share/man/.glimpse_statistics ;
+  !/usr/share/man/.glimpse_turbo ;
+  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/man/cat1 ;
+  ! /usr/share/man/cat2 ;
+  ! /usr/share/man/cat3 ;
+  ! /usr/share/man/cat4 ;
+  ! /usr/share/man/cat5 ;
+  ! /usr/share/man/cat6 ;
+  ! /usr/share/man/cat7 ;
+  ! /usr/share/man/cat8 ;
+  ! /usr/share/man/cat9 ;
+  ! /usr/share/man/catl ;
+  ! /usr/share/man/catn ;
+  /usr/share/perl/man			-> $(SEC_CONFIG) ;
+  !/usr/share/perl/man/whatis ;
+  !/usr/share/perl/man/.glimpse_filenames ;
+  !/usr/share/perl/man/.glimpse_filenames_index ;
+  !/usr/share/perl/man/.glimpse_filetimes ;
+  !/usr/share/perl/man/.glimpse_filters ;
+  !/usr/share/perl/man/.glimpse_index ;
+  !/usr/share/perl/man/.glimpse_messages ;
+  !/usr/share/perl/man/.glimpse_partitions ;
+  !/usr/share/perl/man/.glimpse_statistics ;
+  !/usr/share/perl/man/.glimpse_turbo ;
+  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/perl/man/cat3 ;
+  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
+  ! /usr/local/lib/perl5/5.00503/man/whatis ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
+  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
+}
+
+
+#
+# X11R6
+#
+
+(
+  rulename = "X11R6",
+  severity = $(SIG_HI)
+)
+{
+  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
+  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
+  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
+  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
+  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
+  /usr/X11R6/man			-> $(SEC_CONFIG) ;
+  !/usr/X11R6/man/whatis ;
+  !/usr/X11R6/man/.glimpse_filenames ;
+  !/usr/X11R6/man/.glimpse_filenames_index ;
+  !/usr/X11R6/man/.glimpse_filetimes ;
+  !/usr/X11R6/man/.glimpse_filters ;
+  !/usr/X11R6/man/.glimpse_index ;
+  !/usr/X11R6/man/.glimpse_messages ;
+  !/usr/X11R6/man/.glimpse_partitions ;
+  !/usr/X11R6/man/.glimpse_statistics ;
+  !/usr/X11R6/man/.glimpse_turbo ;
+  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/X11R6/man/cat1 ;
+  ! /usr/X11R6/man/cat2 ;
+  ! /usr/X11R6/man/cat3 ;
+  ! /usr/X11R6/man/cat4 ;
+  ! /usr/X11R6/man/cat5 ;
+  ! /usr/X11R6/man/cat6 ;
+  ! /usr/X11R6/man/cat7 ;
+  ! /usr/X11R6/man/cat8 ;
+  ! /usr/X11R6/man/cat9 ;
+  ! /usr/X11R6/man/catl ;
+  ! /usr/X11R6/man/catn ;
+}
+
+
+#
+# sources
+#
+
+(
+  rulename = "Sources",
+  severity = $(SIG_HI)
+)
+{
+  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
+}
+
+
+#
+# NIS
+#
+
+(
+  rulename = "NIS",
+  severity = $(SIG_HI)
+)
+{
+  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
+  !/var/yp/binding ;
+}
+
+
+#
+# Temporary directories
+#
+(
+  rulename = "Temporary directories",
+  recurse = false,
+  severity = $(SIG_LOW)
+)
+{
+  /usr/tmp                             -> $(SEC_INVARIANT) ;
+  /var/tmp                             -> $(SEC_INVARIANT) ;
+  /var/preserve                        -> $(SEC_INVARIANT) ;
+  /tmp                                 -> $(SEC_INVARIANT) ;
+}
+
+#
+# Local files
+#
+
+(
+  rulename = "Local files",
+  severity = $(SIG_MED)
+)
+{
+  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/man			-> $(SEC_CONFIG) ;
+  !/usr/local/man/whatis ;
+  !/usr/local/man/.glimpse_filenames ;
+  !/usr/local/man/.glimpse_filenames_index ;
+  !/usr/local/man/.glimpse_filetimes ;
+  !/usr/local/man/.glimpse_filters ;
+  !/usr/local/man/.glimpse_index ;
+  !/usr/local/man/.glimpse_messages ;
+  !/usr/local/man/.glimpse_partitions ;
+  !/usr/local/man/.glimpse_statistics ;
+  !/usr/local/man/.glimpse_turbo ;
+  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/man/cat1 ;
+  ! /usr/local/man/cat2 ;
+  ! /usr/local/man/cat3 ;
+  ! /usr/local/man/cat4 ;
+  ! /usr/local/man/cat5 ;
+  ! /usr/local/man/cat6 ;
+  ! /usr/local/man/cat7 ;
+  ! /usr/local/man/cat8 ;
+  ! /usr/local/man/cat9 ;
+  ! /usr/local/man/catl ;
+  ! /usr/local/man/catn ;
+  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
+  !/usr/local/krb5/man/whatis ;
+  !/usr/local/krb5/man/.glimpse_filenames ;
+  !/usr/local/krb5/man/.glimpse_filenames_index ;
+  !/usr/local/krb5/man/.glimpse_filetimes ;
+  !/usr/local/krb5/man/.glimpse_filters ;
+  !/usr/local/krb5/man/.glimpse_index ;
+  !/usr/local/krb5/man/.glimpse_messages ;
+  !/usr/local/krb5/man/.glimpse_partitions ;
+  !/usr/local/krb5/man/.glimpse_statistics ;
+  !/usr/local/krb5/man/.glimpse_turbo ;
+  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/krb5/man/cat1 ;
+  ! /usr/local/krb5/man/cat2 ;
+  ! /usr/local/krb5/man/cat3 ;
+  ! /usr/local/krb5/man/cat4 ;
+  ! /usr/local/krb5/man/cat5 ;
+  ! /usr/local/krb5/man/cat6 ;
+  ! /usr/local/krb5/man/cat7 ;
+  ! /usr/local/krb5/man/cat8 ;
+  ! /usr/local/krb5/man/cat9 ;
+  ! /usr/local/krb5/man/catl ;
+  ! /usr/local/krb5/man/catn ;
+  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
+}
+
+
+(
+  rulename = "Security Control",
+  severity = $(SIG_HI)
+)
+{
+  /etc/group                           -> $(SEC_CRIT) ;
+  /etc/crontab                         -> $(SEC_CRIT) ;
+}
+
+#=============================================================================
+#
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Inc. in the United States and other countries. All rights reserved.
+#
+# FreeBSD is a registered trademark of the FreeBSD Project Inc.
+#
+# UNIX is a registered trademark of The Open Group.
+#
+#=============================================================================
+#
+# Permission is granted to make and distribute verbatim copies of this document
+# provided the copyright notice and this permission notice are preserved on all
+# copies.
+#
+# Permission is granted to copy and distribute modified versions of this
+# document under the conditions for verbatim copying, provided that the entire
+# resulting derived work is distributed under the terms of a permission notice
+# identical to this one.
+#
+# Permission is granted to copy and distribute translations of this document
+# into another language, under the above conditions for modified versions,
+# except that this permission notice may be stated in a translation approved by
+# Tripwire, Inc.
+#
+# DCM
--- a/policy/twpol-Minix.txt
+++ b/policy/twpol-Minix.txt
@ -0,0 +1,176 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for Minix                              ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+##############################################################################
+
+(rulename="Boot files",)
+{
+  /boot -> $(SEC_READONLY) -a;
+  /boot_monitor -> $(SEC_READONLY) -a;
+  /boot.cfg -> $(SEC_READONLY) -a;
+}
+
+(rulename="Binary files",)
+{
+  /bin -> $(SEC_READONLY) -a;
+  /usr/bin -> $(SEC_READONLY) -a;
+  /usr/local/bin -> $(SEC_READONLY) -a;
+  /usr/pkg/bin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Development",)
+{
+  /usr/pkg/gnu/bin -> $(SEC_READONLY) -a;
+  /usr/pkg/i386-elf32-minix/bin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Libexec",)
+{
+  /usr/libexec -> $(SEC_READONLY) -a;
+  /usr/pkg/libexec -> $(SEC_READONLY) -a;
+}
+
+(rulename="Admin binaries",)
+{
+  /service -> $(SEC_READONLY) -a;
+  /sbin -> $(SEC_READONLY) -a;
+  /usr/sbin -> $(SEC_READONLY) -a;
+  /usr/pkg/sbin -> $(SEC_READONLY) -a;
+}
+
+(rulename="Libraries",)
+{
+  /lib -> $(SEC_READONLY) -a;
+  /usr/lib -> $(SEC_READONLY) -a;
+  /usr/pkg/lib -> $(SEC_READONLY) -a;
+}
+
+(rulename="Etc",)
+{
+  /etc -> $(SEC_READONLY) -a;
+  /usr/etc -> $(SEC_READONLY) -a;
+  /usr/pkg/etc -> $(SEC_READONLY) -a;
+}
+
+(rulename="Dev",)
+{
+  /dev -> $(SEC_DEVICE);
+}
+
+(rulename="Tmp",)
+{
+  /tmp -> $(SEC_TEMPORARY);
+  /var/tmp -> $(SEC_TEMPORARY);
+  /usr/tmp -> $(SEC_TEMPORARY);
+}
+
+(rulename="Log",)
+{
+  /var/log -> $(SEC_GROWING);
+}
--- a/policy/twpol-MirBSD.txt
+++ b/policy/twpol-MirBSD.txt
@ -0,0 +1,292 @@
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+#                      Tripwire 2.4 policy for MirOS BSD                     # #
+#                            updated March 2018                              # #
+#                                                                            ##
+##############################################################################
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# Global Variable Definitions                                                # #
+#                                                                            # #
+# These are defined at install time by the installation script.  You may     # #
+# manually edit these if you are using this file directly and not from the   # #
+# installation script itself.                                                # #
+#                                                                            ##
+##############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+  ##############################################################################
+ #  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+@@section FS 
+
+  ########################################
+ #                                      ##
+######################################## #
+#                                      # #
+#  Tripwire Binaries and Data Files    # #
+#                                      ##
+########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+
+  # In this configuration /usr/local is a symbolic link to /home/local.
+  # We want to ignore the following directories since they are already
+  # scanned using the real directory or mount point.  Otherwise we see
+  # duplicates in the reports.
+
+  !/home/local ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Boot and Configuration Files             # #
+#                                              ##
+################################################
+(
+  rulename = "OS Boot and Configuration Files",
+)
+{
+  /boot                         -> $(SEC_READONLY) ;
+  /bsd                          -> $(SEC_READONLY) ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Mount Points                                   # #
+#                                                 ##
+###################################################
+(
+  rulename = "Mount Points",
+)
+{
+  /                             -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(SEC_DYNAMIC) ;
+  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /mnt                          -> $(SEC_DYNAMIC) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
+}
+
+  ###################################################
+ #                                                 ##
+################################################### #
+#                                                 # #
+#  Misc Top-Level Directories                     # #
+#                                                 ##
+###################################################
+(
+  rulename = "Misc Top-Level Directories",
+)
+{
+  /altroot                      -> $(SEC_DYNAMIC) ;
+  /stand                        -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#   System Devices                             # #
+#                                              ##
+################################################
+(
+  rulename = "System Devices",
+)
+{
+  /dev                          -> $(SEC_DEVICE) ;
+  /dev/fd                       -> $(SEC_DEVICE) ;
+  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
+  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  OS Binaries and Libraries                   # #   
+#                                              ##
+################################################
+(
+  rulename = "OS Binaries and Libraries",
+)
+{
+  /bin                          -> $(SEC_READONLY) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/X11R6/bin                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(SEC_READONLY) ;
+}
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Usr Local Files                             # #   
+#                                              ##
+################################################
+#OK(
+  #OKrulename = "Usr Local Files",
+#OK)
+#OK{
+  #OK/usr/local                    -> $(SEC_READONLY) ;
+  #OK/usr/local/bin                -> $(SEC_READONLY) ;
+  #OK/usr/local/doc                -> $(SEC_READONLY) ;
+  #OK/usr/local/etc                -> $(SEC_READONLY) ;
+  #OK/usr/local/include            -> $(SEC_READONLY) ;
+  #OK/usr/local/info               -> $(SEC_READONLY) ;
+  #OK/usr/local/lib                -> $(SEC_READONLY) ;
+  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
+  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
+  #OK/usr/local/man                -> $(SEC_READONLY) ;
+  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
+  #OK/usr/local/share              -> $(SEC_READONLY) ;
+  #OK/usr/local/src                -> $(SEC_READONLY) ;
+#OK}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Root Directory and Files                    # #
+#                                              ##
+################################################
+(
+  rulename = "Root Directory and Files",
+)
+{
+  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
+  /root/.profile                 -> $(SEC_DYNAMIC) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  Temporary Directories                       # #
+#                                              ##
+################################################
+(
+  rulename = "Temporary Directories",
+)
+{
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
+}
+
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+#  System and Boot Changes                     # #
+#                                              ##
+################################################
+(
+  rulename = "System and Boot Changes",
+)
+{
+  /var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  /var/cron                       -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/mail                       -> $(SEC_GROWING) ;
+  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
+}
+
+#
+# $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
+#
--- a/policy/twpol-NetBSD.txt
+++ b/policy/twpol-NetBSD.txt
@ -0,0 +1,664 @@
+#
+#                       Policy file for NetBSD
+#                         (adapted from FreeBSD policy)
+#
+# $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
+# $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
+
+#
+# This is the example Tripwire Policy file.  It is intended as a place to
+# start creating your own custom Tripwire Policy file.  Referring to it as
+# well as the Tripwire Policy Guide should give you enough information to
+# make a good custom Tripwire Policy file that better covers your
+# configuration and security needs.  A text version of this policy file is
+# called twpol.txt.
+#
+# Note that this file is tuned to an install of FreeBSD using
+# buildworld.  If run unmodified, this file should create no errors on
+# database creation, or violations on a subsiquent integrity check.
+# However it is impossible for there to be one policy file for all machines,
+# so this existing one errs on the side of security.  Your FreeBSD
+# configuration will most likey differ from the one our policy file was
+# tuned to, and will therefore require some editing of the default
+# Tripwire Policy file.
+#
+# The example policy file is best run with 'Loose Directory Checking'
+# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
+# file.
+#
+# Email support is not included and must be added to this file.
+# Add the 'emailto=' to the rule directive section of each rule (add a comma
+# after the 'severity=' line and add an 'emailto=' and include the email
+# addresses you want the violation reports to go to).  Addresses are
+# semi-colon delimited.
+#
+
+
+
+#
+# Global Variable Definitions
+#
+# These are defined at install time by the installation script.  You may
+# Manually edit these if you are using this file directly and not from the
+# installation script itself.
+#
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+@@section FS
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;
+
+SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
+SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
+SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
+SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
+SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
+
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+  severity = $(SIG_HI)
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
+  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
+  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
+  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+  severity = $(SIG_HI)
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_CONFIG) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
+  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
+  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
+
+  #don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
+}
+
+
+# Tripwire HQ Connector Binaries
+#(
+#  rulename = "Tripwire HQ Connector Binaries",
+#  severity = $(SIG_HI)
+#)
+#{
+#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
+#}
+#
+# Tripwire HQ Connector - Configuration Files, Keys, and Logs
+
+#
+# Note: File locations here are different than in a stock HQ Connector
+# installation.  This is because Tripwire 2.3 uses a different path
+# structure than Tripwire 2.2.1.
+#
+# You may need to update your HQ Agent configuation file (or this policy
+# file) to correct the paths.  We have attempted to support the FHS standard
+# here by placing the HQ Agent files similarly to the way Tripwire 2.3
+# places them.
+#
+
+#(
+#  rulename = "Tripwire HQ Connector Data Files",
+#  severity = $(SIG_HI)
+#)
+#{
+#
+# # NOTE: Removing the inode attribute because when Tripwire creates a backup
+# # it does so by renaming the old file and creating a new one (which will
+# # have a new inode number).  Leaving inode turned on for keys, which
+# # shouldn't ever change.
+#
+#
+#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
+#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
+#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
+#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
+#
+#  # Uncomment if you have agent logging enabled.
+#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
+#}
+
+
+
+# Commonly accessed directories that should remain static with regards to owner and group
+(
+  rulename = "Invariant Directories",
+  severity = $(SIG_MED)
+)
+{
+  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
+  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
+}
+
+#
+# First, root's "home"
+#
+
+(
+  rulename = "Root's home",
+  severity = $(SIG_HI)
+)
+{
+  # /.rhosts				-> $(SEC_CRIT) ;
+  /.profile				-> $(SEC_CRIT) ;
+  /.cshrc				-> $(SEC_CRIT) ;
+  /.login				-> $(SEC_CRIT) ;
+  # /.exrc				-> $(SEC_CRIT) ;
+  # /.logout				-> $(SEC_CRIT) ;
+  # /.forward				-> $(SEC_CRIT) ;
+  /root					-> $(SEC_CRIT) (recurse = true) ;
+  !/root/.history ;
+  !/root/.bash_history ;
+  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
+}
+
+
+#
+# FreeBSD Kernel
+#
+
+(
+  rulename = "FreeBSD Kernel",
+  severity = $(SIG_HI)
+)
+{
+  /kernel				-> $(SEC_CRIT) ;
+  /kernel.old				-> $(SEC_CRIT) ;
+  /kernel.GENERIC			-> $(SEC_CRIT) ;
+}
+
+
+#
+# FreeBSD Modules
+#
+
+(
+  rulename = "FreeBSD Modules",
+  severity = $(SIG_HI)
+)
+{
+  /modules				-> $(SEC_CRIT) (recurse = true) ;
+  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
+  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
+}
+
+
+#
+# System Administration Programs
+#
+
+(
+  rulename = "System Administration Programs",
+  severity = $(SIG_HI)
+)
+{
+  /sbin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# User Utilities
+#
+
+(
+  rulename = "User Utilities",
+  severity = $(SIG_HI)
+)
+{
+  /bin					-> $(SEC_CRIT) (recurse = true) ;
+  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
+}
+
+
+#
+# /dev
+#
+
+(
+  rulename = "/dev",
+  severity = $(SIG_HI)
+)
+{
+  /dev					-> $(Device) (recurse = true) ;
+  !/dev/vga ;
+  !/dev/dri ;
+  /dev/console				-> $(SEC_TTY) ;
+  /dev/ttyv0				-> $(SEC_TTY) ;
+  /dev/ttyv1				-> $(SEC_TTY) ;
+  /dev/ttyv2				-> $(SEC_TTY) ;
+  /dev/ttyv3				-> $(SEC_TTY) ;
+  /dev/ttyv4				-> $(SEC_TTY) ;
+  /dev/ttyv5				-> $(SEC_TTY) ;
+  /dev/ttyv6				-> $(SEC_TTY) ;
+  /dev/ttyv7				-> $(SEC_TTY) ;
+  /dev/ttyp0				-> $(SEC_TTY) ;
+  /dev/ttyp1				-> $(SEC_TTY) ;
+  /dev/ttyp2				-> $(SEC_TTY) ;
+  /dev/ttyp3				-> $(SEC_TTY) ;
+  /dev/ttyp4				-> $(SEC_TTY) ;
+  /dev/ttyp5				-> $(SEC_TTY) ;
+  /dev/ttyp6				-> $(SEC_TTY) ;
+  /dev/ttyp7				-> $(SEC_TTY) ;
+  /dev/ttyp8				-> $(SEC_TTY) ;
+  /dev/ttyp9				-> $(SEC_TTY) ;
+  /dev/ttypa				-> $(SEC_TTY) ;
+  /dev/ttypb				-> $(SEC_TTY) ;
+  /dev/ttypc				-> $(SEC_TTY) ;
+  /dev/ttypd				-> $(SEC_TTY) ;
+  /dev/ttype				-> $(SEC_TTY) ;
+  /dev/ttypf				-> $(SEC_TTY) ;
+  /dev/ttypg				-> $(SEC_TTY) ;
+  /dev/ttyph				-> $(SEC_TTY) ;
+  /dev/ttypi				-> $(SEC_TTY) ;
+  /dev/ttypj				-> $(SEC_TTY) ;
+  /dev/ttypl				-> $(SEC_TTY) ;
+  /dev/ttypm				-> $(SEC_TTY) ;
+  /dev/ttypn				-> $(SEC_TTY) ;
+  /dev/ttypo				-> $(SEC_TTY) ;
+  /dev/ttypp				-> $(SEC_TTY) ;
+  /dev/ttypq				-> $(SEC_TTY) ;
+  /dev/ttypr				-> $(SEC_TTY) ;
+  /dev/ttyps				-> $(SEC_TTY) ;
+  /dev/ttypt				-> $(SEC_TTY) ;
+  /dev/ttypu				-> $(SEC_TTY) ;
+  /dev/ttypv				-> $(SEC_TTY) ;
+  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
+}
+
+
+#
+# /etc
+#
+
+(
+  rulename = "/etc",
+  severity = $(SIG_HI)
+)
+{
+  /etc					-> $(SEC_CRIT) (recurse = true) ;
+  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
+  /etc/dumpdates			-> $(SEC_CONFIG) ;
+  /etc/motd				-> $(SEC_CONFIG) ;
+  !/etc/ppp/connect-errors ;
+  /etc/skeykeys				-> $(SEC_CONFIG) ;
+  # Uncomment the following 4 lines if your password file does not change
+  # /etc/passwd				-> $(SEC_CONFIG) ;
+  # /etc/master.passwd			-> $(SEC_CONFIG) ;
+  # /etc/pwd.db				-> $(SEC_CONFIG) ;
+  # /etc/spwd.db			-> $(SEC_CONFIG) ;
+}
+
+
+#
+# Copatibility (Linux)
+#
+
+(
+  rulename = "Linux Compatibility",
+  severity = $(SIG_HI)
+)
+{
+  /compat				-> $(SEC_CRIT) (recurse = true) ;
+#
+# Uncomment the following if Linux compatibility is used.  Replace
+# HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
+# installed.
+#
+#@@ifhost HOSTNAME1 || HOSTNAME2
+#  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
+#  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
+#  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
+#  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
+#  !/compat/linux/etc/ld.so.cache ;
+#  !/compat/linux/var/spool/mail ;
+#@@endif
+}
+
+
+#
+# Libraries, include files, and other system files
+#
+
+(
+  rulename = "Libraries, include files, and other system files",
+  severity = $(SIG_HI)
+)
+{
+  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man			-> $(SEC_CONFIG) ;
+  !/usr/share/man/whatis ;
+  !/usr/share/man/.glimpse_filenames ;
+  !/usr/share/man/.glimpse_filenames_index ;
+  !/usr/share/man/.glimpse_filetimes ;
+  !/usr/share/man/.glimpse_filters ;
+  !/usr/share/man/.glimpse_index ;
+  !/usr/share/man/.glimpse_messages ;
+  !/usr/share/man/.glimpse_partitions ;
+  !/usr/share/man/.glimpse_statistics ;
+  !/usr/share/man/.glimpse_turbo ;
+  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/man/cat1 ;
+  ! /usr/share/man/cat2 ;
+  ! /usr/share/man/cat3 ;
+  ! /usr/share/man/cat4 ;
+  ! /usr/share/man/cat5 ;
+  ! /usr/share/man/cat6 ;
+  ! /usr/share/man/cat7 ;
+  ! /usr/share/man/cat8 ;
+  ! /usr/share/man/cat9 ;
+  ! /usr/share/man/catl ;
+  ! /usr/share/man/catn ;
+  /usr/share/perl/man			-> $(SEC_CONFIG) ;
+  !/usr/share/perl/man/whatis ;
+  !/usr/share/perl/man/.glimpse_filenames ;
+  !/usr/share/perl/man/.glimpse_filenames_index ;
+  !/usr/share/perl/man/.glimpse_filetimes ;
+  !/usr/share/perl/man/.glimpse_filters ;
+  !/usr/share/perl/man/.glimpse_index ;
+  !/usr/share/perl/man/.glimpse_messages ;
+  !/usr/share/perl/man/.glimpse_partitions ;
+  !/usr/share/perl/man/.glimpse_statistics ;
+  !/usr/share/perl/man/.glimpse_turbo ;
+  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/share/perl/man/cat3 ;
+  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
+  ! /usr/local/lib/perl5/5.00503/man/whatis ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
+  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
+  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
+}
+
+
+#
+# X11R6
+#
+
+(
+  rulename = "X11R6",
+  severity = $(SIG_HI)
+)
+{
+  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
+  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
+  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
+  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
+  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
+  /usr/X11R6/man			-> $(SEC_CONFIG) ;
+  !/usr/X11R6/man/whatis ;
+  !/usr/X11R6/man/.glimpse_filenames ;
+  !/usr/X11R6/man/.glimpse_filenames_index ;
+  !/usr/X11R6/man/.glimpse_filetimes ;
+  !/usr/X11R6/man/.glimpse_filters ;
+  !/usr/X11R6/man/.glimpse_index ;
+  !/usr/X11R6/man/.glimpse_messages ;
+  !/usr/X11R6/man/.glimpse_partitions ;
+  !/usr/X11R6/man/.glimpse_statistics ;
+  !/usr/X11R6/man/.glimpse_turbo ;
+  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/X11R6/man/cat1 ;
+  ! /usr/X11R6/man/cat2 ;
+  ! /usr/X11R6/man/cat3 ;
+  ! /usr/X11R6/man/cat4 ;
+  ! /usr/X11R6/man/cat5 ;
+  ! /usr/X11R6/man/cat6 ;
+  ! /usr/X11R6/man/cat7 ;
+  ! /usr/X11R6/man/cat8 ;
+  ! /usr/X11R6/man/cat9 ;
+  ! /usr/X11R6/man/catl ;
+  ! /usr/X11R6/man/catn ;
+}
+
+
+#
+# sources
+#
+
+(
+  rulename = "Sources",
+  severity = $(SIG_HI)
+)
+{
+  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
+  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
+}
+
+
+#
+# NIS
+#
+
+(
+  rulename = "NIS",
+  severity = $(SIG_HI)
+)
+{
+  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
+  !/var/yp/binding ;
+}
+
+
+#
+# Temporary directories
+#
+(
+  rulename = "Temporary directories",
+  recurse = false,
+  severity = $(SIG_LOW)
+)
+{
+  /usr/tmp                             -> $(SEC_INVARIANT) ;
+  /var/tmp                             -> $(SEC_INVARIANT) ;
+  /var/preserve                        -> $(SEC_INVARIANT) ;
+  /tmp                                 -> $(SEC_INVARIANT) ;
+}
+
+#
+# Local files
+#
+
+(
+  rulename = "Local files",
+  severity = $(SIG_MED)
+)
+{
+  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
+  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
+  /usr/local/man			-> $(SEC_CONFIG) ;
+  !/usr/local/man/whatis ;
+  !/usr/local/man/.glimpse_filenames ;
+  !/usr/local/man/.glimpse_filenames_index ;
+  !/usr/local/man/.glimpse_filetimes ;
+  !/usr/local/man/.glimpse_filters ;
+  !/usr/local/man/.glimpse_index ;
+  !/usr/local/man/.glimpse_messages ;
+  !/usr/local/man/.glimpse_partitions ;
+  !/usr/local/man/.glimpse_statistics ;
+  !/usr/local/man/.glimpse_turbo ;
+  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/man/cat1 ;
+  ! /usr/local/man/cat2 ;
+  ! /usr/local/man/cat3 ;
+  ! /usr/local/man/cat4 ;
+  ! /usr/local/man/cat5 ;
+  ! /usr/local/man/cat6 ;
+  ! /usr/local/man/cat7 ;
+  ! /usr/local/man/cat8 ;
+  ! /usr/local/man/cat9 ;
+  ! /usr/local/man/catl ;
+  ! /usr/local/man/catn ;
+  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
+  !/usr/local/krb5/man/whatis ;
+  !/usr/local/krb5/man/.glimpse_filenames ;
+  !/usr/local/krb5/man/.glimpse_filenames_index ;
+  !/usr/local/krb5/man/.glimpse_filetimes ;
+  !/usr/local/krb5/man/.glimpse_filters ;
+  !/usr/local/krb5/man/.glimpse_index ;
+  !/usr/local/krb5/man/.glimpse_messages ;
+  !/usr/local/krb5/man/.glimpse_partitions ;
+  !/usr/local/krb5/man/.glimpse_statistics ;
+  !/usr/local/krb5/man/.glimpse_turbo ;
+  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
+  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
+  ! /usr/local/krb5/man/cat1 ;
+  ! /usr/local/krb5/man/cat2 ;
+  ! /usr/local/krb5/man/cat3 ;
+  ! /usr/local/krb5/man/cat4 ;
+  ! /usr/local/krb5/man/cat5 ;
+  ! /usr/local/krb5/man/cat6 ;
+  ! /usr/local/krb5/man/cat7 ;
+  ! /usr/local/krb5/man/cat8 ;
+  ! /usr/local/krb5/man/cat9 ;
+  ! /usr/local/krb5/man/catl ;
+  ! /usr/local/krb5/man/catn ;
+  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
+}
+
+
+(
+  rulename = "Security Control",
+  severity = $(SIG_HI)
+)
+{
+  /etc/group                           -> $(SEC_CRIT) ;
+  /etc/crontab                         -> $(SEC_CRIT) ;
+}
+
+#=============================================================================
+#
+# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Inc. in the United States and other countries. All rights reserved.
+#
+# FreeBSD is a registered trademark of the FreeBSD Project Inc.
+#
+# UNIX is a registered trademark of The Open Group.
+#
+#=============================================================================
+#
+# Permission is granted to make and distribute verbatim copies of this document
+# provided the copyright notice and this permission notice are preserved on all
+# copies.
+#
+# Permission is granted to copy and distribute modified versions of this
+# document under the conditions for verbatim copying, provided that the entire
+# resulting derived work is distributed under the terms of a permission notice
+# identical to this one.
+#
+# Permission is granted to copy and distribute translations of this document
+# into another language, under the above conditions for modified versions,
+# except that this permission notice may be stated in a translation approved by
+# Tripwire, Inc.
+#
+# DCM
--- a/policy/twpol-OpenBSD.txt
+++ b/policy/twpol-OpenBSD.txt
@ -2,8 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                      Policy file for OpenBSD 3.5                           # #
-#                             May 20, 2003                                   # #
+#                      Tripwire 2.4 policy for OpenBSD                       # #
+#                            updated March 2018                              # #
 #                                                                            ##
 ##############################################################################

@ -60,13 +60,13 @@ HOSTNAME=;
 #
 ##############################################################################

-Device        = +pugsdr-intlbamcCMSH ;
-Dynamic       = +pinugtd-srlbamcCMSH ;
-Growing       = +pinugtdl-srbamcCMSH ;
-IgnoreAll     = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-ReadOnly      = +pinugtsdbmCM-rlacSH ;
-Temporary     = +pugt ;
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;

@@section FS 

@ -83,10 +83,10 @@ Temporary     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }

 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -103,14 +103,14 @@ Temporary     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.

-  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;

  # don't scan the individual reports
-  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;

  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
@ -131,9 +131,9 @@ Temporary     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /boot                         -> $(ReadOnly) ;
-  /bsd                          -> $(ReadOnly) ;
-  /etc                          -> $(IgnoreNone) -SHa ;
+  /boot                         -> $(SEC_READONLY) ;
+  /bsd                          -> $(SEC_READONLY) ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
 }

  ###################################################
@ -147,13 +147,13 @@ Temporary     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(ReadOnly) ;
-  /cdrom                        -> $(Dynamic) ;
-  /floppy                       -> $(Dynamic) ;
-  /home                         -> $(ReadOnly) ;  # Modify as needed
-  /mnt                          -> $(Dynamic) ;
-  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(ReadOnly) ;
+  /                             -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(SEC_DYNAMIC) ;
+  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /mnt                          -> $(SEC_DYNAMIC) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
 }

  ###################################################
@ -167,8 +167,8 @@ Temporary     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /altroot                      -> $(Dynamic) ;
-  /stand                        -> $(Dynamic) ;
+  /altroot                      -> $(SEC_DYNAMIC) ;
+  /stand                        -> $(SEC_DYNAMIC) ;
 }

  ################################################
@ -182,10 +182,10 @@ Temporary     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(Device) ;
-  /dev/fd                       -> $(Device) ;
-  /var/cron/tabs/.sock          -> $(Device) ; 
-  /var/empty/dev/log            -> $(Device) ; 
+  /dev                          -> $(SEC_DEVICE) ;
+  /dev/fd                       -> $(SEC_DEVICE) ;
+  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
+  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
 }

  ################################################
@ -199,14 +199,14 @@ Temporary     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /bin                          -> $(ReadOnly) ;
-  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(ReadOnly) ;
-  /usr/libexec                  -> $(ReadOnly) ;
-  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/X11R6/bin                -> $(ReadOnly) ;
-  /usr/X11R6/lib                -> $(ReadOnly) ;
+  /bin                          -> $(SEC_READONLY) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/X11R6/bin                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(SEC_READONLY) ;
 }
  ################################################
 #                                              ##
@ -219,19 +219,19 @@ Temporary     = +pugt ;
  #OKrulename = "Usr Local Files",
 #OK)
 #OK{
-  #OK/usr/local                    -> $(ReadOnly) ;
-  #OK/usr/local/bin                -> $(ReadOnly) ;
-  #OK/usr/local/doc                -> $(ReadOnly) ;
-  #OK/usr/local/etc                -> $(ReadOnly) ;
-  #OK/usr/local/include            -> $(ReadOnly) ;
-  #OK/usr/local/info               -> $(ReadOnly) ;
-  #OK/usr/local/lib                -> $(ReadOnly) ;
-  #OK/usr/local/libdata            -> $(ReadOnly) ;
-  #OK/usr/local/libexec            -> $(ReadOnly) ;
-  #OK/usr/local/man                -> $(ReadOnly) ;
-  #OK/usr/local/sbin               -> $(ReadOnly) ;
-  #OK/usr/local/share              -> $(ReadOnly) ;
-  #OK/usr/local/src                -> $(ReadOnly) ;
+  #OK/usr/local                    -> $(SEC_READONLY) ;
+  #OK/usr/local/bin                -> $(SEC_READONLY) ;
+  #OK/usr/local/doc                -> $(SEC_READONLY) ;
+  #OK/usr/local/etc                -> $(SEC_READONLY) ;
+  #OK/usr/local/include            -> $(SEC_READONLY) ;
+  #OK/usr/local/info               -> $(SEC_READONLY) ;
+  #OK/usr/local/lib                -> $(SEC_READONLY) ;
+  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
+  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
+  #OK/usr/local/man                -> $(SEC_READONLY) ;
+  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
+  #OK/usr/local/share              -> $(SEC_READONLY) ;
+  #OK/usr/local/src                -> $(SEC_READONLY) ;
 #OK}

  ################################################
@ -245,9 +245,9 @@ Temporary     = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  /root                          -> $(IgnoreNone) -SHa ;
-  /root/.cshrc                   -> $(Dynamic) ;
-  /root/.profile                 -> $(Dynamic) ;
+  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
+  /root/.profile                 -> $(SEC_DYNAMIC) ;
 }

  ################################################
@ -261,8 +261,8 @@ Temporary     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(Temporary) ;
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }

  ################################################
@ -276,15 +276,15 @@ Temporary     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /var/backups                    -> $(Dynamic) -i ;
-  /var/db/host.random             -> $(ReadOnly) -mCM ;
-  /var/cron                       -> $(Growing) -i ;
-  /var/log                        -> $(Growing) -i ;
-  /var/run                        -> $(Dynamic) -i ;
-  /var/mail                       -> $(Growing) ;
-  /var/msgs/bounds                -> $(ReadOnly) -smbCM ;
-  /var/spool/clientmqueue         -> $(Temporary) ;
-  /var/spool/mqueue               -> $(Temporary) ;
+  /var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  /var/cron                       -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/mail                       -> $(SEC_GROWING) ;
+  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
 }

 #
--- a/policy/twpol-SunOS.txt
+++ b/policy/twpol-SunOS.txt
@ -2,7 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                        Policy file for Solaris 8                           # #
+#                      Tripwire 2.4 policy for Solaris                       # #
+#                             updated March 2018                             # #
 #                                                                            ##
 ##############################################################################

@ -61,13 +62,13 @@ HOSTNAME=;
 #
 ##############################################################################

-Device        = +pugsdr-intlbamcCMSH ;
-Dynamic       = +pinugtd-srlbamcCMSH ;
-Growing       = +pinugtdl-srbamcCMSH ;
-IgnoreAll     = -pinugtsdrlbamcCMSH ;
-IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-ReadOnly      = +pinugtsdbmCM-rlacSH ;
-Temporary     = +pugt ;
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY     = +pugt ;

@@section FS 

@ -84,10 +85,10 @@ Temporary     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(ReadOnly) ;
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }

 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -104,14 +105,14 @@ Temporary     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.

-  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;

  # don't scan the individual reports
-  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;

  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
@ -132,8 +133,8 @@ Temporary     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /etc                          -> $(IgnoreNone) -SHa ;
-  /kernel		        -> $(ReadOnly) ;
+  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /kernel		        -> $(SEC_READONLY) ;
 }

  ###################################################
@ -147,13 +148,13 @@ Temporary     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(ReadOnly) ;
-  /cdrom                        -> $(Dynamic) ;
-  /home                         -> $(ReadOnly) ;
-  /mnt                          -> $(Dynamic) ;
-  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(ReadOnly) ;
-  /opt                          -> $(ReadOnly) ;
+  /                             -> $(SEC_READONLY) ;
+  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /home                         -> $(SEC_READONLY) ;
+  /mnt                          -> $(SEC_DYNAMIC) ;
+  /usr                          -> $(SEC_READONLY) ;
+  /var                          -> $(SEC_READONLY) ;
+  /opt                          -> $(SEC_READONLY) ;
 }

  ###################################################
@ -167,7 +168,7 @@ Temporary     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /lost+found                   -> $(ReadOnly) ;
+  /lost+found                   -> $(SEC_READONLY) ;
 }

  ################################################
@ -181,8 +182,8 @@ Temporary     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(Device) ;
-  /devices                      -> $(Device) ;
+  /dev                          -> $(SEC_DEVICE) ;
+  /devices                      -> $(SEC_DEVICE) ;
 }

  ################################################
@ -196,12 +197,12 @@ Temporary     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(ReadOnly) ;
-  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/openwin/bin              -> $(ReadOnly) ;
-  /usr/openwin/lib              -> $(ReadOnly) ;
+  /sbin                         -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/openwin/bin              -> $(SEC_READONLY) ;
+  /usr/openwin/lib              -> $(SEC_READONLY) ;
 }

  ################################################
@ -216,9 +217,9 @@ Temporary     = +pugt ;
 )
 {
  ! /.netscape/cache ; 
-  /.bash_history	         -> $(ReadOnly) -smbCM;
-  /.sh_history                   -> $(Dynamic) ;
-  /.Xauthority                   -> $(ReadOnly) ;
+  /.bash_history	         -> $(SEC_READONLY) -smbCM;
+  /.sh_history                   -> $(SEC_DYNAMIC) ;
+  /.Xauthority                   -> $(SEC_READONLY) ;
 }

  ################################################
@ -232,8 +233,8 @@ Temporary     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(Temporary) ;
+  /tmp                          -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }

  ################################################
@ -295,17 +296,17 @@ Temporary     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /etc/.pwd.lock		   -> $(ReadOnly) -cm;
-  /etc/coreadm.conf		   -> $(ReadOnly) -cm;
-  /var/adm                         -> $(Growing) -i;
-  #/var/backups                    -> $(Dynamic) -i ;
-  /var/cron/log                    -> $(Growing) -i ;
-  #/var/db/host.random             -> $(ReadOnly) -mCM ;
-  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
-  /var/log                         -> $(Growing) -i ;
-  #/var/run                        -> $(Dynamic) -i ;
-  #/var/mail                       -> $(Growing) ;
-  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
+  /etc/.pwd.lock		   -> $(SEC_READONLY) -cm;
+  /etc/coreadm.conf		   -> $(SEC_READONLY) -cm;
+  /var/adm                         -> $(SEC_GROWING) -i;
+  #/var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/cron/log                    -> $(SEC_GROWING) -i ;
+  #/var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  #/var/db/locate.database         -> $(SEC_READONLY) -misCM ;
+  /var/log                         -> $(SEC_GROWING) -i ;
+  #/var/run                        -> $(SEC_DYNAMIC) -i ;
+  #/var/mail                       -> $(SEC_GROWING) ;
+  #/var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
  !/var/sendmail ;
  !/var/spool/clientmqueue ;
  !/var/spool/mqueue ;
--- a/policy/twpol-Syllable.txt
+++ b/policy/twpol-Syllable.txt
@ -0,0 +1,184 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for Syllable                           ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+
+##############################################################################
+
+
+### System dir ###############################################################
+#
+(rulename = "System Directory",)
+{
+   /boot/system -> $(SEC_READONLY) -a;
+}
+
+
+### Other bin dirs ############################################################
+#
+(rulename = "Binary Directories",)
+{
+  /boot/bin -> $(SEC_READONLY) -a;
+  /usr/bin -> $(SEC_READONLY) -a;
+  /usr/local/bin -> $(SEC_READONLY) -a;
+  /boot/Applications -> $(SEC_READONLY) -a;
+  /resources/index/bin -> $(SEC_READONLY) -a;
+}
+
+(rulename = "Admin Binary Directories",)
+{
+  /usr/local/sbin -> $(SEC_READONLY) -a;
+  /resources/index/sbin -> $(SEC_READONLY) -a;
+  /usr/local/libexec -> $(SEC_READONLY) -a;
+  /resources/index/libexec -> $(SEC_READONLY) -a;
+}
+
+
+### Other lib dirs ############################################################
+#
+(rulename = "Library Directories",)
+{
+  /usr/local/lib -> $(SEC_READONLY) -a;
+  /resources/index/lib -> $(SEC_READONLY) -a;
+}
+
+### Other boot dirs ###########################################################
+#
+(rulename = "Boot Directories",)
+{
+  /boot/boot/grub -> $(SEC_READONLY) -a;
+}
+
+### Settings ##################################################################
+#
+(rulename = "Settings",)
+{
+  /boot/etc -> $(SEC_READONLY) -a;
+  /usr/local/etc -> $(SEC_READONLY) -a;
+}
+
+# Logs ########################################################################
+#
+(rulename = "Logs",)
+{
+  /var/log -> $(SEC_GROWING) -a;
+}
+
+# Dev #########################################################################
+#
+(rulename = "Devices",)
+{
+  /dev -> $(SEC_DEVICE) -a;
+}
+
+# Temp dirs #########################
+#
+(rulename = "Temp Directories",)
+{
+  /boot/tmp -> $(SEC_TEMPORARY) -a;
+}
--- a/policy/twpol-skyos.txt
+++ b/policy/twpol-skyos.txt
@ -0,0 +1,183 @@
+###############################################################################
+#                                                                            ##
+#    Default Tripwire 2.4 Policy file for SkyOS                             ##
+#                                                                            ##
+###############################################################################
+
+
+###############################################################################
+#                                                                            ##
+# Global Variable Definitions                                                ##
+#                                                                            ##
+# These are defined at install time by the installation script.  You may     ##
+# Manually edit these if you are using this file directly and not from the   ##
+# installation script itself.                                                ##
+#                                                                            ##
+###############################################################################
+
+@@section GLOBAL
+TWROOT=;
+TWBIN=;
+TWPOL=;
+TWDB=;
+TWSKEY=;
+TWLKEY=;
+TWREPORT=;
+HOSTNAME=;
+
+##############################################################################
+#  Predefined Variables                                                      #
+##############################################################################
+#
+#  Property Masks
+#
+#  -  ignore the following properties
+#  +  check the following properties
+#
+#  a  access timestamp (mutually exclusive with +CMSH)
+#  b  number of blocks allocated
+#  c  inode creation/modification timestamp
+#  d  ID of device on which inode resides
+#  g  group id of owner
+#  i  inode number
+#  l  growing files (logfiles for example)
+#  m  modification timestamp
+#  n  number of links
+#  p  permission and file mode bits
+#  r  ID of device pointed to by inode (valid only for device objects)
+#  s  file size
+#  t  file type
+#  u  user id of owner
+#
+#  C  CRC-32 hash
+#  H  HAVAL hash
+#  M  MD5 hash
+#  S  SHA hash
+#
+##############################################################################
+
+SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_TEMPORARY       = +pugt ;
+
+@@section FS 
+
+#########################################
+#                                      ##
+#  Tripwire Binaries and Data Files    ##
+#                                      ##
+#########################################
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+
+  # don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+}
+
+
+##############################################################################
+
+
+### System dir ###############################################################
+#
+(rulename = "System Directory",)
+{
+  /boot/system -> $(SEC_READONLY) -a;
+  /boot/system/registry.rsm -> $(SEC_READONLY) -am; 
+}
+
+(rulename = "System Files",)
+{
+  /boot/kernel.sys -> $(SEC_READONLY) -a;
+  /boot/kernel.dbg -> $(SEC_READONLY) -a;
+  /boot/init.scr -> $(SEC_READONLY) -a;
+  /boot/install.sif -> $(SEC_READONLY) -a;
+}
+
+### Other bin dirs ############################################################
+#
+(rulename = "Binary Directories",)
+{
+  /boot/programs -> $(SEC_READONLY) -a;
+}
+
+### Other lib dirs ############################################################
+#
+(rulename = "Library Directories",)
+{
+  /usr/lib -> $(SEC_READONLY) -a;
+  /usr/local/lib -> $(SEC_READONLY) -a;
+}
+
+### Other boot dirs ###########################################################
+#
+(rulename = "Boot Directories",)
+{
+  /boot/boot/grub -> $(SEC_READONLY) -a;
+}
+
+### Settings ##################################################################
+#
+(rulename = "Settings",)
+{
+  /boot/programs/unix/etc -> $(SEC_READONLY) -a;
+  /usr/local/etc -> $(SEC_READONLY) -a;
+}
+
+# Logs ########################################################################
+#
+(rulename = "Logs",)
+{
+  /var/log -> $(SEC_GROWING) -a;
+}
+
+# Dev #########################################################################
+#
+(rulename = "Devices",)
+{
+  /dev -> $(SEC_DEVICE) -a;
+  /fifo -> $(SEC_DEVICE) -a;
+  /pty -> $(SEC_DEVICE) -as;
+  /systeminterface -> $(SEC_DEVICE) -a;
+  /umfs -> $(SEC_DEVICE) -a;
+}
+
+# Temp dirs #########################
+#
+(rulename = "Temp Directories",)
+{
+  /boot/temp -> $(SEC_TEMPORARY) -a;
+}
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -8,3 +8,7 @@ install:
 uninstall:
 	true

+clean-local: clean-local-check
+.PHONY: clean-local-check
+clean-local-check:
+	-rm -rf test-harness/twtest
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -282,7 +282,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -520,7 +519,7 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-recursive

-clean-am: clean-generic mostlyclean-am
+clean-am: clean-generic clean-local mostlyclean-am

 distclean: distclean-recursive
 	-rm -f Makefile
@ -587,16 +586,17 @@ uninstall-am:
 .MAKE: $(am__recursive_targets) install-am install-strip

 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
-	check-am clean clean-generic cscopelist-am ctags ctags-am \
-	distclean distclean-generic distclean-tags distdir dvi dvi-am \
-	html html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
-	pdf-am ps ps-am tags tags-am uninstall uninstall-am
+	check-am clean clean-generic clean-local cscopelist-am ctags \
+	ctags-am distclean distclean-generic distclean-tags distdir \
+	dvi dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am

 .PRECIOUS: Makefile

@ -607,6 +607,11 @@ install:
 uninstall:
 	true

+clean-local: clean-local-check
+.PHONY: clean-local-check
+clean-local-check:
+	-rm -rf test-harness/twtest
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
--- a/src/buildnum.h
+++ b/src/buildnum.h
@ -1,2 +1 @@
 #define BUILD_NUM _T("0")
-
--- a/src/core/Makefile.am
+++ b/src/core/Makefile.am
@ -9,32 +9,33 @@ libcore_a_SOURCES = \
   archive.cpp charutil.cpp		\
   cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp		\
   corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp		\
-   displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp		\
+   displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
   errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp		\
   growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp		\
-   objectpool.cpp refcountobj.cpp serializable.cpp serializer.cpp	\
+   refcountobj.cpp serializable.cpp serializer.cpp	\
   serializerimpl.cpp serializerutil.cpp serstring.cpp 			\
   srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp		\
-   timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp	\
-   unixexcept.cpp usernotify.cpp usernotifystdout.cpp utf8.cpp		\
+   timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp      	\
+   unixexcept.cpp usernotify.cpp usernotifystdout.cpp		\
   wchar16.cpp

 libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h       \
   core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h        \
-   displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h      \
+   displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
   errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h   \
   fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h       \
-   ntmbs.h objectpool.h package.h platform.h refcountobj.h resources.h       \
+   ntmbs.h package.h platform.h refcountobj.h resources.h                    \
   serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
   sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h    \
-   tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h        \
+   tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h                   \
   twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
-   usernotify.h usernotifystdout.h utf8.h wchar16.h
+   usernotify.h usernotifystdout.h wchar16.h

 libcore_a_LIBADD = @CORE_CRYPT_O@
 libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
 
 DEFS = @DEFS@		# This gets rid of the -I. so AM_CPPFLAGS must be more explicit
+CLEANFILES = *.gcno *.gcda

 all: $(noinst_LIBRARIES)
 	$(AR) ru ../../lib/libtripwire.a $(libcore_a_OBJECTS) $(libcore_a_LIBADD)
--- a/src/core/Makefile.in
+++ b/src/core/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -113,20 +113,19 @@ am_libcore_a_OBJECTS = file_unix.$(OBJEXT) unixfsservices.$(OBJEXT) \
 	archive.$(OBJEXT) charutil.$(OBJEXT) cmdlineparser.$(OBJEXT) \
 	codeconvert.$(OBJEXT) core.$(OBJEXT) coreerrors.$(OBJEXT) \
 	corestrings.$(OBJEXT) crc32.$(OBJEXT) debug.$(OBJEXT) \
-	displayencoder.$(OBJEXT) displayutil.$(OBJEXT) error.$(OBJEXT) \
-	errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
+	displayencoder.$(OBJEXT) displayutil.$(OBJEXT) epoch.$(OBJEXT) \
+	error.$(OBJEXT) errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
 	errorutil.$(OBJEXT) fileerror.$(OBJEXT) fileheader.$(OBJEXT) \
 	fsservices.$(OBJEXT) growheap.$(OBJEXT) hashtable.$(OBJEXT) \
 	haval.$(OBJEXT) msystem.$(OBJEXT) ntmbs.$(OBJEXT) \
-	objectpool.$(OBJEXT) refcountobj.$(OBJEXT) \
-	serializable.$(OBJEXT) serializer.$(OBJEXT) \
-	serializerimpl.$(OBJEXT) serializerutil.$(OBJEXT) \
-	serstring.$(OBJEXT) srefcountobj.$(OBJEXT) \
-	srefcounttbl.$(OBJEXT) stdcore.$(OBJEXT) stringutil.$(OBJEXT) \
-	timebomb.$(OBJEXT) timeconvert.$(OBJEXT) tw_signal.$(OBJEXT) \
-	twlimits.$(OBJEXT) twlocale.$(OBJEXT) unixexcept.$(OBJEXT) \
-	usernotify.$(OBJEXT) usernotifystdout.$(OBJEXT) utf8.$(OBJEXT) \
-	wchar16.$(OBJEXT)
+	refcountobj.$(OBJEXT) serializable.$(OBJEXT) \
+	serializer.$(OBJEXT) serializerimpl.$(OBJEXT) \
+	serializerutil.$(OBJEXT) serstring.$(OBJEXT) \
+	srefcountobj.$(OBJEXT) srefcounttbl.$(OBJEXT) \
+	stdcore.$(OBJEXT) stringutil.$(OBJEXT) timeconvert.$(OBJEXT) \
+	tw_signal.$(OBJEXT) twlimits.$(OBJEXT) twlocale.$(OBJEXT) \
+	unixexcept.$(OBJEXT) usernotify.$(OBJEXT) \
+	usernotifystdout.$(OBJEXT) wchar16.$(OBJEXT)
 libcore_a_OBJECTS = $(am_libcore_a_OBJECTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@ -314,7 +313,6 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
-runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -336,30 +334,31 @@ libcore_a_SOURCES = \
   archive.cpp charutil.cpp		\
   cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp		\
   corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp		\
-   displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp		\
+   displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
   errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp		\
   growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp		\
-   objectpool.cpp refcountobj.cpp serializable.cpp serializer.cpp	\
+   refcountobj.cpp serializable.cpp serializer.cpp	\
   serializerimpl.cpp serializerutil.cpp serstring.cpp 			\
   srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp		\
-   timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp	\
-   unixexcept.cpp usernotify.cpp usernotifystdout.cpp utf8.cpp		\
+   timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp      	\
+   unixexcept.cpp usernotify.cpp usernotifystdout.cpp		\
   wchar16.cpp

 libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h       \
   core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h        \
-   displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h      \
+   displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
   errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h   \
   fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h       \
-   ntmbs.h objectpool.h package.h platform.h refcountobj.h resources.h       \
+   ntmbs.h package.h platform.h refcountobj.h resources.h                    \
   serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
   sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h    \
-   tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h        \
+   tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h                   \
   twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
-   usernotify.h usernotifystdout.h utf8.h wchar16.h
+   usernotify.h usernotifystdout.h wchar16.h

 libcore_a_LIBADD = @CORE_CRYPT_O@
 libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
+CLEANFILES = *.gcno *.gcda
 all: all-am

 .SUFFIXES:
@ -546,6 +545,7 @@ install-strip:
 mostlyclean-generic:

 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)

 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
--- a/src/core/archive.cpp
+++ b/src/core/archive.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -49,56 +49,34 @@
 #include "file.h"
 #include "stringutil.h"

-#include "corestrings.h"    // for: STR_ERR2_ARCH_CRYPTO_ERR
-
-//=============================================================================
-// Utility Functions
-//=============================================================================
-
-///////////////////////////////////////////////////////////////////////////////
-// util_IsDir -- returns true if a given file is a directory
-///////////////////////////////////////////////////////////////////////////////
-bool util_IsDir( const TSTRING& fileName )
-{
-    cFSStatArgs s;
-    try
-    {
-        iFSServices::GetInstance()->Stat( fileName, s );        
-    }
-    catch( eFSServices )
-    {
-        return false;
-    }
-    
-    return( s.mFileType == cFSStatArgs::TY_DIR );
-}
+#include "corestrings.h" // for: STR_ERR2_ARCH_CRYPTO_ERR

 //=============================================================================
 // eArchiveCrypto
 //=============================================================================
-TSTRING eArchiveCrypto::GetMsg( ) const
+TSTRING eArchiveCrypto::GetMsg() const
 {
    // RAD: Updated this to use new stringtable
-    return ( mMsg + TSS_GetString( cCore, core::STR_ERR2_ARCH_CRYPTO_ERR ) );
+    return (mMsg + TSS_GetString(cCore, core::STR_ERR2_ARCH_CRYPTO_ERR));
 }


 //=============================================================================
-// cArchive 
+// cArchive
 //=============================================================================

 // convenience methods
 //
 // Specific Read functions throw eArchive if EOF is reached because
-// if the caller is requesting a certain amount of data to be present, 
+// if the caller is requesting a certain amount of data to be present,
 // reaching EOF is unexpected
 //
 // ReadBlob and WriteBlob return number of bytes read or written.  Notice
 // that ReadBlob does not throw an exception since eventually EOF is expected.
 //
 // ReadBlob can take NULL as a destination pointer
-// 
-// All write functions throw exceptions for unexpected events like 
+//
+// All write functions throw exceptions for unexpected events like
 // running out of memory or disk space.
 //

@ -127,7 +105,7 @@ void cArchive::ReadInt64(int64& ret) // throw(eArchive)
 }

 // NOTE:BAM 10/11/99 -- we store unsigned size, but it really only works with
-// lengths < INT16_MAX due to sign extension in integral promotion during the 
+// lengths < INT16_MAX due to sign extension in integral promotion during the
 // resize() in ReadString().
 // format for written string: 16-bit unsigned size, then a list of 16-bit UCS2 (Unicode) characters
 // not including terminating NULL
@ -135,25 +113,25 @@ void cArchive::ReadString(TSTRING& ret) // throw(eArchive)
 {
    // read in size of string
    int16 size;
-    ReadInt16( size );
+    ReadInt16(size);

    // create buffer for WCHAR16 string
    wc16_string ws;
-    ws.resize( size );
+    ws.resize(size);
    WCHAR16* pwc = (WCHAR16*)ws.data();

-    for( int n = 0; n < size; n++ )
+    for (int n = 0; n < size; n++)
    {
        int16 i16;
-        ReadInt16( i16 );
+        ReadInt16(i16);
        *pwc++ = i16;
    }

    // convert WCHAR16 string to a TSTRING
-    ret = cStringUtil::WstrToTstr( ws );
+    ret = cStringUtil::WstrToTstr(ws);
 }

-int  cArchive::ReadBlob(void* pBlob, int count)
+int cArchive::ReadBlob(void* pBlob, int count)
 {
    return Read(pBlob, count);
 }
@ -177,7 +155,7 @@ void cArchive::WriteInt64(int64 i) // throw(eArchive)
 }

 // NOTE:BAM 10/11/99 -- we store unsigned size, but it really only works with
-// lengths < INT16_MAX due to sign extension in integral promotion during the 
+// lengths < INT16_MAX due to sign extension in integral promotion during the
 // resize() in ReadString().
 // format for written string: 16-bit unsigned size, then a list of 16-bit UCS2 (Unicode) characters
 // not including terminating NULL
@ -185,20 +163,20 @@ void cArchive::WriteString(TSTRING s) // throw(eArchive)
 {
    // convert string to a UCS2 string
    wc16_string ws;
-    cStringUtil::Convert( ws, s );  // Make convert "type-dispatched"
+    cStringUtil::Convert(ws, s); // Make convert "type-dispatched"

-    // we assume that we can represent the size as a unsigned 16-bit number    
+    // we assume that we can represent the size as a unsigned 16-bit number
    // (we actually write  it as a signed number, but we cast it)
-    if( ws.length() > TSS_INT16_MAX )
-        ThrowAndAssert( eArchiveStringTooLong() );
+    if (ws.length() > TSS_INT16_MAX)
+        ThrowAndAssert(eArchiveStringTooLong());

-    WriteInt16( static_cast<int16>( ws.length() ) );
+    WriteInt16(static_cast<int16>(ws.length()));

    // write out each 16 bit character
    // RAD:09/03/99 -- Optimized for performance with "const"
    wc16_string::const_iterator at = ws.begin();
-    while ( at != ws.end() )
-        WriteInt16( *at++ );
+    while (at != ws.end())
+        WriteInt16(*at++);
 }


@ -212,27 +190,30 @@ int32 cArchive::GetStorageSize(const TSTRING& str)
 {
    int32 size = sizeof(int32); // the length is always stored
    //
-    // after the length, all of the characters in the string are written as 16-bit values, 
+    // after the length, all of the characters in the string are written as 16-bit values,
    // except for the null character
    //
-    size += ( str.length() * 2 );
+    size += (str.length() * 2);

    return size;
 }

 int64 cArchive::Copy(cArchive* pFrom, int64 amt)
 {
-    enum { BUF_SIZE = 2048 };
-    int8    buf[BUF_SIZE];
-    int64   amtLeft = amt;
+    enum
+    {
+        BUF_SIZE = 2048
+    };
+    int8  buf[BUF_SIZE];
+    int64 amtLeft = amt;

-    while(amtLeft > 0)
+    while (amtLeft > 0)
    {
        int64 amtToRead = amtLeft > (int64)BUF_SIZE ? (int64)BUF_SIZE : amtLeft;
-        int64 amtRead = pFrom->ReadBlob(buf, static_cast<int>( amtToRead ) );
+        int64 amtRead   = pFrom->ReadBlob(buf, static_cast<int>(amtToRead));
        amtLeft -= amtRead;
-        WriteBlob(buf, static_cast<int>( amtRead ) );
-        if(amtRead < amtToRead)
+        WriteBlob(buf, static_cast<int>(amtRead));
+        if (amtRead < amtToRead)
            break;
    }

@ -246,7 +227,7 @@ int64 cArchive::Copy(cArchive* pFrom, int64 amt)

 cMemMappedArchive::cMemMappedArchive()
 {
-    mpMappedMem = 0;
+    mpMappedMem   = 0;
    mMappedOffset = 0;
    mMappedLength = 0;
 }
@ -291,13 +272,13 @@ void cMemMappedArchive::SetNewMap(void* pMap, int64 offset, int64 length) const
 {
    if (pMap == 0)
    {
-        mpMappedMem = 0;
+        mpMappedMem   = 0;
        mMappedOffset = 0;
        mMappedLength = 0;
    }
    else
    {
-        mpMappedMem = pMap;
+        mpMappedMem   = pMap;
        mMappedOffset = offset;
        mMappedLength = length;
    }
@ -310,14 +291,13 @@ void cMemMappedArchive::SetNewMap(void* pMap, int64 offset, int64 length) const
 //      mapped.
 ///////////////////////////////////////////////////////////////////////////////

-cMemoryArchive::cMemoryArchive(int maxSize)
-:   mMaxAllocatedLen(maxSize)
+cMemoryArchive::cMemoryArchive(int maxSize) : mMaxAllocatedLen(maxSize)
 {
    ASSERT(maxSize > 0);
-    mpMemory = 0;
+    mpMemory      = 0;
    mAllocatedLen = 0;
-    mLogicalSize = 0;
-    mReadHead = 0;
+    mLogicalSize  = 0;
+    mReadHead     = 0;
 }

 cMemoryArchive::~cMemoryArchive()
@ -343,13 +323,15 @@ void cMemoryArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
        offset = mLogicalSize + (int)offset;
        break;
    default:
-        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
+        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
    }

    if (offset > mLogicalSize)
-        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
+        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));

-    mReadHead = static_cast<int>( offset );
+    mReadHead = static_cast<int>(offset);
 }

 int64 cMemoryArchive::CurrentPos() const
@ -372,8 +354,8 @@ void cMemoryArchive::Truncate()

 void cMemoryArchive::MapArchive(int64 offset, int64 len) // throw(eArchive)
 {
-    if ( offset + (int)len > mLogicalSize )
-        AllocateMemory( static_cast<int>( offset + len ) );
+    if (offset + (int)len > mLogicalSize)
+        AllocateMemory(static_cast<int>(offset + len));

    SetNewMap(mpMemory + offset, offset, len);
 }
@ -421,14 +403,14 @@ void cMemoryArchive::AllocateMemory(int len) // throw(eArchive)
    {
        // grow the buffer
        // only error if we are in debug mode
-#ifdef _DEBUG
+#ifdef DEBUG
        if (len > mMaxAllocatedLen)
            ThrowAndAssert(eArchiveOutOfMem());
 #endif

-        if( 0 == mAllocatedLen )
+        if (0 == mAllocatedLen)
            mAllocatedLen = MIN_ALLOCATED_SIZE;
-        
+
        while (mAllocatedLen < len)
            mAllocatedLen *= 2;

@ -438,7 +420,7 @@ void cMemoryArchive::AllocateMemory(int len) // throw(eArchive)
            memcpy(pNewMem, mpMemory, mLogicalSize);
            delete [] mpMemory;
        }
-        mpMemory = pNewMem;
+        mpMemory     = pNewMem;
        mLogicalSize = len;

        // update memory map if there is one
@ -458,7 +440,7 @@ void cMemoryArchive::AllocateMemory(int len) // throw(eArchive)
            ASSERT(mpMemory);
            memcpy(pNewMem, mpMemory, len);
            delete [] mpMemory;
-            mpMemory = pNewMem;
+            mpMemory     = pNewMem;
            mLogicalSize = len;

            // update memory map if there is one
@ -486,33 +468,27 @@ public:
 //-----------------------------------------------------------------------------
 // cFixedMemArchive
 //-----------------------------------------------------------------------------
-cFixedMemArchive::cFixedMemArchive()
-:   mpMemory    (0),
-    mSize       (0),
-    mReadHead   (0)
+cFixedMemArchive::cFixedMemArchive() : mpMemory(0), mSize(0), mReadHead(0)
 {
 }

-cFixedMemArchive::cFixedMemArchive( int8* pMem, int32 size )
-:   mpMemory    (0),
-    mSize       (0),
-    mReadHead   (0)
+cFixedMemArchive::cFixedMemArchive(int8* pMem, int32 size) : mpMemory(0), mSize(0), mReadHead(0)
 {
-    Attach( pMem, size );
+    Attach(pMem, size);
 }

 cFixedMemArchive::~cFixedMemArchive()
 {
 }

-void cFixedMemArchive::Attach( int8* pMem, int32 size )
+void cFixedMemArchive::Attach(int8* pMem, int32 size)
 {
-    mpMemory    = pMem;
-    mSize       = size;
-    mReadHead   = 0;
+    mpMemory  = pMem;
+    mSize     = size;
+    mReadHead = 0;
 }

-void cFixedMemArchive::Seek(int64 offset, SeekFrom from)  // throw(eArchive)
+void cFixedMemArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
 {
    switch (from)
    {
@ -525,21 +501,23 @@ void cFixedMemArchive::Seek(int64 offset, SeekFrom from)  // throw(eArchive)
        offset = mSize + (int)offset;
        break;
    default:
-        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
+        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
    }

    if (offset > mSize)
-        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
+        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));

-    mReadHead = static_cast<int32>( offset );
+    mReadHead = static_cast<int32>(offset);
 }

-int64 cFixedMemArchive::CurrentPos() const 
+int64 cFixedMemArchive::CurrentPos() const
 {
    return mReadHead;
 }

-int64 cFixedMemArchive::Length() const 
+int64 cFixedMemArchive::Length() const
 {
    return mSize;
 }
@ -549,12 +527,12 @@ bool cFixedMemArchive::EndOfFile()
    return (mReadHead >= mSize);
 }

-int cFixedMemArchive::Read(void* pDest, int count)          // throw(eArchive)
+int cFixedMemArchive::Read(void* pDest, int count) // throw(eArchive)
 {
-    ASSERT( pDest );
+    ASSERT(pDest);
    if (mReadHead + count > mSize)
    {
-        count = static_cast<int>( mSize - mReadHead );
+        count = static_cast<int>(mSize - mReadHead);
        if (count <= 0)
            return 0;
    }
@ -567,11 +545,11 @@ int cFixedMemArchive::Read(void* pDest, int count)          // throw(eArchive)
    return count;
 }

-int cFixedMemArchive::Write(const void* pDest, int count)   // throw(eArchive)
+int cFixedMemArchive::Write(const void* pDest, int count) // throw(eArchive)
 {
    if (mReadHead + count > mSize)
    {
-        ASSERT( false );
+        ASSERT(false);
        throw eArchiveWrite();
    }

@ -588,11 +566,9 @@ int cFixedMemArchive::Write(const void* pDest, int count)   // throw(eArchive)
 ///////////////////////////////////////////////////////////////////////////////

 //Ctor -- Initialize member variables to 0 or NULL equivalents.
-cFileArchive::cFileArchive() :
-    mFileSize(0),
-    mReadHead(0),
-    isWritable(false)
-{}
+cFileArchive::cFileArchive() : mFileSize(0), mReadHead(0), isWritable(false)
+{
+}

 cFileArchive::~cFileArchive()
 {
@ -600,16 +576,16 @@ cFileArchive::~cFileArchive()

 bool cFileArchive::EndOfFile()
 {
-    return ( mReadHead >= mFileSize );
+    return (mReadHead >= mFileSize);
 }

 ////////////////////////////////////////////////////////////////////////
 // Seek -- This is where the actual offset is performed.  The default
 // for each archive will be 0.
 /////////////////////////////////////////////////////////////////////////
-void cFileArchive::Seek( int64 offset, SeekFrom from) // throw(eArchive)
+void cFileArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
 {
-    try 
+    try
    {
        switch (from)
        {
@ -622,19 +598,19 @@ void cFileArchive::Seek( int64 offset, SeekFrom from) // throw(eArchive)
            offset = mFileSize + offset;
            break;
        default:
-            throw eArchiveSeek( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
+            throw eArchiveSeek(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
        }

-        if ( offset > mFileSize )
-            throw eArchiveSeek( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
+        if (offset > mFileSize)
+            throw eArchiveSeek(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
        mReadHead = offset;

        mCurrentFile.Seek(mReadHead, cFile::SEEK_BEGIN);
-            //This is where the actual read/writehead is set!!
-    }//try
-    catch( eFile& fileError )
+        //This is where the actual read/writehead is set!!
+    } //try
+    catch (eFile& fileError)
    {
-        throw( eArchiveSeek( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveSeek(mCurrentFilename, fileError.GetDescription()));
    }
 }

@ -648,13 +624,13 @@ int64 cFileArchive::CurrentPos(void) const
 /////////////////////////////////////////////////////////////////////////
 int64 cFileArchive::Length(void) const
 {
-    try 
+    try
    {
        return mCurrentFile.GetSize();
    }
-    catch(eFile& fileError)
+    catch (eFile& fileError)
    {
-        throw( eArchiveSeek( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveSeek(mCurrentFilename, fileError.GetDescription()));
    }
 }

@ -663,26 +639,26 @@ int64 cFileArchive::Length(void) const
 /////////////////////////////////////////////////////////////////////////
 void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags)
 {
-    try 
+    try
    {
        // set up open flags
        uint32 flags = cFile::OPEN_READ;
-        flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
-        flags |= ( ( openFlags & FA_OPEN_TEXT     ) ? cFile::OPEN_TEXT     : 0 );
-        flags |= ( ( openFlags & FA_SCANNING      ) ? cFile::OPEN_SCANNING : 0 );
-        flags |= ( ( openFlags & FA_DIRECT        ) ? cFile::OPEN_DIRECT   : 0 );
+        flags |= ((openFlags & FA_OPEN_TRUNCATE) ? cFile::OPEN_TRUNCATE : 0);
+        flags |= ((openFlags & FA_OPEN_TEXT)     ? cFile::OPEN_TEXT     : 0);
+        flags |= ((openFlags & FA_SCANNING)      ? cFile::OPEN_SCANNING : 0);
+        flags |= ((openFlags & FA_DIRECT)        ? cFile::OPEN_DIRECT   : 0);

-        mOpenFlags = openFlags; 
+        mOpenFlags       = openFlags;
        mCurrentFilename = filename;
-        mCurrentFile.Open( filename, flags );
+        mCurrentFile.Open(filename, flags);
        isWritable = false;

-        mFileSize           = mCurrentFile.GetSize();
-        mReadHead           = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
+        mFileSize = mCurrentFile.GetSize();
+        mReadHead = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);
    }
-    catch(eFile& fileError)
+    catch (eFile& fileError)
    {
-        throw(eArchiveOpen( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveOpen(mCurrentFilename, fileError.GetDescription()));
    }
 }

@ -691,26 +667,26 @@ void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags)
 /////////////////////////////////////////////////////////////////////////
 void cFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
 {
-    try 
-    {        
+    try
+    {
        // set up open flags
        uint32 flags = cFile::OPEN_WRITE;
-        flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
-        flags |= ( ( openFlags & FA_OPEN_TEXT     ) ? cFile::OPEN_TEXT     : 0 );
-        flags |= ( ( openFlags & FA_SCANNING      ) ? cFile::OPEN_SCANNING : 0 );
-        flags |= ( ( openFlags & FA_DIRECT        ) ? cFile::OPEN_DIRECT   : 0 );
+        flags |= ((openFlags & FA_OPEN_TRUNCATE) ? cFile::OPEN_TRUNCATE : 0);
+        flags |= ((openFlags & FA_OPEN_TEXT)     ? cFile::OPEN_TEXT     : 0);
+        flags |= ((openFlags & FA_SCANNING)      ? cFile::OPEN_SCANNING : 0);
+        flags |= ((openFlags & FA_DIRECT)        ? cFile::OPEN_DIRECT   : 0);

-        mOpenFlags = openFlags;
+        mOpenFlags       = openFlags;
        mCurrentFilename = filename;
-        mCurrentFile.Open( filename, flags );
+        mCurrentFile.Open(filename, flags);
        isWritable = true;

        mFileSize = mCurrentFile.GetSize();
-        mReadHead = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
+        mReadHead = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);
    }
-    catch(eFile& fileError)
+    catch (eFile& fileError)
    {
-        throw( eArchiveOpen( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveOpen(mCurrentFilename, fileError.GetDescription()));
    }
 }

@ -728,66 +704,65 @@ TSTRING cFileArchive::GetCurrentFilename(void) const
 /////////////////////////////////////////////////////////////////////////
 void cFileArchive::Close()
 {
-    try 
+    try
    {
        mCurrentFile.Close();
-        mFileSize       = 0;
-        mReadHead       = 0;
+        mFileSize = 0;
+        mReadHead = 0;

        mCurrentFilename = _T("");
    }
-    catch(eFile& fileError)
+    catch (eFile& fileError)
    {
-        throw( eArchive( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchive(mCurrentFilename, fileError.GetDescription()));
    }
 }

 /////////////////////////////////////////////////////////////////////////
-// Read -- Read places bytes in location designated by pDest.  Returns 
+// Read -- Read places bytes in location designated by pDest.  Returns
 // The actual amount read into *pDest.
 /////////////////////////////////////////////////////////////////////////
 int cFileArchive::Read(void* pDest, int count)
 {

-    try 
+    try
    {
-        if ( mReadHead + count > mFileSize && !(mOpenFlags & FA_DIRECT))
-            count = static_cast<int>( mFileSize - mReadHead );
+        if (mReadHead + count > mFileSize && !(mOpenFlags & FA_DIRECT))
+            count = static_cast<int>(mFileSize - mReadHead);

-        if ( pDest != NULL )
+        if (pDest != NULL)
        {
-            int nbRead = 
-                static_cast<int>( mCurrentFile.Read( pDest, count ) );
+            int nbRead = static_cast<int>(mCurrentFile.Read(pDest, count));

            // 'count' may not be equal to 'nbRead' if the file is open in
            // text mode.
            count = nbRead;
-            if(count < 0) count = 0;
+            if (count < 0)
+                count = 0;
        }
        else
        {
-            int i;
+            int   i;
            int32 dummy;
-            for (i = count; ; i -= sizeof(int32))
+            for (i = count;; i -= sizeof(int32))
            {
                if (i < (int)sizeof(int32))
                {
                    if (i > 0)
-                        mCurrentFile.Read( &dummy, i );
+                        mCurrentFile.Read(&dummy, i);
                    break;
                }
-                mCurrentFile.Read( &dummy, i );
+                mCurrentFile.Read(&dummy, i);
            }
        }

        mReadHead += count;
        return count;
    }
-    catch( eFile& fileError )
+    catch (eFile& fileError)
    {
-        throw( eArchiveRead( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveRead(mCurrentFilename, fileError.GetDescription()));
    }
-
 }

 /////////////////////////////////////////////////////////////////////////
@ -796,38 +771,38 @@ int cFileArchive::Read(void* pDest, int count)
 /////////////////////////////////////////////////////////////////////////
 int cFileArchive::Write(const void* pDest, int count) // throw(eArchive)
 {
-    try 
+    try
    {
        int64 actual_count = 0;
-        ASSERT( mCurrentFile.isWritable );
+        ASSERT(mCurrentFile.isWritable);

-        actual_count = mCurrentFile.Write( pDest, count );
+        actual_count = mCurrentFile.Write(pDest, count);

-        if ( actual_count < count )
+        if (actual_count < count)
        {
            //Disk full??
-            throw eArchiveWrite( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
+            throw eArchiveWrite(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
        }

        // increment the read/write head
        mReadHead += actual_count;

        // increase the size, if needed
-        if( mReadHead > mFileSize )
+        if (mReadHead > mFileSize)
        {
-            #if 0 // IS_SUNPRO
-            // These two lines seem to be all there is between code that crashes and code that works for sunpro
+#if 0 // IS_SUNPRO \
+      // These two lines seem to be all there is between code that crashes and code that works for sunpro
            cDebug d("cFileArchive::Write()");
            d.TraceDebug(_T("file(%s) adjusted mFileSize = %d mReadHead = %d\n"), mCurrentFilename.c_str(), (int)mFileSize, (int)mReadHead);
-            #endif
+#endif
            mFileSize = mReadHead;
        }

        return (int)actual_count;
    }
-    catch( eFile& fileError )
+    catch (eFile& fileError)
    {
-        throw( eArchiveWrite( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveWrite(mCurrentFilename, fileError.GetDescription()));
    }
 }

@ -835,91 +810,92 @@ int cFileArchive::Write(const void* pDest, int count) // throw(eArchive)
 /////////////////////////////////////////////////////////////////////////
 // Truncate
 /////////////////////////////////////////////////////////////////////////
-void cFileArchive::Truncate() // throw(eArchive) 
+void cFileArchive::Truncate() // throw(eArchive)
 {
-    ASSERT( mCurrentFile.IsOpen() );
-    ASSERT( mCurrentFile.isWritable );
+    ASSERT(mCurrentFile.IsOpen());
+    ASSERT(mCurrentFile.isWritable);

-    try 
+    try
    {
-        mCurrentFile.Truncate ( mReadHead );
+        mCurrentFile.Truncate(mReadHead);
    }
-    catch( eFile& fileError )
+    catch (eFile& fileError)
    {
        //TODO: create an error number for truncate...
-        throw( eArchiveWrite( mCurrentFilename, fileError.GetDescription() ) );
+        throw(eArchiveWrite(mCurrentFilename, fileError.GetDescription()));
    }

    mFileSize = mReadHead;
 }


-
 /////////////////////////////////////////////////////////////////////////
 // OpenReadWrite -- Opens the file to be read or written to
 //
 // since we'll never open an existing file, the truncateFile flag is unnecessary.
 /////////////////////////////////////////////////////////////////////////
-void cLockedTemporaryFileArchive::OpenReadWrite( const TCHAR* filename, uint32 openFlags )
+void cLockedTemporaryFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
 {
-  TSTRING strTempFile;
+    TSTRING strTempFile;

-  try {
+    try
+    {

-    ASSERT( !mCurrentFile.IsOpen() ); // shouldn't be able to create a new file when we're already open
-    if    ( mCurrentFile.IsOpen() ) 
-        throw( eArchive( mCurrentFilename, _T("Internal Error") ) );
+        ASSERT(!mCurrentFile.IsOpen()); // shouldn't be able to create a new file when we're already open
+        if (mCurrentFile.IsOpen())
+            throw(eArchive(mCurrentFilename, _T("Internal Error")));


-    ///////////////////////////////////////////////////////////////////////////////
-    // if filename is NULL, create a temp file for the caller
-    if( filename == NULL )
-      {
-        try
-          {
-            iFSServices::GetInstance()->GetTempDirName( strTempFile );
-            strTempFile += _T("twtempXXXXXX");  
-            iFSServices::GetInstance()->MakeTempFilename( strTempFile );
-          }
-        catch( eFSServices& fileError)
-          {
-            TSTRING errStr = TSS_GetString( cCore, core::STR_BAD_TEMPDIRECTORY );
-            throw eArchiveOpen(strTempFile, errStr);
-          }
-      }
-    ///////////////////////////////////////////////////////////////////////////////
+        ///////////////////////////////////////////////////////////////////////////////
+        // if filename is NULL, create a temp file for the caller
+        if (filename == NULL)
+        {
+            try
+            {
+                iFSServices::GetInstance()->GetTempDirName(strTempFile);
+                strTempFile += _T("twtempXXXXXX");
+                iFSServices::GetInstance()->MakeTempFilename(strTempFile);
+            }
+            catch (eFSServices& fileError)
+            {
+                TSTRING errStr = TSS_GetString(cCore, core::STR_BAD_TEMPDIRECTORY);
+                throw eArchiveOpen(strTempFile, errStr);
+            }
+        }
+        ///////////////////////////////////////////////////////////////////////////////

-    ///////////////////////////////////////////////////////////////////////////////
-    // create file
+        ///////////////////////////////////////////////////////////////////////////////
+        // create file

-    // set up flags
-    uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE | cFile::OPEN_EXCLUSIVE;
-    if ( openFlags & FA_OPEN_TRUNCATE ) 
-      flags |= cFile::OPEN_TRUNCATE;
-    if ( openFlags & FA_OPEN_TEXT ) 
-      flags |= cFile::OPEN_TEXT;
+        // set up flags
+        uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE | cFile::OPEN_EXCLUSIVE;
+        if (openFlags & FA_OPEN_TRUNCATE)
+            flags |= cFile::OPEN_TRUNCATE;
+        if (openFlags & FA_OPEN_TEXT)
+            flags |= cFile::OPEN_TEXT;

-    // open file
-    mCurrentFilename = filename ? filename : strTempFile.c_str();
-    mCurrentFile.Open( mCurrentFilename, flags );
-    
-    isWritable = true;
-    mFileSize = mCurrentFile.GetSize();
-    mReadHead = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
+        // open file
+        mCurrentFilename = filename ? filename : strTempFile.c_str();
+        mCurrentFile.Open(mCurrentFilename, flags);
+
+        isWritable = true;
+        mFileSize  = mCurrentFile.GetSize();
+        mReadHead  = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);

 #if 0 // IS_SUNPRO
    cDebug d("cLockedTemporaryFileArchive::OpenReadWrite()");
    d.TraceDebug(_T("file(%s) set mFileSize to %d mReadHead to %d\n"), mCurrentFilename.c_str(), (int)mFileSize, (int)mReadHead);
 #endif

-  }//try
-  catch (eFile& fileError) {
-    TSTRING errStr = TSS_GetString( cCore, core::STR_BAD_TEMPDIRECTORY );
-    eArchiveOpen e(strTempFile, errStr);
-    throw e;
-  }
+    } //try
+    catch (eFile& fileError)
+    {
+        TSTRING      errStr = TSS_GetString(cCore, core::STR_BAD_TEMPDIRECTORY);
+        eArchiveOpen e(strTempFile, errStr);
+        throw e;
+    }

-  ///////////////////////////////////////////////////////////////////////////////
+    ///////////////////////////////////////////////////////////////////////////////
 }

 /////////////////////////////////////////////////////////////////////////
@ -929,4 +905,3 @@ void cLockedTemporaryFileArchive::Close()
    // Note: this deletes the file as well
    cFileArchive::Close();
 }
-
--- a/src/core/archive.h
+++ b/src/core/archive.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -56,69 +56,71 @@
 //=============================================================================
 // eArchive exception classes
 //=============================================================================
-TSS_FILE_EXCEPTION( eArchive,           eFileError );
-TSS_FILE_EXCEPTION( eArchiveOpen,       eArchive );
-TSS_FILE_EXCEPTION( eArchiveWrite,      eArchive );
-TSS_FILE_EXCEPTION( eArchiveRead,       eArchive );
-TSS_FILE_EXCEPTION( eArchiveEOF,        eArchive );
-TSS_FILE_EXCEPTION( eArchiveSeek,       eArchive );
-TSS_FILE_EXCEPTION( eArchiveMemmap,     eArchive );
-TSS_FILE_EXCEPTION( eArchiveOutOfMem,   eArchive );
-TSS_FILE_EXCEPTION( eArchiveInvalidOp,  eArchive );
-TSS_FILE_EXCEPTION( eArchiveFormat,     eArchive );
-TSS_FILE_EXCEPTION( eArchiveNotRegularFile, eArchive );
-TSS_BEGIN_EXCEPTION( eArchiveCrypto,        eArchive )
+TSS_FILE_EXCEPTION(eArchive, eFileError);
+TSS_FILE_EXCEPTION(eArchiveOpen, eArchive);
+TSS_FILE_EXCEPTION(eArchiveWrite, eArchive);
+TSS_FILE_EXCEPTION(eArchiveRead, eArchive);
+TSS_FILE_EXCEPTION(eArchiveEOF, eArchive);
+TSS_FILE_EXCEPTION(eArchiveSeek, eArchive);
+TSS_FILE_EXCEPTION(eArchiveMemmap, eArchive);
+TSS_FILE_EXCEPTION(eArchiveOutOfMem, eArchive);
+TSS_FILE_EXCEPTION(eArchiveInvalidOp, eArchive);
+TSS_FILE_EXCEPTION(eArchiveFormat, eArchive);
+TSS_FILE_EXCEPTION(eArchiveNotRegularFile, eArchive);
+TSS_BEGIN_EXCEPTION(eArchiveCrypto, eArchive)

-    virtual TSTRING GetMsg() const;
-        // eCryptoArchive appends a special string to the end of
-        // all exception messages
+virtual TSTRING GetMsg() const;
+// eCryptoArchive appends a special string to the end of
+// all exception messages
 TSS_END_EXCEPTION()
-TSS_EXCEPTION( eArchiveStringTooLong, eArchive );
+TSS_EXCEPTION(eArchiveStringTooLong, eArchive);

 //      throw( eArchiveOpen( cErrorUtil::MakeFileError( fileError.GetMsg(), strTempFile ) ) );


 //=============================================================================
-// cArchive 
+// cArchive
 //=============================================================================

 class cArchive
 {
 public:
-    virtual ~cArchive() {}
-    
+    virtual ~cArchive()
+    {
+    }
+
    // convenience methods
    //
    // Specific Read functions throw(eArchive) if EOF is reached because
-    // if the caller is requesting a certain amount of data to be present, 
+    // if the caller is requesting a certain amount of data to be present,
    // reaching EOF is unexpected
    //
    // ReadBlob and WriteBlob return number of bytes read or written.  Notice
    // that ReadBlob does not throw an exception since eventually EOF is expected.
    //
    // ReadBlob can take NULL as a destination pointer
-    // 
-    // All write functions throw exceptions for unexpected events like 
+    //
+    // All write functions throw exceptions for unexpected events like
    // running out of memory or disk space.
    //
-    void        ReadInt16(int16& ret); // throw(eArchive)
-    void        ReadInt32(int32& ret); // throw(eArchive)
-    void        ReadInt64(int64& ret); // throw(eArchive)
-    void        ReadString(TSTRING& ret); // throw(eArchive)
-    int         ReadBlob(void* pBlob, int count);
-    void        WriteInt16(int16 i); // throw(eArchive)
-    void        WriteInt32(int32 i); // throw(eArchive)
-    void        WriteInt64(int64 i); // throw(eArchive)
-    void        WriteString(TSTRING s); // throw(eArchive)
-    void        WriteBlob(const void* pBlob, int count); // throw(eArchive)
+    void ReadInt16(int16& ret);    // throw(eArchive)
+    void ReadInt32(int32& ret);    // throw(eArchive)
+    void ReadInt64(int64& ret);    // throw(eArchive)
+    void ReadString(TSTRING& ret); // throw(eArchive)
+    int  ReadBlob(void* pBlob, int count);
+    void WriteInt16(int16 i);                     // throw(eArchive)
+    void WriteInt32(int32 i);                     // throw(eArchive)
+    void WriteInt64(int64 i);                     // throw(eArchive)
+    void WriteString(TSTRING s);                  // throw(eArchive)
+    void WriteBlob(const void* pBlob, int count); // throw(eArchive)

    static int32 GetStorageSize(const TSTRING& str);
-        // this method calculates how many bytes the given string will take up in the archive and returns
-        // that value
-        // NOTE -- if the implementation of ReadString() or WriteString() ever changes, this method will also
-        //          need to change.
+    // this method calculates how many bytes the given string will take up in the archive and returns
+    // that value
+    // NOTE -- if the implementation of ReadString() or WriteString() ever changes, this method will also
+    //          need to change.

-    int64       Copy(cArchive* pFrom, int64 amt); // throw(eArchive)
+    int64 Copy(cArchive* pFrom, int64 amt); // throw(eArchive)
        // this method copies amt bytes from pFrom to itself, throwing an eArchive if anything goes wrong.

    // only makes sense to call for reading archives
@ -126,7 +128,7 @@ public:

 protected:
    // overrides
-    virtual int Read(void* pDest, int count) = 0;
+    virtual int Read(void* pDest, int count)        = 0;
    virtual int Write(const void* pDest, int count) = 0; // throw(eArchive);
 };

@ -137,15 +139,16 @@ protected:
 class cBidirArchive : public cArchive
 {
 public:
-    enum SeekFrom {
+    enum SeekFrom
+    {
        BEGINNING = 0,
-        CURRENT = 1,
-        END = -1
+        CURRENT   = 1,
+        END       = -1
    };

-    virtual void    Seek(int64 offset, SeekFrom from) = 0; // throw(eArchive);
-    virtual int64   CurrentPos() const = 0;
-    virtual int64   Length() const = 0;
+    virtual void  Seek(int64 offset, SeekFrom from) = 0; // throw(eArchive);
+    virtual int64 CurrentPos() const                = 0;
+    virtual int64 Length() const                    = 0;
 };

 ///////////////////////////////////////////////////////////////////////////////
@ -155,29 +158,30 @@ public:
 class cMemMappedArchive : public cBidirArchive
 {
 public:
-    enum {
+    enum
+    {
        MAP_TO_EOF = -1
    };

    cMemMappedArchive();
    virtual ~cMemMappedArchive();

-    virtual void    MapArchive(int64 offset, int64 len) = 0; // throw(eArchive);
-    virtual void    MapArchive(int64 offset, int64 len) const = 0; // throw(eArchive);
+    virtual void MapArchive(int64 offset, int64 len)       = 0; // throw(eArchive);
+    virtual void MapArchive(int64 offset, int64 len) const = 0; // throw(eArchive);
        // the const version of MapArchive() does not allow the archive to grow in size

-    int64           GetMappedOffset() const; // throw(eArchive)
-    int64           GetMappedLength() const; // throw(eArchive)
-    void*           GetMap(); // throw(eArchive)
-    const void*     GetMap() const;
+    int64       GetMappedOffset() const; // throw(eArchive)
+    int64       GetMappedLength() const; // throw(eArchive)
+    void*       GetMap();                // throw(eArchive)
+    const void* GetMap() const;

 protected:
-    mutable void*   mpMappedMem;
-    mutable int64   mMappedOffset;
-    mutable int64   mMappedLength;
+    mutable void* mpMappedMem;
+    mutable int64 mMappedOffset;
+    mutable int64 mMappedLength;

    // call in derived class to set above vars
-    void    SetNewMap(void* pMap, int64 offset, int64 length) const;
+    void SetNewMap(void* pMap, int64 offset, int64 length) const;
 };

 ///////////////////////////////////////////////////////////////////////////////
@ -193,27 +197,30 @@ public:
    cMemoryArchive(int maxSize = 0x8000000); // default max size == 128MB
    ~cMemoryArchive();

-    virtual bool    EndOfFile();
-    virtual void    Seek(int64 offset, SeekFrom from); // throw(eArchive)
-    virtual int64   CurrentPos() const;
-    virtual int64   Length() const;
-    virtual void    MapArchive(int64 offset, int64 len); // throw(eArchive)
-    virtual void    MapArchive(int64 offset, int64 len) const; // throw(eArchive)
+    virtual bool  EndOfFile();
+    virtual void  Seek(int64 offset, SeekFrom from); // throw(eArchive)
+    virtual int64 CurrentPos() const;
+    virtual int64 Length() const;
+    virtual void  MapArchive(int64 offset, int64 len);       // throw(eArchive)
+    virtual void  MapArchive(int64 offset, int64 len) const; // throw(eArchive)

-            void    Truncate(); // set the length to the current pos
+    void Truncate(); // set the length to the current pos

-            int8*   GetMemory() const { return mpMemory; }
+    int8* GetMemory() const
+    {
+        return mpMemory;
+    }

 protected:
-    int8*   mpMemory;
-    int     mAllocatedLen;
-    int     mMaxAllocatedLen;
-    int     mLogicalSize;
-    int     mReadHead;
+    int8* mpMemory;
+    int   mAllocatedLen;
+    int   mMaxAllocatedLen;
+    int   mLogicalSize;
+    int   mReadHead;

-    virtual int     Read(void* pDest, int count);
-    virtual int     Write(const void* pDest, int count); // throw(eArchive)
-    virtual void    AllocateMemory(int len); // throw(eArchive)
+    virtual int  Read(void* pDest, int count);
+    virtual int  Write(const void* pDest, int count); // throw(eArchive)
+    virtual void AllocateMemory(int len);             // throw(eArchive)
 };

 ///////////////////////////////////////////////////////////////////////////////
@ -224,30 +231,31 @@ class cFixedMemArchive : public cBidirArchive
 {
 public:
    cFixedMemArchive();
-    cFixedMemArchive( int8* pMem, int32 size );
+    cFixedMemArchive(int8* pMem, int32 size);
    virtual ~cFixedMemArchive();

-    void Attach( int8* pMem, int32 size );
-        // this method associates the archive with pMem and sets the size of the
-        // archive. Unlike cMemoryArchive, this may never grow or shrink in size.
+    void Attach(int8* pMem, int32 size);
+    // this method associates the archive with pMem and sets the size of the
+    // archive. Unlike cMemoryArchive, this may never grow or shrink in size.

    //-----------------------------------
    // cBidirArchive interface
    //-----------------------------------
-    virtual void    Seek        (int64 offset, SeekFrom from) ; // throw(eArchive);
-    virtual int64   CurrentPos  () const ;
-    virtual int64   Length      () const ;
-    virtual bool    EndOfFile();
+    virtual void  Seek(int64 offset, SeekFrom from); // throw(eArchive);
+    virtual int64 CurrentPos() const;
+    virtual int64 Length() const;
+    virtual bool  EndOfFile();
+
 protected:
    //-----------------------------------
    // cArchive interface
    //-----------------------------------
-    virtual int Read(void* pDest, int count);           // throw(eArchive)
-    virtual int Write(const void* pDest, int count);    // throw(eArchive)
+    virtual int Read(void* pDest, int count);        // throw(eArchive)
+    virtual int Write(const void* pDest, int count); // throw(eArchive)

-    int8*   mpMemory;
-    int32   mSize;
-    int32   mReadHead;
+    int8* mpMemory;
+    int32 mSize;
+    int32 mReadHead;
 };

 class cFileArchive : public cBidirArchive
@ -258,94 +266,74 @@ public:

    enum OpenFlags
    {
-        FA_OPEN_TEXT        = 0x1,
-        FA_OPEN_TRUNCATE    = 0x2,
-        FA_SCANNING         = 0x4,
-        FA_DIRECT           = 0x8
+        FA_OPEN_TEXT     = 0x1,
+        FA_OPEN_TRUNCATE = 0x2,
+        FA_SCANNING      = 0x4,
+        FA_DIRECT        = 0x8
    };

    // TODO: Open should throw
-    virtual void    OpenRead(const TCHAR* filename, uint32 openFlags = 0 );
-    virtual void    OpenReadWrite(const TCHAR* filename, uint32 openFlags = FA_OPEN_TRUNCATE );
-        // opens a file for reading or writing; the file is always created if it doesn't exist,
-        // and is truncated to zero length if truncateFile is set to true;
-    TSTRING         GetCurrentFilename(void) const;
-    virtual void    Close(void);
-            void    Truncate(); // throw(eArchive) // set the length to the current pos
+    virtual void OpenRead(const TCHAR* filename, uint32 openFlags = 0);
+    virtual void OpenReadWrite(const TCHAR* filename, uint32 openFlags = FA_OPEN_TRUNCATE);
+    // opens a file for reading or writing; the file is always created if it doesn't exist,
+    // and is truncated to zero length if truncateFile is set to true;
+    TSTRING      GetCurrentFilename(void) const;
+    virtual void Close(void);
+    void         Truncate(); // throw(eArchive) // set the length to the current pos

    //-----------------------------------
    // cBidirArchive interface
    //-----------------------------------
-    virtual bool    EndOfFile();
-    virtual void    Seek(int64 offset, SeekFrom from); // throw(eArchive)
-    virtual int64   CurrentPos() const;
-    virtual int64   Length() const; 
- 
-    
+    virtual bool  EndOfFile();
+    virtual void  Seek(int64 offset, SeekFrom from); // throw(eArchive)
+    virtual int64 CurrentPos() const;
+    virtual int64 Length() const;
+
+
 protected:
-    int64           mFileSize;  //Size of FileArchive
-    int64           mReadHead;  //Current position of read/write head
+    int64 mFileSize; //Size of FileArchive
+    int64 mReadHead; //Current position of read/write head
    //-----------------------------------
    // cArchive interface
    //-----------------------------------
-    virtual int     Read(void* pDest, int count);
-    virtual int     Write(const void* pDest, int count);    //throw(eArchive)
-    bool            isWritable;
-    cFile           mCurrentFile;
-    TSTRING         mCurrentFilename;                       //current file
-    uint32          mOpenFlags;
+    virtual int Read(void* pDest, int count);
+    virtual int Write(const void* pDest, int count); //throw(eArchive)
+    bool        isWritable;
+    cFile       mCurrentFile;
+    TSTRING     mCurrentFilename; //current file
+    uint32      mOpenFlags;
 };

 ///////////////////////////////////////////////////////////////
 // cLockedTemporaryFileArchive -- this class uses as an archive a file
 //      that is not accessable to any other process besides the calling one.
 //      the file will be deleted from the filesystem on Close();
-//      
-//      implemented by using cFileArchive and overwriting open and close 
+//
+//      implemented by using cFileArchive and overwriting open and close
 //      functions
 //
 class cLockedTemporaryFileArchive : public cFileArchive
 {
 public:
-    virtual void    OpenReadWrite       ( const TCHAR* filename = NULL, uint32 openFlags = FA_OPEN_TRUNCATE );
-        // creates the file.  filename must not exist on the file system.  
-        // if filename is NULL, the class will create and use a temporary file.
-        // truncateFile has no meaning
+    virtual void OpenReadWrite(const TCHAR* filename = NULL, uint32 openFlags = FA_OPEN_TRUNCATE);
+    // creates the file.  filename must not exist on the file system.
+    // if filename is NULL, the class will create and use a temporary file.
+    // truncateFile has no meaning
    //virtual void  OpenReadWriteThrow  ( const TCHAR* filename = NULL, bool truncateFile = true ) throw (eArchive);
-        // this is the same as OpenReadWrite, except an exception is thrown on error (of type 
-        // cArchive::ERR_OPEN_FAILED)
+    // this is the same as OpenReadWrite, except an exception is thrown on error (of type
+    // cArchive::ERR_OPEN_FAILED)

-    virtual void    Close();
-        // close and delete the file
+    virtual void Close();
+    // close and delete the file
 private:
-    // open for read only makes no sense if we're always creating the file, 
+    // open for read only makes no sense if we're always creating the file,
    // so disallow read only file opens
-    virtual void    OpenRead( const TCHAR*, uint32 openFlags = 0 ) { ASSERT( false ); THROW_INTERNAL("archive.h"); }
+    virtual void OpenRead(const TCHAR*, uint32 openFlags = 0)
+    {
+        ASSERT(false);
+        THROW_INTERNAL("archive.h");
+    }
 };


-
-/* 
-// TODO: fill these out
-
-///////////////////////////////////////////////////////////////////////////////
-// class cMMFileArchive --
-///////////////////////////////////////////////////////////////////////////////
-
-class cMMFileArchive : public cMemMappedArchive
-{
-public:
-};
-
-///////////////////////////////////////////////////////////////////////////////
-// class cNetArchive --
-///////////////////////////////////////////////////////////////////////////////
-
-class cNetArchive : public cArchive
-{
-public:
-};
-*/
-
-#endif 
-
+#endif
--- a/src/core/charutil.cpp
+++ b/src/core/charutil.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -42,48 +42,48 @@
 #include "ntmbs.h"

 #if IS_ANDROID
-int mblen(const char *s, size_t n)
+int mblen(const char* s, size_t n)
 {
-  return mbtowc(0, s, n);
+    return mbtowc(0, s, n);
 }
 #endif

-//  
+//
 // finds the next whole character in string identified by ['cur'-'end')
 // identifies beginning of char in 'first', then end of character in 'last'
 // returns number of TCHARs that make up the next character
 // if there are no more characters, will return 0 and first = last = end
 // POSTCONDITIONS:
-//  
+//
 // RETURNS:
-//  
+//
 // THROWS:
-//  
+//
 // COMPLEXITY:
-//  
+//
 //

 /* static */
-bool cCharUtil::PeekNextChar(  const TSTRING::const_iterator& cur, 
-                               const TSTRING::const_iterator& end, 
-                                     TSTRING::const_iterator& first, 
-                                     TSTRING::const_iterator& last )
+bool cCharUtil::PeekNextChar(const TSTRING::const_iterator& cur,
+                             const TSTRING::const_iterator& end,
+                             TSTRING::const_iterator&       first,
+                             TSTRING::const_iterator&       last)
 {
    //
    // do we have a valid string here?
    //
-    if( cur > end )
+    if (cur > end)
    {
        return false;
    }

-    if( cur == end )
+    if (cur == end)
    {
        first = last = end;
        return false;
    }

-    if( *cur == _T('\0') )
+    if (*cur == _T('\0'))
    {
        first = last = cur;
        return false;
@ -93,19 +93,19 @@ bool cCharUtil::PeekNextChar(  const TSTRING::const_iterator& cur,

    if (!(*cur))
    {
-       last = cur;
-    }   
+        last = cur;
+    }
    else
    {
 #if !IS_AROS
-    mblen (NULL, 0);
-    int len = mblen(&*cur, MB_CUR_MAX);
-    if (len < 0) //invalid multibyte sequence, but let's not blow up.
-        len = 1;
-    
-    last = cur + len;
-#else  // AROS mblen() seems broken (as of 6/2016) so don't use it.
-    last = cur + 1;
+        mblen(NULL, 0);
+        int len = mblen(&*cur, MB_CUR_MAX);
+        if (len < 0) //invalid multibyte sequence, but let's not blow up.
+            len = 1;
+
+        last = cur + len;
+#else // AROS mblen() seems broken (as of 6/2016) so don't use it.
+        last = cur + 1;
 #endif
    }

@ -114,40 +114,38 @@ bool cCharUtil::PeekNextChar(  const TSTRING::const_iterator& cur,


 //=============================================================================
-// 
+//
 // /* static */
-// bool cCharUtil::PopNextChar(   TSTRING::const_iterator& cur, 
-//               const TSTRING::const_iterator& end, 
-//                     TSTRING::const_iterator& first, 
+// bool cCharUtil::PopNextChar(   TSTRING::const_iterator& cur,
+//               const TSTRING::const_iterator& end,
+//                     TSTRING::const_iterator& first,
 //                     TSTRING::const_iterator& last )
 //-----------------------------------------------------------------------------
 // REQUIRES:
-//  
+//
 // EFFECTS:
-//  
+//
 // same as PeekNextChar but increments 'cur' to 'last'
 //
 // POSTCONDITIONS:
-//  
+//
 // RETURNS:
-//  
+//
 // THROWS:
-//  
+//
 // COMPLEXITY:
-//  
+//
 //

 /* static */
-bool cCharUtil::PopNextChar(    TSTRING::const_iterator& cur, 
-                          const TSTRING::const_iterator& end, 
-                                TSTRING::const_iterator& first, 
-                                TSTRING::const_iterator& last )
+bool cCharUtil::PopNextChar(TSTRING::const_iterator&       cur,
+                            const TSTRING::const_iterator& end,
+                            TSTRING::const_iterator&       first,
+                            TSTRING::const_iterator&       last)
 {
-    bool f = PeekNextChar( cur, end, first, last );
+    bool f = PeekNextChar(cur, end, first, last);

-    cur     = last;         // pop causes 'cur' to move to just beyond character ('last')
+    cur = last; // pop causes 'cur' to move to just beyond character ('last')

    return f;
 }
-
-// eof: charutil.cpp
--- a/src/core/charutil.h
+++ b/src/core/charutil.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -44,23 +44,20 @@
 class cCharUtil
 {
 public:
-
-
    // finds the next whole character in string identified by ['cur'-'end')
    // identifies beginning of char in 'first', then end of character in 'last'
    // returns 'are there more characters in string?'
    // if there are no more characters, will return 0 and first = last = end
-    static bool PeekNextChar( const TSTRING::const_iterator& cur, 
-                              const TSTRING::const_iterator& end, 
-                                    TSTRING::const_iterator& first, 
-                                    TSTRING::const_iterator& last );
-    
+    static bool PeekNextChar(const TSTRING::const_iterator& cur,
+                             const TSTRING::const_iterator& end,
+                             TSTRING::const_iterator&       first,
+                             TSTRING::const_iterator&       last);
+
    // same as PeekNextChar but increments 'cur' to 'last'
-    static bool PopNextChar(    TSTRING::const_iterator& cur, 
-                          const TSTRING::const_iterator& end, 
-                                TSTRING::const_iterator& first, 
-                                TSTRING::const_iterator& last );
+    static bool PopNextChar(TSTRING::const_iterator&       cur,
+                            const TSTRING::const_iterator& end,
+                            TSTRING::const_iterator&       first,
+                            TSTRING::const_iterator&       last);
 };

-#endif//__CHARUTIL_H
-
+#endif //__CHARUTIL_H
--- a/src/core/cmdlineparser.cpp
+++ b/src/core/cmdlineparser.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -38,9 +38,7 @@
 ///////////////////////////////////////////////////////////////////////////////
 // ctor, dotr
 ///////////////////////////////////////////////////////////////////////////////
-cCmdLineParser::cCmdLineParser() :
-    mArgTable(HASH_VERY_SMALL),
-    mLastArgInfo(-1, PARAM_NONE)
+cCmdLineParser::cCmdLineParser() : mArgTable(HASH_VERY_SMALL), mLastArgInfo(-1, PARAM_NONE)
 {
 }

@ -51,19 +49,20 @@ cCmdLineParser::~cCmdLineParser()
 ///////////////////////////////////////////////////////////////////////////////
 // AddArg
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed)
+void cCmdLineParser::AddArg(
+    int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed)
 {
-    if(arg.empty() && alias.empty())
+    if (arg.empty() && alias.empty())
    {
        // this refers to the list of parameters that comes after all the cmd line switches
        mLastArgInfo.mId        = argId;
        mLastArgInfo.mNumParams = numParams;
-        return ;
+        return;
    }

-    if(! arg.empty())
-        mArgTable.Insert(arg,   cArgInfo(argId, numParams));
-    if(! alias.empty())
+    if (!arg.empty())
+        mArgTable.Insert(arg, cArgInfo(argId, numParams));
+    if (!alias.empty())
    {
        // put the alias in the table with a '-' prepended to it so it matches '--'
        TSTRING str(_T("-"));
@ -71,62 +70,58 @@ void cCmdLineParser::AddArg(int argId, const TSTRING& arg, const TSTRING& alias,
        mArgTable.Insert(str, cArgInfo(argId, numParams));
    }
    // This argument can appear more than once on the command line.
-    if( multipleAllowed )
-        mMultipleAllowed.insert( argId );
+    if (multipleAllowed)
+        mMultipleAllowed.insert(argId);
 }

 ///////////////////////////////////////////////////////////////////////////////
 // Clear
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::Clear()
+/*void cCmdLineParser::Clear()
 {
    mLastArgInfo.mId        = -1;
    mLastArgInfo.mNumParams = PARAM_INVALID;
    mArgTable.Clear();
    mArgData.clear();
    mMutExList.clear();
-}
+}*/

 ///////////////////////////////////////////////////////////////////////////////
 // Parse
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
+void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
 {
    // clear out any existing data
    mArgData.clear();

-    const TCHAR* pCurArg = 0;
-    bool bProcessedFinalParams = false;     // gets set to true when the parameters to the command line are processed
+    const TCHAR* pCurArg       = 0;
+    bool bProcessedFinalParams = false; // gets set to true when the parameters to the command line are processed

    // I assume argv[0] is the executable name...
-    for(int i=1; i < argc; i++)
+    for (int i = 1; i < argc; i++)
    {
-        if(argv[i][0] == _T('-'))
+        if (argv[i][0] == _T('-'))
        {
            pCurArg = argv[i];

            // this is a switch; find it in the table...
            cArgInfo argInfo;
-            if ( !mArgTable.Lookup( TSTRING(&argv[i][1] ), argInfo ) )
+            if (!mArgTable.Lookup(TSTRING(&argv[i][1]), argInfo))
            {
                // unknown switch!
-                throw eCmdLineInvalidArg( 
-                    TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS ) 
-                        + pCurArg );
+                throw eCmdLineInvalidArg(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
            }
            //
            // make sure this hasn't been specified yet...
            //
-            if( ArgInList( argInfo.mId ) )
+            if (ArgInList(argInfo.mId))
            {
                // Make sure it isn't okay for this one to appear more than once...
-                std::set<int>::iterator it = mMultipleAllowed.find( argInfo.mId );
-                if( it == mMultipleAllowed.end() )
+                std::set<int>::iterator it = mMultipleAllowed.find(argInfo.mId);
+                if (it == mMultipleAllowed.end())
                {
                    // It wasn't in our list of allowed params, so error.
-                    throw eCmdLineMultiArg(
-                        TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS ) 
-                            + argv[i] );
+                    throw eCmdLineMultiArg(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + argv[i]);
                }
            }
            //
@ -134,24 +129,22 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
            //
            mArgData.push_back(cArgData(argInfo.mId, TSTRING(argv[i])));
            cArgData& curArg = mArgData.back();
-            switch( argInfo.mNumParams )
+            switch (argInfo.mNumParams)
            {
            case PARAM_NONE:
-                // make sure there are no parameters to this, but be careful because 
+                // make sure there are no parameters to this, but be careful because
                // it is legal to start the parameters to the executable here.
-                if((i+1 < argc) && (argv[i+1][0] != _T('-')))
+                if ((i + 1 < argc) && (argv[i + 1][0] != _T('-')))
                {
                    // search for any more parameters
                    // TODO: In the future we may want to support a '--' switch that specifies the start
                    // of parameters to the executable.
-                    for (int j = i + 2; j < argc; ++j )
+                    for (int j = i + 2; j < argc; ++j)
                    {
                        if (argv[j][0] == _T('-'))
                        {
                            // >0 parameter passed !
-                            throw eCmdLineBadParam(
-                                TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
-                                    + pCurArg );
+                            throw eCmdLineBadParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
                        }
                    }
                }
@ -160,29 +153,27 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
            case PARAM_ONE:
                // get the next parameter...
                i++;
-                if ( (i >= argc) || (argv[i][0] == _T('-')) )
+                if ((i >= argc) || (argv[i][0] == _T('-')))
                {
                    // zero parameters passed to something that needed one param
-                    throw eCmdLineBadParam(
-                        TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
-                            + pCurArg );
+                    throw eCmdLineBadParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
                }

-                curArg.mParams.push_back( TSTRING(argv[i]) );
+                curArg.mParams.push_back(TSTRING(argv[i]));
                break;

            case PARAM_MANY:
                i++;
-                while((i < argc) && (argv[i][0] != _T('-')))
+                while ((i < argc) && (argv[i][0] != _T('-')))
                {
-                    curArg.mParams.push_back(TSTRING(argv[i])); 
+                    curArg.mParams.push_back(TSTRING(argv[i]));
                    i++;
                }
-                i--;    // since we have gone too far at this point
+                i--; // since we have gone too far at this point
                break;

            default:
-                ASSERTMSG( false, "Unknown number of arguments to parser" );
+                ASSERTMSG(false, "Unknown number of arguments to parser");
            }
        }
        else
@ -191,14 +182,14 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
            // this must be the final "unnamed" arg
            // first, make sure it is consistent with the current info...
            bool bResult = true;
-            switch(mLastArgInfo.mNumParams)
+            switch (mLastArgInfo.mNumParams)
            {
            case PARAM_NONE:
                // this is an error; they didn't want any command line parameters...
                bResult = false;
                break;
            case PARAM_ONE:
-                if(i+1 != argc)
+                if (i + 1 != argc)
                    // there is >1 final parameter; it is an error
                    bResult = false;
                break;
@ -207,33 +198,28 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
                break;
            default:
                ASSERT(false);
-            
            }
-            if(! bResult)
+            if (!bResult)
            {
-                throw eCmdLineBadParam( );
+                throw eCmdLineBadParam();
            }

            // ok, we can push the final parameter info onto the list...
            mArgData.push_back(cArgData(mLastArgInfo.mId));
            cArgData& curArg = mArgData.back();
-            
-            while ( i < argc )
+
+            while (i < argc)
            {
-                if ( argv[i][0] == _T('-') )
+                if (argv[i][0] == _T('-'))
                {
-                    if ( ! pCurArg )
+                    if (!pCurArg)
                    {
-                        throw eCmdLineBadSwitchPos(
-                            TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
-                                + argv[i] );
+                        throw eCmdLineBadSwitchPos(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + argv[i]);
                    }
                    else
                    {
                        // there was an extra parameter passed somewhere!
-                        throw eCmdLineBadArgParam(
-                            TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
-                                + pCurArg );
+                        throw eCmdLineBadArgParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
                    }
                }

@ -241,21 +227,18 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
                curArg.mParams.push_back(TSTRING(argv[i]));
                i++;
            }
-            
-            
        }
-
    }

    // it is possible not to process the final command line parameters in the "else" case above
    // (this only occurs if there are no command line parameters specified) so let's make sure that
    // is consistent with what we are configured with...
    // NOTE -- it is ok to have no cmd line parameters if they specified PARAM_NONE or PARAM_MANY
-    if(! bProcessedFinalParams)
+    if (!bProcessedFinalParams)
    {
-        if(mLastArgInfo.mNumParams == PARAM_ONE)
+        if (mLastArgInfo.mNumParams == PARAM_ONE)
        {
-            throw eCmdLineBadParam( );
+            throw eCmdLineBadParam();
        }
    }

@ -269,28 +252,24 @@ void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
 ///////////////////////////////////////////////////////////////////////////////
 void cCmdLineParser::TestMutEx()
 {
-    std::list<std::pair<int,int> >::const_iterator i;
-    cCmdLineIter iter1(*this), iter2(*this);
-    for(i = mMutExList.begin(); i != mMutExList.end(); i++)
+    std::list<std::pair<int, int> >::const_iterator i;
+    cCmdLineIter                                    iter1(*this), iter2(*this);
+    for (i = mMutExList.begin(); i != mMutExList.end(); i++)
    {
        //TODO -- there is a much more efficent way to do this (using cFCOPropVector, for example)
        //      the command line is presumably small enough, tho, that it probably isn't a big
        //      deal to do it this way.
        iter1.SeekToArg(i->first);
-        if(! iter1.Done())
+        if (!iter1.Done())
        {
            iter2.SeekToArg(i->second);
-            if(! iter2.Done())
+            if (!iter2.Done())
            {
                // we have a mutual exclusion violation!
-                throw eCmdLineMutEx( 
-                    iter1.ActualParam() 
-                        + _T(", ")
-                        + iter2.ActualParam() );
+                throw eCmdLineMutEx(iter1.ActualParam() + _T(", ") + iter2.ActualParam());
            }
        }
    }
-
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -298,51 +277,51 @@ void cCmdLineParser::TestMutEx()
 ///////////////////////////////////////////////////////////////////////////////
 void cCmdLineParser::TestDependency()
 {
-    std::list< std::pair< std::pair< int, int>, bool > >::const_iterator i;
-    cCmdLineIter iter1(*this), iter2(*this);
+    std::list<std::pair<std::pair<int, int>, bool> >::const_iterator i;
+    cCmdLineIter                                                     iter1(*this), iter2(*this);

-    for( i = mDependencyList.begin(); i != mDependencyList.end(); ++i)
+    for (i = mDependencyList.begin(); i != mDependencyList.end(); ++i)
    {
-        iter1.SeekToArg( i->first.first );
+        iter1.SeekToArg(i->first.first);
        // was it on the command line?
-        if( !iter1.Done() )
+        if (!iter1.Done())
        {
            // it was, is the corresponding arg on the command line?
-            iter2.SeekToArg( i->first.second );
-            if( iter2.Done() ) // it wasn't, dependency error
+            iter2.SeekToArg(i->first.second);
+            if (iter2.Done()) // it wasn't, dependency error
            {
                TSTRING arg1, arg2, alias1, alias2;
-                cCmdLineParser::LookupArgInfo( i->first.first, arg1, alias1 );
-                cCmdLineParser::LookupArgInfo( i->first.second, arg2, alias2 );
+                cCmdLineParser::LookupArgInfo(i->first.first, arg1, alias1);
+                cCmdLineParser::LookupArgInfo(i->first.second, arg2, alias2);

                // determine in which form the user passed the arguments,
                // and construct the error message in the same form
-                if ( iter1.ActualParam().length() == 2 )
-                    throw eCmdLineDependency( _T("The switch -") + arg1 + _T(" requires -") + arg2 +_T(".") );
+                if (iter1.ActualParam().length() == 2)
+                    throw eCmdLineDependency(_T("The switch -") + arg1 + _T(" requires -") + arg2 + _T("."));
                else
-                    throw eCmdLineDependency( _T("The switch --") + alias1 + _T(" requires --") + alias2 + _T(".") );
+                    throw eCmdLineDependency(_T("The switch --") + alias1 + _T(" requires --") + alias2 + _T("."));
            }
        }
-        else if( i->second )
+        else if (i->second)
        // only make this second check if the dependencies are MUTUAL,
        // as indicated (or not) by the bool value.
        {
-            iter2.SeekToArg( i->first.second ); 
-                // the first arg in the pair was not on the command line,
-                // so just make sure the second isn't there...
-            if( !iter2.Done() )
+            iter2.SeekToArg(i->first.second);
+            // the first arg in the pair was not on the command line,
+            // so just make sure the second isn't there...
+            if (!iter2.Done())
            {
                // arg2 appeared without arg1, so dependency error.
                TSTRING arg1, arg2, alias1, alias2;
-                cCmdLineParser::LookupArgInfo( i->first.first, arg1, alias1 );
-                cCmdLineParser::LookupArgInfo( i->first.second, arg2, alias2 );
+                cCmdLineParser::LookupArgInfo(i->first.first, arg1, alias1);
+                cCmdLineParser::LookupArgInfo(i->first.second, arg2, alias2);

                // determine in which form the user passed the arguments,
                // and construct the error message in the same form
-                if ( iter1.ActualParam().length() == 2 )
-                    throw eCmdLineDependency( _T("The switch -") + arg2 + _T(" requires -") + arg1 +_T(".") );
+                if (iter1.ActualParam().length() == 2)
+                    throw eCmdLineDependency(_T("The switch -") + arg2 + _T(" requires -") + arg1 + _T("."));
                else
-                    throw eCmdLineDependency( _T("The switch --") + alias2 + _T(" requires --") + alias1 + _T(".") );
+                    throw eCmdLineDependency(_T("The switch --") + alias2 + _T(" requires --") + alias1 + _T("."));
            }
        }

@ -364,32 +343,32 @@ void cCmdLineParser::AddMutEx(int argId1, int argId2)
 ///////////////////////////////////////////////////////////////////////////////
 // AddDependency
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::AddDependency(int argId1, int argId2, bool mutual )
+void cCmdLineParser::AddDependency(int argId1, int argId2, bool mutual)
 {
    // again, no checking for duplicates... would a set
    // prove to be a better container for this operation?
-    std::pair< int, int > Args( argId1, argId2 );
-    std::pair< std::pair< int, int >, bool > Dep( Args, mutual ); 
+    std::pair<int, int>                  Args(argId1, argId2);
+    std::pair<std::pair<int, int>, bool> Dep(Args, mutual);

    ASSERT(argId1 != argId2);
-    mDependencyList.push_back( Dep);
+    mDependencyList.push_back(Dep);
 }

 ///////////////////////////////////////////////////////////////////////////////
 // TraceContents
 ///////////////////////////////////////////////////////////////////////////////
-#ifdef _DEBUG
-void cCmdLineParser::TraceContents(int dl) 
+#ifdef DEBUG
+void cCmdLineParser::TraceContents(int dl)
 {
    cDebug d("cCmdLineParser::TraceContents");
-    if(dl == -1)
+    if (dl == -1)
        dl = cDebug::D_DEBUG;

    std::list<cArgData>::const_iterator i;
-    for(i = mArgData.begin(); i != mArgData.end(); i++)
+    for (i = mArgData.begin(); i != mArgData.end(); i++)
    {
        d.Trace(dl, "* Item id:%d\n", i->mId);
-        for(std::vector<TSTRING>::const_iterator vi = i->mParams.begin(); vi != i->mParams.end(); vi++)
+        for (std::vector<TSTRING>::const_iterator vi = i->mParams.begin(); vi != i->mParams.end(); vi++)
        {
            d.Trace(dl, "\t%s\n", vi->c_str());
        }
@ -398,7 +377,7 @@ void cCmdLineParser::TraceContents(int dl)
    d.Trace(dl, "--- Switch id table ---\n");

    cHashTableIter<TSTRING, cArgInfo> iter(mArgTable);
-    for(iter.SeekBegin(); ! iter.Done(); iter.Next())
+    for (iter.SeekBegin(); !iter.Done(); iter.Next())
    {
        d.Trace(dl, "[%d] %s\n", iter.Val().mId, iter.Key().c_str());
    }
@ -412,16 +391,16 @@ void cCmdLineParser::TraceContents(int dl)
 ///////////////////////////////////////////////////////////////////////////////
 bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) const
 {
-    arg     = _T("");
-    alias   = _T("");
+    arg   = _T("");
+    alias = _T("");

    cHashTableIter<TSTRING, cArgInfo> iter(mArgTable);
-    for(iter.SeekBegin(); ! iter.Done(); iter.Next())
+    for (iter.SeekBegin(); !iter.Done(); iter.Next())
    {
-        if(iter.Val().mId == argId)
+        if (iter.Val().mId == argId)
        {
            TSTRING str = iter.Key();
-            if((str.length() > 0) && (str[0] == _T('-')))
+            if ((str.length() > 0) && (str[0] == _T('-')))
            {
                // this is the alias!
                alias = (str.c_str() + 1);
@ -433,7 +412,7 @@ bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) cons
            }
        }
    }
-    return ((! arg.empty()) || (! alias.empty()));
+    return ((!arg.empty()) || (!alias.empty()));
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -442,9 +421,9 @@ bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) cons
 bool cCmdLineParser::ArgInList(int argId)
 {
    std::list<cArgData>::iterator i;
-    for( i = mArgData.begin(); i != mArgData.end(); i++ )
+    for (i = mArgData.begin(); i != mArgData.end(); i++)
    {
-        if( i->mId == argId )
+        if (i->mId == argId)
            return true;
    }
    return false;
@ -458,15 +437,13 @@ bool cCmdLineParser::ArgInList(int argId)
 ///////////////////////////////////////////////////////////////////////////////
 // SeekToArg
 ///////////////////////////////////////////////////////////////////////////////
-bool    cCmdLineIter::SeekToArg(int argId) const
+bool cCmdLineIter::SeekToArg(int argId) const
 {
-    for(SeekBegin(); ! Done(); Next())
+    for (SeekBegin(); !Done(); Next())
    {
-        if(ArgId() == argId)
+        if (ArgId() == argId)
            return true;
    }

    return false;
-
 }
-
--- a/src/core/cmdlineparser.h
+++ b/src/core/cmdlineparser.h
@ -1,38 +1,38 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
 ///////////////////////////////////////////////////////////////////////////////
 // cmdlineparser.h
 //
-// cCmdLineParser.h -- class that tokenizes the command line 
+// cCmdLineParser.h -- class that tokenizes the command line
 #ifndef __CMDLINEPARSER_H
 #define __CMDLINEPARSER_H

@ -49,14 +49,15 @@
 //=============================================================================
 // eCmdLine
 //=============================================================================
-TSS_EXCEPTION( eCmdLine,            eError )
-TSS_EXCEPTION( eCmdLineInvalidArg,  eCmdLine ) // an arg on the command line is not recognized
-TSS_EXCEPTION( eCmdLineBadArgParam, eCmdLine ) // wrong number of parameters to an argument
-TSS_EXCEPTION( eCmdLineBadParam,    eCmdLine ) // wrong number of paramters to the executable (not associated with any arguments)
-TSS_EXCEPTION( eCmdLineBadSwitchPos,eCmdLine ) // a '-' arg appeared after the final parameter list
-TSS_EXCEPTION( eCmdLineMutEx,       eCmdLine ) // a mutual exclusion error has occured
-TSS_EXCEPTION( eCmdLineDependency,  eCmdLine ) // a dependency error has occurred.
-TSS_EXCEPTION( eCmdLineMultiArg,    eCmdLine ) // an arg was found twice in the command line
+TSS_EXCEPTION(eCmdLine, eError)
+TSS_EXCEPTION(eCmdLineInvalidArg, eCmdLine)  // an arg on the command line is not recognized
+TSS_EXCEPTION(eCmdLineBadArgParam, eCmdLine) // wrong number of parameters to an argument
+TSS_EXCEPTION(eCmdLineBadParam,
+              eCmdLine) // wrong number of paramters to the executable (not associated with any arguments)
+TSS_EXCEPTION(eCmdLineBadSwitchPos, eCmdLine) // a '-' arg appeared after the final parameter list
+TSS_EXCEPTION(eCmdLineMutEx, eCmdLine)        // a mutual exclusion error has occured
+TSS_EXCEPTION(eCmdLineDependency, eCmdLine)   // a dependency error has occurred.
+TSS_EXCEPTION(eCmdLineMultiArg, eCmdLine)     // an arg was found twice in the command line


 /*
@ -95,93 +96,99 @@ public:

    enum ParamCount
    {
-        PARAM_NONE,     // no parameters to arg
-        PARAM_ONE,      // one parameter to arg
-        PARAM_MANY,     // zero or more paramters to arg
+        PARAM_NONE, // no parameters to arg
+        PARAM_ONE,  // one parameter to arg
+        PARAM_MANY, // zero or more paramters to arg

-        PARAM_INVALID   // top of enum
+        PARAM_INVALID // top of enum
    };

-    void AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed = false);
-        // this method should be called for each argument that can appear on the 
-        // command line. 
-        // argId -- a number that uniquely identifies the argument; no two arguments
-        //      may have the same id (ASSERT-enforced)
-        // arg   -- string that comes after the '-'. can be _T("") if there is only
-        //      a string representation
-        // alias -- string that comes after '--' which has the same meaning. Can be _T("")
-        //      if there is no alias. If both arg and alias are empty strings, then this arg
-        //      represents the list of arguments that comes at the end of the command line
-        // numParams -- number of parameters that this argument needs
+    void
+    AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed = false);
+    // this method should be called for each argument that can appear on the
+    // command line.
+    // argId -- a number that uniquely identifies the argument; no two arguments
+    //      may have the same id (ASSERT-enforced)
+    // arg   -- string that comes after the '-'. can be _T("") if there is only
+    //      a string representation
+    // alias -- string that comes after '--' which has the same meaning. Can be _T("")
+    //      if there is no alias. If both arg and alias are empty strings, then this arg
+    //      represents the list of arguments that comes at the end of the command line
+    // numParams -- number of parameters that this argument needs

    void AddMutEx(int argId1, int argId2);
-        // this adds a mutual exclusion constraint. When Parse() is called, if argId1 and 
-        // argId2 both exist on the command line, then the parse will fail and the error 
-        // value ERR_MUTUAL_EXCLUSION will be set.
+    // this adds a mutual exclusion constraint. When Parse() is called, if argId1 and
+    // argId2 both exist on the command line, then the parse will fail and the error
+    // value ERR_MUTUAL_EXCLUSION will be set.

-    void AddDependency(int argId1, int argId2, bool mutual = false );
-        // This adds a dependency constraint.   When Parse() is called, if argId1 
-        // exists on the command line independent from argId2, then the parse will fail.
-        // If the default param mutual is true, then the command parser will check for
-        // argId1 if argId2 is passed.   We do this, since it is possible for one arg to 
-        // depend on another, but have the other arg alone on the command line, legally.
+    void AddDependency(int argId1, int argId2, bool mutual = false);
+    // This adds a dependency constraint.   When Parse() is called, if argId1
+    // exists on the command line independent from argId2, then the parse will fail.
+    // If the default param mutual is true, then the command parser will check for
+    // argId1 if argId2 is passed.   We do this, since it is possible for one arg to
+    // depend on another, but have the other arg alone on the command line, legally.

-    void Parse(int argc, const TCHAR *const * argv); // throw eCmdLine
+    void Parse(int argc, const TCHAR* const* argv); // throw eCmdLine
        // after AddArg() has been called for every argument that could be processed by the
-        // command line, call this to tokenize argv. If the return value is false, then 
+        // command line, call this to tokenize argv. If the return value is false, then
        // the input was invalid in some way; the actual error can be determined by calling
        // GetErrorInfo() below.

-    void Clear();
-        // clear out all information that this class contains
+    //    void Clear();
+    // clear out all information that this class contains

    bool LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) const;
-        // given an argId, fill out the strings with the argument and alias strings. Returns false
-        // if the argId cannot be found. This method is not very fast, so don't use it often.
+    // given an argId, fill out the strings with the argument and alias strings. Returns false
+    // if the argId cannot be found. This method is not very fast, so don't use it often.

-    #ifdef _DEBUG
-    void TraceContents(int dl = -1) ;
-    #endif
+#ifdef DEBUG
+    void TraceContents(int dl = -1);
+#endif
 private:
    void TestMutEx();
-        // tests for mutual exclusion violations; if it fails, the current error is set and false
-        // is returned.
+    // tests for mutual exclusion violations; if it fails, the current error is set and false
+    // is returned.
    void TestDependency();
-        // tests for all dependency violations.
+    // tests for all dependency violations.
    bool ArgInList(int argId);
-        // returns true if an argument with the specified id already exists in the list; this is used
-        // to make sure the same arg doesn't appear >1 time on the command line
+    // returns true if an argument with the specified id already exists in the list; this is used
+    // to make sure the same arg doesn't appear >1 time on the command line

    // for storing information on paramers
    struct cArgInfo
    {
-        int         mId;
-        ParamCount  mNumParams;
+        int        mId;
+        ParamCount mNumParams;

-        cArgInfo(int i = -1, ParamCount p = PARAM_INVALID) : mId(i), mNumParams(p) {}
+        cArgInfo(int i = -1, ParamCount p = PARAM_INVALID) : mId(i), mNumParams(p)
+        {
+        }
    };
    // for storing parsed argv information
    struct cArgData
    {
-        int                     mId;
-        std::vector<TSTRING>    mParams;
-        TSTRING                 mActualParam;   // a string representation of what was actually on the command line
+        int                  mId;
+        std::vector<TSTRING> mParams;
+        TSTRING              mActualParam; // a string representation of what was actually on the command line

-        cArgData(int id = -1, const TSTRING& actualParam = TSTRING(_T(""))) : mId(id), mActualParam(actualParam) {}
+        cArgData(int id = -1, const TSTRING& actualParam = TSTRING(_T(""))) : mId(id), mActualParam(actualParam)
+        {
+        }
    };

-    cHashTable<TSTRING, cArgInfo>   mArgTable;
-    cArgInfo                        mLastArgInfo;   // info on the argument that comes at the end of the command line (with no associated '-x' or '--x')
-    std::list<cArgData>             mArgData;
-    std::list<std::pair<int,int> >  mMutExList;      // all of the mutual exclusions
-    std::list< std::pair < std::pair<int,int>, bool > > mDependencyList; // all of the dependencies
-    std::set< int >                 mMultipleAllowed;
+    cHashTable<TSTRING, cArgInfo> mArgTable;
+    cArgInfo
+                                                     mLastArgInfo; // info on the argument that comes at the end of the command line (with no associated '-x' or '--x')
+    std::list<cArgData>                              mArgData;
+    std::list<std::pair<int, int> >                  mMutExList;      // all of the mutual exclusions
+    std::list<std::pair<std::pair<int, int>, bool> > mDependencyList; // all of the dependencies
+    std::set<int>                                    mMultipleAllowed;

    friend class cCmdLineIter;
 };

 ///////////////////////////////////////////////////////////////////////////////
-// cCmdLineIter -- used to iterate over the tokenized command line parameters; 
+// cCmdLineIter -- used to iterate over the tokenized command line parameters;
 //      is only useful after cCmdLineParser::Parse() has been called.
 ///////////////////////////////////////////////////////////////////////////////
 class cCmdLineIter
@ -190,36 +197,35 @@ public:
    cCmdLineIter(const cCmdLineParser& parser);

    // iteration
-    void    SeekBegin()     const;
-    bool    Done()          const;
-    bool    IsEmpty()       const;
-    void    Next()          const;
+    void SeekBegin() const;
+    bool Done() const;
+    bool IsEmpty() const;
+    void Next() const;

-    bool    SeekToArg(int argId) const;
-        // seeks to the argument with the given argId. returns
-        // false and Done() == true if it couldn't find it.
+    bool SeekToArg(int argId) const;
+    // seeks to the argument with the given argId. returns
+    // false and Done() == true if it couldn't find it.

    // access to the argument data
-    int             ArgId()             const;
-        // returns the id of this arg; ASSERTs if Done() == true
-    int             NumParams()         const;
-        // returns the number of parameters this argument has
-    const TSTRING&  ActualParam()       const;
-        // returns exactly what was passed on the command line (ie -- what the user typed)
-    const TSTRING&  ParamAt(int index)  const;
-        // returns the parameter at the specified index. ASSERTs if
-        // the index is out of range.
+    int ArgId() const;
+    // returns the id of this arg; ASSERTs if Done() == true
+    int NumParams() const;
+    // returns the number of parameters this argument has
+    const TSTRING& ActualParam() const;
+    // returns exactly what was passed on the command line (ie -- what the user typed)
+    const TSTRING& ParamAt(int index) const;
+    // returns the parameter at the specified index. ASSERTs if
+    // the index is out of range.

 private:
-    const   std::list<cCmdLineParser::cArgData>&                mList;
+    const std::list<cCmdLineParser::cArgData>&                  mList;
    mutable std::list<cCmdLineParser::cArgData>::const_iterator mIter;
 };

 //#############################################################################
 // inline implementation
 //#############################################################################
-inline cCmdLineIter::cCmdLineIter(const cCmdLineParser& parser) :
-    mList(parser.mArgData)
+inline cCmdLineIter::cCmdLineIter(const cCmdLineParser& parser) : mList(parser.mArgData)
 {
    SeekBegin();
 }
@ -241,22 +247,22 @@ inline void cCmdLineIter::Next() const
 }
 inline int cCmdLineIter::ArgId() const
 {
-    ASSERT(! Done());
+    ASSERT(!Done());
    return mIter->mId;
 }
 inline int cCmdLineIter::NumParams() const
 {
-    ASSERT(! Done());
+    ASSERT(!Done());
    return mIter->mParams.size();
 }

-inline const TSTRING&   cCmdLineIter::ActualParam() const
+inline const TSTRING& cCmdLineIter::ActualParam() const
 {
-    ASSERT(! Done());
+    ASSERT(!Done());
    return mIter->mActualParam;
 }

-inline const TSTRING& cCmdLineIter::ParamAt(int index)  const
+inline const TSTRING& cCmdLineIter::ParamAt(int index) const
 {
    ASSERT((index >= 0) && (index < NumParams()));
    return mIter->mParams[index];
@ -264,4 +270,3 @@ inline const TSTRING& cCmdLineIter::ParamAt(int index)  const


 #endif
-
--- a/src/core/codeconvert.cpp
+++ b/src/core/codeconvert.cpp
--- a/src/core/codeconvert.h
+++ b/src/core/codeconvert.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -60,17 +60,17 @@

 /// Requirements

-#include "platform.h"       // for: Platform specific code
-#include "ntmbs.h"          // for: NTBS, NTMBS, NTWCS, and NTDBS types
+#include "platform.h" // for: Platform specific code
+#include "ntmbs.h"    // for: NTBS, NTMBS, NTWCS, and NTDBS types


 /// Exceptions

-TSS_EXCEPTION( eConverter,                      eError );
-TSS_EXCEPTION( eConverterReset,                 eConverter );
-TSS_EXCEPTION( eConverterFatal,                 eConverter );
-TSS_EXCEPTION( eConverterUnsupportedConversion, eConverter );
-TSS_EXCEPTION( eConverterUnknownCodepage,       eConverter );
+TSS_EXCEPTION(eConverter, eError);
+TSS_EXCEPTION(eConverterReset, eConverter);
+TSS_EXCEPTION(eConverterFatal, eConverter);
+TSS_EXCEPTION(eConverterUnsupportedConversion, eConverter);
+TSS_EXCEPTION(eConverterUnknownCodepage, eConverter);


 /// Classes
@ -90,43 +90,38 @@ TSS_EXCEPTION( eConverterUnknownCodepage,       eConverter );
 */
 class iCodeConverter
 {
-    public:
-
-        static iCodeConverter*  GetInstance();      // Singleton
+public:
+    static iCodeConverter* GetInstance(); // Singleton
+    static void            Finit();


-        /// Subclass Responsibilities
-        virtual
-        int 
-        Convert( 
-            ntmbs_t,                // NTMBS buffer
-            size_t,                 // Capacity in mbchar_t's (bytes)
-            const_ntdbs_t,          // null terminated two-byte wide character (UCS2 rep)
-            size_t nCount ) = 0;    // Amount to convert in dbchar_t's
-        // returns number of buffer items converted, -1 on error
-       
+    /// Subclass Responsibilities
+    virtual int Convert(ntmbs_t,            // NTMBS buffer
+                        size_t,             // Capacity in mbchar_t's (bytes)
+                        const_ntdbs_t,      // null terminated two-byte wide character (UCS2 rep)
+                        size_t nCount) = 0; // Amount to convert in dbchar_t's
+    // returns number of buffer items converted, -1 on error

-        virtual
-        int 
-        Convert( 
-            ntdbs_t,                // NTDBS (Null-terminated two byte sequence) buf
-            size_t,                 // Capacity in dbchar_t's
-            const_ntmbs_t,          // Null-terminated multi-byte sequence
-            size_t ) = 0;           // Capacity in mbchar_t's (bytes)
-        // returns number of buffer items converted, -1 on error

-    protected:
+    virtual int Convert(ntdbs_t,       // NTDBS (Null-terminated two byte sequence) buf
+                        size_t,        // Capacity in dbchar_t's
+                        const_ntmbs_t, // Null-terminated multi-byte sequence
+                        size_t) = 0;   // Capacity in mbchar_t's (bytes)
+    // returns number of buffer items converted, -1 on error

-        iCodeConverter() {}
-        virtual ~iCodeConverter() {}
-    
-    private:
+protected:
+    iCodeConverter()
+    {
+    }
+    virtual ~iCodeConverter()
+    {
+    }

-        static iCodeConverter* CreateConverter();
-        static iCodeConverter* CreateGoodEnoughConverter();
-
-        static iCodeConverter* m_pInst;
+private:
+    static iCodeConverter* CreateConverter();
+    static iCodeConverter* CreateGoodEnoughConverter();

+    static iCodeConverter* m_pInst;
 };


@ -137,74 +132,70 @@ class iCodeConverter
 #ifdef HAVE_ICONV_H
 #include <iconv.h>

-#ifdef HAVE_LANGINFO_H
-#ifndef __USE_XOPEN
-#define __USE_XOPEN 1
-#endif
-#include <langinfo.h>
-#endif
+#    ifdef HAVE_LANGINFO_H
+#        ifndef __USE_XOPEN
+#            define __USE_XOPEN 1
+#        endif
+#        include <langinfo.h>
+#    endif

 class cIconvUtil
 {
-    public:
-
-        static const char*  GetCodePageID(); // gets code page id for current locale, throws if error
-        static bool         GetCodePageID( const char** ppCP );
-        static const char*  GetIconvDbIdentifier();
-        static const char*  GetMiddleIdentifier();
-        static void         ResetConverter( iconv_t );
-        static bool         TestConverter( const char* pTo, const char* pFrom );
-        static iconv_t      OpenHandle(    const char* pTo, const char* pFrom ); // throws
-        static void         CloseHandle( iconv_t ic );
+public:
+    static const char* GetCodePageID(); // gets code page id for current locale, throws if error
+    static bool        GetCodePageID(const char** ppCP);
+    static const char* GetIconvDbIdentifier();
+    static const char* GetMiddleIdentifier();
+    static void        ResetConverter(iconv_t);
+    static bool        TestConverter(const char* pTo, const char* pFrom);
+    static iconv_t     OpenHandle(const char* pTo, const char* pFrom); // throws
+    static void        CloseHandle(iconv_t ic);
 };


 class cIconvConverter : public iCodeConverter
 {
-    public:
+public:
+    static bool Test(); // is there a conversion for the current codepage?

-        static  bool Test(); // is there a conversion for the current codepage?
+    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);

-        virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-        virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
+    cIconvConverter();
+    virtual ~cIconvConverter();

-        cIconvConverter();
-        virtual ~cIconvConverter();
+private:
+    void Init();

-    private:
-        void Init();
-    
-        iconv_t icToDb;
-        iconv_t icFromDb;
+    iconv_t icToDb;
+    iconv_t icFromDb;
 };

 class cDoubleIconvConverter : public iCodeConverter
 {
-    public:
+public:
+    static bool Test(); // is there a conversion for the current codepage?

-        static  bool Test(); // is there a conversion for the current codepage?
+    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);

-        virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-        virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
+    cDoubleIconvConverter();
+    virtual ~cDoubleIconvConverter();

-        cDoubleIconvConverter();
-        virtual ~cDoubleIconvConverter();
+private:
+    void Init();

-    private:
+    iconv_t icMbToUTF8;
+    iconv_t icUTF8ToDb;

-        void Init();    
-        
-        iconv_t icMbToUTF8;
-        iconv_t icUTF8ToDb;
-        
-        iconv_t icDbToUTF8;
-        iconv_t icUTF8ToMb;
+    iconv_t icDbToUTF8;
+    iconv_t icUTF8ToMb;
 };

 #endif // HAVE_ICONV_H


-/// QUESTION:RAD -- Why not just have one platform-specific of the below 
+/// QUESTION:RAD -- Why not just have one platform-specific of the below

 //- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 // cWcharIs32BitUcs2Converterer
@ -212,16 +203,18 @@ class cDoubleIconvConverter : public iCodeConverter

 #if WCHAR_IS_32_BITS

-// TODO:BAM -- this is not really correct!  Convert will not honor nSource!!  
+// TODO:BAM -- this is not really correct!  Convert will not honor nSource!!
 // it looks for the first null char!

 class cWcharIs32BitUcs2Converterer : public iCodeConverter
 {
-public:    
-    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    
-    virtual ~cWcharIs32BitUcs2Converterer() {}
+public:
+    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+
+    virtual ~cWcharIs32BitUcs2Converterer()
+    {
+    }
 };

 #endif // WCHAR_IS_32_BITS
@ -232,16 +225,18 @@ public:

 #if WCHAR_IS_16_BITS

-// TODO:BAM -- this is not really correct!  Convert will not honor nSource!!  
+// TODO:BAM -- this is not really correct!  Convert will not honor nSource!!
 // it looks for the first null char!

 class cWcharIs16BitUcs2Converterer : public iCodeConverter
 {
-public:    
-    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    
-    virtual ~cWcharIs16BitUcs2Converterer() {}
+public:
+    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+
+    virtual ~cWcharIs16BitUcs2Converterer()
+    {
+    }
 };

 #endif // WCHAR_IS_16_BITS
@ -250,31 +245,33 @@ public:
 // converts mbchars > 0x7F to our reserved space
 class cGoodEnoughConverterer : public iCodeConverter
 {
-public:    
-    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    
-    virtual ~cGoodEnoughConverterer() {}
+public:
+    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+
+    virtual ~cGoodEnoughConverterer()
+    {
+    }
 };


 class cConvertUtil
 {
-    enum 
-    { 
+    enum
+    {
        TSS_UCS2_RESERVED_START = 0xE800u, // E000-E8FF is private use range, but
        TSS_UCS2_RESERVED_END   = 0xE8FFu, // SJIS and EUC use E000-E757
        TSS_HIGH_ASCII_START    = 0x0080u,
        TSS_HIGH_ASCII_END      = 0x00FFu
    };
-public:
-    static dbchar_t ConvertNonChar( mbchar_t ch );
-    static mbchar_t ConvertNonChar( dbchar_t ch );

-    static bool     ValueInReservedRange( mbchar_t ch );
-    static bool     ValueInReservedRange( dbchar_t ch );
+public:
+    static dbchar_t ConvertNonChar(mbchar_t ch);
+    static mbchar_t ConvertNonChar(dbchar_t ch);
+
+    static bool ValueInReservedRange(mbchar_t ch);
+    static bool ValueInReservedRange(dbchar_t ch);
 };


 #endif //__CODECONVERT_H
-
--- a/src/core/core.cpp
+++ b/src/core/core.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -39,26 +39,28 @@
 #include "core.h"
 #include "coreerrors.h"

-#include "codeconvert.h"        // for: iCodeConverter::GetInstance
-#include "twlocale.h"           // for: cTWLocale::InitGlobalLocale
+#include "codeconvert.h" // for: iCodeConverter::GetInstance
+#include "twlocale.h"    // for: cTWLocale::InitGlobalLocale

-TSS_ImplementPackage( cCore )
+TSS_ImplementPackage(cCore)

 cCore::cCore()
 {
-    TSS_REGISTER_PKG_ERRORS( core );
+    TSS_REGISTER_PKG_ERRORS(core);

    // NOTE: Initialize code converter when cCore is a dependency
    // of another package (created on first call to GetInstance(),
    // forcing creation here to hasten the display of any errors)

-    cDebug::SetDebugLevel( cDebug::D_DEBUG );
-    cDebug::AddOutTarget( cDebug::OUT_STDOUT );
+    cDebug::SetDebugLevel(cDebug::D_DEBUG);
+    cDebug::AddOutTarget(cDebug::OUT_STDOUT);

    cTWLocale::InitGlobalLocale();

    iCodeConverter::GetInstance();
 }

-
-// eof: core.cpp
+cCore::~cCore()
+{
+    iCodeConverter::Finit();
+}
--- a/src/core/core.h
+++ b/src/core/core.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -43,19 +43,18 @@

 //--Requirements

-#include "package.h"    // for: Packaging Abstraction
+#include "package.h" // for: Packaging Abstraction

 //--Classes

-TSS_BeginPackage( cCore )
+TSS_BeginPackage(cCore)

    TSS_DECLARE_STRINGTABLE;

-    public:
+public:
+cCore();
+~cCore();

-        cCore();
-
-TSS_EndPackage( cCore )
+TSS_EndPackage(cCore)

 #endif //__CORE_H
-
--- a/src/core/coreerrors.cpp
+++ b/src/core/coreerrors.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -49,120 +49,118 @@
 #include "ntmbs.h"
 #include "displayencoder.h"

-TSS_BEGIN_ERROR_REGISTRATION( core )
+TSS_BEGIN_ERROR_REGISTRATION(core)

 /// Internal

-TSS_REGISTER_ERROR( eInternal(),        _T("Internal error.") )
+TSS_REGISTER_ERROR(eInternal(), _T("Internal error."))


 /// General

-TSS_REGISTER_ERROR( eErrorGeneral(),    _T("General Error") );
-TSS_REGISTER_ERROR( eOpen(),            _T("File could not be opened.") );
-TSS_REGISTER_ERROR( eOpenRead(),        _T("File could not be opened for reading.") );
-TSS_REGISTER_ERROR( eOpenWrite(),       _T("File could not be opened for writing.") );
-TSS_REGISTER_ERROR( eBadModeSwitch(),   _T("Unknown mode specified.") );
-TSS_REGISTER_ERROR( eBadCmdLine(),      _T("Command line error.") );
+TSS_REGISTER_ERROR(eErrorGeneral(), _T("General Error"));
+TSS_REGISTER_ERROR(eOpen(), _T("File could not be opened."));
+TSS_REGISTER_ERROR(eOpenRead(), _T("File could not be opened for reading."));
+TSS_REGISTER_ERROR(eOpenWrite(), _T("File could not be opened for writing."));
+TSS_REGISTER_ERROR(eBadModeSwitch(), _T("Unknown mode specified."));
+TSS_REGISTER_ERROR(eBadCmdLine(), _T("Command line error."));


-/// Archive 
+/// Archive

-TSS_REGISTER_ERROR( eArchive(),         _T("Archive error.") )
-TSS_REGISTER_ERROR( eArchiveOpen(),     _T("File could not be opened.") )
-TSS_REGISTER_ERROR( eArchiveWrite(),    _T("File could not be written.") )
-TSS_REGISTER_ERROR( eArchiveRead(),     _T("File could not be read.") )
-TSS_REGISTER_ERROR( eArchiveEOF(),      _T("End of file reached.") )
-TSS_REGISTER_ERROR( eArchiveSeek(),     _T("File seek failed.") )
-TSS_REGISTER_ERROR( eArchiveMemmap(),   _T("Memory mapped archive file invalid.") )
-TSS_REGISTER_ERROR( eArchiveOutOfMem(), _T("Archive ran out of memory.") )
-TSS_REGISTER_ERROR( eArchiveInvalidOp(),_T("Archive logic error.") )
-TSS_REGISTER_ERROR( eArchiveFormat(),   _T("Archive file format invalid.") )
-TSS_REGISTER_ERROR( eArchiveNotRegularFile(), _T("File is not a regular file.") )
-TSS_REGISTER_ERROR( eArchiveCrypto(),   _T("File could not be decrypted.") )
-TSS_REGISTER_ERROR( eArchiveStringTooLong(),    _T("String was too long.") )
+TSS_REGISTER_ERROR(eArchive(), _T("Archive error."))
+TSS_REGISTER_ERROR(eArchiveOpen(), _T("File could not be opened."))
+TSS_REGISTER_ERROR(eArchiveWrite(), _T("File could not be written."))
+TSS_REGISTER_ERROR(eArchiveRead(), _T("File could not be read."))
+TSS_REGISTER_ERROR(eArchiveEOF(), _T("End of file reached."))
+TSS_REGISTER_ERROR(eArchiveSeek(), _T("File seek failed."))
+TSS_REGISTER_ERROR(eArchiveMemmap(), _T("Memory mapped archive file invalid."))
+TSS_REGISTER_ERROR(eArchiveOutOfMem(), _T("Archive ran out of memory."))
+TSS_REGISTER_ERROR(eArchiveInvalidOp(), _T("Archive logic error."))
+TSS_REGISTER_ERROR(eArchiveFormat(), _T("Archive file format invalid."))
+TSS_REGISTER_ERROR(eArchiveNotRegularFile(), _T("File is not a regular file."))
+TSS_REGISTER_ERROR(eArchiveCrypto(), _T("File could not be decrypted."))
+TSS_REGISTER_ERROR(eArchiveStringTooLong(), _T("String was too long."))


 /// File

-TSS_REGISTER_ERROR( eFile(),            _T("File error.") )
-TSS_REGISTER_ERROR( eFileOpen(),        _T("File could not be opened.") )
-TSS_REGISTER_ERROR( eFileWrite(),       _T("File could not be written.") )
-TSS_REGISTER_ERROR( eFileRead(),        _T("File could not be read.") )
-TSS_REGISTER_ERROR( eFileEOF(),         _T("End of file reached.") )
-TSS_REGISTER_ERROR( eFileSeek(),        _T("File seek failed.") )
-TSS_REGISTER_ERROR( eFileInvalidOp(),   _T("File logic error.") )
-TSS_REGISTER_ERROR( eFileTrunc(),       _T("File could not be truncated.") )
-TSS_REGISTER_ERROR( eFileClose(),       _T("File could not be closed.") )
-TSS_REGISTER_ERROR( eFileFlush(),       _T("File could not be flushed.") )
-TSS_REGISTER_ERROR( eFileRewind(),      _T("File could not be rewound.") )
+TSS_REGISTER_ERROR(eFile(), _T("File error."))
+TSS_REGISTER_ERROR(eFileOpen(), _T("File could not be opened."))
+TSS_REGISTER_ERROR(eFileWrite(), _T("File could not be written."))
+TSS_REGISTER_ERROR(eFileRead(), _T("File could not be read."))
+TSS_REGISTER_ERROR(eFileEOF(), _T("End of file reached."))
+TSS_REGISTER_ERROR(eFileSeek(), _T("File seek failed."))
+TSS_REGISTER_ERROR(eFileInvalidOp(), _T("File logic error."))
+TSS_REGISTER_ERROR(eFileTrunc(), _T("File could not be truncated."))
+TSS_REGISTER_ERROR(eFileClose(), _T("File could not be closed."))
+TSS_REGISTER_ERROR(eFileFlush(), _T("File could not be flushed."))
+TSS_REGISTER_ERROR(eFileRewind(), _T("File could not be rewound."))


-/// Win32
+/// General API failures
+TSS_REGISTER_ERROR(eUnix(), _T("Unix API failure."))

-#if IS_UNIX
-TSS_REGISTER_ERROR(eUnix(),               _T("Unix API failure.") )
-#endif

 /// FSServices

-TSS_REGISTER_ERROR( eFSServices(),       _T("File system error.") )
-TSS_REGISTER_ERROR( eFSServicesGeneric(),_T("File system error.") )
+TSS_REGISTER_ERROR(eFSServices(), _T("File system error."))
+TSS_REGISTER_ERROR(eFSServicesGeneric(), _T("File system error."))


 /// Serializer

-TSS_REGISTER_ERROR( eSerializerUnknownType(),           _T("Unknown type encountered in file.\nFile format may not be valid for this platform.") )
-TSS_REGISTER_ERROR( eSerializerInputStreamFmt(),        _T("Invalid input stream format.") )
-TSS_REGISTER_ERROR( eSerializerOutputStreamFmt(),       _T("Invalid output stream format.") )
-TSS_REGISTER_ERROR( eSerializerInputStremTypeArray(),   _T("A bad index was encountered in file.") )
-TSS_REGISTER_ERROR( eSerializerArchive(),               _T("File read encountered an archive error.") )
-TSS_REGISTER_ERROR( eSerializerVersionMismatch(),       _T("File version mismatch.") )
-TSS_REGISTER_ERROR( eSerializerEncryption(),            _T("File encryption error.") )
-TSS_REGISTER_ERROR( eSerializer(),                      _T("File format error.") )
+TSS_REGISTER_ERROR(eSerializerUnknownType(),
+                   _T("Unknown type encountered in file.\nFile format may not be valid for this platform."))
+TSS_REGISTER_ERROR(eSerializerInputStreamFmt(), _T("Invalid input stream format."))
+TSS_REGISTER_ERROR(eSerializerOutputStreamFmt(), _T("Invalid output stream format."))
+TSS_REGISTER_ERROR(eSerializerInputStremTypeArray(), _T("A bad index was encountered in file."))
+TSS_REGISTER_ERROR(eSerializerArchive(), _T("File read encountered an archive error."))
+TSS_REGISTER_ERROR(eSerializerVersionMismatch(), _T("File version mismatch."))
+TSS_REGISTER_ERROR(eSerializerEncryption(), _T("File encryption error."))
+TSS_REGISTER_ERROR(eSerializer(), _T("File format error."))


 /// Command Line

-TSS_REGISTER_ERROR( eCmdLine(),             _T("Command line parsing error.") )
-TSS_REGISTER_ERROR( eCmdLineInvalidArg(),   _T("Invalid argument passed on command line.") )
-TSS_REGISTER_ERROR( eCmdLineBadArgParam(),  _T("Incorrect number of parameters to a command line argument.") )
-TSS_REGISTER_ERROR( eCmdLineBadParam(),     _T("Incorrect number of parameters on command line.") )
-TSS_REGISTER_ERROR( eCmdLineBadSwitchPos(), _T("Switch appears after final command line parameter.") )
-TSS_REGISTER_ERROR( eCmdLineMutEx(),        _T("Specified command line switches are mutually exclusive.") )
-TSS_REGISTER_ERROR( eCmdLineDependency(),   _T("Command line parameter missing.") )
-TSS_REGISTER_ERROR( eCmdLineMultiArg(),     _T("Command line argument specified more than once.") )
+TSS_REGISTER_ERROR(eCmdLine(), _T("Command line parsing error."))
+TSS_REGISTER_ERROR(eCmdLineInvalidArg(), _T("Invalid argument passed on command line."))
+TSS_REGISTER_ERROR(eCmdLineBadArgParam(), _T("Incorrect number of parameters to a command line argument."))
+TSS_REGISTER_ERROR(eCmdLineBadParam(), _T("Incorrect number of parameters on command line."))
+TSS_REGISTER_ERROR(eCmdLineBadSwitchPos(), _T("Switch appears after final command line parameter."))
+TSS_REGISTER_ERROR(eCmdLineMutEx(), _T("Specified command line switches are mutually exclusive."))
+TSS_REGISTER_ERROR(eCmdLineDependency(), _T("Command line parameter missing."))
+TSS_REGISTER_ERROR(eCmdLineMultiArg(), _T("Command line argument specified more than once."))


 /// TWLocale

-TSS_REGISTER_ERROR( eTWLocale(),            _T("Localization error.") )
-TSS_REGISTER_ERROR( eTWLocaleBadNumFormat(),_T("Bad number format.") )
+TSS_REGISTER_ERROR(eTWLocale(), _T("Localization error."))
+TSS_REGISTER_ERROR(eTWLocaleBadNumFormat(), _T("Bad number format."))


 /// Character Handling (defined in ntmbs.h)

-TSS_REGISTER_ERROR( eCharacter(),               _T("General Character Handling Error.") )
-TSS_REGISTER_ERROR( eCharacterEncoding(),       _T("Character Encoding Error.") )
+TSS_REGISTER_ERROR(eCharacter(), _T("General Character Handling Error."))
+TSS_REGISTER_ERROR(eCharacterEncoding(), _T("Character Encoding Error."))


 /// Character Conversion Handling (defined in <codeconvert.h>)

-TSS_REGISTER_ERROR( eConverter(),                       _T("General conversion error.") )
-TSS_REGISTER_ERROR( eConverterReset(),                  _T("Converter handle could not be reset.") )
-TSS_REGISTER_ERROR( eConverterFatal(),                  _T("Catastrophic conversion error.") )
-TSS_REGISTER_ERROR( eConverterUnsupportedConversion(),  _T("Unsupported character conversion.") )
-TSS_REGISTER_ERROR( eConverterUnknownCodepage(),        _T("Could not identify code page.") )
+TSS_REGISTER_ERROR(eConverter(), _T("General conversion error."))
+TSS_REGISTER_ERROR(eConverterReset(), _T("Converter handle could not be reset."))
+TSS_REGISTER_ERROR(eConverterFatal(), _T("Catastrophic conversion error."))
+TSS_REGISTER_ERROR(eConverterUnsupportedConversion(), _T("Unsupported character conversion."))
+TSS_REGISTER_ERROR(eConverterUnknownCodepage(), _T("Could not identify code page."))

 //
 // Display Encoder
 //

-TSS_REGISTER_ERROR( eEncoder(),                 _T("Display encoder error.") )
-TSS_REGISTER_ERROR( eBadDecoderInput(),         _T("Bad input to display encoder.") )
-TSS_REGISTER_ERROR( eBadHexConversion(),        _T("Bad hex conversion in display encoder.") )
-TSS_REGISTER_ERROR( eUnknownEscapeEncoding(),   _T("Unknown encoding in display encoder input.") )
+TSS_REGISTER_ERROR(eEncoder(), _T("Display encoder error."))
+TSS_REGISTER_ERROR(eBadDecoderInput(), _T("Bad input to display encoder."))
+TSS_REGISTER_ERROR(eBadHexConversion(), _T("Bad hex conversion in display encoder."))
+TSS_REGISTER_ERROR(eUnknownEscapeEncoding(), _T("Unknown encoding in display encoder input."))


 TSS_END_ERROR_REGISTRATION()
-
--- a/src/core/coreerrors.h
+++ b/src/core/coreerrors.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -41,8 +41,7 @@

 #include "core/errortable.h"

-TSS_DECLARE_ERROR_REGISTRATION( core )
-    
+TSS_DECLARE_ERROR_REGISTRATION(core)

-#endif//__COREERRORS_H

+#endif //__COREERRORS_H
--- a/src/core/corestrings.cpp
+++ b/src/core/corestrings.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -35,39 +35,35 @@
 // Creator.: Robert DiFalco (rdifalco)
 //

-#include "stdcore.h"            // for: pch (required by all core source modules)
-#include "corestrings.h"        // for: cCore and core::STR_IDS
+#include "stdcore.h"     // for: pch (required by all core source modules)
+#include "corestrings.h" // for: cCore and core::STR_IDS


-TSS_BeginStringtable( cCore )
+TSS_BeginStringtable(cCore)

-    TSS_StringEntry( core::STR_ERR2_ARCH_CRYPTO_ERR, _T("File could not be decrypted.") ),
-    TSS_StringEntry( core::STR_ERR2_BAD_ARG_PARAMS,  _T("Argument: ") ), 
-    TSS_StringEntry( core::STR_ERROR_ERROR,          _T("### Error") ),
-    TSS_StringEntry( core::STR_ERROR_WARNING,        _T("### Warning") ),
-    TSS_StringEntry( core::STR_ERROR_COLON,          _T(":") ),
-    TSS_StringEntry( core::STR_ERROR_HEADER,         _T("### ") ),
-    TSS_StringEntry( core::STR_ERROR_EXITING,        _T("Exiting...") ),
-    TSS_StringEntry( core::STR_ERROR_CONTINUING,     _T("Continuing...") ),
-    TSS_StringEntry( core::STR_ERR2_FILENAME,        _T("Filename: ") ),
-    TSS_StringEntry( core::STR_ERROR_FILENAME,       _T("Filename: ") ),
-    TSS_StringEntry( core::STR_UNKNOWN,              _T("Unknown") ),
-    TSS_StringEntry( core::STR_NUMBER_TOO_BIG,       _T("Number too big") ),
-    TSS_StringEntry( core::STR_SIGNAL,               _T("Software interrupt forced exit:") ),
-    TSS_StringEntry( core::STR_NEWLINE,              _T("\n") ),
-    TSS_StringEntry( core::STR_MEMARCHIVE_FILENAME,  _T("Error occured in internal memory file") ),
-    TSS_StringEntry( core::STR_MEMARCHIVE_ERRSTR,    _T("") ),
-    TSS_StringEntry( core::STR_ENDOFTIME,            _T("Tripwire is not designed to run past the year 2038.\nNow exiting...") ),
-    TSS_StringEntry( core::STR_UNKNOWN_TIME,         _T("Unknown time") ),
-    TSS_StringEntry( core::STR_BAD_TEMPDIRECTORY,    _T("Solution: Check existence/permissions for directory specified by TEMPDIRECTORY in config file") ),
+    TSS_StringEntry(core::STR_ERR2_ARCH_CRYPTO_ERR, _T("File could not be decrypted.")),
+    TSS_StringEntry(core::STR_ERR2_BAD_ARG_PARAMS, _T("Argument: ")),
+    TSS_StringEntry(core::STR_ERROR_ERROR, _T("### Error")),
+    TSS_StringEntry(core::STR_ERROR_WARNING, _T("### Warning")), TSS_StringEntry(core::STR_ERROR_COLON, _T(":")),
+    TSS_StringEntry(core::STR_ERROR_HEADER, _T("### ")), TSS_StringEntry(core::STR_ERROR_EXITING, _T("Exiting...")),
+    TSS_StringEntry(core::STR_ERROR_CONTINUING, _T("Continuing...")),
+    TSS_StringEntry(core::STR_ERR2_FILENAME, _T("Filename: ")),
+    TSS_StringEntry(core::STR_ERROR_FILENAME, _T("Filename: ")), TSS_StringEntry(core::STR_UNKNOWN, _T("Unknown")),
+    TSS_StringEntry(core::STR_NUMBER_TOO_BIG, _T("Number too big")),
+    TSS_StringEntry(core::STR_SIGNAL, _T("Software interrupt forced exit:")),
+    TSS_StringEntry(core::STR_NEWLINE, _T("\n")),
+    TSS_StringEntry(core::STR_MEMARCHIVE_FILENAME, _T("Error occured in internal memory file")),
+    TSS_StringEntry(core::STR_MEMARCHIVE_ERRSTR, _T("")),
+    TSS_StringEntry(core::STR_ENDOFTIME, _T("Tripwire is not designed to run past the year 2038.\nNow exiting...")),
+    TSS_StringEntry(core::STR_UNKNOWN_TIME, _T("Unknown time")),
+    TSS_StringEntry(
+        core::STR_BAD_TEMPDIRECTORY,
+        _T("Solution: Check existence/permissions for directory specified by TEMPDIRECTORY in config file")),
    /// Particularly useful for eCharacter and eCharacterEncoding

-    TSS_StringEntry( core::STR_ERR_ISNULL,    _T("Argument cannot be null.") ),
-    TSS_StringEntry( core::STR_ERR_OVERFLOW,  _T("An overflow has been detected.") ),
-    TSS_StringEntry( core::STR_ERR_UNDERFLOW, _T("An underflow has been detected.") ),
-    TSS_StringEntry( core::STR_ERR_BADCHAR,   _T("Input contained an invalid character.") )
+    TSS_StringEntry(core::STR_ERR_ISNULL, _T("Argument cannot be null.")),
+    TSS_StringEntry(core::STR_ERR_OVERFLOW, _T("An overflow has been detected.")),
+    TSS_StringEntry(core::STR_ERR_UNDERFLOW, _T("An underflow has been detected.")),
+    TSS_StringEntry(core::STR_ERR_BADCHAR, _T("Input contained an invalid character."))

-TSS_EndStringtable( cCore )
-
-
-// eof: corestrings.cpp
+        TSS_EndStringtable(cCore)
--- a/src/core/corestrings.h
+++ b/src/core/corestrings.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -40,42 +40,24 @@
 #define __CORESTRINGS_H


-#include "core.h"    // for: STRINGTABLE syntax
+#include "core.h" // for: STRINGTABLE syntax


 //--Message Keys

-TSS_BeginStringIds( core )
-    
+TSS_BeginStringIds(core)
+
    STR_ERR2_ARCH_CRYPTO_ERR,
-    STR_ERR2_BAD_ARG_PARAMS,
-    STR_ERROR_ERROR,
-    STR_ERROR_WARNING,
-    STR_ERROR_COLON,
-    STR_ERROR_HEADER,
-    STR_ERROR_EXITING,
-    STR_ERROR_CONTINUING,
-    STR_ERR2_FILENAME,
-    STR_ERROR_FILENAME,
-    STR_NUMBER_TOO_BIG,
-    STR_UNKNOWN,
-    STR_SIGNAL,
-    STR_NEWLINE,
-    STR_MEMARCHIVE_FILENAME,
-    STR_MEMARCHIVE_ERRSTR,
-    STR_ENDOFTIME,
-    STR_UNKNOWN_TIME,
-    STR_BAD_TEMPDIRECTORY,
+    STR_ERR2_BAD_ARG_PARAMS, STR_ERROR_ERROR, STR_ERROR_WARNING, STR_ERROR_COLON, STR_ERROR_HEADER, STR_ERROR_EXITING,
+    STR_ERROR_CONTINUING, STR_ERR2_FILENAME, STR_ERROR_FILENAME, STR_NUMBER_TOO_BIG, STR_UNKNOWN, STR_SIGNAL,
+    STR_NEWLINE, STR_MEMARCHIVE_FILENAME, STR_MEMARCHIVE_ERRSTR, STR_ENDOFTIME, STR_UNKNOWN_TIME, STR_BAD_TEMPDIRECTORY,

    /// Particularly useful for eCharacterSet and eCharacterEncoding

-    STR_ERR_ISNULL,
-    STR_ERR_OVERFLOW,
-    STR_ERR_UNDERFLOW,
+    STR_ERR_ISNULL, STR_ERR_OVERFLOW, STR_ERR_UNDERFLOW,
    STR_ERR_BADCHAR

-TSS_EndStringIds( core )
+    TSS_EndStringIds(core)


 #endif //__CORESTRINGS_H
-
--- a/src/core/crc32.cpp
+++ b/src/core/crc32.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
--- a/src/core/crc32.h
+++ b/src/core/crc32.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
--- a/src/core/debug.cpp
+++ b/src/core/debug.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -37,17 +37,17 @@

 #ifdef DEBUG

-#ifndef va_start
-#include <cstdarg>
-#endif
+#    ifndef va_start
+#        include <cstdarg>
+#    endif
 #include <cwchar>
 #include <fstream>
 #include <cstdio>

-int     cDebug::mDebugLevel(10);
-uint32  cDebug::mOutMask(cDebug::OUT_TRACE);
+int           cDebug::mDebugLevel(10);
+uint32        cDebug::mOutMask(cDebug::OUT_TRACE);
 std::ofstream cDebug::logfile;
-    //mDebugLevel default == 10, mOutMask default == OUT_TRACE.
+//mDebugLevel default == 10, mOutMask default == OUT_TRACE.

 ///////////////////////////////////////////////////////////////////////////////
 //  Constructors and Destructor
@ -61,32 +61,31 @@ cDebug::cDebug(const char* label)
    mLabel[cnt] = '\0';
 }

-cDebug::cDebug(const cDebug &rhs)
+cDebug::cDebug(const cDebug& rhs)
 {
-    strcpy(mLabel, rhs.mLabel);
+    strncpy(mLabel, rhs.mLabel, MAX_LABEL);
 }

 cDebug::~cDebug()
 {
-    if(logfile)
+    if (logfile)
        logfile.close();
 }
 ///////////////////////////////////////////////////////////////////////////////

 ///////////////////////////////////////////////////////////////////////////////
 // Trace -- Outputs a format string only if the passed integer value is <=
-// the "global debug level" (indicated by mDebugLevel).  
+// the "global debug level" (indicated by mDebugLevel).
 ///////////////////////////////////////////////////////////////////////////////
 void cDebug::Trace(int levelNum, const char* format, ...)
 {
    if (levelNum > mDebugLevel)
        return;
-    // create the output buffer 
+    // create the output buffer
    va_list args;
    va_start(args, format);
    DoTrace(format, args);
    va_end(args);
-
 }


@ -96,13 +95,13 @@ void cDebug::Trace(int levelNum, const char* format, ...)
 //      console, etc...
 ///////////////////////////////////////////////////////////////////////////////

-void cDebug::DoTrace(const char *format, va_list &args)
+void cDebug::DoTrace(const char* format, va_list& args)
 {
    size_t guard1 = 0xBABABABA;
-    char out[2048];
+    char   out[2048];
    size_t guard2 = 0xBABABABA;

-    vsprintf(out, format, args);
+    vsnprintf(out, 2048, format, args);

    ASSERT(guard1 == 0xBABABABA && guard2 == 0xBABABABA); // string was too long
    ASSERT(strlen(out) < 1024);
@ -135,14 +134,14 @@ void cDebug::DoTrace(const char *format, va_list &args)
        logfile.flush();
    }
 }
-#ifdef DEBUG
+#    ifdef DEBUG

 //
 // wrappers around Trace() that requires less typing
 //      TODO: this is quick and dirty, but lets me check in all these files right away.  --ghk
 //

-void cDebug::TraceAlways(const char *format, ...)
+void cDebug::TraceAlways(const char* format, ...)
 {
    if (D_ALWAYS > mDebugLevel)
        return;
@ -154,7 +153,7 @@ void cDebug::TraceAlways(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceError(const char *format, ...)
+void cDebug::TraceError(const char* format, ...)
 {
    if (D_ERROR > mDebugLevel)
        return;
@ -166,7 +165,7 @@ void cDebug::TraceError(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceWarning(const char *format, ...)
+void cDebug::TraceWarning(const char* format, ...)
 {
    if (D_WARNING > mDebugLevel)
        return;
@ -178,7 +177,7 @@ void cDebug::TraceWarning(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceDebug(const char *format, ...)
+void cDebug::TraceDebug(const char* format, ...)
 {
    if (D_DEBUG > mDebugLevel)
        return;
@ -190,7 +189,7 @@ void cDebug::TraceDebug(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceDetail(const char *format, ...)
+void cDebug::TraceDetail(const char* format, ...)
 {
    if (D_DETAIL > mDebugLevel)
        return;
@ -202,7 +201,7 @@ void cDebug::TraceDetail(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceNever(const char *format, ...)
+void cDebug::TraceNever(const char* format, ...)
 {
    if (D_NEVER > mDebugLevel)
        return;
@ -214,15 +213,15 @@ void cDebug::TraceNever(const char *format, ...)
    va_end(args);
 }

-void cDebug::TraceVaArgs( int iDebugLevel, const char *format, va_list &args )
+void cDebug::TraceVaArgs(int iDebugLevel, const char* format, va_list& args)
 {
-    if ( iDebugLevel <= mDebugLevel )
-        DoTrace( format, args);
+    if (iDebugLevel <= mDebugLevel)
+        DoTrace(format, args);
 }
-#endif // DEBUG
+#    endif // DEBUG

 ///////////////////////////////////////////////////////////////////////////////
-//  AddOutTarget -- Attempts to add a new target for trace/debug output.  
+//  AddOutTarget -- Attempts to add a new target for trace/debug output.
 //  FAILS ONLY IF caller attempts to SET OUT_FILE via this function.
 ///////////////////////////////////////////////////////////////////////////////
 bool cDebug::AddOutTarget(OutTarget target)
@ -231,7 +230,8 @@ bool cDebug::AddOutTarget(OutTarget target)
        mOutMask |= OUT_STDOUT;
    if (target == OUT_TRACE)
        mOutMask |= OUT_TRACE;
-    if (target == OUT_FILE) {
+    if (target == OUT_FILE)
+    {
        mOutMask |= OUT_FILE;
        return false;
    }
@ -259,7 +259,7 @@ bool cDebug::RemoveOutTarget(OutTarget target)
 ///////////////////////////////////////////////////////////////////////////////
 bool cDebug::HasOutTarget(OutTarget target)
 {
-    
+
    if (target == OUT_STDOUT)
        return ((mOutMask & OUT_STDOUT) != 0);
    else if (target == OUT_TRACE)
@ -271,25 +271,27 @@ bool cDebug::HasOutTarget(OutTarget target)
 }

 ///////////////////////////////////////////////////////////////////////////////
-// SetOutputFile -- Attempts to set the output file for Logfile member to 
+// SetOutputFile -- Attempts to set the output file for Logfile member to
 // the string passed in.
 ///////////////////////////////////////////////////////////////////////////////
 bool cDebug::SetOutputFile(const char* filename)
 {
-    // TODO -- make sure this does the right thing if a log file is 
+    // TODO -- make sure this does the right thing if a log file is
    // already open!
-    // TODO -- make this work with wide chars   
+    // TODO -- make this work with wide chars
    if (!logfile)
        logfile.open(filename, std::ios_base::out | std::ios_base::ate | std::ios_base::app);
    else
        logfile.setf(std::ios_base::hex, std::ios_base::basefield);
-            //make sure info. will not be clobbered.
+    //make sure info. will not be clobbered.

    //Should be open now- if not, abort.
-    if (!logfile) {
+    if (!logfile)
+    {
        mOutMask ^= OUT_FILE;
        return false;
-    } else
+    }
+    else
        mOutMask |= OUT_FILE;
    return true;
 }
@ -298,18 +300,18 @@ bool cDebug::SetOutputFile(const char* filename)
 // DebugOut -- Works just like TRACE. note: there is an internal buffer size
 // of 1024; traces larger than that will have unpredictable results.
 //////////////////////////////////////////////////////////////////////////////
-void cDebug::DebugOut( const char* lpOutputString, ... )
+void cDebug::DebugOut(const char* lpOutputString, ...)
 {
    char buf[2048];
-    // create the output buffer 
+    // create the output buffer
    va_list args;
    va_start(args, lpOutputString);
-    vsprintf(buf, lpOutputString, args);
+    vsnprintf(buf, 2048, lpOutputString, args);
    va_end(args);
-    
-	#ifdef _DEBUG
-	TCERR << buf;
-	#endif  //_DEBUG
+
+#    ifdef DEBUG
+    TCERR << buf;
+#    endif //_DEBUG

    TCOUT.flush();
 }
@ -318,4 +320,3 @@ void cDebug::DebugOut( const char* lpOutputString, ... )
 //////////////////////////////////////////////////////////////////////////////////
 // ASSERT macro support function
 //////////////////////////////////////////////////////////////////////////////////
-
--- a/src/core/debug.h
+++ b/src/core/debug.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -40,19 +40,17 @@
 #include <assert.h>


-
-
 #include <iostream>
 /* Do it in this order, because autoconf checks for <stdarg.h>
 * first  i.e. if HAVE_VARARGS_H is defined, it is only because
 * <stdarg.h> couldn't be found.
 */
 #ifdef HAVE_VARARGS_H
-# include <varargs.h>
+#include <varargs.h>
 #else
-# ifdef HAVE_STDARG_H
-#  include <stdarg.h>
-# endif
+#    ifdef HAVE_STDARG_H
+#        include <stdarg.h>
+#    endif
 #endif
 #include "types.h"

@ -69,8 +67,8 @@
 //
 // IMPORTANT:
 //
-// strings outputted as trace statements are printed as narrow characters.  
-// passing trace messages with wide characters will have odd results, since 
+// strings outputted as trace statements are printed as narrow characters.
+// passing trace messages with wide characters will have odd results, since
 // they will be used as arugments to sprintf(), etc...
 //

@ -80,19 +78,19 @@ class cDebug
 public:
    enum OutTarget
    {
-        OUT_STDOUT  = 1,
-        OUT_TRACE   = 2,
-        OUT_FILE    = 4
+        OUT_STDOUT = 1,
+        OUT_TRACE  = 2,
+        OUT_FILE   = 4
    };

    enum DebugLevel
    {
        D_ALWAYS  = 0,
-        D_ERROR = 1,
-        D_WARNING   = 4,
-        D_DEBUG = 8,
-        D_DETAIL    = 16,
-        D_NEVER = 1000
+        D_ERROR   = 1,
+        D_WARNING = 4,
+        D_DEBUG   = 8,
+        D_DETAIL  = 16,
+        D_NEVER   = 1000
    };

    cDebug(const char* pLabel);
@ -101,66 +99,68 @@ public:

    // These are the preferred tracing interfaces, because you don't need to know
    //  the DebugLevel enums.
-    // Wide/Narrow Chars Issues: If you include a %s in your format string and you 
+    // Wide/Narrow Chars Issues: If you include a %s in your format string and you
    //  wish to print out a TCHAR (which might be a natural thing to do) you should
    //  encompas the format string with a _T("") macro, i.e. make it a TSTRING.
    //  The wide character overloads of these functions will expect wide strings
    //  for %s options.
    //
-    void    TraceAlways     (const char *format, ...);
-    void    TraceError      (const char *format, ...);
-    void    TraceWarning    (const char *format, ...);
-    void    TraceDebug      (const char *format, ...);
-    void    TraceDetail     (const char *format, ...);
-    void    TraceNever      (const char *format, ...);
+    void TraceAlways(const char* format, ...);
+    void TraceError(const char* format, ...);
+    void TraceWarning(const char* format, ...);
+    void TraceDebug(const char* format, ...);
+    void TraceDetail(const char* format, ...);
+    void TraceNever(const char* format, ...);


    // these are of use if you are inside a function with a "..." as an argument
    // and you want to trace those args
-    void    TraceVaArgs     (int iDebugLevel, const char *format,   va_list &args);
+    void TraceVaArgs(int iDebugLevel, const char* format, va_list& args);

    // ...but you can still choose to use this interface...

    void Trace(int levelNum, const char* format, ...);
-        // Outputs based on levelnum.  If levelnum <= global debug, print.
+    // Outputs based on levelnum.  If levelnum <= global debug, print.

 public:
-    
-    static bool AddOutTarget    (OutTarget target);
-    static bool RemoveOutTarget (OutTarget target);
-        // used to specify the out target....
-    static bool HasOutTarget    (OutTarget target);
+    static bool AddOutTarget(OutTarget target);
+    static bool RemoveOutTarget(OutTarget target);
+    // used to specify the out target....
+    static bool HasOutTarget(OutTarget target);

-    static bool SetOutputFile   (const char* filename);
-        // specifies the output file name used when OUT_FILE is set
-    static void SetDebugLevel   (int level);
-    static int  GetDebugLevel   (void);
-        // gets and sets the global debug level. Trace output at or below this
-        // level will be output.
-    
-    static void DebugOut    ( const char* lpOutputString, ... );
-        // Works just like TRACE
-        // note: there is an internal buffer size of 1024; traces larger
-        // than that will have unpredictable and probably bad results
+    static bool SetOutputFile(const char* filename);
+    // specifies the output file name used when OUT_FILE is set
+    static void SetDebugLevel(int level);
+    static int  GetDebugLevel(void);
+    // gets and sets the global debug level. Trace output at or below this
+    // level will be output.
+
+    static void DebugOut(const char* lpOutputString, ...);
+    // Works just like TRACE
+    // note: there is an internal buffer size of 1024; traces larger
+    // than that will have unpredictable and probably bad results
 private:
 #ifdef DEBUG
-    enum { MAX_LABEL = 128 };
+    enum
+    {
+        MAX_LABEL = 128
+    };

-    static  int     mDebugLevel;
-    static  uint32  mOutMask;
-    static  std::ofstream logfile;
-            char    mLabel[MAX_LABEL];
+    static int           mDebugLevel;
+    static uint32        mOutMask;
+    static std::ofstream logfile;
+    char                 mLabel[MAX_LABEL];

    // helper functions
-    void DoTrace(const char *format, va_list &args);
+    void DoTrace(const char* format, va_list& args);
 #endif
 };

-#ifdef _DEBUG
-#define TRACE   cDebug::DebugOut
+#ifdef DEBUG
+#    define TRACE cDebug::DebugOut
 #else
-#define TRACE   1 ? (void)0 : cDebug::DebugOut
-#endif // _DEBUG
+#    define TRACE 1 ? (void)0 : cDebug::DebugOut
+#endif // DEBUG

 //////////////////////////////////////////////////////////////////////////////////
 // inline implementation
@ -179,57 +179,90 @@ inline int cDebug::GetDebugLevel()
    return mDebugLevel;
 }

-#else // DEBUG
+#    else // DEBUG

-inline      cDebug::cDebug          (const char *) {}
-inline      cDebug::~cDebug         () {}
-inline      cDebug::cDebug          (const cDebug&) {}
-inline void cDebug::TraceAlways     (const char *, ...) {}
-inline void cDebug::TraceError      (const char *, ...) {}
-inline void cDebug::TraceWarning    (const char *, ...) {}
-inline void cDebug::TraceDebug      (const char *, ...) {}
-inline void cDebug::TraceDetail     (const char *, ...) {}
-inline void cDebug::TraceNever      (const char *, ...) {}
-inline void cDebug::TraceVaArgs     (int, const char *, va_list &) {}
-inline void cDebug::Trace           (int, const char*, ...) {}
-inline bool cDebug::AddOutTarget    (OutTarget) { return false; }
-inline bool cDebug::RemoveOutTarget (OutTarget) { return false; }
-inline bool cDebug::HasOutTarget    (OutTarget) { return false; }
-inline bool cDebug::SetOutputFile   (const char*) { return false; }
-inline void cDebug::SetDebugLevel   (int) {}
-inline int  cDebug::GetDebugLevel   (void) { return 0; }
-inline void cDebug::DebugOut        ( const char*, ... ) {}
-
-#endif // DEBUG
+inline cDebug::cDebug(const char*)
+{
+}
+inline cDebug::~cDebug()
+{
+}
+inline cDebug::cDebug(const cDebug&)
+{
+}
+inline void cDebug::TraceAlways(const char*, ...)
+{
+}
+inline void cDebug::TraceError(const char*, ...)
+{
+}
+inline void cDebug::TraceWarning(const char*, ...)
+{
+}
+inline void cDebug::TraceDebug(const char*, ...)
+{
+}
+inline void cDebug::TraceDetail(const char*, ...)
+{
+}
+inline void cDebug::TraceNever(const char*, ...)
+{
+}
+inline void cDebug::TraceVaArgs(int, const char*, va_list&)
+{
+}
+inline void cDebug::Trace(int, const char*, ...)
+{
+}
+inline bool cDebug::AddOutTarget(OutTarget)
+{
+    return false;
+}
+inline bool cDebug::RemoveOutTarget(OutTarget)
+{
+    return false;
+}
+inline bool cDebug::HasOutTarget(OutTarget)
+{
+    return false;
+}
+inline bool cDebug::SetOutputFile(const char*)
+{
+    return false;
+}
+inline void cDebug::SetDebugLevel(int)
+{
+}
+inline int cDebug::GetDebugLevel(void)
+{
+    return 0;
+}
+inline void cDebug::DebugOut(const char*, ...)
+{
+}

+#    endif // DEBUG


 //////////////////////////////////////////////////////////////////////////////////
 // ASSERT macro
 //////////////////////////////////////////////////////////////////////////////////

+#    define ASSERTMSG(exp, s) assert((exp) != 0)
+#    define ASSERT(exp) assert((exp) != 0)
+    // if we are not windows we will just use the standard assert()
+#    define TSS_DebugBreak() ASSERT(false);

-#if IS_UNIX
+#    ifndef ASSERT
+#        error ASSERT did not get defined!!!
+#    endif

-    #define ASSERTMSG( exp, s ) assert( (exp) != 0 )
-    #define ASSERT( exp )       assert( (exp) != 0 )
-        // if we are not windows we will just use the standard assert()
-    #define TSS_DebugBreak()    ASSERT( false );
+#    ifndef ASSERTMSG
+#        error ASSERTMSG did not get defined!!!
+#    endif

-#endif// IS_UNIX
-
-
-#ifndef ASSERT
-#error  ASSERT did not get defined!!!
-#endif
-
-#ifndef ASSERTMSG
-#error  ASSERTMSG did not get defined!!!
-#endif
-
-#ifndef TSS_DebugBreak
-#error  TSS_DebugBreak did not get defined!!!
-#endif
+#    ifndef TSS_DebugBreak
+#        error TSS_DebugBreak did not get defined!!!
+#    endif

 #endif //__DEBUG_H
-
--- a/src/core/displayencoder.cpp
+++ b/src/core/displayencoder.cpp
--- a/src/core/displayencoder.h
+++ b/src/core/displayencoder.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -40,10 +40,10 @@
 // EXCEPTION DECLARATION
 //=========================================================================

-TSS_EXCEPTION( eEncoder,                    eError );
-TSS_EXCEPTION( eBadDecoderInput,            eEncoder );
-TSS_EXCEPTION( eBadHexConversion,           eEncoder );
-TSS_EXCEPTION( eUnknownEscapeEncoding,      eEncoder );
+TSS_EXCEPTION(eEncoder, eError);
+TSS_EXCEPTION(eBadDecoderInput, eEncoder);
+TSS_EXCEPTION(eBadHexConversion, eEncoder);
+TSS_EXCEPTION(eUnknownEscapeEncoding, eEncoder);

 //=========================================================================
 // DECLARATION OF CLASSES
@ -55,106 +55,101 @@ TSS_EXCEPTION( eUnknownEscapeEncoding,      eEncoder );

 class iCharEncoder;

-// TODO:BAM -- i don't think that the order of encodings is important 
+// TODO:BAM -- i don't think that the order of encodings is important
 // as long as AllIdentifiersUnique and OnlyOneCatagoryPerChar are true
 class cEncoder
 {
-    public:                
-        enum Encodings 
-        {
-            NON_NARROWABLE = 0x01, // WC -> MB, MB alway narrowable: 
-            NON_PRINTABLE = 0x02, 
-            BACKSLASH = 0x04, 
-            DBL_QUOTE = 0x08
-        };
-        
-        enum Flags
-        {
-            ROUNDTRIP = 0x01, 
-            NON_ROUNDTRIP = 0x02,
-            ALLOW_WHITESPACE = 0x04
-        };
+public:
+    enum Encodings
+    {
+        NON_NARROWABLE = 0x01, // WC -> MB, MB alway narrowable:
+        NON_PRINTABLE  = 0x02,
+        BACKSLASH      = 0x04,
+        DBL_QUOTE      = 0x08
+    };

-        cEncoder( int e, int f ); // mask of Encodings
-        virtual ~cEncoder();
+    enum Flags
+    {
+        ROUNDTRIP        = 0x01,
+        NON_ROUNDTRIP    = 0x02,
+        ALLOW_WHITESPACE = 0x04
+    };

-        void Encode( TSTRING& str ) const;
-        void Decode( TSTRING& str ) const; // TODO:BAM -- throw error!
+    cEncoder(int e, int f); // mask of Encodings
+    virtual ~cEncoder();

-        void ValidateSchema() const;
-        bool OnlyOneCatagoryPerChar() const;
-        bool AllIdentifiersUnique() const;
-        bool AllTestsRunOnEncodedString( const TSTRING& str ) const;
+    void Encode(TSTRING& str) const;
+    void Decode(TSTRING& str) const; // TODO:BAM -- throw error!

-    private:
-        typedef std::vector< iCharEncoder* > sack_type;
-        
-        TSTRING Encode( TSTRING::const_iterator first,
-                        TSTRING::const_iterator last,
-                        sack_type::const_iterator encoding ) const;
-        
-        bool RoundTrip() const;
-        bool AllowWhiteSpace() const;
+    void ValidateSchema() const;
+    bool OnlyOneCatagoryPerChar() const;
+    bool AllIdentifiersUnique() const;
+    bool AllTestsRunOnEncodedString(const TSTRING& str) const;

-        sack_type   m_encodings;
-        int         m_fFlags;
+private:
+    typedef std::vector<iCharEncoder*> sack_type;
+
+    TSTRING
+    Encode(TSTRING::const_iterator first, TSTRING::const_iterator last, sack_type::const_iterator encoding) const;
+
+    bool RoundTrip() const;
+    bool AllowWhiteSpace() const;
+
+    sack_type m_encodings;
+    int       m_fFlags;
 };

 // encodes ( BACKSLASH | DBL_QUOTE | NON_NARROWABLE | NON_PRINTABLE )

 class cDisplayEncoder : public cEncoder
 {
-    public:
-        cDisplayEncoder( Flags f = NON_ROUNDTRIP );
-        
-        void Encode( TSTRING& str ) const;
-        bool Decode( TSTRING& str ) const;
+public:
+    cDisplayEncoder(Flags f = NON_ROUNDTRIP);

-        static TSTRING EncodeInline( const TSTRING& sIn )
-        {
-            TSTRING sOut = sIn;
-            cDisplayEncoder e;
-            e.Encode( sOut );
-            return sOut;
-        }
-        
-        static TSTRING EncodeInlineAllowWS( const TSTRING& sIn )
-        {
-            TSTRING sOut = sIn;
-            cDisplayEncoder e( (Flags)( NON_ROUNDTRIP | ALLOW_WHITESPACE ) );
-            e.Encode( sOut );
-            return sOut;
-        }
+    void Encode(TSTRING& str) const;
+    bool Decode(TSTRING& str) const;
+
+    static TSTRING EncodeInline(const TSTRING& sIn)
+    {
+        TSTRING         sOut = sIn;
+        cDisplayEncoder e;
+        e.Encode(sOut);
+        return sOut;
+    }
+
+    static TSTRING EncodeInlineAllowWS(const TSTRING& sIn)
+    {
+        TSTRING         sOut = sIn;
+        cDisplayEncoder e((Flags)(NON_ROUNDTRIP | ALLOW_WHITESPACE));
+        e.Encode(sOut);
+        return sOut;
+    }
 };


-
 class cCharEncoderUtil
 {
-    public:
+public:
+    static bool IsPrintable(TCHAR ch);
+    static bool IsWhiteSpace(TCHAR ch);

-        static bool     IsPrintable( TCHAR ch );
-        static bool     IsWhiteSpace( TCHAR ch );
+    static TSTRING CharStringToHexValue(const TSTRING& str);

-        static TSTRING  CharStringToHexValue( const TSTRING& str );
+    static TSTRING HexValueToCharString(const TSTRING& str);

-        static TSTRING  HexValueToCharString( const TSTRING& str );
+    static TCHAR hex_to_char(TSTRING::const_iterator first, TSTRING::const_iterator last);

-        static TCHAR    hex_to_char( TSTRING::const_iterator first, 
-                                          TSTRING::const_iterator last );
+    static TSTRING char_to_hex(TCHAR ch);

-        static TSTRING  char_to_hex( TCHAR ch );
-
-        static TSTRING  DecodeHexToChar(  TSTRING::const_iterator* pcur, 
-                                    const TSTRING::const_iterator  end  );
+    static TSTRING DecodeHexToChar(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end);


-        enum 
-        { 
-            BYTE_AS_HEX__IN_TCHARS = 2,
-            BYTES_PER_TCHAR = sizeof( TCHAR ),
-            TCHAR_AS_HEX__IN_TCHARS = BYTE_AS_HEX__IN_TCHARS * BYTES_PER_TCHAR
-        };
+    enum
+    {
+        BYTE_AS_HEX__IN_TCHARS  = 2,
+        BYTES_PER_TCHAR         = sizeof(TCHAR),
+        TCHAR_AS_HEX__IN_TCHARS = BYTE_AS_HEX__IN_TCHARS * BYTES_PER_TCHAR
+    };
 };

 #endif //__DISPLAYENCODER_H
@ -241,4 +236,3 @@ typedef cDisplayEncoder_<TCHAR> cDisplayEncoder;
 #endif //__DISPLAYENCODER_H

 */
-
--- a/src/core/displayutil.cpp
+++ b/src/core/displayutil.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -40,29 +40,29 @@
 #include "ntmbs.h"
 #include <iomanip>

-TSTRING cDisplayUtil::FormatMultiLineString( const TSTRING& str, int nOffset, int nWidth )
+TSTRING cDisplayUtil::FormatMultiLineString(const TSTRING& str, int nOffset, int nWidth)
 {
    TOSTRINGSTREAM sstr;
-    TSTRING strT;
-    bool fFirstLine = true;
-    for( TSTRING::const_iterator i = str.begin(); i != str.end(); i = *i ? i + 1 : i )
+    TSTRING        strT;
+    bool           fFirstLine = true;
+    for (TSTRING::const_iterator i = str.begin(); i != str.end(); i = *i ? i + 1 : i)
    {
        // return found -- add line to output string
-        if( _T('\n') == *i )
+        if (_T('\n') == *i)
        {
            // only do offset for strings after the first
-            if( fFirstLine )
+            if (fFirstLine)
            {
                fFirstLine = false;
            }
            else
-            {              
+            {
                // add offset
-                for( int j = 0; j < nOffset; j++ )
+                for (int j = 0; j < nOffset; j++)
                    sstr << _T(" ");

                // set width
-                sstr << std::setw( nWidth );
+                sstr << std::setw(nWidth);
            }

            // add to stringstream
@ -73,28 +73,26 @@ TSTRING cDisplayUtil::FormatMultiLineString( const TSTRING& str, int nOffset, in
        }
        else
        {
-            // add char to string   
-            strT.append( i, (TSTRING::const_iterator)(*i ? i + 1 : i) );
+            // add char to string
+            strT.append(i, (TSTRING::const_iterator)(*i ? i + 1 : i));
        }
-    }    
-                
-    // add last portion -- no endl                
+    }
+
+    // add last portion -- no endl
    // we want our client to be able to say "out << PropAsString() << endl;"

    // add offset
-    if( ! fFirstLine )
+    if (!fFirstLine)
    {
-        for( int j = 0; j < nOffset; j++ )
+        for (int j = 0; j < nOffset; j++)
            sstr << _T(" ");
    }

    // set width
-    sstr << std::setw( nWidth );
+    sstr << std::setw(nWidth);

    // now add last string
    sstr << strT;

-    return( sstr.str() );
+    return (sstr.str());
 }
-
-// eof: displayutil.cpp
--- a/src/core/displayutil.h
+++ b/src/core/displayutil.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -41,7 +41,7 @@
 class cDisplayUtil
 {
 public:
-    static TSTRING FormatMultiLineString( const TSTRING& str, int nOffset, int nWidth );
+    static TSTRING FormatMultiLineString(const TSTRING& str, int nOffset, int nWidth);
 };

 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@ -61,18 +61,18 @@ public:
 //
 // What happens is that you get output like:
 // "               First Line"
-//  ^        ^^             ^     
+//  ^        ^^             ^
 //  |--10 sp-||---15 width--|
 // "Second Line"
-//  ^ 
+//  ^
 //  | 0 sp, 0 width
 //
 // When you really wanted:
 // "               First Line"
-//  ^        ^^             ^     
+//  ^        ^^             ^
 //  |--10 sp-||---15 width--|
 // "              Second Line"
-//  ^        ^^             ^     
+//  ^        ^^             ^
 //  |--10 sp-||---15 width--|
 //
 //
@ -84,13 +84,13 @@ public:
 // So you can output a multiline string and have each line be formatted
 // like the first one was.
 //
-// So, for the preceeding example, 
+// So, for the preceeding example,
 //
 // change:
 // TCOUT << szTenSpaceMargin << setw(15) << szMessage;
 //
 // to:
-// TCOUT << szTenSpaceMargin << setw(15) 
+// TCOUT << szTenSpaceMargin << setw(15)
 //       << cDisplayUtil::FormatMultiLineString( szMessage, 10, 15 );
 //
 // Comprende?  It's crazy but it works.
@ -98,4 +98,3 @@ public:
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 #endif // #ifndef __DISPLAYUTIL_H
-
--- a/src/core/timebomb.cpp
+++ b/src/core/timebomb.cpp
@ -1,80 +1,57 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
 ///////////////////////////////////////////////////////////////////////////////
-// timebomb.h
+// epoch.h
 #include "stdcore.h"
-#include "timebomb.h"
+#include "epoch.h"
 #include <time.h>
 #include <iostream>
 #include "timeconvert.h"
 #include "corestrings.h"

 ///////////////////////////////////////////////////////////////////////////////
-// TimeBombExploded() -- Call from main(). Prints out timebomb message and
-//      returns true if main() should exit.
-//
-bool TimeBombExploded()
+bool CheckEpoch()
 {
+#if SIZEOF_TIME_T == 4
+
    struct tm time_struct;

-    /*
-    memset(&time_struct, 0, sizeof(time_struct));
-    time_struct.tm_mday = 25;
-    time_struct.tm_mon = 0;
-    time_struct.tm_year = 99;
-    int64 begin = cTimeUtil::DateToTime( &time_struct );
-
-    memset(&time_struct, 0, sizeof(time_struct));
-    time_struct.tm_mday = 1;
-    time_struct.tm_mon = 4;
-    time_struct.tm_year = 99;
-    int64 end = cTimeUtil::DateToTime( &time_struct );
-
-    int64 now = time(0);
-
-    if (now < begin || now > end)
-    {
-        std::cerr << "This beta version of Tripwire(R) has expired.\n";
-        return true;
-    }
-    */
-
    // Many functions will fail as we approach the end of the epoch
    // Rather than crashing, we will exit with a nice message
    memset(&time_struct, 0, sizeof(time_struct));
    time_struct.tm_mday = 1;
-    time_struct.tm_mon = 0;
+    time_struct.tm_mon  = 0;
    time_struct.tm_year = 138;
-    int64 endoftime = cTimeUtil::DateToTime( &time_struct );
+    int64 endoftime     = cTimeUtil::DateToTime(&time_struct);

    if (time(0) > endoftime)
    {
@ -83,5 +60,7 @@ bool TimeBombExploded()
    }

    return false;
+#else
+    return false;
+#endif
 }
-
--- a/src/core/timebomb.h
+++ b/src/core/timebomb.h
@ -1,45 +1,44 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
 ///////////////////////////////////////////////////////////////////////////////
-// timebomb.h
+// epoch.h

-#ifndef __TIMEBOMB_H
-#define __TIMEBOMB_H
+#ifndef __EPOCH_H
+#define __EPOCH_H

 ///////////////////////////////////////////////////////////////////////////////
-// TimeBombExploded() -- Call from main(). Prints out timebomb message and
+// CheckEpoch() -- Call from main(). Prints out timebomb message and
 //      returns true if main() should exit.
 //
-bool TimeBombExploded();
+bool CheckEpoch();

 #endif
-
--- a/src/core/error.cpp
+++ b/src/core/error.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -39,13 +39,11 @@
 ///////////////////////////////////////////////////////////////////////////////
 // CalcHash
 ///////////////////////////////////////////////////////////////////////////////
-uint32 eError::CalcHash( const char* name )
+uint32 eError::CalcHash(const char* name)
 {
    CRC_INFO crc;
-    crcInit( crc );
-    crcUpdate( crc, (const uint8*)name, strlen( name ) );
-    crcFinit( crc );
+    crcInit(crc);
+    crcUpdate(crc, (const uint8*)name, strlen(name));
+    crcFinit(crc);
    return crc.crc;
 }
-
-
--- a/src/core/error.h
+++ b/src/core/error.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -42,14 +42,13 @@
 class eError
 {
 public:
-
    //-------------------------------------------------------------------------
    // Construction and Assignment
    //-------------------------------------------------------------------------
-                eError( const TSTRING& msg, uint32 flags = 0 );
-    explicit    eError( const eError& rhs ); 
-    explicit    eError();
-    void operator=( const eError& rhs ); 
+    eError(const TSTRING& msg, uint32 flags = 0);
+    explicit eError(const eError& rhs);
+    explicit eError();
+    void operator=(const eError& rhs);

    //-------------------------------------------------------------------------
    // Destruction
@ -60,54 +59,54 @@ public:
    // Data Access
    //-------------------------------------------------------------------------
    virtual uint32 GetID() const = 0;
-        // returns a system wide unique identifier for this exception. See the
-        // macro below for the typical implementation of this method.
-        // This is used to associate the error with a string description of the 
-        // error via the global error table.
+    // returns a system wide unique identifier for this exception. See the
+    // macro below for the typical implementation of this method.
+    // This is used to associate the error with a string description of the
+    // error via the global error table.

    virtual TSTRING GetMsg() const;
-        // returns specific information about the error that occured. Provides 
-        // additional information about the error described by GetID(). It should
-        // not provide any information redundant with GetID().
-        //
-        // The string passed to the constructor should be formated properly to 
-        // be displayed as the "Second" part of an error message, or the derived 
-        // class should override GetMsg() and return a string appropriate for display.
-    
+    // returns specific information about the error that occured. Provides
+    // additional information about the error described by GetID(). It should
+    // not provide any information redundant with GetID().
+    //
+    // The string passed to the constructor should be formated properly to
+    // be displayed as the "Second" part of an error message, or the derived
+    // class should override GetMsg() and return a string appropriate for display.
+
    uint32 GetFlags() const;
-        // Flags are defined below. Currently, these only have an impact on how errors are
-        // displayed.
+    // Flags are defined below. Currently, these only have an impact on how errors are
+    // displayed.

    //-------------------------------------------------------------------------
    // Flags
    //-------------------------------------------------------------------------
    enum Flag
    {
-        NON_FATAL               = 0x00000001,       // displays "Error" or "Warning" ?
-        SUPRESS_THIRD_MSG       = 0x00000002        // supresses the "continuing" or "exiting" message
+        NON_FATAL         = 0x00000001, // displays "Error" or "Warning" ?
+        SUPRESS_THIRD_MSG = 0x00000002  // supresses the "continuing" or "exiting" message
    };

-    void SetFlags( uint32 flags );
+    void SetFlags(uint32 flags);

    //-------------------------------------------------------------------------
    // Flag Convenience Methods
    //-------------------------------------------------------------------------
-    void    SetFatality(bool fatal);
-    bool    IsFatal() const;
-        // Fatality is set to true by default when eError is constructed.  But when an error
-        // it is put in an cErrorBucket chain it the code doing so may wish to set the fatality
-        // to non-fatal to indicate that the error is actually a warning and program flow
-        // is going to continue.
-    void    SetSupressThird(bool supressThird);
-    bool    SupressThird() const;
+    void SetFatality(bool fatal);
+    bool IsFatal() const;
+    // Fatality is set to true by default when eError is constructed.  But when an error
+    // it is put in an cErrorBucket chain it the code doing so may wish to set the fatality
+    // to non-fatal to indicate that the error is actually a warning and program flow
+    // is going to continue.
+    void SetSupressThird(bool supressThird);
+    bool SupressThird() const;

    //-------------------------------------------------------------------------
    // Utility Methods
    //-------------------------------------------------------------------------
-    static uint32 CalcHash( const char* name );
-        // calculates the CRC32 of the string passed in as name. This methods
-        // asserts that name is non null. This is used to generate unique IDs 
-        // for errors.
+    static uint32 CalcHash(const char* name);
+    // calculates the CRC32 of the string passed in as name. This methods
+    // asserts that name is non null. This is used to generate unique IDs
+    // for errors.

    //-------------------------------------------------------------------------
    // Private Implementation
@ -124,62 +123,69 @@ protected:
 ///////////////////////////////////////////////////////////////////////////////
 // TSS_BEGIN_EXCEPTION / TSS_END_EXCEPTION
 //
-// Serves the same purpose as TSS_EXCEPTION but allows custom data and methods 
+// Serves the same purpose as TSS_EXCEPTION but allows custom data and methods
 //      to be added to the exception class.
 ///////////////////////////////////////////////////////////////////////////////

 #if HAVE_GCC
-#define TSS_BEGIN_EXCEPTION_EXPLICIT 
+#    define TSS_BEGIN_EXCEPTION_EXPLICIT
 #else
-#define TSS_BEGIN_EXCEPTION_EXPLICIT explicit
+#    define TSS_BEGIN_EXCEPTION_EXPLICIT explicit
 #endif

-#define TSS_BEGIN_EXCEPTION( except, base ) \
-    class except : public base \
-    {\
-    public:\
-        except( const TSTRING& msg, uint32 flags = 0 ) \
-        : base( msg, flags ) {} \
-        TSS_BEGIN_EXCEPTION_EXPLICIT except( const except& rhs ) \
-        : base( rhs ) {} \
-        explicit except() : base() {} \
-        \
-        virtual uint32 GetID() const \
-        {\
-            return CalcHash( #except ); \
-        }\
+#define TSS_BEGIN_EXCEPTION(except, base)                                  \
+    class except : public base                                             \
+    {                                                                      \
+    public:                                                                \
+        except(const TSTRING& msg, uint32 flags = 0) : base(msg, flags)    \
+        {                                                                  \
+        }                                                                  \
+        TSS_BEGIN_EXCEPTION_EXPLICIT except(const except& rhs) : base(rhs) \
+        {                                                                  \
+        }                                                                  \
+        explicit except() : base()                                         \
+        {                                                                  \
+        }                                                                  \
+                                                                           \
+        virtual uint32 GetID() const                                       \
+        {                                                                  \
+            return CalcHash(#except);                                      \
+        }

-#define TSS_END_EXCEPTION( ) \
-    };
+#define TSS_END_EXCEPTION() \
+    }                       \
+    ;

 ///////////////////////////////////////////////////////////////////////////////
 // TSS_BEGIN_EXCEPTION_NO_CTOR
 //
 // Same as TSS_BEGIN_EXCEPTION, but doesn't define any ctors.
 ///////////////////////////////////////////////////////////////////////////////
-#define TSS_BEGIN_EXCEPTION_NO_CTOR( except, base ) \
-    class except : public base \
-    {\
-    public:\
-        explicit except() : base() {} \
-        \
-        virtual uint32 GetID() const \
-        {\
-            return CalcHash( #except ); \
-        }\
+#define TSS_BEGIN_EXCEPTION_NO_CTOR(except, base) \
+    class except : public base                    \
+    {                                             \
+    public:                                       \
+        explicit except() : base()                \
+        {                                         \
+        }                                         \
+                                                  \
+        virtual uint32 GetID() const              \
+        {                                         \
+            return CalcHash(#except);             \
+        }

 ///////////////////////////////////////////////////////////////////////////////
 // TSS_EXCEPTION
 //
 //  This is a convenience define for quickly defining an exception class. After
-//  defining a new exception, don't forget to add it to the package's error 
+//  defining a new exception, don't forget to add it to the package's error
 //  string file!
 //
-// TODO (mdb) -- do we want to cache the CRC? if we store it in a class static 
+// TODO (mdb) -- do we want to cache the CRC? if we store it in a class static
 //      variable, then we will need to define it in the cpp file as well ...
 ///////////////////////////////////////////////////////////////////////////////
-#define TSS_EXCEPTION( except, base ) \
-    TSS_BEGIN_EXCEPTION( except, base ) \
+#define TSS_EXCEPTION(except, base)   \
+    TSS_BEGIN_EXCEPTION(except, base) \
    TSS_END_EXCEPTION()

 //-----------------------------------------------------------------------------
@ -189,41 +195,32 @@ protected:
 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError( const TSTRING& msg, uint32 flags )
-:   mMsg    ( msg ),
-    mFlags  ( flags )
+inline eError::eError(const TSTRING& msg, uint32 flags) : mMsg(msg), mFlags(flags)
 {
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError( const eError& rhs )
-:   mMsg    ( rhs.mMsg ),
-    mFlags  ( rhs.mFlags )
+inline eError::eError(const eError& rhs) : mMsg(rhs.mMsg), mFlags(rhs.mFlags)
 {
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError( )
-:   mMsg    ( _T("") ),
-    mFlags  ( 0 )
+inline eError::eError() : mMsg(_T("")), mFlags(0)
 {
-    
 }


 ///////////////////////////////////////////////////////////////////////////////
 // operator=
 ///////////////////////////////////////////////////////////////////////////////
-inline void eError::operator=( const eError& rhs )
+inline void eError::operator=(const eError& rhs)
 {
-    mMsg    = rhs.mMsg;
-    mFlags  = rhs.mFlags;
+    mMsg   = rhs.mMsg;
+    mFlags = rhs.mFlags;
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -231,7 +228,6 @@ inline void eError::operator=( const eError& rhs )
 ///////////////////////////////////////////////////////////////////////////////
 inline eError::~eError()
 {
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -239,7 +235,7 @@ inline eError::~eError()
 ///////////////////////////////////////////////////////////////////////////////
 inline TSTRING eError::GetMsg() const
 {
-    return mMsg;    
+    return mMsg;
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -253,9 +249,9 @@ inline uint32 eError::GetFlags() const
 ///////////////////////////////////////////////////////////////////////////////
 // SetFlags
 ///////////////////////////////////////////////////////////////////////////////
-inline void eError::SetFlags( uint32 flags )
+inline void eError::SetFlags(uint32 flags)
 {
-    mFlags = flags; 
+    mFlags = flags;
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -275,7 +271,6 @@ inline void eError::SetFatality(bool fatal)
 inline bool eError::IsFatal() const
 {
    return (mFlags & (uint32)NON_FATAL) == 0;
-
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -298,6 +293,4 @@ inline bool eError::SupressThird() const
 }


-
 #endif //__ERROR_H
-
--- a/src/core/errorbucket.h
+++ b/src/core/errorbucket.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -46,32 +46,34 @@
 class eError;

 ///////////////////////////////////////////////////////////////////////////////
-// cErrorBucket -- contains an interface that handles error reporting, and 
-//      contains a link to a child bucket. Each concrete implementation of the 
+// cErrorBucket -- contains an interface that handles error reporting, and
+//      contains a link to a child bucket. Each concrete implementation of the
 //      cErrorBucket interface will perform its own specific task related to the
 //      error's occurence (print to stderr, store in a queue, etc) and then forward
-//      the error on to its child link. The parent bucket does not own the destruction 
+//      the error on to its child link. The parent bucket does not own the destruction
 //      of the pointer to the child bucket.
 ///////////////////////////////////////////////////////////////////////////////
 class cErrorBucket
 {
 public:
    cErrorBucket();
-    virtual ~cErrorBucket() {}
+    virtual ~cErrorBucket()
+    {
+    }

    virtual void AddError(const eError& error);
-        // add an error to the bucket
+    // add an error to the bucket

    cErrorBucket* GetChild();
-        // returns the bucket that the current bucket is chained to, or 
-        // NULL if nothing is attached to it.
+    // returns the bucket that the current bucket is chained to, or
+    // NULL if nothing is attached to it.
    cErrorBucket* SetChild(cErrorBucket* pNewChild);
-        // sets the child link of this bucket; returns the old link value
+    // sets the child link of this bucket; returns the old link value

 protected:
    virtual void HandleError(const eError& error) = 0;
-        // override this to implement error handling functionality specific to
-        // the derived class
+    // override this to implement error handling functionality specific to
+    // the derived class
    cErrorBucket* mpChild;
 };

@ -81,8 +83,7 @@ protected:
 ///////////////////
 // cErrorBucket
 ///////////////////
-inline cErrorBucket::cErrorBucket() :
-    mpChild(0)
+inline cErrorBucket::cErrorBucket() : mpChild(0)
 {
 }

@ -94,9 +95,8 @@ inline cErrorBucket* cErrorBucket::GetChild()
 inline cErrorBucket* cErrorBucket::SetChild(cErrorBucket* pNewChild)
 {
    cErrorBucket* pOldChild = mpChild;
-    mpChild = pNewChild;
+    mpChild                 = pNewChild;
    return pOldChild;
 }

 #endif
-
--- a/src/core/errorbucketimpl.cpp
+++ b/src/core/errorbucketimpl.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -43,7 +43,7 @@
 void cErrorBucket::AddError(const eError& error)
 {
    HandleError(error);
-    if(mpChild)
+    if (mpChild)
        mpChild->AddError(error);
 }

@ -52,10 +52,8 @@ void cErrorBucket::AddError(const eError& error)
 //#############################################################################
 void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
 {
-    cDisplayEncoder e( 
-            (cDisplayEncoder::Flags) ( cDisplayEncoder::NON_ROUNDTRIP | 
-                                       cDisplayEncoder::ALLOW_WHITESPACE ) );
-    TSTRING errStr;
+    cDisplayEncoder e((cDisplayEncoder::Flags)(cDisplayEncoder::NON_ROUNDTRIP | cDisplayEncoder::ALLOW_WHITESPACE));
+    TSTRING         errStr;

    //
    // if the ID is zero, just return.
@ -68,19 +66,18 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    // point is when we throw ePoly() with no constructor arguments.  At some point we want
    // to stop using the mechanism have non-printing errors, thus we leave in the ASSERT below.
    // But we don't want to break any release code, thus we return on the next line - June 2, 1999 DMB.
-    ASSERT( error.GetID() != 0 );
+    ASSERT(error.GetID() != 0);

-    if( error.GetID() == 0 )
+    if (error.GetID() == 0)
        return;

    // "First Part" header
-    errStr = TSS_GetString( cCore, error.IsFatal() ? core::STR_ERROR_ERROR 
-                                                   : core::STR_ERROR_WARNING );
+    errStr = TSS_GetString(cCore, error.IsFatal() ? core::STR_ERROR_ERROR : core::STR_ERROR_WARNING);

    if (errStr.empty())
    {
        TOSTRINGSTREAM strm;
-        ASSERT( sizeof( uint32 ) == sizeof(unsigned int) ); // for cast on next line
+        ASSERT(sizeof(uint32) == sizeof(unsigned int)); // for cast on next line
        strm << _T("Unknown Error ID ") << (unsigned int)error.GetID();
        errStr = strm.str();
    }
@ -91,10 +88,10 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    // "First Part" error string
    TSTRING prependToSecond;

-// #pragma message("errorbucketimpl.cpp needs a little help in the mb arena, with the findfirst/last and such")
+    // #pragma message("errorbucketimpl.cpp needs a little help in the mb arena, with the findfirst/last and such")

-    errStr = cErrorTable::GetInstance()->Get( error.GetID() );
-    if(! errStr.empty())
+    errStr = cErrorTable::GetInstance()->Get(error.GetID());
+    if (!errStr.empty())
    {
        // If the first part has a '\n' in it, we take everything following and prepend it to the
        // second part.  This was added to allow specifing a verbose string as the second part
@ -108,7 +105,7 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)

        ASSERT(errStr.length() + len + 6 < 80); // line too big for terminal?
                                                // Add 6 to account for "### ' and ': '
-        TCERR << TSS_GetString( cCore, core::STR_ERROR_COLON ) << _T(" ") << errStr;
+        TCERR << TSS_GetString(cCore, core::STR_ERROR_COLON) << _T(" ") << errStr;
        TCERR << std::endl;
    }

@ -117,14 +114,14 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    const TCHAR SPACE = _T(' ');

    errStr = prependToSecond + error.GetMsg() + strExtra;
-    e.Encode( errStr );
-    if (! errStr.empty())
+    e.Encode(errStr);
+    if (!errStr.empty())
    {
-        do 
+        do
        {
            // look for newline chars
            TSTRING::size_type firstNewLine;
-            TSTRING currentStr = errStr.substr(0, (firstNewLine = errStr.find_first_of(_T('\n'))));
+            TSTRING            currentStr = errStr.substr(0, (firstNewLine = errStr.find_first_of(_T('\n'))));
            errStr.erase(0, (firstNewLine < errStr.length() ? firstNewLine + 1 : firstNewLine));

            // break up the error string in case it is larger than screen width
@ -132,11 +129,12 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
            {
                if (currentStr.length() <= (unsigned int)WIDTH)
                {
-                    TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER ) << currentStr << std::endl;
+                    TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER) << currentStr << std::endl;
                    break;
                }

-                TSTRING::size_type lastSpace = currentStr.find_last_of(SPACE, currentStr.length() >= WIDTH - 1 ? WIDTH - 1 : TSTRING::npos);
+                TSTRING::size_type lastSpace =
+                    currentStr.find_last_of(SPACE, currentStr.length() >= WIDTH - 1 ? WIDTH - 1 : TSTRING::npos);
                if (lastSpace == TSTRING::npos)
                {
                    // can't find space to break at so this string will just have to be longer than screen width.
@ -148,28 +146,21 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
                        lastSpace = currentStr.length();
                }

-                TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER )
-                      << currentStr.substr( 0, lastSpace )
-                      << std::endl;
+                TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER) << currentStr.substr(0, lastSpace) << std::endl;

-                currentStr.erase( 0, lastSpace + 1 );
-            }
-            while ( !currentStr.empty() );
-        }
-        while ( !errStr.empty() );
+                currentStr.erase(0, lastSpace + 1);
+            } while (!currentStr.empty());
+        } while (!errStr.empty());
    }

    // "Third Part" print 'exiting' or 'continuing'
    // note that we supress this part if the appropriate flag is set...
    //
-    if( (error.GetFlags() & eError::SUPRESS_THIRD_MSG) == 0 )
+    if ((error.GetFlags() & eError::SUPRESS_THIRD_MSG) == 0)
    {
-        TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER) 
-              << TSS_GetString( 
-                    cCore,
-                    error.IsFatal()
-                        ? core::STR_ERROR_EXITING 
-                        : core::STR_ERROR_CONTINUING ) << std::endl;
+        TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER)
+              << TSS_GetString(cCore, error.IsFatal() ? core::STR_ERROR_EXITING : core::STR_ERROR_CONTINUING)
+              << std::endl;
    }
 }

@ -185,9 +176,7 @@ void cErrorTracer::HandleError(const eError& error)
 {
    cDebug d("cErrorTracer::HandleError");

-    d.TraceError(   _T("%s : %s\n"), 
-                    cErrorTable::GetInstance()->Get( error.GetID() ).c_str(), 
-                    error.GetMsg().c_str() );
+    d.TraceError(_T("%s : %s\n"), cErrorTable::GetInstance()->Get(error.GetID()).c_str(), error.GetMsg().c_str());
 }

 //#############################################################################
@ -207,17 +196,15 @@ int cErrorQueue::GetNumErrors() const

 void cErrorQueue::HandleError(const eError& error)
 {
-    mList.push_back( ePoly( error ) );
+    mList.push_back(ePoly(error));
 }

-cErrorQueueIter::cErrorQueueIter(cErrorQueue& queue) :
-    mList(queue.mList)
+cErrorQueueIter::cErrorQueueIter(cErrorQueue& queue) : mList(queue.mList)
 {
    SeekBegin();
 }

-cErrorQueueIter::cErrorQueueIter(const cErrorQueue& queue)
-:   mList( ((cErrorQueue*)&queue)->mList )
+cErrorQueueIter::cErrorQueueIter(const cErrorQueue& queue) : mList(((cErrorQueue*)&queue)->mList)
 {
    SeekBegin();
 }
@ -240,7 +227,7 @@ bool cErrorQueueIter::Done() const

 const ePoly& cErrorQueueIter::GetError() const
 {
-    ASSERT(! Done());
+    ASSERT(!Done());
    return (*mIter);
 }

@ -255,19 +242,18 @@ void cErrorQueue::Read(iSerializer* pSerializer, int32 version)
    int32 size;
    mList.clear();
    pSerializer->ReadInt32(size);
-    for(int i = 0; i < size; ++i)
+    for (int i = 0; i < size; ++i)
    {
        int32   errorNumber;
        TSTRING errorString;
        int32   flags;

-        pSerializer->ReadInt32  (errorNumber);
-        pSerializer->ReadString (errorString);
-        pSerializer->ReadInt32  (flags);
+        pSerializer->ReadInt32(errorNumber);
+        pSerializer->ReadString(errorString);
+        pSerializer->ReadInt32(flags);

-        mList.push_back( ePoly( errorNumber, errorString, flags ) );        
+        mList.push_back(ePoly(errorNumber, errorString, flags));
    }
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -277,13 +263,12 @@ void cErrorQueue::Write(iSerializer* pSerializer) const
 {
    pSerializer->WriteInt32(mList.size());
    ListType::const_iterator i;
-    for( i = mList.begin(); i != mList.end(); ++i)
+    for (i = mList.begin(); i != mList.end(); ++i)
    {
-        pSerializer->WriteInt32 ((*i).GetID());
+        pSerializer->WriteInt32((*i).GetID());
        pSerializer->WriteString((*i).GetMsg());
-        pSerializer->WriteInt32 ((*i).GetFlags());
+        pSerializer->WriteInt32((*i).GetFlags());
    }
-    
 }


@ -292,15 +277,14 @@ void cErrorQueue::Write(iSerializer* pSerializer) const
 ///////////////////////////////////////////////////////////////////////////////
 void cErrorQueue::TraceContents(int dl) const
 {
-    if(dl < 0) 
+    if (dl < 0)
        dl = cDebug::D_DEBUG;
-    
-    cDebug d("cFCOErrorQueue::TraceContents");
+
+    cDebug                   d("cFCOErrorQueue::TraceContents");
    ListType::const_iterator i;
-    int counter = 0;
-    for(i = mList.begin(); i != mList.end(); i++, counter++)
+    int                      counter = 0;
+    for (i = mList.begin(); i != mList.end(); i++, counter++)
    {
-        d.Trace(dl, _T("Error[%d]: num = %x string = %s\n") , counter, (*i).GetID(), (*i).GetMsg().c_str()); 
+        d.Trace(dl, _T("Error[%d]: num = %x string = %s\n"), counter, (*i).GetID(), (*i).GetMsg().c_str());
    }
 }
-
--- a/src/core/errorbucketimpl.h
+++ b/src/core/errorbucketimpl.h
@ -1,37 +1,37 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
 ///////////////////////////////////////////////////////////////////////////////
 // errorbucketimpl.h
-// 
+//
 // This component contains classes derived from cErrorBucket and helper classes.
 // They were broken out of errorbucket.h becuase many components will only need to
 // know about cErrorBucket, so we reduce system dependencies by keeping these classes
@ -60,22 +60,22 @@
 #endif

 //////////////////////////////////////////////////////
-// cErrorReporter -- sends all error messages to 
+// cErrorReporter -- sends all error messages to
 //      stderr
 //////////////////////////////////////////////////////
 class cErrorReporter : public cErrorBucket
 {
 public:
    static void PrintErrorMsg(const eError& error, const TSTRING& strExtra = _T(""));
-        // function that HandleError() uses to print the error messages to stderr.
-        // this function uses the current authoritative format for error reporting, so
-        // other functions needing to display errors to the user should use this.
-        //
+    // function that HandleError() uses to print the error messages to stderr.
+    // this function uses the current authoritative format for error reporting, so
+    // other functions needing to display errors to the user should use this.
+    //

-        // NOTE:bam 5/7/99 -- I don't think the below is true anymore?
-        // NOTE:mdb -- if the error has an ID of zero, nothing will be printed. This
-        //      is a way to throw a fatal error where the error reporting has already
-        //      occurred.
+    // NOTE:bam 5/7/99 -- I don't think the below is true anymore?
+    // NOTE:mdb -- if the error has an ID of zero, nothing will be printed. This
+    //      is a way to throw a fatal error where the error reporting has already
+    //      occurred.

 protected:
    virtual void HandleError(const eError& error);
@ -100,17 +100,18 @@ protected:
 class cErrorQueue : public cErrorBucket, public iTypedSerializable
 {
    friend class cErrorQueueIter;
+
 public:
-    void Clear();   
-        // remove all errors from the queue
+    void Clear();
+    // remove all errors from the queue
    int GetNumErrors() const;
-        // returns how many errors are in the queue
+    // returns how many errors are in the queue

    //
    // iSerializable interface
    //
-    virtual void Read (iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
-    virtual void Write(iSerializer* pSerializer) const; // throw (eSerializer, eArchive)
+    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Write(iSerializer* pSerializer) const;             // throw (eSerializer, eArchive)

    //
    // Debugging
@ -119,9 +120,10 @@ public:

 protected:
    virtual void HandleError(const eError& error);
+
 private:
    typedef std::list<ePoly> ListType;
-    ListType mList;
+    ListType                 mList;

    DECLARE_TYPEDSERIALIZABLE()
 };
@ -131,7 +133,9 @@ class cErrorQueueIter
 public:
    cErrorQueueIter(cErrorQueue& queue);
    cErrorQueueIter(const cErrorQueue& queue);
-    ~cErrorQueueIter() {}
+    ~cErrorQueueIter()
+    {
+    }

    // iteration methods
    void SeekBegin();
@ -139,9 +143,9 @@ public:
    bool Done() const;

    // access to the error
-    const ePoly&   GetError() const;
-        // both of these return results are undefined if the iterator 
-        // is not valid (ie - IsDone() == true)
+    const ePoly& GetError() const;
+    // both of these return results are undefined if the iterator
+    // is not valid (ie - IsDone() == true)
 private:
    cErrorQueue::ListType&          mList;
    cErrorQueue::ListType::iterator mIter;
@ -153,9 +157,14 @@ private:
 //////////////////////////////////////////////////////
 class cErrorBucketNull : public cErrorBucket
 {
-    virtual void AddError(const eError& ) {}
+    virtual void AddError(const eError&)
+    {
+    }
+
 protected:
-    virtual void HandleError(const eError& ) {}
+    virtual void HandleError(const eError&)
+    {
+    }
 };

 //////////////////////////////////////////////////////
@ -165,10 +174,10 @@ protected:
 class cErrorBucketPassThru : public cErrorBucket
 {
 protected:
-    virtual void HandleError(const eError& ) {}
+    virtual void HandleError(const eError&)
+    {
+    }
 };


-
 #endif
-
--- a/src/core/errorgeneral.h
+++ b/src/core/errorgeneral.h
@ -1,36 +1,36 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
 ///////////////////////////////////////////////////////////////////////////////
-// errorgeneral.h -- 
+// errorgeneral.h --
 //

 #ifndef __ERRORGENERAL_H
@ -38,12 +38,11 @@

 #include "error.h"

-TSS_EXCEPTION( eErrorGeneral,   eError );
-TSS_EXCEPTION( eOpen,           eErrorGeneral );
-TSS_EXCEPTION( eOpenRead,       eErrorGeneral );
-TSS_EXCEPTION( eOpenWrite,      eErrorGeneral );
-TSS_EXCEPTION( eBadCmdLine,     eErrorGeneral );
-TSS_EXCEPTION( eBadModeSwitch,  eErrorGeneral );
+TSS_EXCEPTION(eErrorGeneral, eError);
+TSS_EXCEPTION(eOpen, eErrorGeneral);
+TSS_EXCEPTION(eOpenRead, eErrorGeneral);
+TSS_EXCEPTION(eOpenWrite, eErrorGeneral);
+TSS_EXCEPTION(eBadCmdLine, eErrorGeneral);
+TSS_EXCEPTION(eBadModeSwitch, eErrorGeneral);

 #endif //#ifndef __ERRORGENERAL_H
-
--- a/src/core/errortable.cpp
+++ b/src/core/errortable.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -35,7 +35,7 @@
 #include "stdcore.h"
 #include "errortable.h"

-#ifdef _DEBUG
+#ifdef DEBUG
 #include "package.h"
 #include "corestrings.h"
 #endif
@ -52,7 +52,7 @@ cErrorTable* cErrorTable::GetInstance()
 ///////////////////////////////////////////////////////////////////////////////
 // AssertMsgValidity
 ///////////////////////////////////////////////////////////////////////////////
-#ifdef _DEBUG
+#ifdef DEBUG
 void cErrorTable::AssertMsgValidity(const TCHAR* msg)
 {
    // Check to see that the first part of this error message is not too long.
@ -64,18 +64,18 @@ void cErrorTable::AssertMsgValidity(const TCHAR* msg)
    if (errSize == TSTRING::npos)
        errSize = errStr.length();

-    #if 0 //TODO: Figure out how to do this properly.
+#    if 0 //TODO: Figure out how to do this properly.
    TSTRING::size_type errorSize = TSS_GetString( cCore, core::STR_ERROR_ERROR ).length();
    TSTRING::size_type warningSize = TSS_GetString( cCore, core::STR_ERROR_WARNING ).length();
    TSTRING::size_type maxHeaderSize = (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
-    #else
+#    else
    // Sunpro got stuck in an infinite loop when we called GetString from this func;
-    TSTRING::size_type errorSize = 9;
+    TSTRING::size_type errorSize   = 9;
    TSTRING::size_type warningSize = 10;
-    TSTRING::size_type maxHeaderSize = (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
-    #endif
+    TSTRING::size_type maxHeaderSize =
+        (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
+#    endif

    ASSERT(maxHeaderSize + errSize < 80);
 }
 #endif
-
--- a/src/core/errortable.h
+++ b/src/core/errortable.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -34,7 +34,7 @@
 // Date:    30 April 99
 // Creator: mdb
 //
-// cErrorTable --   singleton derived from Resource_<> that serves as the global 
+// cErrorTable --   singleton derived from Resource_<> that serves as the global
 //                  error id to string mapping
 //
 #ifndef __ERRORTABLE_H
@ -59,36 +59,36 @@ public:
    //
    // Convenience Methods
    //
-    void Put( const eError& e, const TCHAR* msg );
+    void Put(const eError& e, const TCHAR* msg);
    //
    // Singleton Interface
    //
    static cErrorTable* GetInstance();

 private:
-    #ifdef _DEBUG
+#ifdef DEBUG
    static void AssertMsgValidity(const TCHAR* msg);
-    #endif
+#endif
 };

-inline void cErrorTable::Put( const eError& e, const TCHAR* msg )
+inline void cErrorTable::Put(const eError& e, const TCHAR* msg)
 {
-    #ifdef _DEBUG
+#ifdef DEBUG
    AssertMsgValidity(msg);
-    #endif
+#endif

-    inherited::Put( e.GetID(), msg );
+    inherited::Put(e.GetID(), msg);
 }

 //-----------------------------------------------------------------------------
 // Convenience Macros
 //-----------------------------------------------------------------------------
 //
-// These macros make it easy for a module to register errors with the global 
+// These macros make it easy for a module to register errors with the global
 //      error table. Them like this:
 //
 //      // animalerrors.h
-//      // 
+//      //
 //      TSS_DECLARE_ERROR_REGISTRATION( animal )
 //
 //      // animalerrors.cpp
@ -109,32 +109,27 @@ inline void cErrorTable::Put( const eError& e, const TCHAR* msg )
 //===================
 // cpp file macros
 //===================
-#define TSS_BEGIN_ERROR_REGISTRATION( pkgName ) \
-    RegisterErrors##pkgName::RegisterErrors##pkgName() \
-    { 
+#    define TSS_BEGIN_ERROR_REGISTRATION(pkgName)          \
+        RegisterErrors##pkgName::RegisterErrors##pkgName() \
+        {

-#define TSS_REGISTER_ERROR( err, str ) \
-        cErrorTable::GetInstance()->Put \
-            ( err, str );
+#    define TSS_REGISTER_ERROR(err, str) cErrorTable::GetInstance()->Put(err, str);

-#define TSS_END_ERROR_REGISTRATION() \
-    } 
+#    define TSS_END_ERROR_REGISTRATION() }

 //===================
 // h file macros
 //===================
-#define TSS_DECLARE_ERROR_REGISTRATION( pkgName ) \
-    struct RegisterErrors##pkgName \
-    {\
-        RegisterErrors##pkgName(); \
-    };
+#    define TSS_DECLARE_ERROR_REGISTRATION(pkgName) \
+        struct RegisterErrors##pkgName              \
+        {                                           \
+            RegisterErrors##pkgName();              \
+        };

 //===================
 // package init macros
 //===================
-#define TSS_REGISTER_PKG_ERRORS( pkgName ) \
-    RegisterErrors##pkgName register##pkgName;
+#    define TSS_REGISTER_PKG_ERRORS(pkgName) RegisterErrors##pkgName register##pkgName;


 #endif //__ERRORTABLE_H
-
--- a/src/core/errorutil.cpp
+++ b/src/core/errorutil.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -37,31 +37,26 @@
 #include "corestrings.h"

 //=============================================================================
-// class eInternal 
+// class eInternal
 //=============================================================================

-#if IS_UNIX
 namespace //unique
 {
-    TCHAR* tw_itot( int value, TCHAR* string, int radix)
-    {
-        _stprintf( string, "%d", value );
-        return string;
-    }
+TCHAR* tw_itot(int value, TCHAR* string, int radix, int size)
+{
+    snprintf(string, size, "%d", value);
+    return string;
 }
-#else
-  #define tw_itot _itot
-#endif //IS_UNIX
+} // namespace

-eInternal::eInternal(TCHAR* sourceFile, int lineNum)
-:   eError(_T(""))
+eInternal::eInternal(TCHAR* sourceFile, int lineNum) : eError(_T(""))
 {
    TCHAR buf[256];

    mMsg = _T("File: ");
    mMsg += sourceFile;
    mMsg += _T(" Line: ");
-    mMsg += tw_itot(lineNum, buf, 10);
+    mMsg += tw_itot(lineNum, buf, 10, 256);
 }

 //=============================================================================
@ -71,18 +66,17 @@ eInternal::eInternal(TCHAR* sourceFile, int lineNum)
 ///////////////////////////////////////////////////////////////////////////////
 // MakeFileError
 ///////////////////////////////////////////////////////////////////////////////
-TSTRING cErrorUtil::MakeFileError( const TSTRING& msg, const TSTRING& fileName )
+TSTRING cErrorUtil::MakeFileError(const TSTRING& msg, const TSTRING& fileName)
 {
    TSTRING ret;
-    ret = TSS_GetString( cCore, core::STR_ERR2_FILENAME );
-    ret.append( fileName );
-    ret.append( 1, _T('\n') );
+    ret = TSS_GetString(cCore, core::STR_ERR2_FILENAME);
+    ret.append(fileName);
+    ret.append(1, _T('\n'));

-    if ( msg.length() > 0 )
+    if (msg.length() > 0)
    {
        ret.append(msg);
    }
-    
+
    return ret;
 }
-
--- a/src/core/errorutil.h
+++ b/src/core/errorutil.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -39,7 +39,7 @@
 // eInternal        -- internal logic errors ( ie -- programming mistakes )
 // ePoly            -- "polymorphic" error that takes its ID as input instead
 //                      of from its class name
-// ThrowAndAssert   -- asserts false and throws the specified exception 
+// ThrowAndAssert   -- asserts false and throws the specified exception
 //
 #ifndef __ERRORUTIL_H
 #define __ERRORUTIL_H
@ -58,27 +58,27 @@ public:
    //-------------------------------------------------------------------------
    // Construction and Assignment
    //-------------------------------------------------------------------------
-                ePoly( uint32 id, const TSTRING& msg, uint32 flags = 0 );
-    explicit    ePoly( const eError& rhs ); 
-    explicit    ePoly();
-    void operator=( const eError& rhs ); 
+    ePoly(uint32 id, const TSTRING& msg, uint32 flags = 0);
+    explicit ePoly(const eError& rhs);
+    explicit ePoly();
+    void operator=(const eError& rhs);

    //-------------------------------------------------------------------------
    // ID manipulation
    //-------------------------------------------------------------------------
-    virtual uint32  GetID() const;
-    void            SetID( uint32 id );
+    virtual uint32 GetID() const;
+    void           SetID(uint32 id);

 private:
-    uint32  mID;
+    uint32 mID;
 };

 //-----------------------------------------------------------------------------
 // eInternal
 //-----------------------------------------------------------------------------
-TSS_BEGIN_EXCEPTION( eInternal, eError )
+TSS_BEGIN_EXCEPTION(eInternal, eError)
 public:
-    eInternal( TCHAR* file, int lineNum );
+eInternal(TCHAR* file, int lineNum);
 TSS_END_EXCEPTION()

 //-----------------------------------------------------------------------------
@ -87,28 +87,32 @@ TSS_END_EXCEPTION()
 class cErrorUtil
 {
 public:
-    static TSTRING MakeFileError( const TSTRING& msg, const TSTRING& fileName );
-        // constructs an error message of the form:
-        // File: <fileName> \n <msg> 
-        // This is useful for constructing strings to pass as the msg parameter 
-        // to eError constructors.
+    static TSTRING MakeFileError(const TSTRING& msg, const TSTRING& fileName);
+    // constructs an error message of the form:
+    // File: <fileName> \n <msg>
+    // This is useful for constructing strings to pass as the msg parameter
+    // to eError constructors.
 };

 //-----------------------------------------------------------------------------
 // Convenience Macros
 //-----------------------------------------------------------------------------
 //
-// NOTE -- we require the developer to supply the file name instead of using 
+// NOTE -- we require the developer to supply the file name instead of using
 //      __FILE__ because that includes the full path to the file, which we
 //      would not like to display to the user.
 //
-#define INTERNAL_ERROR(filename)        eInternal((TCHAR*)_T(filename), __LINE__)
-#define THROW_INTERNAL(filename) throw  eInternal((TCHAR*)_T(filename), __LINE__)
+#define INTERNAL_ERROR(filename) eInternal((TCHAR*)_T(filename), __LINE__)
+#define THROW_INTERNAL(filename) throw eInternal((TCHAR*)_T(filename), __LINE__)


 // TODO: ASSERT is always fatal in Unix, perhaps we could #ifdef the ASSERT
 //      to echo to cout the line number the exception occured at?
-#define ThrowAndAssert(exception) { ASSERT(false); throw exception; }
+#define ThrowAndAssert(exception) \
+    {                             \
+        ASSERT(false);            \
+        throw exception;          \
+    }


 //-----------------------------------------------------------------------------
@ -118,17 +122,14 @@ public:
 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly( uint32 id, const TSTRING& msg, uint32 flags )
-:   eError( msg, flags ),
-    mID( id )
+inline ePoly::ePoly(uint32 id, const TSTRING& msg, uint32 flags) : eError(msg, flags), mID(id)
 {
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly( const eError& rhs )
+inline ePoly::ePoly(const eError& rhs)
 {
    *this = rhs;
 }
@ -136,21 +137,18 @@ inline ePoly::ePoly( const eError& rhs )
 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly()
-:   eError( _T("") ),
-    mID( 0 )
+inline ePoly::ePoly() : eError(_T("")), mID(0)
 {
-    
 }

 ///////////////////////////////////////////////////////////////////////////////
 // operator=
 ///////////////////////////////////////////////////////////////////////////////
-inline void ePoly::operator=( const eError& rhs )
+inline void ePoly::operator=(const eError& rhs)
 {
-    mMsg = rhs.GetMsg();
+    mMsg   = rhs.GetMsg();
    mFlags = rhs.GetFlags();
-    mID = rhs.GetID();
+    mID    = rhs.GetID();
 }

 ///////////////////////////////////////////////////////////////////////////////
@ -164,10 +162,9 @@ inline uint32 ePoly::GetID() const
 ///////////////////////////////////////////////////////////////////////////////
 // SetID
 ///////////////////////////////////////////////////////////////////////////////
-inline void ePoly::SetID( uint32 id )
+inline void ePoly::SetID(uint32 id)
 {
-    mID = id;   
+    mID = id;
 }

 #endif //__ERRORUTIL_H
-
--- a/src/core/file.h
+++ b/src/core/file.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -55,103 +55,133 @@
 // eFile exception class
 //=============================================================================

-TSS_FILE_EXCEPTION( eFile,          eFileError );
-TSS_FILE_EXCEPTION( eFileOpen,      eFile );
-TSS_FILE_EXCEPTION( eFileWrite,     eFile );
-TSS_FILE_EXCEPTION( eFileRead,      eFile );
-TSS_FILE_EXCEPTION( eFileEOF,       eFile );    // never used!
-TSS_FILE_EXCEPTION( eFileSeek,      eFile );
-TSS_FILE_EXCEPTION( eFileInvalidOp, eFile );    // never used!
-TSS_FILE_EXCEPTION( eFileTrunc,     eFile );
-TSS_FILE_EXCEPTION( eFileClose,     eFile );    // never used!
-TSS_FILE_EXCEPTION( eFileFlush,     eFile );
-TSS_FILE_EXCEPTION( eFileRewind,    eFile );
+TSS_FILE_EXCEPTION(eFile, eFileError);
+TSS_FILE_EXCEPTION(eFileOpen, eFile);
+TSS_FILE_EXCEPTION(eFileWrite, eFile);
+TSS_FILE_EXCEPTION(eFileRead, eFile);
+TSS_FILE_EXCEPTION(eFileEOF, eFile); // never used!
+TSS_FILE_EXCEPTION(eFileSeek, eFile);
+TSS_FILE_EXCEPTION(eFileInvalidOp, eFile); // never used!
+TSS_FILE_EXCEPTION(eFileTrunc, eFile);
+TSS_FILE_EXCEPTION(eFileClose, eFile); // never used!
+TSS_FILE_EXCEPTION(eFileFlush, eFile);
+TSS_FILE_EXCEPTION(eFileRewind, eFile);

 //=============================================================================
 // cFile
 //=============================================================================
 struct cFile_i;
-class  cFile
+class cFile
 {
 public:
-#if IS_UNIX
    typedef off_t File_t;
-#else //WIN32
-    typedef int64 File_t;

-#endif // IS_UNIX
-
-    enum SeekFrom 
+    enum SeekFrom
    {
-            SEEK_BEGIN = 0,
-            SEEK_CURRENT,
-            SEEK_EOF
+        SEEK_BEGIN = 0,
+        SEEK_CURRENT,
+        SEEK_EOF
    };

    enum OpenFlags
    {
-            // note that reading from the file is implicit  
-            OPEN_READ          = 0x00000001,    // not needed, but makes calls nice...
-            OPEN_WRITE         = 0x00000002,    // we will be writing to the file
-            OPEN_LOCKED_TEMP   = 0x00000004,    // the file should not be readable by other processes and should be removed when closed
-            OPEN_TRUNCATE      = 0x00000008,    // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE
-            OPEN_CREATE         = 0x00000010,   // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
-            OPEN_TEXT           = 0x00000020,
-            OPEN_EXCLUSIVE      = 0x00000040,   // Use O_CREAT | O_EXCL
-            OPEN_SCANNING       = 0x00000080,   // Open for scanning; set nonblocking & caching accordingly, where available
-            OPEN_DIRECT         = 0x00000100    // Use O_DIRECT or platform equivalent
+        // note that reading from the file is implicit
+        OPEN_READ  = 0x00000001, // not needed, but makes calls nice...
+        OPEN_WRITE = 0x00000002, // we will be writing to the file
+        OPEN_LOCKED_TEMP =
+            0x00000004, // the file should not be readable by other processes and should be removed when closed
+        OPEN_TRUNCATE =
+            0x00000008, // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE
+        OPEN_CREATE    = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
+        OPEN_TEXT      = 0x00000020,
+        OPEN_EXCLUSIVE = 0x00000040, // Use O_CREAT | O_EXCL
+        OPEN_SCANNING  = 0x00000080, // Open for scanning; set nonblocking & caching accordingly, where available
+        OPEN_DIRECT    = 0x00000100  // Use O_DIRECT or platform equivalent
    };

    //Ctor, Dtor, CpyCtor, Operator=:
-    cFile               ( void );
-    ~cFile              ( void );
+    cFile(void);
+    ~cFile(void);

    /************ User Interface **************************/

    // Both Open methods ALWAYS open files in BINARY mode!
-    void    Open                ( const TSTRING& sFileName, uint32 flags = OPEN_READ ); //throw(eFile)
-    void    Close               ( void );                                               //throw(eFile)
-    bool    IsOpen              ( void ) const;
+    void Open(const TSTRING& sFileName, uint32 flags = OPEN_READ); //throw(eFile)
+    void Close(void);                                              //throw(eFile)
+    bool IsOpen(void) const;

-    File_t  Seek                ( File_t offset, SeekFrom From ) const;             //throw(eFile)
+    File_t Seek(File_t offset, SeekFrom From) const; //throw(eFile)
        // Seek returns the current offset after completion
-    File_t  Read                ( void* buffer, File_t nBytes ) const;  //throw(eFile)
+    File_t Read(void* buffer, File_t nBytes) const; //throw(eFile)
        // Read returns the number of bytes that are actually read.  If the nBytes
        // parameter is 0, 0 bytes will be read and buffer will remain untouched.
        // If the read head is at EOF, no bytes will be read and 0 will be returned.
-    File_t  Write               ( const void* buffer, File_t nBytes );  //throw(eFile)
+    File_t Write(const void* buffer, File_t nBytes); //throw(eFile)
        // Write returns the number of bytes that are actually written.
-    File_t  Tell                ( void ) const;
-        // Tell returns the current offset.
-    bool    Flush               ( void );                                           //throw(eFile)
+    File_t Tell(void) const;
+    // Tell returns the current offset.
+    bool Flush(void); //throw(eFile)
        // Flush returns 0 if the currently defined stream is successfully flushed.
-    void    Rewind              ( void ) const;                                     //throw(eFile)
+    void Rewind(void) const; //throw(eFile)
        // Sets the offset to 0.
-    File_t  GetSize             ( void ) const;
-        // Returns the size of the current file in bytes.  Returns -1 if no file is defined.
-    void    Truncate            ( File_t offset );                                  // throw(eFile) 
+    File_t GetSize(void) const;
+    // Returns the size of the current file in bytes.  Returns -1 if no file is defined.
+    void Truncate(File_t offset); // throw(eFile)

 private:
-    cFile               ( const cFile& rhs );   //not impl.
-    cFile& operator=    ( const cFile& rhs);    //not impl.
+    cFile(const cFile& rhs);            //not impl.
+    cFile& operator=(const cFile& rhs); //not impl.

    //Pointer to the insulated implementation
-    cFile_i*    mpData;
+    cFile_i* mpData;

 public:
-    bool        isWritable; 
+    bool isWritable;
 };


-#if USES_DEVICE_PATH
-class cDevicePath
+class cDosPath
 {
 public:
    static TSTRING AsPosix(const TSTRING& in);
    static TSTRING AsNative(const TSTRING& in);
+    static bool    IsAbsolutePath(const TSTRING& in);
+    static TSTRING BackupName(const TSTRING& in);
 };
-#endif
+
+class cArosPath
+{
+public:
+    static TSTRING AsPosix(const TSTRING& in);
+    static TSTRING AsNative(const TSTRING& in);
+    static bool    IsAbsolutePath(const TSTRING& in);
+};
+
+class cRiscosPath
+{
+public:
+    static TSTRING AsPosix(const TSTRING& in);
+    static TSTRING AsNative(const TSTRING& in);
+    static bool    IsAbsolutePath(const TSTRING& in);
+};
+
+class cRedoxPath
+{
+public:
+    static TSTRING AsPosix(const TSTRING& in);
+    static TSTRING AsNative(const TSTRING& in);
+    static bool    IsAbsolutePath(const TSTRING& in);
+};
+
+#    if IS_DOS_DJGPP
+#        define cDevicePath cDosPath
+#    elif IS_AROS
+#        define cDevicePath cArosPath
+#    elif IS_RISCOS
+#        define cDevicePath cRiscosPath
+#    elif IS_REDOX
+#        define cDevicePath cRedoxPath
+#    endif


 #endif //__FILE_H
-
--- a/src/core/file_unix.cpp
+++ b/src/core/file_unix.cpp
@ -1,31 +1,31 @@

 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -35,13 +35,13 @@
 /* On GNU/Hurd, need to define _GNU_SOURCE in order to use  O_NOATIME
   which technically is still a nonstandard extension to open() */
 #if IS_HURD
-# define _GNU_SOURCE
+#    define _GNU_SOURCE
 #endif

 #include "core/stdcore.h"

 #if !IS_UNIX
-#error Need to be unix to use unixfsservices
+#    error Need to be unix to use unixfsservices
 #endif

 #include "core/file.h"
@ -54,7 +54,7 @@
 #include <errno.h>

 #if HAVE_SYS_FS_VX_IOCTL_H
-# include <sys/fs/vx_ioctl.h>
+#include <sys/fs/vx_ioctl.h>
 #endif

 #include "core/debug.h"
@ -62,6 +62,10 @@
 #include "core/fsservices.h"
 #include "core/errorutil.h"

+#if IS_RISCOS
+#include <unixlib/local.h>
+#endif
+
 ///////////////////////////////////////////////////////////////////////////
 // cFile_i : Insulated implementation for cFile objects.
 ///////////////////////////////////////////////////////////////////////////
@ -71,36 +75,36 @@ struct cFile_i
    cFile_i();
    ~cFile_i();

-    int   m_fd;         //underlying file descriptor
-    FILE* mpCurrStream; //currently defined file stream
-    TSTRING mFileName;  //the name of the file we are currently referencing.
-    uint32 mFlags;      //Flags used to open the file
+    int     m_fd;         //underlying file descriptor
+    FILE*   mpCurrStream; //currently defined file stream
+    TSTRING mFileName;    //the name of the file we are currently referencing.
+    uint32  mFlags;       //Flags used to open the file
 };

 //Ctor
-cFile_i::cFile_i() :
-    mpCurrStream(NULL)
-{}
+cFile_i::cFile_i() : m_fd(-1), mpCurrStream(NULL), mFlags(0)
+{
+}

 //Dtor
 cFile_i::~cFile_i()
 {
    if (mpCurrStream != NULL)
-        fclose( mpCurrStream );
-    mpCurrStream = NULL;
-
-#if IS_AROS
-    if( mFlags & cFile::OPEN_LOCKED_TEMP )
    {
-        // unlink this file 
-        if( 0 != unlink(mFileName.c_str()))
-        {
-            throw( eFileOpen( mFileName, iFSServices::GetInstance()->GetErrString() ) );
-        }
-    }
-#endif
+        fclose(mpCurrStream);
+        mpCurrStream = NULL;

-    mFileName.empty();
+#if !CAN_UNLINK_WHILE_OPEN // so unlink after close instead
+        if (mFlags & cFile::OPEN_LOCKED_TEMP)
+        {
+            // unlink this file
+            if (0 != unlink(mFileName.c_str()))
+            {
+                throw(eFileOpen(mFileName, iFSServices::GetInstance()->GetErrString()));
+            }
+        }
+#endif
+    }
 }

 ///////////////////////////////////////////////////////////////////////////
@ -109,15 +113,14 @@ cFile_i::~cFile_i()
 ///////////////////////////////////////////////////////////////////////////
 ///////////////////////////////////////////////////////////////////////////

-cFile::cFile() :
-    mpData(NULL), isWritable(false)
+cFile::cFile() : mpData(NULL), isWritable(false)
 {
    mpData = new cFile_i;
 }

 cFile::~cFile()
 {
-    if( mpData != NULL)
+    if (mpData != NULL)
    {
        delete mpData;
        mpData = NULL;
@ -129,19 +132,19 @@ cFile::~cFile()
 ///////////////////////////////////////////////////////////////////////////////

 #if !USES_DEVICE_PATH
-void cFile::Open( const TSTRING& sFileName, uint32 flags )
+void cFile::Open(const TSTRING& sFileName, uint32 flags)
 {
 #else
-void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
+void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
 {
    TSTRING sFileName = cDevicePath::AsNative(sFileNameC);
 #endif
    mode_t openmode = 0664;
    if (mpData->mpCurrStream != NULL)
        Close();
-    
+
    mpData->mFlags = flags;
-    
+
    //
    // set up the open permissions
    //
@ -151,9 +154,9 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )

    if (flags & OPEN_WRITE)
    {
-        perm        |= O_RDWR;
-        isWritable  = true;
-        mode        = _T("rb");
+        perm |= O_RDWR;
+        isWritable = true;
+        mode       = _T("rb");
        if (flags & OPEN_TRUNCATE)
        {
            perm |= O_TRUNC;
@ -165,14 +168,15 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
    }
    else
    {
-        perm        |= O_RDONLY;
-        isWritable  = false;
-        mode        = _T("rb");
+        perm |= O_RDONLY;
+        isWritable = false;
+        mode       = _T("rb");
    }

-    if (flags & OPEN_EXCLUSIVE) {
+    if (flags & OPEN_EXCLUSIVE)
+    {
        perm |= O_CREAT | O_EXCL;
-        openmode = (mode_t) 0600; // Make sure only root can read the file
+        openmode = (mode_t)0600; // Make sure only root can read the file
    }

    if (flags & OPEN_CREATE)
@ -192,28 +196,28 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
    //Only use O_DIRECT for scanning, since cfg/policy/report reads
    // don't happen w/ a nice round block size.
    if ((flags & OPEN_DIRECT) && (flags & OPEN_SCANNING))
-	perm |= O_DIRECT;
+        perm |= O_DIRECT;
 #endif
-            
+
    //
    // actually open the file
    //
-    int fh = _topen( sFileName.c_str(), perm, openmode );
-    if( fh == -1 )
+    int fh = _topen(sFileName.c_str(), perm, openmode);
+    if (fh == -1)
    {
-        throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) );
+        throw(eFileOpen(sFileName, iFSServices::GetInstance()->GetErrString()));
    }
    mpData->m_fd = fh;

-#if !IS_AROS
-    if( flags & OPEN_LOCKED_TEMP )
+#if CAN_UNLINK_WHILE_OPEN
+    if (flags & OPEN_LOCKED_TEMP)
    {
-        // unlink this file 
-        if( 0 != unlink( sFileName.c_str() ) )
+        // unlink this file
+        if (0 != unlink(sFileName.c_str()))
        {
            // we weren't able to unlink file, so close handle and fail
-            close( fh );
-            throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) );
+            close(fh);
+            throw(eFileOpen(sFileName, iFSServices::GetInstance()->GetErrString()));
        }
    }
 #endif
@ -223,27 +227,27 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
    //
    mpData->mpCurrStream = _tfdopen(fh, mode.c_str());

-    mpData->mFileName = sFileName;  //Set mFileName to the newly opened file.
-    
+    mpData->mFileName = sFileName; //Set mFileName to the newly opened file.
+
    cFile::Rewind();

 #ifdef F_NOCACHE //OSX
    if ((flags & OPEN_DIRECT) && (flags & OPEN_SCANNING))
        fcntl(fh, F_NOCACHE, 1);
-#endif   
+#endif

 #if IS_SOLARIS
    if ((flags & OPEN_DIRECT) && (flags & OPEN_SCANNING))
        directio(fh, DIRECTIO_ON);
 #endif
-    
+
 #if HAVE_POSIX_FADVISE
-    if (flags & OPEN_SCANNING && !(flags & OPEN_DIRECT)) 
+    if (flags & OPEN_SCANNING && !(flags & OPEN_DIRECT))
    {
-        posix_fadvise(fh,0,0, POSIX_FADV_SEQUENTIAL);
-        posix_fadvise(fh,0,0, POSIX_FADV_NOREUSE);
+        posix_fadvise(fh, 0, 0, POSIX_FADV_SEQUENTIAL);
+        posix_fadvise(fh, 0, 0, POSIX_FADV_NOREUSE);
    }
-    
+
 #elif HAVE_SYS_FS_VX_IOCTL_H
    if (flags & OPEN_SCANNING)
    {
@ -253,7 +257,6 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
            ioctl(fh, VX_SETCACHE, VX_SEQ | VX_NOREUSE);
    }
 #endif
-    
 }


@ -262,37 +265,37 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
 ///////////////////////////////////////////////////////////////////////////
 void cFile::Close() //throw(eFile)
 {
-    if(mpData->mpCurrStream != NULL)
+    if (mpData->mpCurrStream != NULL)
    {
 #ifdef HAVE_POSIX_FADVISE
-        posix_fadvise(fileno(mpData->mpCurrStream),0,0, POSIX_FADV_DONTNEED);
+        posix_fadvise(fileno(mpData->mpCurrStream), 0, 0, POSIX_FADV_DONTNEED);
 #endif

-        fclose( mpData->mpCurrStream );
+        fclose(mpData->mpCurrStream);
        mpData->mpCurrStream = NULL;
    }
-    
-    
+
+
    mpData->mFileName.empty();
 }

-bool cFile::IsOpen( void ) const
+bool cFile::IsOpen(void) const
 {
-    return( mpData->mpCurrStream != NULL );
+    return (mpData->mpCurrStream != NULL);
 }

 ///////////////////////////////////////////////////////////////////////////
 // Seek -- Positions the read/write offset in mpCurrStream.  Returns the
 //      current offset upon completion.  Returns 0 if no stream is defined.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
+cFile::File_t cFile::Seek(File_t offset, SeekFrom From) const //throw(eFile)
 {
    //Check to see if a file as been opened yet...
-    ASSERT( mpData->mpCurrStream != 0);
+    ASSERT(mpData->mpCurrStream != 0);

    int apiFrom;

-    switch( From )
+    switch (From)
    {
    case cFile::SEEK_BEGIN:
        apiFrom = SEEK_SET;
@ -305,11 +308,11 @@ cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
        break;
    default:
        //An invalid SeekFrom parameter was passed.
-        throw( eInternal( _T("file_unix") ) );
+        throw(eInternal(_T("file_unix")));
    }

-    // this is a hack to simulate running out of disk space
-    #if 0
+// this is a hack to simulate running out of disk space
+#if 0
    static int blowupCount = 1;
    if (++blowupCount == 1075)
    {
@ -318,14 +321,14 @@ cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
        throw std::bad_alloc();
    }
    fprintf(stderr, "%d\n", blowupCount);
-    #endif
+#endif

-    if (fseeko( mpData->mpCurrStream, offset, apiFrom ) != 0)
+    if (fseeko(mpData->mpCurrStream, offset, apiFrom) != 0)
    {
-        #ifdef _DEBUG
+#ifdef DEBUG
        cDebug d("cFile::Seek");
        d.TraceDebug("Seek failed!\n");
-        #endif
+#endif
        throw eFileSeek();
    }

@ -336,26 +339,31 @@ cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
 // Read -- Returns the actual bytes read from mpCurrStream.  Returns 0 if
 //      mpCurrStream is undefined.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Read( void* buffer, File_t nBytes ) const //throw(eFile)
+cFile::File_t cFile::Read(void* buffer, File_t nBytes) const //throw(eFile)
 {
    File_t iBytesRead;

    // Has a file been opened?
-    ASSERT( mpData->mpCurrStream != NULL );
+    ASSERT(mpData->mpCurrStream != NULL);

    // Is the nBytes parameter 0?  If so, return without touching buffer:
-    if( nBytes == 0 )
+    if (nBytes == 0)
        return 0;

-    if (mpData->mFlags & OPEN_DIRECT) {
+    if (mpData->mFlags & OPEN_DIRECT)
+    {
        iBytesRead = read(mpData->m_fd, buffer, nBytes);
-        if (iBytesRead<0) {
-            throw eFileRead(mpData->mFileName, iFSServices::GetInstance()->GetErrString()); 
+        if (iBytesRead < 0)
+        {
+            throw eFileRead(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
        }
-    } else { 
-        iBytesRead = fread( buffer, sizeof(byte), nBytes, mpData->mpCurrStream );
-        if( ferror( mpData->mpCurrStream ) != 0 ) {
-            throw eFileRead( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) ; 
+    }
+    else
+    {
+        iBytesRead = fread(buffer, sizeof(byte), nBytes, mpData->mpCurrStream);
+        if (ferror(mpData->mpCurrStream) != 0)
+        {
+            throw eFileRead(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
        }
    }

@ -366,16 +374,16 @@ cFile::File_t cFile::Read( void* buffer, File_t nBytes ) const //throw(eFile)
 // Write -- Returns the actual number of bytes written to mpCurrStream
 //      Returns 0 if no file has been opened.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Write( const void* buffer, File_t nBytes )     //throw(eFile)
+cFile::File_t cFile::Write(const void* buffer, File_t nBytes) //throw(eFile)
 {
    File_t actual_count = 0;

    // Has a file been opened? Is it writable?
-    ASSERT( mpData->mpCurrStream != NULL );
-    ASSERT( isWritable );
+    ASSERT(mpData->mpCurrStream != NULL);
+    ASSERT(isWritable);

-    if( ( actual_count = fwrite( buffer, sizeof(byte), nBytes, mpData->mpCurrStream ) ) < nBytes )
-        throw eFileWrite( mpData->mFileName, iFSServices::GetInstance()->GetErrString() );
+    if ((actual_count = fwrite(buffer, sizeof(byte), nBytes, mpData->mpCurrStream)) < nBytes)
+        throw eFileWrite(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
    else
        return actual_count;
 }
@ -386,9 +394,9 @@ cFile::File_t cFile::Write( const void* buffer, File_t nBytes )     //throw(eFil
 ///////////////////////////////////////////////////////////////////////////
 cFile::File_t cFile::Tell() const
 {
-    ASSERT( mpData->mpCurrStream != 0);
+    ASSERT(mpData->mpCurrStream != 0);

-    return ftell( mpData->mpCurrStream );
+    return ftell(mpData->mpCurrStream);
 }

 ///////////////////////////////////////////////////////////////////////////
@ -396,23 +404,23 @@ cFile::File_t cFile::Tell() const
 ///////////////////////////////////////////////////////////////////////////
 bool cFile::Flush() //throw(eFile)
 {
-    if ( mpData->mpCurrStream == NULL )
-        throw eFileFlush( mpData->mFileName, iFSServices::GetInstance()->GetErrString() );
-        
-    return ( fflush( mpData->mpCurrStream) == 0 );
+    if (mpData->mpCurrStream == NULL)
+        throw eFileFlush(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
+
+    return (fflush(mpData->mpCurrStream) == 0);
 }
 ///////////////////////////////////////////////////////////////////////////
 // Rewind -- Sets the offset to the beginning of the file.  If mpCurrStream
 //      is NULL, this method returns false. If the rewind operation fails,
 //      an exception is thrown.
 ///////////////////////////////////////////////////////////////////////////
-void cFile::Rewind() const  //throw(eFile)
+void cFile::Rewind() const //throw(eFile)
 {
-    ASSERT( mpData->mpCurrStream != 0);
+    ASSERT(mpData->mpCurrStream != 0);

-    rewind( mpData->mpCurrStream );
-    if( ftell( mpData->mpCurrStream ) != 0 )
-        throw( eFileRewind( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) );
+    rewind(mpData->mpCurrStream);
+    if (ftell(mpData->mpCurrStream) != 0)
+        throw(eFileRewind(mpData->mFileName, iFSServices::GetInstance()->GetErrString()));
 }

 ///////////////////////////////////////////////////////////////////////////
@ -425,12 +433,12 @@ cFile::File_t cFile::GetSize() const
    File_t ret;

    //Has a file been opened? If not, return -1
-    if( mpData->mpCurrStream == NULL )
+    if (mpData->mpCurrStream == NULL)
        return -1;

-    ret = Seek( 0, cFile::SEEK_EOF );
-    Seek( vCurrentOffset, cFile::SEEK_BEGIN );
-        //return the offset to it's position prior to GetSize call.
+    ret = Seek(0, cFile::SEEK_EOF);
+    Seek(vCurrentOffset, cFile::SEEK_BEGIN);
+    //return the offset to it's position prior to GetSize call.

    return ret;
 }
@ -438,62 +446,240 @@ cFile::File_t cFile::GetSize() const
 /////////////////////////////////////////////////////////////////////////
 // Truncate
 /////////////////////////////////////////////////////////////////////////
-void cFile::Truncate( File_t offset ) // throw(eFile) 
+void cFile::Truncate(File_t offset) // throw(eFile)
 {
-    ASSERT( mpData->mpCurrStream != 0);
-    ASSERT( isWritable );
+    ASSERT(mpData->mpCurrStream != 0);
+    ASSERT(isWritable);

-    ftruncate( fileno(mpData->mpCurrStream), offset );
-    if( GetSize() != offset )
-        throw( eFileTrunc( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) );
+    ftruncate(fileno(mpData->mpCurrStream), offset);
+    if (GetSize() != offset)
+        throw(eFileTrunc(mpData->mFileName, iFSServices::GetInstance()->GetErrString()));
 }


-#if USES_DEVICE_PATH
-// For paths of type DH0:/dir/file
-TSTRING cDevicePath::AsPosix( const TSTRING& in )
+/////////////////////////////////////////////////////////////////////////
+// Platform path conversion methods
+/////////////////////////////////////////////////////////////////////////
+
+bool cDosPath::IsAbsolutePath(const TSTRING& in)
+{
+    if (in.empty())
+        return false;
+
+    if (in[0] == '/')
+        return true;
+
+    if (in.length() >= 2 && in[1] == ':')
+        return true;
+
+    return false;
+}
+
+// For paths of type C:\DOS
+TSTRING cDosPath::AsPosix(const TSTRING& in)
 {
    if (in[0] == '/')
+    {
+        return in;
+    }
+
+    TSTRING out = (cDosPath::IsAbsolutePath(in)) ? ("/dev/" + in) : in;
+    std::replace(out.begin(), out.end(), '\\', '/');
+    out.erase(std::remove(out.begin(), out.end(), ':'), out.end());
+
+    return out;
+}
+
+TSTRING cDosPath::AsNative(const TSTRING& in)
+{
+    if (in[0] != '/')
+    {
+        return in;
+    }
+
+    if (in.find("/dev") != 0 || in.length() < 6)
        return in;

-#if IS_DOS_DJGPP
-    TSTRING out = "/dev/" + in;
-    std::replace(out.begin(), out.end(), '\\', '/');
-#else
-    TSTRING out = '/' + in;
-#endif
-    
+    TSTRING out = "?:/";
+    out[0]      = in[5];
+
+    if (in.length() >= 8)
+        out.append(in.substr(7));
+
+    std::replace(out.begin(), out.end(), '/', '\\');
+
+    return out;
+}
+
+TSTRING cDosPath::BackupName(const TSTRING& in)
+{
+    TSTRING                out = in;
+    std::string::size_type pos = out.find_last_of("\\");
+    if (std::string::npos == pos)
+        return in;
+
+    TSTRING path = in.substr(0, pos);
+    TSTRING name = in.substr(pos, 9);
+    std::replace(name.begin(), name.end(), '.', '_');
+    path.append(name);
+
+    return path;
+}
+
+/////////////////////////////////////////////////////////////////////////
+bool cArosPath::IsAbsolutePath(const TSTRING& in)
+{
+    if (in.empty())
+        return false;
+
+    if (in[0] == '/')
+        return true;
+
+    if (in.find(":") != std::string::npos)
+        return true;
+
+    return false;
+}
+
+// For paths of type DH0:dir/file
+TSTRING cArosPath::AsPosix(const TSTRING& in)
+{
+    if (in[0] == '/')
+    {
+        return in;
+    }
+
+    TSTRING out = IsAbsolutePath(in) ? '/' + in : in;
    std::replace(out.begin(), out.end(), ':', '/');

    return out;
 }

-TSTRING cDevicePath::AsNative( const TSTRING& in )
+TSTRING cArosPath::AsNative(const TSTRING& in)
 {
    if (in[0] != '/')
+    {
        return in;
+    }

-#if IS_DOS_DJGPP
-    if (in.find("/dev") != 0 || in.length() < 6)
-        return in;
-    
-    TSTRING out = "?:/";
-    out[0] = in[5];
-    
-    if (in.length() >= 8)
-        out.append(in.substr(7));
-    
-    return out;
-    
-#elif IS_AROS
-    int x = 1;
-    for ( x; in[x] == '/' && x<in.length(); x++);
-
-    TSTRING out = in.substr(x); 
-    TSTRING::size_type t = out.find_first_of('/');
-    out[t] = ':';
+    std::string::size_type drive = in.find_first_not_of("/");
+    TSTRING                out   = (drive != std::string::npos) ? in.substr(drive) : in;
+    TSTRING::size_type     t     = out.find_first_of('/');
+    if (t != std::string::npos)
+        out[t] = ':';
+    else
+        out.append(":");

    return out;
+}
+
+/////////////////////////////////////////////////////////////////////////
+bool cRiscosPath::IsAbsolutePath(const TSTRING& in)
+{
+    if (in.empty())
+        return false;
+
+    if (in[0] == '/')
+        return true;
+
+    if (in.find("$") != std::string::npos)
+        return true;
+
+    return false;
+}
+
+// For paths of type SDFS::Volume.$.dir.file
+TSTRING cRiscosPath::AsPosix(const TSTRING& in)
+{
+#if IS_RISCOS
+    if (in[0] == '/')
+    {
+        return in;
+    }
+
+    TSTRING out;
+    char*   unixified = __unixify(in.c_str(), 0, 0, 0, 0);
+    if (unixified)
+    {
+        out.assign(unixified);
+        free(unixified);
+        return out;
+    }
+    return in;
+
+#else
+    return in;
 #endif
-} 
+}
+
+TSTRING cRiscosPath::AsNative(const TSTRING& in)
+{
+#if IS_RISCOS
+    if (in[0] != '/')
+    {
+        return in;
+    }
+
+    TSTRING           out;
+    int               buf_size = in.length() + 100; // examples pad by 100
+    std::vector<char> buf(buf_size);
+    __riscosify(in.c_str(), 0, 0, &buf[0], buf_size, 0);
+    if (buf[0])
+    {
+        out.assign(&buf[0]);
+        return out;
+    }
+    return in;
+#else
+    return in;
 #endif
+}
+
+
+/////////////////////////////////////////////////////////////////////////
+bool cRedoxPath::IsAbsolutePath(const TSTRING& in)
+{
+    if (in.empty())
+        return false;
+
+    if (in[0] == '/')
+        return true;
+
+    if (in.find(":") != std::string::npos)
+        return true;
+
+    return false;
+}
+
+// For paths of type file:/dir/file
+TSTRING cRedoxPath::AsPosix(const TSTRING& in)
+{
+    if (in[0] == '/')
+    {
+        return in;
+    }
+
+    TSTRING                out   = IsAbsolutePath(in) ? '/' + in : in;
+    std::string::size_type colon = out.find_first_of(":");
+    if (colon != std::string::npos)
+        out.erase(colon, 1);
+    return out;
+}
+
+TSTRING cRedoxPath::AsNative(const TSTRING& in)
+{
+    if (in[0] != '/')
+    {
+        return in;
+    }
+
+    std::string::size_type drive = in.find_first_not_of("/");
+    TSTRING                out   = (drive != std::string::npos) ? in.substr(drive) : in;
+    TSTRING::size_type     slash = out.find_first_of('/');
+    if (slash != std::string::npos)
+        out.insert(slash, ":");
+    else
+        out.append(":/");
+
+    return out;
+}
--- a/src/core/fileerror.cpp
+++ b/src/core/fileerror.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -37,11 +37,10 @@
 #include "corestrings.h"

 // TODO: Make this use MakeFileError() for consistency
-eFileError::eFileError( const TSTRING& filename, const TSTRING& description, uint32 flags )
-:   eError( _T(""), flags )
+eFileError::eFileError(const TSTRING& filename, const TSTRING& description, uint32 flags) : eError(_T(""), flags)
 {
    mFilename = filename;
-    mMsg = description;
+    mMsg      = description;
 }

 TSTRING eFileError::GetFilename() const
@ -58,14 +57,14 @@ TSTRING eFileError::GetDescription() const
 {
    TSTRING ret;

-    if( ! mFilename.empty() )
+    if (!mFilename.empty())
    {
-        ret = TSS_GetString( cCore, core::STR_ERROR_FILENAME ) + mFilename;
+        ret = TSS_GetString(cCore, core::STR_ERROR_FILENAME) + mFilename;
    }

-    if( ! mMsg.empty() )
+    if (!mMsg.empty())
    {
-        if ( ! mFilename.empty() )
+        if (!mFilename.empty())
            ret += _T("\n");

        ret += mMsg;
@ -73,4 +72,3 @@ TSTRING eFileError::GetDescription() const

    return ret;
 }
-
--- a/src/core/fileerror.h
+++ b/src/core/fileerror.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -51,30 +51,33 @@
 // ### Insufficient permission to open file.    <-- constructor parameter "msg"
 // ### Exiting...                               <-- appropriate third message
 //=============================================================================
-TSS_BEGIN_EXCEPTION_NO_CTOR( eFileError, eError )
+TSS_BEGIN_EXCEPTION_NO_CTOR(eFileError, eError)
 private:
-    TSTRING mFilename;
+TSTRING mFilename;

 public:
-    eFileError( const TSTRING& filename, const TSTRING& description, uint32 flags = 0 );
+eFileError(const TSTRING& filename, const TSTRING& description, uint32 flags = 0);

-    explicit eFileError( const eFileError& rhs )
-        : eError( rhs ) { mFilename = rhs.mFilename; }
-    eFileError( const TSTRING& msg, uint32 flags = 0 )
-        : eError( msg, flags ) {}
+explicit eFileError(const eFileError& rhs) : eError(rhs)
+{
+    mFilename = rhs.mFilename;
+}
+eFileError(const TSTRING& msg, uint32 flags = 0) : eError(msg, flags)
+{
+}


-    TSTRING GetFilename() const;
-    TSTRING GetDescription() const;
-    virtual TSTRING GetMsg() const;
+TSTRING         GetFilename() const;
+TSTRING         GetDescription() const;
+virtual TSTRING GetMsg() const;

 TSS_END_EXCEPTION()

-#define TSS_FILE_EXCEPTION( except, base ) \
-    TSS_BEGIN_EXCEPTION( except, base ) \
-    except( const TSTRING& filename, const TSTRING& msg, uint32 flags = 0 ) \
-    : base( filename, msg, flags ) {} \
-    TSS_END_EXCEPTION()
+#    define TSS_FILE_EXCEPTION(except, base)                                                               \
+        TSS_BEGIN_EXCEPTION(except, base)                                                                  \
+        except(const TSTRING& filename, const TSTRING& msg, uint32 flags = 0) : base(filename, msg, flags) \
+        {                                                                                                  \
+        }                                                                                                  \
+        TSS_END_EXCEPTION()

 #endif
-
--- a/src/core/fileheader.cpp
+++ b/src/core/fileheader.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -38,10 +38,10 @@
 #include "ntmbs.h"

 // A magic number to put at top of file headers
-// I changed this magic number in 2.1 since we now support versioning in the file header.  
+// I changed this magic number in 2.1 since we now support versioning in the file header.
 // (the old magic number was 0x00202039)
 // I generated the random number using the random.org web site.
-const uint32 FILE_HEADER_MAGIC_NUMBER = 0x78f9beb3; 
+const uint32 FILE_HEADER_MAGIC_NUMBER = 0x78f9beb3;

 ///////////////////////////////////////////////////////////////////////////////
 // class cFileHeaderID
@ -50,48 +50,46 @@ cFileHeaderID::~cFileHeaderID()
 {
 }

-void cFileHeaderID::operator=( const TCHAR* pszId )
+void cFileHeaderID::operator=(const TCHAR* pszId)
 {
    // RAD:10/1/99 -- Not Needed
    // TODO:BAM -- I'm pretty sure that there's a bug hiding here...
-    //size_t len = _tcslen(id);    
+    //size_t len = _tcslen(id);
    //if (len >= 256)
    //{
    //    ASSERT(false);
    //    mIDLen = 0;
    //    return;
    //}
-    
-    size_t N = ::strlen( pszId );
-    if ( !(N < cFileHeaderID::MAXBYTES) )
-        throw eCharacter( TSS_GetString( cCore, core::STR_ERR_OVERFLOW ) );

-    mIDLen = static_cast<int16>( N ); // know len is less than MAXBYTES
-    ::memcpy( mID, pszId, N * sizeof(char) );
+    size_t N = ::strlen(pszId);
+    if (!(N < cFileHeaderID::MAXBYTES))
+        throw eCharacter(TSS_GetString(cCore, core::STR_ERR_OVERFLOW));
+
+    mIDLen = static_cast<int16>(N); // know len is less than MAXBYTES
+    ::memcpy(mID, pszId, N * sizeof(char));
 }

-void cFileHeaderID::operator=( const cFileHeaderID& rhs )
+void cFileHeaderID::operator=(const cFileHeaderID& rhs)
 {
-    ASSERT( rhs.mIDLen < cFileHeaderID::MAXBYTES );
+    ASSERT(rhs.mIDLen < cFileHeaderID::MAXBYTES);
    mIDLen = rhs.mIDLen;
    memcpy(mID, rhs.mID, mIDLen * sizeof(char));
 }

-int cFileHeaderID::operator==( const cFileHeaderID& rhs ) const
+int cFileHeaderID::operator==(const cFileHeaderID& rhs) const
 {
-    return 
-        ( mIDLen == rhs.mIDLen ) &&
-        ( ::memcmp( mID, rhs.mID, mIDLen * sizeof(char) ) == 0 );
+    return (mIDLen == rhs.mIDLen) && (::memcmp(mID, rhs.mID, mIDLen * sizeof(char)) == 0);
 }

-void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/ )  // throw (eSerializer, eArchive)
+void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eSerializer, eArchive)
 {
    int16 len;
-    pSerializer->ReadInt16( len );
-    if ( (len < 0) || (len >= cFileHeaderID::MAXBYTES ))
+    pSerializer->ReadInt16(len);
+    if ((len < 0) || (len >= cFileHeaderID::MAXBYTES))
    {
        // this is invalid!
-        throw eSerializerInputStreamFmt( _T("File Header ID invalid") );
+        throw eSerializerInputStreamFmt(_T("File Header ID invalid"));
    }
    pSerializer->ReadBlob(mID, len * sizeof(char));
    mIDLen = len;
@ -99,19 +97,18 @@ void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/ )  // throw

 void cFileHeaderID::Write(iSerializer* pSerializer) const // throw (eSerializer, eArchive)
 {
-    ASSERT( mIDLen >= 0 && mIDLen < cFileHeaderID::MAXBYTES );
-    
-    pSerializer->WriteInt16( mIDLen );
-    pSerializer->WriteBlob( mID, mIDLen * sizeof(char) );
+    ASSERT(mIDLen >= 0 && mIDLen < cFileHeaderID::MAXBYTES);
+
+    pSerializer->WriteInt16(mIDLen);
+    pSerializer->WriteBlob(mID, mIDLen * sizeof(char));
 }

 ///////////////////////////////////////////////////////////////////////////////
 // class cFileHeader

-cFileHeader::cFileHeader()
-:   mVersion(0)
+cFileHeader::cFileHeader() : mVersion(0)
 {
-#ifdef _DEBUG
+#ifdef DEBUG
    mEncoding = LAST_ENCODING; // set to invalid value so we can assert on write
 #else
    mEncoding = NO_ENCODING;
@ -119,20 +116,14 @@ cFileHeader::cFileHeader()
 }

 cFileHeader::cFileHeader(const cFileHeader& rhs)
-:   iSerializable(),
-    mID(rhs.mID),
-    mVersion(rhs.mVersion),
-    mEncoding(rhs.mEncoding)
+    : iSerializable(), mID(rhs.mID), mVersion(rhs.mVersion), mEncoding(rhs.mEncoding)
 {
    if (rhs.mBaggage.Length() > 0)
    {
        mBaggage.MapArchive(0, rhs.mBaggage.Length());
        rhs.mBaggage.MapArchive(0, rhs.mBaggage.Length());
-        
-        ::memcpy(
-            mBaggage.GetMap(),
-            rhs.mBaggage.GetMap(),
-            static_cast<size_t>( rhs.mBaggage.Length() ) ); 
+
+        ::memcpy(mBaggage.GetMap(), rhs.mBaggage.GetMap(), static_cast<size_t>(rhs.mBaggage.Length()));

        mBaggage.MapArchive(0, 0);
        rhs.mBaggage.MapArchive(0, 0);
@ -171,18 +162,18 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
    if ((unsigned int)magicNumber != FILE_HEADER_MAGIC_NUMBER)
    {
        d.TraceDebug("Bad magic number");
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName());
    }

    // Note this version refers to the format of this data structure in the
-    // file image.  mVersion refers to the version of data that accompanies 
+    // file image.  mVersion refers to the version of data that accompanies
    // this cFileHeader, for example the database or report format.
    pSerializer->ReadInt32(version);
    if (version > 1)
    {
        // don't understand the version
        d.TraceDebug("Bad version");
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName());
    }

    mID.Read(pSerializer);
@ -196,7 +187,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
    pSerializer->ReadInt32(len);

    if (len < 0 || len > 0xffff)
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName());

    mBaggage.MapArchive(0, len);

@ -213,19 +204,19 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS

 void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, eArchive)
 {
-#ifdef _DEBUG
+#ifdef DEBUG
    // check that we set some values
    cFileHeaderID id;
    ASSERT(mID != id);
    ASSERT(mEncoding != LAST_ENCODING);
 #endif

-    // we need to have our own versioning since we are not 
+    // we need to have our own versioning since we are not
    // a iTypedSerializable object.
    pSerializer->WriteInt32(FILE_HEADER_MAGIC_NUMBER);

    // Note this version refers to the format of this data structure in the
-    // file image.  mVersion refers to the version of data that accompanies 
+    // file image.  mVersion refers to the version of data that accompanies
    // this cFileHeader, for example the database or report format.
    pSerializer->WriteInt32(1); // version

@ -233,21 +224,20 @@ void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, e

    pSerializer->WriteInt32(mVersion);

-    pSerializer->WriteInt16( static_cast<int16>(mEncoding) );
+    pSerializer->WriteInt16(static_cast<int16>(mEncoding));

-    int32 len = static_cast<int32>( mBaggage.Length() );
+    int32 len = static_cast<int32>(mBaggage.Length());

    ASSERT(len >= 0);
    ASSERT(len <= 0xFFFF);

-    if ( len < 0 || len > 0xFFFF )
+    if (len < 0 || len > 0xFFFF)
        throw eSerializerOutputStreamFmt();

    pSerializer->WriteInt32(len);
    if (len > 0)
-    {   
+    {
        mBaggage.MapArchive(0, len);
        pSerializer->WriteBlob(mBaggage.GetMap(), len);
    }
 }
-
--- a/src/core/fileheader.h
+++ b/src/core/fileheader.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -54,13 +54,13 @@ public:
    cFileHeaderID(const cFileHeaderID& rhs);
    virtual ~cFileHeaderID();

-    void operator = (const TCHAR* id);
-    void operator = (const cFileHeaderID& rhs);
-    int  operator == (const cFileHeaderID& rhs) const;
-    int  operator != (const cFileHeaderID& rhs) const;
+    void operator=(const TCHAR* id);
+    void operator=(const cFileHeaderID& rhs);
+    int  operator==(const cFileHeaderID& rhs) const;
+    int  operator!=(const cFileHeaderID& rhs) const;

-    virtual void Read (iSerializer* pSerializer, int32 version = 0);    // throw (eSerializer, eArchive)
-    virtual void Write(iSerializer* pSerializer) const;                 // throw (eSerializer, eArchive)
+    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Write(iSerializer* pSerializer) const;             // throw (eSerializer, eArchive)

 private:
    // For now we will store the id as a string.
@ -68,10 +68,13 @@ private:
    // the way we implemented cFCONames.
    // Note: We store the string as narrow chars, since
    // the program is the only person who will see them.
-    int16   mIDLen;
+    int16 mIDLen;

-    enum { MAXBYTES = 256 };
-    char mID[ MAXBYTES ];
+    enum
+    {
+        MAXBYTES = 256
+    };
+    char mID[MAXBYTES];
 };

 inline cFileHeaderID::cFileHeaderID()
@ -84,14 +87,12 @@ inline cFileHeaderID::cFileHeaderID(const TCHAR* id)
    *this = id;
 }

-inline
-cFileHeaderID::cFileHeaderID( const cFileHeaderID& rhs ) :
-    iSerializable(), mIDLen( rhs.mIDLen ) 
+inline cFileHeaderID::cFileHeaderID(const cFileHeaderID& rhs) : iSerializable(), mIDLen(rhs.mIDLen)
 {
-    memcpy( mID, rhs.mID, MAXBYTES );
+    memcpy(mID, rhs.mID, MAXBYTES);
 }

-inline int cFileHeaderID::operator != (const cFileHeaderID& rhs) const
+inline int cFileHeaderID::operator!=(const cFileHeaderID& rhs) const
 {
    return !(*this == rhs);
 }
@ -115,26 +116,26 @@ public:
        LAST_ENCODING
    };

-    void                    SetID(const cFileHeaderID& id);
-    const cFileHeaderID&    GetID() const;
+    void                 SetID(const cFileHeaderID& id);
+    const cFileHeaderID& GetID() const;

-    void                    SetVersion(uint32 v);
-    uint32                  GetVersion() const;
+    void   SetVersion(uint32 v);
+    uint32 GetVersion() const;

-    void                    SetEncoding(Encoding e);
-    Encoding                GetEncoding() const;
+    void     SetEncoding(Encoding e);
+    Encoding GetEncoding() const;

-    cMemoryArchive&         GetBaggage();
-    const cMemoryArchive&   GetBaggage() const;
+    cMemoryArchive&       GetBaggage();
+    const cMemoryArchive& GetBaggage() const;

-    virtual void Read (iSerializer* pSerializer, int32 version = 0);    // throw (eSerializer, eArchive)
-    virtual void Write(iSerializer* pSerializer) const;                 // throw (eSerializer, eArchive)
+    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Write(iSerializer* pSerializer) const;             // throw (eSerializer, eArchive)

 protected:
-    cFileHeaderID   mID;
-    uint32          mVersion;
-    Encoding        mEncoding;
-    cMemoryArchive  mBaggage;    // items that have been serialized to this object
+    cFileHeaderID  mID;
+    uint32         mVersion;
+    Encoding       mEncoding;
+    cMemoryArchive mBaggage; // items that have been serialized to this object
 };

 inline const cFileHeaderID& cFileHeader::GetID() const
@ -163,4 +164,3 @@ inline const cMemoryArchive& cFileHeader::GetBaggage() const
 }

 #endif
-
--- a/src/core/fixedfilebuf.h
+++ b/src/core/fixedfilebuf.h
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -34,8 +34,8 @@
 // Date....: 8/12/99
 // Creator.: Brian McFeely (bmcfeely)
 //
-// Plauger's 'basic_filebuf::overflow' had a bug, 
-// so I had to reimplement the entire class.  
+// Plauger's 'basic_filebuf::overflow' had a bug,
+// so I had to reimplement the entire class.
 //
 // Plauger had a line:    "fwrite(_Str->begin(), _N, 1, _File)"
 // that should have been: "fwrite(_Str->begin(), 1, _N, _File)"
@ -45,10 +45,6 @@
 #define __FIXED_FILEBUF_H

 #include <fstream>
-
-#if IS_UNIX
 #define fixed_basic_ofstream std::basic_ofstream
-#endif // IS_WIN32/IS_UNIX
-
-#endif//__FIXED_FILEBUF_H

+#endif //__FIXED_FILEBUF_H
--- a/src/core/fsservices.cpp
+++ b/src/core/fsservices.cpp
@ -1,31 +1,31 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
-// 
+//
 // This program is free software.  The contents of this file are subject
 // to the terms of the GNU General Public License as published by the
 // Free Software Foundation; either version 2 of the License, or (at your
 // option) any later version.  You may redistribute it and/or modify it
 // only in compliance with the GNU General Public License.
-// 
+//
 // This program is distributed in the hope that it will be useful.
 // However, this program is distributed AS-IS WITHOUT ANY
 // WARRANTY; INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS
 // FOR A PARTICULAR PURPOSE.  Please see the GNU General Public License
 // for more details.
-// 
+//
 // You should have received a copy of the GNU General Public License
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 // USA.
-// 
+//
 // Nothing in the GNU General Public License or any other license to use
 // the code or files shall permit you to use Tripwire's trademarks,
 // service marks, or other intellectual property without Tripwire's
 // prior written consent.
-// 
+//
 // If you have any questions, please contact Tripwire, Inc. at either
 // info@tripwire.org or www.tripwire.org.
 //
@ -43,5 +43,3 @@ iFSServices* iFSServices::mpInstance = 0;
 //#############################################################################
 // eFSServices
 //#############################################################################
-
-
--- a/Show More
+++ b/Show More