577 changed files with 30580 additions and 39656 deletions
--- a/.clang-format
+++ b/.clang-format
@ -1,115 +0,0 @@
 ---
 Language:        Cpp
 AccessModifierOffset: -4
 AlignAfterOpenBracket: Align
 AlignConsecutiveAssignments: true
 AlignConsecutiveDeclarations: true
 AlignEscapedNewlines: Left
 AlignOperands:   true
 AlignTrailingComments: true
 AllowAllParametersOfDeclarationOnNextLine: true
 AllowShortBlocksOnASingleLine: false
 AllowShortCaseLabelsOnASingleLine: false
 AllowShortFunctionsOnASingleLine: None
 AllowShortIfStatementsOnASingleLine: false
 AllowShortLoopsOnASingleLine: false
 AlwaysBreakAfterDefinitionReturnType: None
 AlwaysBreakAfterReturnType: None
 AlwaysBreakBeforeMultilineStrings: false
 AlwaysBreakTemplateDeclarations: false
 BinPackArguments: false
 BinPackParameters: false
 BraceWrapping:   
  AfterClass:      true
  AfterControlStatement: true
  AfterEnum:       true
  AfterFunction:   true
  AfterNamespace:  true
  AfterObjCDeclaration: true
  AfterStruct:     true
  AfterUnion:      true
  AfterExternBlock: true
  BeforeCatch:     true
  BeforeElse:      true
  IndentBraces:    false
  SplitEmptyFunction: true
  SplitEmptyRecord: true
  SplitEmptyNamespace: true
 BreakBeforeBinaryOperators: None
 BreakBeforeBraces: Custom
 BreakBeforeInheritanceComma: false
 BreakBeforeTernaryOperators: false
 BreakConstructorInitializersBeforeComma: false
 BreakConstructorInitializers: BeforeColon
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: true
 ColumnLimit:     120
 CommentPragmas:  '^ IWYU pragma:'
 CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: true
 ConstructorInitializerIndentWidth: 4
 ContinuationIndentWidth: 4
 Cpp11BracedListStyle: true
 DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
 FixNamespaceComments: true
 ForEachMacros:   
  - foreach
  - Q_FOREACH
  - BOOST_FOREACH
 IncludeBlocks:   Preserve
 IncludeCategories: 
  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
    Priority:        2
  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
    Priority:        3
  - Regex:           '.*'
    Priority:        1
 IncludeIsMainRegex: '(Test)?$'
 IndentCaseLabels: false
 IndentPPDirectives: AfterHash
 IndentWidth:     4
 IndentWrappedFunctionNames: false
 JavaScriptQuotes: Leave
 JavaScriptWrapImports: true
 KeepEmptyLinesAtTheStartOfBlocks: true
 MacroBlockBegin: ''
 MacroBlockEnd:   ''
 MaxEmptyLinesToKeep: 2
 NamespaceIndentation: None
 ObjCBlockIndentWidth: 2
 ObjCSpaceAfterProperty: false
 ObjCSpaceBeforeProtocolList: true
 PenaltyBreakAssignment: 2
 PenaltyBreakBeforeFirstCallParameter: 19
 PenaltyBreakComment: 300
 PenaltyBreakFirstLessLess: 120
 PenaltyBreakString: 1000
 PenaltyExcessCharacter: 1000000
 PenaltyReturnTypeOnItsOwnLine: 60
 PointerAlignment: Left
 RawStringFormats: 
  - Delimiter:       pb
    Language:        TextProto
    BasedOnStyle:    google
 ReflowComments:  false
 SortIncludes:    false
 SortUsingDeclarations: true
 SpaceAfterCStyleCast: false
 SpaceAfterTemplateKeyword: false
 SpaceBeforeAssignmentOperators: true
 SpaceBeforeParens: ControlStatements
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
 SpacesInAngles:  false
 SpacesInContainerLiterals: true
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
 Standard:        Auto
 TabWidth:        4
 UseTab:          Never
 ...
--- a/.gitignore
+++ b/.gitignore
@ -3,6 +3,7 @@ config.h
 config.h.in~
 config.log
 config.status
 compile
 autom4te.cache/
 bin/
 lib/
@ -11,7 +12,6 @@ src/tripwire/tripwire
 src/twadmin/twadmin
 src/twprint/twprint
 src/twtest/twtest
 src/test-harness/twtest
 **/Makefile
 **/*.o
 **/*.dylib
@ -20,9 +20,6 @@ src/test-harness/twtest
 **/*.dll
 **/*.exe
 **/*~
 **/*#
 **/*.bak
 **/.DS_Store
 **/*.gcno
 **/*.gcda
 releases/
--- a/37
+++ b/37
@ -1,39 +1,3 @@
 2018-03-24 Brian Cox <bcox@tripwire.com>
 	* Update version to 2.4.3.7
 	* Provide a useful README.md (Github issue #17).
 	* Document return codes in man pages (Github issue #28).
 	* Update install script after testing on additional platforms.
 	* Provide default policies for more operating systems, and update some existing policies
 	* Usability tweaks to twtest.
 	* Fix email reporting on Syllable
 	* Update copyright dates to 2018
 	* Clean up code style with clang-format, & add a custom style that approximates existing OST usage.
 	* Add -t / --output-level option to print-db mode, for consistency w/ print-report mode.
 	* Add object list support to print-report mode, for consistency w/ print-db mode.
 2017-10-01 Brian Cox <bcox@tripwire.com>
 	* Update version to 2.4.3.6
 	* Fix & expand tests in Perl acceptance test framework
 	* Fix & expand twtest unit tests, & rework unit test mini-framework so they’re referenced by name, not some numeric ID, and list tests as “skipped" if they don’t make any test assertions.
 	* Add configure options to enable coverage, profiling, & use /dev/urandom as RNG (all off by default)
 	* Add a ‘list’ make target to list all make targets
 	* Remove dead code & add test coverage per gcov+lcov results
 	* Fix various memory issues pointed out by valgrind
 	* In examine-encryption mode, better reporting (& nonzero exit) if we can't find a keyfile for the examined file.
 	* More exception handling around individual objects & init/IC as a whole, since there have been occasional reports of uncaught exceptions during init or check, and so far haven’t been able to repro or figure out what circumstances it occurs under. (e.g. Github issue #25)
 	* Tweak install.sh so it can be run directly, not just thru 'make install' if you want. (Github issue #26)
 	* Improve native (non-Posixy) path handling on platforms that need it (DOS, AROS, RISC OS, Redox)
 	* New platforms:  MirOS BSD, Bitrig, LibertyBSD, RISC OS, Redox
 	* Add default policies for HP-UX & various BSDs
 2017-03-30 Brian Cox <bcox@tripwire.com>
 	* Bump version to 2.4.3.5
 	* Fix ‘install-strip’, ‘check’, ‘uninstall’, and ‘distcheck’ make targets.
 	* Fix GCC 7.0.x warnings; use std::unique_ptr instead of deprecated std::auto_ptr where available.
 	* Add ‘--disable-extrawarnings’ configure option, for old compilers that don’t support the ’-Wextra’ compile option.
 	* Clean up unit tests & enable disabled tests.
 	* Address more static analyzer warnings, including from CppCheck & Flawfinder
 2017-03-05 Brian Cox <bcox@tripwire.com>
 	* Bump version to 2.4.3.4
 	* Fix issue with printing level 2 reports, introduced by fixing a Clang static analyzer quibble in 2.4.3.3. Sigh.
@ -64,7 +28,6 @@
 	* Remove dead code & unused files.
 	* Optional RESOLVE_IDS_TO_NAMES option to disable uid/gid to name resolution, if needed.
 	* New --key-size option to twadmin --generate-keys, to generate 1024 (default) or 2048 bit El Gamal keys.  
 2016-04-20 Brian Cox <bcox@tripwire.com>
 	* Bump version to 2.4.3.1
 	* Revive old 'twtest' unit test suite (such as it is); move _t.cpp files into twtest dir.
--- a/Makefile.am
+++ b/Makefile.am
@ -3,23 +3,7 @@ SUBDIRS = man src
 EXTRA_DIST = COMMERCIAL MAINTAINERS TRADEMARK LICENSE Packaging ReadMe-2.4.3 README.md autogen.sh autogen.sh.README touchconfig.sh contrib policy installer
 install-data-hook:
-	INSTALL_STRIP_FLAG="$(INSTALL_STRIP_FLAG)" \
+	export INSTALL_STRIP_FLAG
 	prefix="$(prefix)" sysconfdir="$(sysconfdir)" \
        path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
-	$(top_srcdir)/installer/install.sh
+        ./installer/install.sh
 uninstall-hook:
 	rm -f ${prefix}/sbin/tripwire $(prefix)/sbin/twadmin $(prefix)/sbin/twprint $(prefix)/sbin/siggen
 	rm -Rf $(prefix)/doc
 check:
 	rm -Rf $(top_srcdir)/src/test-harness/twtest
 	rm -Rf $(top_srcdir)/bin/TWTestData
 	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
 	cd $(top_srcdir)/bin && ./twtest all
 test: check
 .PHONY: targets
 targets:
 	@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs
--- a/Makefile.in
+++ b/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -307,6 +307,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -546,7 +547,7 @@ distdir: $(DISTFILES)
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
 	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
 	$(am__post_remove_distdir)
 dist-bzip2: distdir
@ -572,7 +573,7 @@ dist-shar: distdir
 	@echo WARNING: "Support for shar distribution archives is" \
 	               "deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
-	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
 	$(am__post_remove_distdir)
 dist-zip: distdir
@ -590,7 +591,7 @@ dist dist-all:
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
 	*.tar.lz*) \
@ -600,7 +601,7 @@ distcheck: dist
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
@ -773,10 +774,9 @@ ps: ps-recursive
 ps-am:
 uninstall-am:
-	@$(NORMAL_INSTALL)
+
 	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 .MAKE: $(am__recursive_targets) all install-am install-data-am \
-	install-strip uninstall-am
+	install-strip
 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
 	am--refresh check check-am clean clean-cscope clean-generic \
@ -792,32 +792,16 @@ uninstall-am:
 	install-strip installcheck installcheck-am installdirs \
 	installdirs-am maintainer-clean maintainer-clean-generic \
 	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
-	tags-am uninstall uninstall-am uninstall-hook
+	tags-am uninstall uninstall-am
 .PRECIOUS: Makefile
 install-data-hook:
-	INSTALL_STRIP_FLAG="$(INSTALL_STRIP_FLAG)" \
+	export INSTALL_STRIP_FLAG
 	prefix="$(prefix)" sysconfdir="$(sysconfdir)" \
        path_to_vi="$(path_to_vi)" path_to_sendmail="$(path_to_sendmail)" \
-	$(top_srcdir)/installer/install.sh
+        ./installer/install.sh
 uninstall-hook:
 	rm -f ${prefix}/sbin/tripwire $(prefix)/sbin/twadmin $(prefix)/sbin/twprint $(prefix)/sbin/siggen
 	rm -Rf $(prefix)/doc
 check:
 	rm -Rf $(top_srcdir)/src/test-harness/twtest
 	rm -Rf $(top_srcdir)/bin/TWTestData
 	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
 	cd $(top_srcdir)/bin && ./twtest all
 test: check
 .PHONY: targets
 targets:
 	@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | xargs
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/18
+++ b/18
@ -9,6 +9,10 @@ Packaging for Open Source Tripwire is maintained by various third parties:
 * Debian: https://tracker.debian.org/pkg/tripwire
 * Gentoo: https://packages.gentoo.org/packages/app-admin/tripwire
    Gentoo also has an SELinux policy for OST:
    https://packages.gentoo.org/packages/sec-policy/selinux-tripwire
 * Chef cookbook: https://github.com/rackspace-cookbooks/rackspace_tripwire
 * FreeBSD Ports: http://svnweb.freebsd.org/ports/head/security/tripwire/
@ -19,19 +23,5 @@ Packaging for Open Source Tripwire is maintained by various third parties:
 * NetBSD pkgsrc: http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/tripwire/README.html
    NOTE: At present (April 2016) pkgsrc only provides the obsolete Tripwire 1.2, from the mid-1990s.
    That version lacks contemporary hash algorithms, and you probably don't want to use it.
    There's an unfinished pkgsrc port for OST 2.3+ here, if someone who understands pkgsrc
    is looking for a fun(?) project: http://pkgsrc.se/wip/tripwire2
 A few third party projects that might be useful with OST
 * Chef cookbook: https://github.com/rackspace-cookbooks/rackspace_tripwire
 * Puppet module: https://github.com/razorsedge/puppet-tripwire
 * SELinux policies from Tresys: https://github.com/TresysTechnology/refpolicy-contrib/blob/master/tripwire.te
   (and related .fc and .if files in the same repo)
 * A Gentoo SELinux policy, different from the one above: https://packages.gentoo.org/packages/sec-policy/selinux-tripwire
 * An experimental(?) Dockerfile for CentOS: https://hub.docker.com/r/prateeknischal/tripwire-play/
--- a/README.md
+++ b/README.md
@ -1,179 +1,5 @@
-# Open Source Tripwire<sup>®</sup>
+#Open Source Tripwire<sup>®</sup> 
-Open Source Tripwire<sup>®</sup> is a security and data integrity tool for monitoring and alerting on file & directory changes. This project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com) in 2000.
+Open Source Tripwire<sup>®</sup> software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com) in 2000.
-## Overview
+Open Source Tripwire is suitable for monitoring a small number of Linux servers, where centralized control and reporting is not needed and professional support or system automation is not a requirement. 
 A Tripwire check compares the current filesystem state against a known baseline state, and alerts on any changes it detects.  The baseline and check behavior are controlled by a policy file, which specifies which files or directories to monitor, and which attributes to monitor on them, such as hashes, file permissions, and ownership.
 When an expected change occurs, such as upgrading a package, the baseline database can be updated to the new known-good state.  The policy can also be updated, for example to reduce noise or cover a newly installed package.
 ## Getting Started
 This section covers manual setup of Open Source Tripwire.  If installing via an RPM or Debian package, or via **make install**, a setup script will walk the user through the initial setup steps (key generation thru policy creation) and these will not need to be done by hand.
 ### Generating Keys
 The first step is to generate site and local key files.  This is necessary because Tripwire policy, configuration, and database files are signed by default, and report files may also be signed.  The site key is used to sign config and policy files, while databases and reports are signed with the local key.  The idea here is that multiple machines can share a site key, but each will have its own local key.  The policy and config files can then be created once and distributed across these machines.
 A common practice is to include the hostname in the local key filename, as follows:
 ```
 ./twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key
 ./twadmin --generate-keys -S /etc/tripwire/site.key
 ```
 ### Creating a configuration file
 The next step is to create a Tripwire config file.  The config file contains a variety of settings including the locations of Tripwire binaries and key files, email report settings, and parameters that control baseline/check behavior.  These settings are explained in detail in the **twconfig(4)** manual page.
 This command line reads and validates the config text in /path/to/twcfg.txt, writes the results to tw.cfg, and signs the resulting file with the provided site key:
 ```
 ./twadmin --create-cfgfile -S /path/to/site.key /path/to/twcfg.txt
 ```
 ### Generating a policy file
 Now it's time to configure which files & directories OST will monitor.  A few simple examples of policy rules:
 ```
 /start/point -> $(IgnoreNone); # Get all attributes for this dir tree
 /another/start -> +pinugS; # Get selected attributes for this dir tree
 !/start/point/subdir/to/ignore; # Don't monitor this dir tree
 ```
 The Tripwire policy language is documented in detail in the **twpolicy(4)** manual page, and default policies for most common operating systems are available in the OST project's policy subdirectory.
 ```
 ./twadmin --create-polfile -S /path/to/site.key /etc/tripwire/twpol.txt
 ```
 ### Creating a baseline
 The next step is to baseline the system for the first time.  This step is necessary even if the previous steps are handled by a setup/install script.
 ```
 ./tripwire --init
 ```
 This creates a database file in the configured directory, typically a file with a .twd extension in /var/lib/tripwire.  The optional **--verbose** argument to init mode lists files and directories as they're being scanned.
 ### Running a check
 ```
 ./tripwire --check
 ```
 This runs a check, again with an optional **--verbose** option that displays what it's doing.  Scan results are written to standard out, as well as a report file, which typically has a .twr extension and lives in /var/lib/tripwire/report.  If email reporting is enabled, emails will be sent at the end of the check.
 A common way to use OST is to set up a cron job to run checks periodically, emailing results to an administrative account.  Note that the OST install script currently does not create any cron jobs, and this will need to be done by hand.
 ### Printing a report
 ```
 ./twprint -m r -t [0-4] -r /path/to/reportfile.twr
 ```
 The -t argument specifies the level of report verbosity, where 0 is a single line summary of the report contents, and 4 displays all gathered attributes on all changed objects.  The report level defaults to 3 if not specified on the command line or via the REPORTLEVEL config file option.
 Databases can be also printed with:
 ```
 ./twprint -m d -d /path/to/database.twd
 ```
 ### Updating a database
 The simplest form of update updates the database with all the changes in a report file:
 ```
 ./tripwire --update --accept-all
 ```
 While a
 ```
 ./tripwire --update
 ```
 brings up a text report in the user's preferred editor (as configured in the config file's EDITOR option), with a checkbox next to each detected change.  After saving and exiting the editor, the database will only be updated for those objects that remain selected with an **[x]**.
 ### Updating a policy
 Policy update mode modifies the current Tripwire policy without losing existing baselines.
 ```
 ./tripwire --update-policy updated-policy.txt
 ```
 A check is run with the new policy as part of the update process.  If this check detects changes, the default behavior is to display the changes and exit without updating the policy or database.  To accept the changes and continue with the policy update, use the **-Z low** / **--secure-mode low** command line option.
 ### Testing the email configuration
 To test email configuration:
 ```
 ./tripwire --test --email user@domain.tld
 ```
 This sends a test email to the specified address, using the email settings specified in the config file.
 ## Building OST
 ### Prerequisites
 A C++ compiler.  It's known to build with gcc and clang; OST should work with gcc versions as old as 2.95.2, although gcc older than version 3.1 will need an external STLPort package.
 A POSIX-like operating system, including Linux, macOS, various BSDs, Solaris, AIX, HP-UX, Minix, Haiku, GNU/Hurd, and others.  Windows users can build OST under Cygwin, although this does not provide support for monitoring the Registry or any Windows-specific file attributes.
 Perl 5+ is needed to run the project's test suite.
 ### Configuring & Building
 OST uses a standard automake build, so the first configuration step will generally be:
 ```
 ./configure
 ```
 Additional compiler arguments (such as Debian hardening options), non-default paths, and other options can be set up in this step.  A ```./configure --help``` lists the available configuration options.
 The ```--prefix=/some/path``` option controls where a subsequent ```make install``` will install to, and where Tripwire binaries will look for a configuration file.
 The ```--enable-static``` option causes the build to create statically linked binaries.  This is often used as a security enhancement, so that Tripwire will not rely on the shared libraries on the machine.  This is not possible on all platforms, as some (like macOS and Solaris) don't provide the necessary static libraries to link against.
 Note that Linux systems that use NSS for name lookups will still employ shared libraries behind the scenes even when the OST binaries are statically linked.  There have been occasional reports of segfaults when trying to do a name lookup in these circumstances, particularly when the binary was built on a different machine or it's trying to do an LDAP or NIS name lookup.  If this occurs, there are two ways to work around it:  Either switch to dynamic binaries, or set the Tripwire config file option ```RESOLVE_IDS_TO_NAMES=false```, which tells OST to just watch numeric user & group IDs and not perform name lookups.
 If the configure or make step fails with errors about the automake/autoconf version, it may be necessary to run the script
 ```./touchconfig.sh```
 before building the project.  This script simply touches files in the correct order such that their last change times are not all identical, and that they're different in the right order.
 Then just
 ```make```
 to build the project.
 ## Running the test suites
 the ```make check``` make target runs two things:  The acceptance test suite in the src/test-harness directory, and unit tests by running twtest, which is built in the bin directory along with other Tripwire binaries.  These tests can also be run separately:
 ```./twtest``` runs all unit tests, while ```./twtest list``` lists all available tests.
 ```./twtest Groupname``` runs all tests in a group, and
 ```./twtest Groupname/Testname``` just runs the specified test.
 To run the acceptance tests manually, cd to the src/test-harness directory and run ```perl ./twtest.pl```.
 ## Deployment
 The ```make install``` target installs OST to the configured location, and ```make install-strip``` installs and removes symbols from the Tripwire binaries.  A ```make dist``` creates a gzipped source bundle.
 ## Authors
 * [Tripwire, Inc.](http://www.tripwire.com)
 ## License
 The developer of the original code and/or files is Tripwire, Inc.
 Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.
 Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
 This program is free software.  The contents of this file are subject to the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.  You may redistribute it and/or modify it only in compliance with the GNU General Public License.
 This program is distributed in the hope that it will be useful.  However,
 this program is distributed "AS-IS" WITHOUT ANY WARRANTY; INCLUDING THE
 IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 Please see the GNU General Public License for more details.
 You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc.,
 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 Nothing in the GNU General Public License or any other license to use the
 code or files shall permit you to use Tripwire's trademarks, service marks, or other intellectual property without Tripwire's prior written consent.
 If you have any questions, please contact Tripwire, Inc. at either
 info@tripwire.org or www.tripwire.org.
--- a/ReadMe-2.4.3
+++ b/ReadMe-2.4.3
@ -1,14 +1,4 @@
-What's new in Open Source Tripwire 2.4.3.x:
+What's new in Open Source Tripwire 2.4.3.2:
 * Useful ‘install-strip’, ‘check’, ‘uninstall’ & ‘distcheck’ make targets as of OST 2.4.3.5.  Check target invokes both the test-harness framework and twtest unit tests.
 * Verify OST builds without errors w/ GCC 7.0.x; fix new warnings from the new compiler, including deprecation warnings; use std::unique_ptr instead of std::auto_ptr where available.
 * Add ‘--disable-extrawarnings’ configure option, for old compilers that don’t support the ’-Wextra’ compile option.
 * Clean up unit tests, enable various disabled tests, make results more useful.
 * Additional cleanup due to static analysis tool results (CppCheck, Flawfinder, Clang analyzer).
 * OST now includes optional iconv support when configured with --enable-iconv.
 When enabled, binary database & report files store paths as UTF-16, making these files more
@ -39,6 +29,11 @@ specifying a build directory outside the source dir now works as expected.
 * Assorted platform tweaks:  Add DOS/FreeDOS + DJGPP as a new platform; support Cygwin
 //host/share/path syntax for UNC paths; passphrase & tempfile fixes for AROS.
 ======================================
 What was new in earlier 2.4.3 versions:
 * This update fixes compilation errors on modern compilers (GCC 4.7+ and LLVM/clang), 
 as well as some additional errors encountered on various platforms.  This is intended
 to supersede patches against 2.4.2.x, e.g. http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html
@ -71,22 +66,15 @@ defined incorrectly otherwise.
 The update has been tested on a variety of platforms: 
 Linuxes
 - Alpine Linux 3.3.3 + gcc 5.3.0
 - Alpine Linux 3.5.1 + gcc 6.2.1
 - Arch Linux 232 + gcc 6.3.1
 - Amazon Linux AMI 2016.09 + gcc 4.8.3
 - Android 6.0 (arm) + gcc 4.9 (NDK)
 - CentOS 7 (amd64) + gcc 4.8.5
 - Fedora 24 Alpha 7 (amd64) + gcc 6.0.0
 - Fedora 27 Rawhide (amd64) + gcc 7.0.1
 - Raspbian 7 (wheezy) (armv6l) + gcc 4.6.3
 - RHEL 3.4 (Itanium) + gcc 3.4.3
 - RHEL 6.0 (powerpc64) + gcc 4.4.4
 - openSuSE Tumbleweed (20160408) (i586) + gcc 5.3.1
 - Oracle Linux 6.8 + gcc 4.4.7
 - Ubuntu 14.0.4 (amd64) + gcc 4.x
- Ubuntu 16.0.4 (amd64) + gcc 5.4.0
+- RHEL 3.4 (Itanium) + gcc 3.4.3
- Wind River Pulsar Linux 8 + gcc 5.2.0
+- Alpine Linux 3.3.3 + gcc 5.3.0
 - Android 6.0 (arm) + gcc 4.9
 - Raspbian 7 (wheezy) (armv6l) + gcc 4.6.3
 - openSuSE Tumbleweed (20160408) (i586) + gcc 5.3.1
 - RHEL 6.0 (powerpc64) + gcc 4.4.4
 - Fedora 24 Alpha 7 (amd64) + gcc 6.0.0
 OSX
 - Mac OS X 10.11 + LLVM 7.0.2 / clang-700.1.81
@ -102,7 +90,7 @@ BSDs
 UNIXes
 - Solaris 10 SPARC + gcc 3.4.6
 - Solaris 10 x86 + gcc 3.4.3
- OpenIndiana 151 + gcc 4.8.5
+- OpenIndiana 151 + gcc 4.8.5 [an OpenSolaris/illumos distro]
 - AIX 5.2 + gcc 4.3.1
 - HP-UX 11.23 + gcc 4.2.3
--- a/2
+++ b/2
@ -2,7 +2,7 @@ TRIPWIRE COPYRIGHT & TRADEMARK NOTICE
 COPYRIGHT
 The developer of the original code and/or files is Tripwire, Inc.  Portions
-created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc. 
+created by Tripwire, Inc. are copyright 2000 Tripwire, Inc. 
 TRADEMARK
 Tripwire is a registered trademark (the "Trademark") of Tripwire, Inc.  All
--- a/_config.yml
+++ b/_config.yml
@ -1 +0,0 @@
 theme: jekyll-theme-minimal
--- a/aclocal.m4
+++ b/aclocal.m4
@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.15 -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -20,7 +20,7 @@ You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])
-# Copyright (C) 2002-2017 Free Software Foundation, Inc.
+# Copyright (C) 2002-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
 [am__api_version='1.15'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.15.1], [],
+m4_if([$1], [1.15], [],
      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.15.1])dnl
+[AM_AUTOMAKE_VERSION([1.15])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
 # AM_CONDITIONAL                                            -*- Autoconf -*-
-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
 # Generate code to set up dependency tracking.              -*- Autoconf -*-
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -408,7 +408,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 # Do all the work for Automake.                             -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -605,7 +605,7 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -626,7 +626,7 @@ if test x"${install_sh+set}" != xset; then
 fi
 AC_SUBST([install_sh])])
-# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+# Copyright (C) 2003-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -647,7 +647,7 @@ AC_SUBST([am__leading_dot])])
 # Check to see how 'make' treats includes.	            -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -697,7 +697,7 @@ rm -f confinc confmf
 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -738,7 +738,7 @@ fi
 # Obsolete and "removed" macros, that must however still report explicit
 # error messages when used, to smooth transition.
 #
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -765,7 +765,7 @@ AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
 # Helper functions for option handling.                     -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -794,7 +794,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -841,7 +841,7 @@ AC_LANG_POP([C])])
 # For backward compatibility.
 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -860,7 +860,7 @@ AC_DEFUN([AM_RUN_LOG],
 # Check to make sure that the build environment is sane.    -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -941,7 +941,7 @@ AC_CONFIG_COMMANDS_PRE(
 rm -f conftest.file
 ])
-# Copyright (C) 2009-2017 Free Software Foundation, Inc.
+# Copyright (C) 2009-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1001,7 +1001,7 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1029,7 +1029,7 @@ fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])
-# Copyright (C) 2006-2017 Free Software Foundation, Inc.
+# Copyright (C) 2006-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -1048,7 +1048,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 # Check how to create a tarball.                            -*- Autoconf -*-
-# Copyright (C) 2004-2017 Free Software Foundation, Inc.
+# Copyright (C) 2004-2014 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
--- a/348
+++ b/348
@ -1,348 +0,0 @@
 #! /bin/sh
 # Wrapper for compilers which do not understand '-c -o'.
 scriptversion=2016-01-11.22; # UTC
 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
 # Written by Tom Tromey <tromey@cygnus.com>.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2, or (at your option)
 # any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 # This file is maintained in Automake, please report
 # bugs to <bug-automake@gnu.org> or send patches to
 # <automake-patches@gnu.org>.
 nl='
 '
 # We need space, tab and new line, in precisely that order.  Quoting is
 # there to prevent tools from complaining about whitespace usage.
 IFS=" ""	$nl"
 file_conv=
 # func_file_conv build_file lazy
 # Convert a $build file to $host form and store it in $file
 # Currently only supports Windows hosts. If the determined conversion
 # type is listed in (the comma separated) LAZY, no conversion will
 # take place.
 func_file_conv ()
 {
  file=$1
  case $file in
    / | /[!/]*) # absolute file, and not a UNC file
      if test -z "$file_conv"; then
 	# lazily determine how to convert abs files
 	case `uname -s` in
 	  MINGW*)
 	    file_conv=mingw
 	    ;;
 	  CYGWIN*)
 	    file_conv=cygwin
 	    ;;
 	  *)
 	    file_conv=wine
 	    ;;
 	esac
      fi
      case $file_conv/,$2, in
 	*,$file_conv,*)
 	  ;;
 	mingw/*)
 	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
 	  ;;
 	cygwin/*)
 	  file=`cygpath -m "$file" || echo "$file"`
 	  ;;
 	wine/*)
 	  file=`winepath -w "$file" || echo "$file"`
 	  ;;
      esac
      ;;
  esac
 }
 # func_cl_dashL linkdir
 # Make cl look for libraries in LINKDIR
 func_cl_dashL ()
 {
  func_file_conv "$1"
  if test -z "$lib_path"; then
    lib_path=$file
  else
    lib_path="$lib_path;$file"
  fi
  linker_opts="$linker_opts -LIBPATH:$file"
 }
 # func_cl_dashl library
 # Do a library search-path lookup for cl
 func_cl_dashl ()
 {
  lib=$1
  found=no
  save_IFS=$IFS
  IFS=';'
  for dir in $lib_path $LIB
  do
    IFS=$save_IFS
    if $shared && test -f "$dir/$lib.dll.lib"; then
      found=yes
      lib=$dir/$lib.dll.lib
      break
    fi
    if test -f "$dir/$lib.lib"; then
      found=yes
      lib=$dir/$lib.lib
      break
    fi
    if test -f "$dir/lib$lib.a"; then
      found=yes
      lib=$dir/lib$lib.a
      break
    fi
  done
  IFS=$save_IFS
  if test "$found" != yes; then
    lib=$lib.lib
  fi
 }
 # func_cl_wrapper cl arg...
 # Adjust compile command to suit cl
 func_cl_wrapper ()
 {
  # Assume a capable shell
  lib_path=
  shared=:
  linker_opts=
  for arg
  do
    if test -n "$eat"; then
      eat=
    else
      case $1 in
 	-o)
 	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
 	  eat=1
 	  case $2 in
 	    *.o | *.[oO][bB][jJ])
 	      func_file_conv "$2"
 	      set x "$@" -Fo"$file"
 	      shift
 	      ;;
 	    *)
 	      func_file_conv "$2"
 	      set x "$@" -Fe"$file"
 	      shift
 	      ;;
 	  esac
 	  ;;
 	-I)
 	  eat=1
 	  func_file_conv "$2" mingw
 	  set x "$@" -I"$file"
 	  shift
 	  ;;
 	-I*)
 	  func_file_conv "${1#-I}" mingw
 	  set x "$@" -I"$file"
 	  shift
 	  ;;
 	-l)
 	  eat=1
 	  func_cl_dashl "$2"
 	  set x "$@" "$lib"
 	  shift
 	  ;;
 	-l*)
 	  func_cl_dashl "${1#-l}"
 	  set x "$@" "$lib"
 	  shift
 	  ;;
 	-L)
 	  eat=1
 	  func_cl_dashL "$2"
 	  ;;
 	-L*)
 	  func_cl_dashL "${1#-L}"
 	  ;;
 	-static)
 	  shared=false
 	  ;;
 	-Wl,*)
 	  arg=${1#-Wl,}
 	  save_ifs="$IFS"; IFS=','
 	  for flag in $arg; do
 	    IFS="$save_ifs"
 	    linker_opts="$linker_opts $flag"
 	  done
 	  IFS="$save_ifs"
 	  ;;
 	-Xlinker)
 	  eat=1
 	  linker_opts="$linker_opts $2"
 	  ;;
 	-*)
 	  set x "$@" "$1"
 	  shift
 	  ;;
 	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
 	  func_file_conv "$1"
 	  set x "$@" -Tp"$file"
 	  shift
 	  ;;
 	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
 	  func_file_conv "$1" mingw
 	  set x "$@" "$file"
 	  shift
 	  ;;
 	*)
 	  set x "$@" "$1"
 	  shift
 	  ;;
      esac
    fi
    shift
  done
  if test -n "$linker_opts"; then
    linker_opts="-link$linker_opts"
  fi
  exec "$@" $linker_opts
  exit 1
 }
 eat=
 case $1 in
  '')
     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
     exit 1;
     ;;
  -h | --h*)
    cat <<\EOF
 Usage: compile [--help] [--version] PROGRAM [ARGS]
 Wrapper for compilers which do not understand '-c -o'.
 Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
 arguments, and rename the output as expected.
 If you are trying to build a whole package this is not the
 right script to run: please start by reading the file 'INSTALL'.
 Report bugs to <bug-automake@gnu.org>.
 EOF
    exit $?
    ;;
  -v | --v*)
    echo "compile $scriptversion"
    exit $?
    ;;
  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
  icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
    func_cl_wrapper "$@"      # Doesn't return...
    ;;
 esac
 ofile=
 cfile=
 for arg
 do
  if test -n "$eat"; then
    eat=
  else
    case $1 in
      -o)
 	# configure might choose to run compile as 'compile cc -o foo foo.c'.
 	# So we strip '-o arg' only if arg is an object.
 	eat=1
 	case $2 in
 	  *.o | *.obj)
 	    ofile=$2
 	    ;;
 	  *)
 	    set x "$@" -o "$2"
 	    shift
 	    ;;
 	esac
 	;;
      *.c)
 	cfile=$1
 	set x "$@" "$1"
 	shift
 	;;
      *)
 	set x "$@" "$1"
 	shift
 	;;
    esac
  fi
  shift
 done
 if test -z "$ofile" || test -z "$cfile"; then
  # If no '-o' option was seen then we might have been invoked from a
  # pattern rule where we don't need one.  That is ok -- this is a
  # normal compilation that the losing compiler can handle.  If no
  # '.c' file was seen then we are probably linking.  That is also
  # ok.
  exec "$@"
 fi
 # Name of file we expect compiler to create.
 cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
 # Create the lock directory.
 # Note: use '[/\\:.-]' here to ensure that we don't use the same name
 # that we are using for the .o file.  Also, base the name on the expected
 # object file name, since that is what matters with a parallel build.
 lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
 while true; do
  if mkdir "$lockdir" >/dev/null 2>&1; then
    break
  fi
  sleep 1
 done
 # FIXME: race condition here if user kills between mkdir and trap.
 trap "rmdir '$lockdir'; exit 1" 1 2 15
 # Run the compile.
 "$@"
 ret=$?
 if test -f "$cofile"; then
  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
 elif test -f "${cofile}bj"; then
  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
 fi
 rmdir "$lockdir"
 exit $ret
 # Local Variables:
 # mode: shell-script
 # sh-indentation: 2
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
 # time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:
--- a/config.guess
+++ b/config.guess
@ -1,8 +1,8 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2017 Free Software Foundation, Inc.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2017-09-16'
+timestamp='2016-02-11'
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2017-09-16'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@ -27,7 +27,7 @@ timestamp='2017-09-16'
 # Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
 #
 # You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 #
 # Please send patches to <config-patches@gnu.org>.
@ -50,7 +50,7 @@ version="\
 GNU config.guess ($timestamp)
 Originally written by Per Bothner.
-Copyright 1992-2017 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -186,12 +186,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
-	# to ELF recently (or will in the future) and ABI.
+	# to ELF recently, or will in the future.
 	case "${UNAME_MACHINE_ARCH}" in
-	    earm*)
+	    arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
 		os=netbsdelf
 		;;
 	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
 		eval $set_cc_for_build
 		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
 			| grep -q __ELF__
@ -259,9 +256,6 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
    *:Sortix:*:*)
 	echo ${UNAME_MACHINE}-unknown-sortix
 	exit ;;
    *:Redox:*:*)
 	echo ${UNAME_MACHINE}-unknown-redox
 	exit ;;
    alpha:OSF1:*:*)
 	case $UNAME_RELEASE in
 	*4.0)
@ -318,6 +312,15 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	exitcode=$?
 	trap '' 0
 	exit $exitcode ;;
    Alpha\ *:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# Should we change UNAME_MACHINE based on the output of uname instead
 	# of the specific Alpha model?
 	echo alpha-pc-interix
 	exit ;;
    21064:Windows_NT:50:3)
 	echo alpha-dec-winnt3.5
 	exit ;;
    Amiga*:UNIX_System_V:4.0:*)
 	echo m68k-unknown-sysv4
 	exit ;;
@ -383,7 +386,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	# This test works for both compilers.
 	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
 		grep IS_64BIT_ARCH >/dev/null
 	    then
 		SUN_ARCH=x86_64
@ -681,7 +684,7 @@ EOF
 		    exit (0);
 		}
 EOF
-		    (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
 		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		fi ;;
 	esac
@ -698,7 +701,7 @@ EOF
 	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
 	    # => hppa64-hp-hpux11.23
-	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
 		grep -q __LP64__
 	    then
 		HP_ARCH=hppa2.0w
@ -831,11 +834,10 @@ EOF
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
 	case ${UNAME_PROCESSOR} in
 	    amd64)
-		UNAME_PROCESSOR=x86_64 ;;
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    i386)
+	    *)
-		UNAME_PROCESSOR=i586 ;;
+		echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
 	esac
 	echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
 	exit ;;
    *:MidnightBSD:*:*)
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
@ -858,6 +860,10 @@ EOF
    *:MSYS*:*)
 	echo ${UNAME_MACHINE}-pc-msys
 	exit ;;
    i*:windows32*:*)
 	# uname -m includes "-pc" on this system.
 	echo ${UNAME_MACHINE}-mingw32
 	exit ;;
    i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
 	exit ;;
@ -873,12 +879,27 @@ EOF
 		echo ia64-unknown-interix${UNAME_RELEASE}
 		exit ;;
 	esac ;;
    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
 	echo i${UNAME_MACHINE}-pc-mks
 	exit ;;
    8664:Windows_NT:*)
 	echo x86_64-pc-mks
 	exit ;;
    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
 	# UNAME_MACHINE based on the output of uname instead of i386?
 	echo i586-pc-interix
 	exit ;;
    i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
 	exit ;;
    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
 	echo x86_64-unknown-cygwin
 	exit ;;
    p*:CYGWIN*:*)
 	echo powerpcle-unknown-cygwin
 	exit ;;
    prep*:SunOS:5.*:*)
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit ;;
@ -888,7 +909,7 @@ EOF
 	exit ;;
    *:GNU/*:*:*)
 	# other systems with GNU libc and userland
-	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
 	exit ;;
    i*86:Minix:*:*)
 	echo ${UNAME_MACHINE}-pc-minix
@ -985,9 +1006,6 @@ EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
 	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
 	;;
    mips64el:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
    openrisc*:Linux:*:*)
 	echo or1k-unknown-linux-${LIBC}
 	exit ;;
@ -1020,9 +1038,6 @@ EOF
    ppcle:Linux:*:*)
 	echo powerpcle-unknown-linux-${LIBC}
 	exit ;;
    riscv32:Linux:*:* | riscv64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
    s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
 	exit ;;
@ -1270,9 +1285,6 @@ EOF
    SX-8R:SUPER-UX:*:*)
 	echo sx8r-nec-superux${UNAME_RELEASE}
 	exit ;;
    SX-ACE:SUPER-UX:*:*)
 	echo sxace-nec-superux${UNAME_RELEASE}
 	exit ;;
    Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
 	exit ;;
@ -1288,7 +1300,7 @@ EOF
 	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
 	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		    (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
 		    grep IS_64BIT_ARCH >/dev/null
 		then
 		    case $UNAME_PROCESSOR in
@ -1296,13 +1308,6 @@ EOF
 			powerpc) UNAME_PROCESSOR=powerpc64 ;;
 		    esac
 		fi
 		# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
 		if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
 		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
 		       grep IS_PPC >/dev/null
 		then
 		    UNAME_PROCESSOR=powerpc
 		fi
 	    fi
 	elif test "$UNAME_PROCESSOR" = i386 ; then
 	    # Avoid executing cc on OS X 10.9, as it ships with a stub
@ -1326,18 +1331,15 @@ EOF
    *:QNX:*:4*)
 	echo i386-pc-qnx
 	exit ;;
-    NEO-*:NONSTOP_KERNEL:*:*)
+    NEO-?:NONSTOP_KERNEL:*:*)
 	echo neo-tandem-nsk${UNAME_RELEASE}
 	exit ;;
    NSE-*:NONSTOP_KERNEL:*:*)
 	echo nse-tandem-nsk${UNAME_RELEASE}
 	exit ;;
-    NSR-*:NONSTOP_KERNEL:*:*)
+    NSR-?:NONSTOP_KERNEL:*:*)
 	echo nsr-tandem-nsk${UNAME_RELEASE}
 	exit ;;
    NSX-*:NONSTOP_KERNEL:*:*)
 	echo nsx-tandem-nsk${UNAME_RELEASE}
 	exit ;;
    *:NonStop-UX:*:*)
 	echo mips-compaq-nonstopux
 	exit ;;
@ -1393,7 +1395,7 @@ EOF
 	echo i386-pc-xenix
 	exit ;;
    i*86:skyos:*:*)
-	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
 	exit ;;
    i*86:rdos:*:*)
 	echo ${UNAME_MACHINE}-pc-rdos
@ -1412,17 +1414,18 @@ esac
 cat >&2 <<EOF
 $0: unable to guess system type
-This script (version $timestamp), has failed to recognize the
+This script, last modified $timestamp, has failed to recognize
-operating system you are using. If your script is old, overwrite *all*
+the operating system you are using. It is advised that you
-copies of config.guess and config.sub with the latest versions from:
+download the most up to date version of the config scripts from
-  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 and
-  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
-If $0 has already been updated, send the following data and any
+If the version you run ($0) is already up to date, please
-information you think might be pertinent to config-patches@gnu.org to
+send the following data and any information you think might be
-provide the necessary information to handle your system.
+pertinent to <config-patches@gnu.org> in order to provide the needed
 information to handle your system.
 config.guess timestamp = $timestamp
--- a/config.h.in
+++ b/config.h.in
@ -6,9 +6,6 @@
 /* Compile with debug code */
 #undef DEBUG
 /* Enable use of /dev/urandom */
 #undef ENABLE_DEV_URANDOM
 /* this is the prefix for STL exception functions */
 #undef EXCEPTION_NAMESPACE
@ -18,21 +15,6 @@
 /* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */
 #undef HAVE_COMMONCRYPTO_COMMONDIGEST_H
 /* Has /dev/arandom */
 #undef HAVE_DEV_ARANDOM
 /* Has /dev/random */
 #undef HAVE_DEV_RANDOM
 /* Has /dev/urandom */
 #undef HAVE_DEV_URANDOM
 /* Define to 1 if you have the `door_create' function. */
 #undef HAVE_DOOR_CREATE
 /* Define to 1 if you have the <door.h> header file. */
 #undef HAVE_DOOR_H
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H
@ -72,12 +54,6 @@
 /* Define to 1 if you have the <openssl/sha.h> header file. */
 #undef HAVE_OPENSSL_SHA_H
 /* Define to 1 if you have the `port_create' function. */
 #undef HAVE_PORT_CREATE
 /* Define to 1 if you have the <port.h> header file. */
 #undef HAVE_PORT_H
 /* Define to 1 if you have the `posix_fadvise' function. */
 #undef HAVE_POSIX_FADVISE
@ -102,15 +78,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 /* Define to 1 if `st_blocks' is a member of `struct stat'. */
 #undef HAVE_STRUCT_STAT_ST_BLOCKS
 /* Define to 1 if `st_rdev' is a member of `struct stat'. */
 #undef HAVE_STRUCT_STAT_ST_RDEV
 /* Define to 1 if you have the `swab' function. */
 #undef HAVE_SWAB
 /* Define to 1 if you have the <syslog.h> header file. */
 #undef HAVE_SYSLOG_H
@ -144,9 +111,6 @@
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H
 /* Define to 1 if you have the <sys/unistd.h> header file. */
 #undef HAVE_SYS_UNISTD_H
 /* Define to 1 if you have the <sys/ustat.h> header file. */
 #undef HAVE_SYS_USTAT_H
@ -201,9 +165,6 @@
 /* The size of `long long', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG
 /* The size of `time_t', as computed by sizeof. */
 #undef SIZEOF_TIME_T
 /* Don't use gethostbyname() on Solaris */
 #undef SOLARIS_NO_GETHOSTBYNAME
--- a/config.sub
+++ b/config.sub
@ -1,8 +1,8 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2017 Free Software Foundation, Inc.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2017-09-22'
+timestamp='2016-01-01'
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2017-09-22'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@ -33,7 +33,7 @@ timestamp='2017-09-22'
 # Otherwise, we print the canonical config type on stdout and succeed.
 # You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
-Copyright 1992-2017 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -117,7 +117,7 @@ case $maybe_os in
  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
-  kopensolaris*-gnu* | cloudabi*-eabi* | \
+  kopensolaris*-gnu* | \
  storm-chaos* | os2-emx* | rtmk-nova*)
    os=-$maybe_os
    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -229,6 +229,9 @@ case $os in
 	-ptx*)
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
 		;;
 	-windowsnt*)
 		os=`echo $os | sed -e 's/windowsnt/winnt/'`
 		;;
 	-psos*)
 		os=-psos
 		;;
@ -260,7 +263,7 @@ case $basic_machine in
 	| fido | fr30 | frv | ft32 \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| hexagon \
-	| i370 | i860 | i960 | ia16 | ia64 \
+	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
 	| k1om \
 	| le32 | le64 \
@ -298,7 +301,6 @@ case $basic_machine in
 	| open8 | or1k | or1knd | or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle \
 	| pru \
 	| pyramid \
 	| riscv32 | riscv64 \
 	| rl78 | rx \
@ -312,7 +314,6 @@ case $basic_machine in
 	| ubicom32 \
 	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
 	| visium \
 	| wasm32 \
 	| we32k \
 	| x86 | xc16x | xstormy16 | xtensa \
 	| z8k | z80)
@ -386,7 +387,7 @@ case $basic_machine in
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| hexagon-* \
-	| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
 	| ip2k-* | iq2000-* \
 	| k1om-* \
 	| le32-* | le64-* \
@ -427,7 +428,6 @@ case $basic_machine in
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
 	| pru-* \
 	| pyramid-* \
 	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
@ -444,7 +444,6 @@ case $basic_machine in
 	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
 	| vax-* \
 	| visium-* \
 	| wasm32-* \
 	| we32k-* \
 	| x86-* | x86_64-* | xc16x-* | xps100-* \
 	| xstormy16-* | xtensa*-* \
@ -644,14 +643,6 @@ case $basic_machine in
 		basic_machine=m68k-bull
 		os=-sysv3
 		;;
 	e500v[12])
 		basic_machine=powerpc-unknown
 		os=$os"spe"
 		;;
 	e500v[12]-*)
 		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
 		os=$os"spe"
 		;;
 	ebmon29k)
 		basic_machine=a29k-amd
 		os=-ebmon
@ -947,9 +938,6 @@ case $basic_machine in
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
 	nsx-tandem)
 		basic_machine=nsx-tandem
 		;;
 	op50n-* | op60c-*)
 		basic_machine=hppa1.1-oki
 		os=-proelf
@ -1034,7 +1022,7 @@ case $basic_machine in
 	ppc-* | ppcbe-*)
 		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppcle | powerpclittle)
+	ppcle | powerpclittle | ppc-le | powerpc-little)
 		basic_machine=powerpcle-unknown
 		;;
 	ppcle-* | powerpclittle-*)
@ -1044,7 +1032,7 @@ case $basic_machine in
 		;;
 	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppc64le | powerpc64little)
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
 		basic_machine=powerpc64le-unknown
 		;;
 	ppc64le-* | powerpc64little-*)
@ -1245,9 +1233,6 @@ case $basic_machine in
 		basic_machine=a29k-wrs
 		os=-vxworks
 		;;
 	wasm32)
 		basic_machine=wasm32-unknown
 		;;
 	w65*)
 		basic_machine=w65-wdc
 		os=-none
@ -1256,9 +1241,6 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
 	x64)
 		basic_machine=x86_64-pc
 		;;
 	xbox)
 		basic_machine=i686-pc
 		os=-mingw32
@ -1366,8 +1348,8 @@ esac
 if [ x"$os" != x"" ]
 then
 case $os in
-	# First match some system type aliases that might get confused
+	# First match some system type aliases
-	# with valid system types.
+	# that might get confused with valid system types.
 	# -solaris* is a basic system type, with this one exception.
 	-auroraux)
 		os=-auroraux
@ -1387,9 +1369,9 @@ case $os in
 	-gnu/linux*)
 		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
 		;;
-	# Now accept the basic system types.
+	# First accept the basic system types.
 	# The portable systems comes first.
-	# Each alternative MUST end in a * to match a version number.
+	# Each alternative MUST END IN A *, to match a version number.
 	# -sysv* is not here because it comes later, after sysvr4.
 	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
 	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
@ -1405,9 +1387,9 @@ case $os in
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
 	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
 	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
 	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
@ -1417,7 +1399,7 @@ case $os in
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
 	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
+	      | -onefs* | -tirtos*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@ -1549,8 +1531,6 @@ case $os in
 		;;
 	-nacl*)
 		;;
 	-ios)
 		;;
 	-none)
 		;;
 	*)
@ -1646,9 +1626,6 @@ case $basic_machine in
 	sparc-* | *-sun)
 		os=-sunos4.1.1
 		;;
 	pru-*)
 		os=-elf
 		;;
 	*-be)
 		os=-beos
 		;;
--- a/322
+++ b/322
@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac Revision: 2.4.3.7 .
+# From configure.ac Revision: 2.4.3.4 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.7.
+# Generated by GNU Autoconf 2.69 for tripwire 2.4.3.4.
 #
 # Report bugs to <https://github.com/Tripwire/tripwire-open-source/issues>.
 #
@ -12,7 +12,7 @@
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
 #
-# The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
+# The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
 ## -------------------- ##
 ## M4sh Initialization. ##
 ## -------------------- ##
@ -584,8 +584,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tripwire'
 PACKAGE_TARNAME='tripwire'
-PACKAGE_VERSION='2.4.3.7'
+PACKAGE_VERSION='2.4.3.4'
-PACKAGE_STRING='tripwire 2.4.3.7'
+PACKAGE_STRING='tripwire 2.4.3.4'
 PACKAGE_BUGREPORT='https://github.com/Tripwire/tripwire-open-source/issues'
 PACKAGE_URL='https://github.com/Tripwire/tripwire-open-source'
@ -724,6 +724,7 @@ infodir
 docdir
 oldincludedir
 includedir
 runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@ -747,12 +748,8 @@ ac_subst_files=''
 ac_user_opts='
 enable_option_checking
 enable_silent_rules
 enable_extrawarnings
 enable_static
 enable_debug
 enable_coverage
 enable_profiling
 enable_urandom
 enable_dependency_tracking
 enable_commoncrypto
 enable_iconv
@ -812,6 +809,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
 runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1064,6 +1062,15 @@ do
  | -silent | --silent | --silen | --sile | --sil)
    silent=yes ;;
  -runstatedir | --runstatedir | --runstatedi | --runstated \
  | --runstate | --runstat | --runsta | --runst | --runs \
  | --run | --ru | --r)
    ac_prev=runstatedir ;;
  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
  | --run=* | --ru=* | --r=*)
    runstatedir=$ac_optarg ;;
  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
    ac_prev=sbindir ;;
  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1201,7 +1208,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
  eval ac_val=\$$ac_var
  # Remove trailing slashes.
@ -1314,7 +1321,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures tripwire 2.4.3.7 to adapt to many kinds of systems.
+\`configure' configures tripwire 2.4.3.4 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1354,6 +1361,7 @@ Fine tuning of the installation directories:
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@ -1385,7 +1393,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of tripwire 2.4.3.7:";;
+     short | recursive ) echo "Configuration of tripwire 2.4.3.4:";;
   esac
  cat <<\_ACEOF
@ -1395,12 +1403,8 @@ Optional Features:
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-silent-rules   less verbose build output (undo: "make V=1")
  --disable-silent-rules  verbose build output (undo: "make V=0")
  —-disable-extrawarnings do not compile with -Wextra warnings enabled
  --enable-static         compile static binaries
  --enable-debug          compile with debuging enabled
  --enable-coverage       enable code coverage
  --enable-profiling      enable profiling
  --enable-urandom        use /dev/urandom
  --enable-dependency-tracking
                          do not reject slow dependency extractors
  --disable-dependency-tracking
@ -1500,14 +1504,14 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-tripwire configure 2.4.3.7
+tripwire configure 2.4.3.4
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
-The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
+The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.
 _ACEOF
  exit
 fi
@ -2030,63 +2034,6 @@ rm -f conftest.val
 } # ac_fn_c_compute_int
 # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
 # ----------------------------------------------------
 # Tries to find if the field MEMBER exists in type AGGR, after including
 # INCLUDES, setting cache variable VAR accordingly.
 ac_fn_c_check_member ()
 {
  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
 $as_echo_n "checking for $2.$3... " >&6; }
 if eval \${$4+:} false; then :
  $as_echo_n "(cached) " >&6
 else
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
 main ()
 {
 static $2 ac_aggr;
 if (ac_aggr.$3)
 return 0;
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
  eval "$4=yes"
 else
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
 main ()
 {
 static $2 ac_aggr;
 if (sizeof ac_aggr.$3)
 return 0;
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
  eval "$4=yes"
 else
  eval "$4=no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
 eval ac_res=\$$4
 	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
 $as_echo "$ac_res" >&6; }
  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
 } # ac_fn_c_check_member
 # ac_fn_c_try_link LINENO
 # -----------------------
 # Try to link conftest.$ac_ext, and return whether this succeeded.
@ -2444,7 +2391,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by tripwire $as_me 2.4.3.7, which was
+It was created by tripwire $as_me 2.4.3.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  $ $0 $@
@ -3418,7 +3365,7 @@ fi
 # Define the identity of the package.
 PACKAGE='tripwire'
- VERSION='2.4.3.7'
+ VERSION='2.4.3.4'
 cat >>confdefs.h <<_ACEOF
@ -3517,21 +3464,11 @@ ac_config_headers="$ac_config_headers config.h"
-CFLAGS=${CFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+rm -f src/tripwire/syslog.h 2> /dev/null
-CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+chmod 755 install-sh 2> /dev/null
-
+CFLAGS=${CFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
-# This is primarily to support old compilers that don’t understand -Wextra
+CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
 # Check whether --enable-extrawarnings was given.
 if test "${enable_extrawarnings+set}" = set; then :
  enableval=$enable_extrawarnings;
 fi
 if test "x$enable_extrawarnings" != "xno"
 then
   CFLAGS="${CFLAGS} -Wextra -Wno-unused-parameter"
   CXXFLAGS="${CXXFLAGS} -Wextra -Wno-unused-parameter"
 fi
 # Check whether --enable-static was given.
 if test "${enable_static+set}" = set; then :
@ -3541,7 +3478,6 @@ fi
 if test "x$enable_static" = xyes
 then LDFLAGS="${LDFLAGS} -static"
 fi
 # Check whether --enable-debug was given.
 if test "${enable_debug+set}" = set; then :
  enableval=$enable_debug;
@ -3554,46 +3490,6 @@ then
 $as_echo "#define DEBUG 1" >>confdefs.h
 else
 $as_echo "#define NDEBUG 1" >>confdefs.h
 fi
 # Check whether --enable-coverage was given.
 if test "${enable_coverage+set}" = set; then :
  enableval=$enable_coverage;
 fi
 if test "x$enable_coverage" = xyes
 then
   CFLAGS="${CFLAGS} --coverage"
   CXXFLAGS="${CXXFLAGS} --coverage"
   LDFLAGS="${LDFLAGS} --coverage"
 fi
 # Check whether --enable-profiling was given.
 if test "${enable_profiling+set}" = set; then :
  enableval=$enable_profiling;
 fi
 if test "x$enable_profiling" = xyes
 then
   CFLAGS="${CFLAGS} -pg"
   CXXFLAGS="${CXXFLAGS} -pg"
   LDFLAGS="${LDFLAGS} -pg"
 fi
 # Check whether --enable-urandom was given.
 if test "${enable_urandom+set}" = set; then :
  enableval=$enable_urandom;
 fi
 if test "x$enable_urandom" = xyes
 then
 $as_echo "#define ENABLE_DEV_URANDOM 1" >>confdefs.h
 fi
 ac_ext=c
@ -4453,7 +4349,7 @@ if test -z "$CXX"; then
    CXX=$CCC
  else
    if test -n "$ac_tool_prefix"; then
-  for ac_prog in g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe
+  for ac_prog in g++ clang++ sunCC aCC xlC_r xlC cl.exe
  do
    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
@ -4497,7 +4393,7 @@ fi
 fi
 if test -z "$CXX"; then
  ac_ct_CXX=$CXX
-  for ac_prog in g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe
+  for ac_prog in g++ clang++ sunCC aCC xlC_r xlC cl.exe
 do
  # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
@ -5626,20 +5522,7 @@ fi
 done
-for ac_header in unistd.h sys/unistd.h
+for ac_header in unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h
 do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
 if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
 #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 _ACEOF
 fi
 done
 for ac_header in syslog.h langinfo.h sys/statfs.h sys/select.h
 do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@ -6170,39 +6053,6 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
 # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
 $as_echo_n "checking size of time_t... " >&6; }
 if ${ac_cv_sizeof_time_t+:} false; then :
  $as_echo_n "(cached) " >&6
 else
  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "$ac_includes_default"; then :
 else
  if test "$ac_cv_type_time_t" = yes; then
     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (time_t)
 See \`config.log' for more details" "$LINENO" 5; }
   else
     ac_cv_sizeof_time_t=0
   fi
 fi
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
 $as_echo "$ac_cv_sizeof_time_t" >&6; }
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_TIME_T $ac_cv_sizeof_time_t
 _ACEOF
 $as_echo "#define USES_1S_COMPLEMENT 0" >>confdefs.h
@ -6228,26 +6078,6 @@ $as_echo "#define IS_UNIX 1" >>confdefs.h
 $as_echo "#define NDEBUG 1" >>confdefs.h
 ac_fn_c_check_member "$LINENO" "struct stat" "st_rdev" "ac_cv_member_struct_stat_st_rdev" "$ac_includes_default"
 if test "x$ac_cv_member_struct_stat_st_rdev" = xyes; then :
 cat >>confdefs.h <<_ACEOF
 #define HAVE_STRUCT_STAT_ST_RDEV 1
 _ACEOF
 fi
 ac_fn_c_check_member "$LINENO" "struct stat" "st_blocks" "ac_cv_member_struct_stat_st_blocks" "$ac_includes_default"
 if test "x$ac_cv_member_struct_stat_st_blocks" = xyes; then :
 cat >>confdefs.h <<_ACEOF
 #define HAVE_STRUCT_STAT_ST_BLOCKS 1
 _ACEOF
 fi
 for ac_func in strftime gethostname gethostid
 do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@ -6272,17 +6102,6 @@ _ACEOF
 fi
 done
 for ac_func in swab
 do :
  ac_fn_c_check_func "$LINENO" "swab" "ac_cv_func_swab"
 if test "x$ac_cv_func_swab" = xyes; then :
  cat >>confdefs.h <<_ACEOF
 #define HAVE_SWAB 1
 _ACEOF
 fi
 done
 for ac_header in fcntl.h
 do :
@ -6329,78 +6148,6 @@ done
 fi
 for ac_header in door.h
 do :
  ac_fn_c_check_header_mongrel "$LINENO" "door.h" "ac_cv_header_door_h" "$ac_includes_default"
 if test "x$ac_cv_header_door_h" = xyes; then :
  cat >>confdefs.h <<_ACEOF
 #define HAVE_DOOR_H 1
 _ACEOF
 for ac_func in door_create
 do :
  ac_fn_c_check_func "$LINENO" "door_create" "ac_cv_func_door_create"
 if test "x$ac_cv_func_door_create" = xyes; then :
  cat >>confdefs.h <<_ACEOF
 #define HAVE_DOOR_CREATE 1
 _ACEOF
 fi
 done
 fi
 done
 for ac_header in port.h
 do :
  ac_fn_c_check_header_mongrel "$LINENO" "port.h" "ac_cv_header_port_h" "$ac_includes_default"
 if test "x$ac_cv_header_port_h" = xyes; then :
  cat >>confdefs.h <<_ACEOF
 #define HAVE_PORT_H 1
 _ACEOF
 for ac_func in port_create
 do :
  ac_fn_c_check_func "$LINENO" "port_create" "ac_cv_func_port_create"
 if test "x$ac_cv_func_port_create" = xyes; then :
  cat >>confdefs.h <<_ACEOF
 #define HAVE_PORT_CREATE 1
 _ACEOF
 fi
 done
 fi
 done
 UNAME=`uname`
 if [ $UNAME != "AROS" ]; then
  if test -c "/dev/random"; then
 $as_echo "#define HAVE_DEV_RANDOM 1" >>confdefs.h
  fi
  if test -c "/dev/urandom"; then
 $as_echo "#define HAVE_DEV_URANDOM 1" >>confdefs.h
  fi
  if test -c "/dev/arandom"; then
 $as_echo "#define HAVE_DEV_ARANDOM 1" >>confdefs.h
  fi
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lc" >&5
 $as_echo_n "checking for socket in -lc... " >&6; }
@ -7103,9 +6850,6 @@ case $target in
 		;;
 	*-*-netbsd*)
 		;;
 	*-*-libertybsd*)
 		CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
 		;;
 	i[0-9]86-pc-linux*)
 		;;
 	sparc-*-linux*)
@ -7889,7 +7633,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tripwire $as_me 2.4.3.7, which was
+This file was extended by tripwire $as_me 2.4.3.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@ -7956,7 +7700,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tripwire config.status 2.4.3.7
+tripwire config.status 2.4.3.4
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"
--- a/configure.ac
+++ b/configure.ac
@ -2,75 +2,47 @@ dnl Process this file with autoconf to produce a configure script.
 dnl
 dnl
-AC_INIT([tripwire], [2.4.3.7], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
+AC_INIT([tripwire], [2.4.3.4], [https://github.com/Tripwire/tripwire-open-source/issues], [tripwire], [https://github.com/Tripwire/tripwire-open-source])
 AC_CONFIG_SRCDIR([src/tw/tw.cpp])
 AC_CANONICAL_TARGET([])
 AM_INIT_AUTOMAKE
 AM_CONFIG_HEADER(config.h)
-AC_COPYRIGHT([The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2018 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.])
+AC_COPYRIGHT([The developer of the original code and/or files is Tripwire, Inc.  Portions created by Tripwire, Inc. are copyright 2000-2017 Tripwire, Inc.  Tripwire is a registered trademark of Tripwire, Inc.  All rights reserved.])
-AC_REVISION([$Revision: 2.4.3.7 $])
+AC_REVISION([$Revision: 2.4.3.4 $])
 dnl #################################
 dnl Cleanup Cruft Leftover From Patch
 dnl #################################
 rm -f src/tripwire/syslog.h 2> /dev/null
 chmod 755 install-sh 2> /dev/null
 dnl ###############
 dnl Setup defaults
 dnl ###############
-CFLAGS=${CFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+CFLAGS=${CFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
-CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
+CXXFLAGS=${CXXFLAGS:-"-O -pipe -Wall -Wextra -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"}
 dnl #####################
 dnl Configuration options
 dnl #####################
 # This is primarily to support old compilers that don’t understand -Wextra
 AC_ARG_ENABLE(extrawarnings,  [  —-disable-extrawarnings do not compile with -Wextra warnings enabled])
 if test "x$enable_extrawarnings" != "xno"
 then
   CFLAGS="${CFLAGS} -Wextra -Wno-unused-parameter"
   CXXFLAGS="${CXXFLAGS} -Wextra -Wno-unused-parameter"
 fi
 AC_ARG_ENABLE(static, [  --enable-static         compile static binaries])
 if test "x$enable_static" = xyes
 then LDFLAGS="${LDFLAGS} -static"
 fi
 AC_ARG_ENABLE(debug,  [  --enable-debug          compile with debuging enabled])
 if test "x$enable_debug" = xyes
 then
   CFLAGS="${CFLAGS} -g"
   CXXFLAGS="${CXXFLAGS} -g"
   AC_DEFINE(DEBUG, 1, [Compile with debug code])
 else
   AC_DEFINE(NDEBUG, 1, [Compile without debug code])
 fi
 AC_ARG_ENABLE(coverage, [  --enable-coverage       enable code coverage])
 if test "x$enable_coverage" = xyes
 then
   CFLAGS="${CFLAGS} --coverage"
   CXXFLAGS="${CXXFLAGS} --coverage"
   LDFLAGS="${LDFLAGS} --coverage"
 fi
 AC_ARG_ENABLE(profiling, [  --enable-profiling      enable profiling])
 if test "x$enable_profiling" = xyes
 then
   CFLAGS="${CFLAGS} -pg"
   CXXFLAGS="${CXXFLAGS} -pg"
   LDFLAGS="${LDFLAGS} -pg"
 fi
 AC_ARG_ENABLE(urandom,  [  --enable-urandom        use /dev/urandom])
 if test "x$enable_urandom" = xyes
 then
   AC_DEFINE(ENABLE_DEV_URANDOM, 1, [Enable use of /dev/urandom])
 fi
 dnl ###################
 dnl Checks for programs
 dnl ###################
 AC_PROG_CC([gcc clang suncc aCC xlC_r xlC cl.exe])
-AC_PROG_CXX([g++ c++ clang++ sunCC aCC xlC_r xlC cl.exe])
+AC_PROG_CXX([g++ clang++ sunCC aCC xlC_r xlC cl.exe])
 AC_PROG_RANLIB
 AC_PROG_YACC
 AC_PROG_LN_S
@ -99,8 +71,7 @@ AC_CHECK_HEADERS(sys/mount.h,,,
 #endif
 ]])
 AC_CHECK_HEADERS(sys/ustat.h sys/sysmacros.h sys/syslog.h sys/socket.h)
-AC_CHECK_HEADERS(unistd.h sys/unistd.h)
+AC_CHECK_HEADERS(unistd.h syslog.h langinfo.h sys/statfs.h sys/select.h)
 AC_CHECK_HEADERS(syslog.h langinfo.h sys/statfs.h sys/select.h)
 AC_CHECK_HEADERS(signum.h bits/signum.h, break )
 AC_CHECK_HEADERS(stdarg.h varargs.h, break )
 AC_CHECK_HEADERS(sys/utsname.h memory.h)
@ -122,7 +93,6 @@ AC_C_BIGENDIAN
 AC_CHECK_SIZEOF(int)
 AC_CHECK_SIZEOF(long)
 AC_CHECK_SIZEOF(long long)
 AC_CHECK_SIZEOF(time_t)
 dnl All platforms we support use 2's complement, are byte aligned, etc...
 AC_DEFINE(USES_1S_COMPLEMENT, 0, [Uses one's complement])
@ -139,15 +109,11 @@ AC_DEFINE(IS_UNIX, 1, [Is a unix type platform])
 dnl whether or not to generate debuging code?
 AC_DEFINE(NDEBUG, 1, [don't generate debuging code])
 dnl look for struct stat members that aren't always there
 AC_CHECK_MEMBERS([struct stat.st_rdev, struct stat.st_blocks])
 dnl #############################
 dnl Checks for standard functions
 dnl #############################
 AC_CHECK_FUNCS(strftime gethostname gethostid)
 AC_CHECK_FUNCS(mkstemp mktemp, break)
 AC_CHECK_FUNCS(swab)
 dnl check for posix_fadvise
 AC_CHECK_HEADERS(fcntl.h, [AC_CHECK_FUNCS(posix_fadvise)])
@ -161,40 +127,6 @@ then
  AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h)
 fi
 dnl check for door support (Solaris)
 AC_CHECK_HEADERS(door.h, [AC_CHECK_FUNCS(door_create)])
 dnl check for event port support (Solaris)
 AC_CHECK_HEADERS(port.h, [AC_CHECK_FUNCS(port_create)])
 dnl ##############################################  
 dnl check for various RNG/PRNG devices
 dnl ##############################################  
 UNAME=`uname`
 dnl ############################################## 
 dnl AROS pops up a "Please insert disk" dialog for /dev
 dnl if script looks for devices (which don't exist)
 dnl so don't even try looking.
 dnl ############################################## 
 if [[ $UNAME != "AROS" ]]; then
  if test -c "/dev/random"; then
    AC_DEFINE(HAVE_DEV_RANDOM, [1], [Has /dev/random])
  fi
  if test -c "/dev/urandom"; then
    AC_DEFINE(HAVE_DEV_URANDOM, [1], [Has /dev/urandom])
  fi
  if test -c "/dev/arandom"; then
    AC_DEFINE(HAVE_DEV_ARANDOM, [1], [Has /dev/arandom])
  fi
 fi
 dnl ##############################################
 dnl Checks for various platform specific libraries
 dnl ##############################################
@ -349,9 +281,6 @@ case $target in
 		;;
 	*-*-netbsd*)
 		;;
 	*-*-libertybsd*)
 		CXXFLAGS="${CXXFLAGS} -DTW_LibertyBSD"
 		;;
 	i[[0-9]]86-pc-linux*)
 		;;
 	sparc-*-linux*)
--- a/installer/install.sh
+++ b/installer/install.sh
@ -17,7 +17,7 @@
 ## from Larry Wall's metaconfig.
 ##-------------------------------------------------------
-PATH=".:/bin:/usr/bin:/usr/local/bin:$PATH"
+PATH='.:/bin:/usr/bin'
 export PATH || (echo 'You must use sh to run this script'; kill $$)
 if [ ! -t 0 ] ; then
 	echo "Say 'sh install.sh', not 'sh < install.sh'"
@ -28,7 +28,7 @@ fi
 ## The usage message.
 ##-------------------------------------------------------
-USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>] [-d <installdir>]"
+USAGE="install.sh [<configfile>] [-n] [-f] [-s <sitepassphrase>] [-l <localpassphrase>]"
 ##-------------------------------------------------------
 ## Figure out how to do an echo without newline.
@ -42,6 +42,18 @@ else
 	c=""
 fi
 ##-------------------------------------------------------
 ## Better have a copy of tar!
 ## If /bin/sh does not exist or is not readable (seems
 ## fairly unlikely), then this will fail.
 ##-------------------------------------------------------
 (tar cvf /dev/null /bin/sh) 2> /dev/null 1>&2
 if [ $? -ne 0 ]; then
    echo "tar command not found -- aborting install."
 	exit 1
 fi
 ##-------------------------------------------------------
 ## Can't live without sed.
 ##-------------------------------------------------------
@ -66,22 +78,50 @@ for p in $awknames; do
 	fi
 done
 ##-------------------------------------------------------
 ## Does this system have a copy of grep we can use?
 ## Some greps don't return status (amazing, huh?),
 ## so we look for a copy of grep that
 ## returns 0 status for an exact match
 ## returns 0 status for a case-insensitive match
 ## returns 0 status for a wildcard match
 ## returns non-zero status for a failed match
 ##-------------------------------------------------------
 GREP=""
 grepnames="grep egrep"
 lcgrepstr="findensiemich"     # all lower case
 mcgrepstr="FindenSieMich"     # mixed case
 wcgrepstr="sie.ich$"          # wild card match
 nogrepstr="WoBistDu"          # should not be able to find this
 for p in $grepnames; do
 	(echo "$lcgrepstr" | $p "$lcgrepstr") 2> /dev/null 1>&2
 	if [ $? -eq 0 ]; then
 		(echo "$lcgrepstr" | $p -i "$mcgrepstr") 2> /dev/null 1>&2
 		if [ $? -eq 0 ]; then
 			(echo "$lcgrepstr" | $p "$wcgrepstr") 2> /dev/null 1>&2
 			if [ $? -eq 0 ]; then
 				(echo "$lcgrepstr" | $p "$nogrepstr") 2> /dev/null 1>&2
 				if [ $? -ne 0 ]; then
 					GREP=$p
 					break
 				fi
 			fi
 		fi
 	fi
 done
 ##-------------------------------------------------------
 ## Does this system have a pager that we can use?
 ## Use cat if desperate.
 ##-------------------------------------------------------
 MORE="cat"
-morenames="less more most pg cat"
+morenames="more less cat"
 for p in $morenames; do
-    pagerpath=`command -v $p`
+	($p $0 < /dev/null) 2> /dev/null 1>&2
-
+	if [ $? -eq 0 ]; then
-    if [ -z $pagerpath ]; then
+		MORE=$p
        continue
    fi
    if [ -x $pagerpath ]; then
        MORE=$pagerpath
 		break
 	fi
 done
@ -104,10 +144,8 @@ fi
 ## Miscellaneous configuration parameters.
 ##-------------------------------------------------------
-# set a few location variables if caller didn't pass them to us
+# prefix
-prefix="${prefix:=/usr/local}"
+prefix="${prefix:=/usr}"
 sysconfdir="${sysconfdir:=/usr/local/etc}"
 path_to_vi="${path_to_vi:=/usr/bin/vi}"
 # License File name
 TWLICENSEFILE="COPYING"
@ -154,16 +192,10 @@ TAR_DIR=${TAR_DIR:-${START_DIR}}
 OS=`uname -s`
 POLICYSRC="twpol-${OS:=GENERIC}.txt"
-if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]; then
+if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]
-    OS=`uname -o`
+then POLICYSRC="twpol-GENERIC.txt"
    POLICYSRC="twpol-${OS:=GENERIC}.txt"
 fi
 if [ ! -r ${TAR_DIR}/policy/${POLICYSRC} ]; then
    POLICYSRC="twpol-GENERIC.txt"
 fi
 ##-------------------------------------------------------
 ## Parse the command line.
 ##-------------------------------------------------------
@ -186,13 +218,6 @@ while [ "x$1" != "x" ] ; do
 		exit 1 ;;
 	    *) TW_LOCAL_PASS="$2"; shift ;;
 	    esac ;;
        -d) case "$2" in
            "" | -*)
                echo "Error: missing install dir with -d option." 1>&2
                echo "$USAGE"
                exit 1 ;;
            *) prefix="$2"; sysconfdir="$2/bin"; shift ;;
            esac ;;
 	-*) echo "Error: unknown argument $1" 1>&2
 	    echo "$USAGE"
 	    exit 1 ;;
@ -218,8 +243,9 @@ cat << END_OF_TEXT
 Installer program for:
 Tripwire(R) 2.4 Open Source
-Copyright (C) 1998-2017 Tripwire, Inc.
+Copyright (C) 1998-2000 Tripwire (R) Security Systems, Inc.  Tripwire (R)
-Tripwire is a registered trademark of Tripwire, Inc. All rights reserved.
+is a registered trademark of the Purdue Research Foundation and is
 licensed exclusively to Tripwire (R) Security Systems, Inc.
 END_OF_TEXT
@ -392,48 +418,14 @@ else
 ## Verify that the specified editor program exists
 ##-------------------------------------------------------
-# If user specified an editor in $path_to_vi or $TWEDITOR, try that first.
+TWEDITOR=${TWEDITOR:-'/bin/vi'}
 # $path_to_vi defaults to /usr/bin/vi, so we usually succeed here.
 #
 if [ -n ${TWEDITOR} ]; then
    TWEDITOR_PATH=`command -v $TWEDITOR`
 fi
 # If user's environment includes $EDITOR, try that next
 if [ -n ${EDITOR} ] && [ -z ${TWEDITOR_PATH} ]; then
    TWEDITOR_PATH=`command -v $EDITOR`
 fi
 # Ok, now search path for vi
 if [ -z ${TWEDITOR_PATH} ]; then
    TWEDITOR_PATH=`command -v vi`
 fi
 # Try vim in case there isn't a link named vi
 if [ -z ${TWEDITOR_PATH} ]; then
    TWEDITOR_PATH=`command -v vim`
 fi
 # No vi/vim? See if nano is present
 if [ -z ${TWEDITOR_PATH} ]; then
    TWEDITOR_PATH=`command -v nano`
 fi
 # No vi or nano? See if emacs is available
 if [ -z ${TWEDITOR_PATH} ]; then
    TWEDITOR_PATH=`command -v emacs`
 fi
 if [ -n ${TWEDITOR_PATH} ]; then
    TWEDITOR=$TWEDITOR_PATH
 fi
 if [ -x ${TWEDITOR} ]; then
        echo "${TWEDITOR} exists.  Continuing installation."
        echo
 else
-    echo "${TWEDITOR} not found. Continuing, but your configuration may need to be edited after installation."
+        echo "${TWEDITOR} does not exist.  Exiting."
-    echo
+        exit 1
 fi
 ##-------------------------------------------------------
@ -592,12 +584,9 @@ f10=' ff=${POLICYSRC} ; d="/policy" ; dd=$TWPOLICY ; rr=0640 '
 #f16=' ff=twadmin.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
 #f17=' ff=twintro.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
 #f18=' ff=twprint.8 ; d="/man/man8" ; dd=$TWMAN/man8 ; rr=0444 '
 f19=' ff=COMMERCIAL ; d="" ; dd=$TWDOCS ; rr=0444 '
 f20=' ff=ReadMe-2.4.3 ; d="" ; dd=$TWDOCS ; rr=0444 '
 f21=' ff=ChangeLog ; d="" ; dd=$TWDOCS ; rr=0444 '
 # Binaries and manpages are already installed by the install target
-loosefiles="f3 f4 f5 f6 f7 f8 f9 f10 f19 f20 f21"
+loosefiles="f3 f4 f5 f6 f7 f8 f9 f10"
 for i in $loosefiles; do
 	eval "eval \"\$$i\""
@ -618,9 +607,7 @@ done
 if [ -n "$INSTALL_STRIP_FLAG" ] ; then
  echo "INSTALL_STRIP_FLAG is set, stripping binaries"
  chmod u+w "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint"
  strip "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint" 
  chmod u-w "$TWBIN/siggen" "$TWBIN/tripwire" "$TWBIN/twadmin" "$TWBIN/twprint"
 fi
 #Make extra sure we don't install the unit test binary to sbin
@ -936,7 +923,7 @@ cat << END_OF_TEXT
 ----------------------------------------------
 The installation succeeded.
-Please refer to documentation in $TWDOCS
+Please refer to $README_LOC
 for release information and to the printed user documentation
 for further instructions on using Tripwire 2.4 Open Source.
--- a/lcov.sh
+++ b/lcov.sh
@ -1,18 +0,0 @@
 #!/bin/sh
 if [ -d ./lcov ]; then
  rm -Rf ./lcov
 fi
 if [ -e ./lcov.dat ]; then
  rm ./lcov.dat
 fi
 if [ -e ./lcov.tgz ]; then
  rm ./lcov.tgz
 fi
 lcov --capture --directory src --output-file ./lcov.dat
 genhtml ./lcov.dat --output-directory lcov
 tar -zcvf lcov.tgz lcov
--- a/man/Makefile.in
+++ b/man/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -284,6 +284,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man4/Makefile.in
+++ b/man/man4/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,6 +256,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man4/twconfig.4
+++ b/man/man4/twconfig.4
@ -35,7 +35,7 @@
 ..
 .nh
 .ad l
-.TH TWCONFIG 4 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWCONFIG 4 "1 July 2000"
 .SH NAME
 twconfig \- \fITripwire\fP configuration file reference
 .SH DESCRIPTION
@ -215,15 +215,6 @@ parameter; reports displayed by other modes and other commands
 are not affected.
 .br
 Initial value:  \fI3\fP
 .IP \f(CWDBPRINTLEVEL\fP
 Specifies the default level of report produced by the \fBtwprint
 \(hy\(hyprint\(hydbfile\fP mode. Valid values for this option are 0 to
 2. The output
 level specified by this option can be overridden with the (\fB\(hyt\fP\ or\ \fB\(hy\(hyoutput\(hylevel\fP) option on the command line. If
 this variable is not included in the configuration file, the default
 output level is 2.
 .br
 Initial value:  \fI2\fP
 .IP \f(CWHASH_DIRECT_IO\fP
 Use direct i/o when hashing files. (Linux-only as of OST 2.4.3.2) 
 .br
@ -311,7 +302,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man4/twpolicy.4
+++ b/man/man4/twpolicy.4
@ -36,7 +36,7 @@
 .\"
 .nh
 .ad l
-.TH TWPOLICY 4 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWPOLICY 4 "1 July 2000"
 .SH NAME
 twpolicy \- \fITripwire\fP policy file reference
 .SH DESCRIPTION
@ -537,7 +537,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man5/Makefile.in
+++ b/man/man5/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,6 +256,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man5/twfiles.5
+++ b/man/man5/twfiles.5
@ -25,7 +25,7 @@
 .\"
 .nh
 .ad l
-.TH TWFILES 5 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWFILES 5 "1 July 2000"
 .SH NAME
 twfiles \- overview of files used by \fITripwire\fR and file backup process
 .\"
@ -112,7 +112,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/Makefile.in
+++ b/man/man8/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -256,6 +256,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
--- a/man/man8/siggen.8
+++ b/man/man8/siggen.8
@ -2,9 +2,9 @@
 .\" Do not move or remove previous line.
 .\" Used by some man commands to know that tbl should be used.
 .nh
-.TH SIGGEN 8 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH SIGGEN 8 "19 Feb 2004"
 .SH NAME
-siggen \- signature gathering utility for Tripwire
+siggen \- signature gathering routine for Tripwire
 .SH SYNOPSIS
 .B siggen
 [
@ -54,8 +54,6 @@ Display Haval value, a 128-bit hash code.
 .TP
 .IR file1 " [ " "file2... " ]
 List of filesystem objects for which to display values.
 .SH EXIT STATUS
 \fBsiggen\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B siggen
@ -69,7 +67,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/tripwire.8
+++ b/man/man8/tripwire.8
@ -36,9 +36,9 @@
 .\"
 .nh
 .ad l
-.TH TRIPWIRE 8 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TRIPWIRE 8 "1 July 2000"
 .SH NAME
-tripwire \- a file integrity checker for \s-1UNIX-like\s0 systems
+tripwire \- a file integrity checker for \s-1UNIX\s0 systems
 .SH SYNOPSIS
 .B tripwire
 .RB "{ " "-m i" " | " "--init" " } "  
@ -554,19 +554,6 @@ Mode selector.
 Use the specified email address.  This parameter must
 be supplied when test mode is used. Only one address
 may be specified.
 .SH EXIT STATUS
 .SS Integrity Checking Mode
 \fBtripwire\fP exits 0 if no changes are detected. Otherwise the exit value is a bit mask:
 .TP
 \fB1\fP At least one file or directory has been added.
 .TP
 \fB2\fP At least one file or directory has been modified.
 .TP
 \fB4\fP At least one file or directory has been modified.
 .TP
 \fB8\fP Error(s) occurred during the check.
 .SS All Other Modes
 \fBtripwire\fP exits 0 on success, 8 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B tripwire
@ -580,7 +567,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR twadmin (8),
--- a/man/man8/twadmin.8
+++ b/man/man8/twadmin.8
@ -17,7 +17,7 @@
 .in \\n(.iu
 ..
 .ad l
-.TH TWADMIN 8 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWADMIN 8 "1 July 2000"
 .SH NAME
 twadmin \- Tripwire administrative and utility tool
 .SH SYNOPSIS
@ -538,8 +538,6 @@ file.
 Specify passphrase used to decrypt the private key in the specified sitekey
 file.
 .\" *****************************************
 .SH EXIT STATUS
 \fBtwadmin\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B twadmin
@ -553,7 +551,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/man/man8/twintro.8
+++ b/man/man8/twintro.8
@ -16,12 +16,12 @@
 .\"
 .nh
 .ad l
-.TH TWINTRO 8 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWINTRO 8 "1 July 2000"
 .SH NAME
 twintro \- introduction to \fITripwire\fP software
 .SH DESCRIPTION
 .PP
-\fITripwire 2.4\fP is a file integrity assessment tool for UNIX-like systems.  Rather than preventing an intruder or virus
+\fITripwire 2.4\fP is a file integrity assessment product for Linux networks.  Rather than preventing an intruder or virus
 from attacking system files, \fITripwire\fP detects intrusions when
 they do occur. By comparing system files and directories against a
 previously stored "baseline" database, \fITripwire\fP finds any
@ -99,7 +99,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR tripwire (8),
 .BR twadmin (8),
--- a/man/man8/twprint.8
+++ b/man/man8/twprint.8
@ -2,7 +2,7 @@
 .\" Do not move or remove previous line.
 .\" Used by some man commands to know that tbl should be used.
 .ad l
-.TH TWPRINT 8 "04 Jan 2018" "Open Source Tripwire 2.4"
+.TH TWPRINT 8 "1 July 2000"
 .nh
 .SH NAME
 twprint \- Tripwire database and report printer
@ -10,9 +10,6 @@ twprint \- Tripwire database and report printer
 .B twprint
 .RB "{ " "-m r" " | " "--print-report" " } "
 .RI "[ " options... " ]"
 .if n .br
 .if n .ti +.5i
 .RI " [ " "object1" " [ " "object2..." " ]]"
 .br
 .B twprint
 .RB "{ " "-m d" " | " "--print-dbfile" " } "
@ -62,7 +59,6 @@ lbw(1.2i) lb.
 -L \fIlocalkey\fP	--local-keyfile \fIlocalkey\fP
 -t \fR{ 0|1|2|3|4 }\fP	--report-level \fR{ 0|1|2|3|4 }\fP
 .TE
 .RI "[ " "object1" " [ " "object2..." " ]]"
 .RE
 .TP
 .BR "\(hym r" ", " --print-report
@ -87,15 +83,10 @@ Print the specified report file.
 Use the specified local key file to perform verification
 with reports which are signed.
 .TP
-.BI \(hyt " level\fR, " --report-level " level"
+.BI \(hyt " level\fR, " --report-level " level
 Specifies the detail level of the printed report, overriding the
 \f(CWREPORTLEVEL\fP variable in the configuration
 file. \fIlevel\fR must be a number from 0\ to\ 4.
 .TP
 .RI "[ " "object1" " [ " "object2..." " ]]"
 List of filesystem objects in the report to print. If no
 objects are specified, every object in the report will
 be printed. 
 .\" *****************************************
 .SS Database printing mode:
 .RS 0.4i
@ -109,7 +100,6 @@ lbw(1.2i) lb.
 -c \fIcfgfile\fP	--cfgfile \fIcfgfile\fP
 -d \fIdatabase\fP	--dbfile \fIdatabase\fP
 -L \fIlocalkey\fP	--local-keyfile \fIlocalkey\fP
 -t \fR{ 0|1|2 }\fP	--output-level \fR{ 0|1|2 }\fP
 .TE
 .RI "[ " "object1" " [ " "object2..." " ]]"
 .RE
@ -135,11 +125,6 @@ Print the specified database file.
 .BI \(hyL " localkey\fR, " --local-keyfile " localkey"
 Use the specified local key file to read the database.
 .TP
 .BI \(hyt " level\fR, " --output-level " level"
 Specifies the detail level of the printed database, overriding the
 \f(CWDBPRINTLEVEL\fP variable in the configuration
 file. \fIlevel\fR must be a number from 0\ to\ 2.
 .TP
 .RI "[ " "object1" " [ " "object2..." " ]]"
 List of filesystem objects in the database to print. If no
 objects are specified, every object in the database will
@ -147,8 +132,6 @@ be printed. The format for a list of objects is:
 .if n .I "section: objname objname... section: objname..."
 .if t .br
 .if t .I "section: objectname objectname... section: objectname..."
 .SH EXIT STATUS
 \fBtwprint\fP exits 0 on success, 1 on error.
 .SH VERSION INFORMATION
 This man page describes
 .B twprint
@ -162,7 +145,7 @@ Permission is granted to copy and distribute modified versions of this man page
 .PP
 Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
 .PP
-Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
+Copyright 2000-2017 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
 .SH SEE ALSO
 .BR twintro (8),
 .BR tripwire (8),
--- a/policy/policyguide.txt
+++ b/policy/policyguide.txt
@ -191,7 +191,7 @@ $(DIR1) -> $(param1);                   # It is also possible to do a
 #=============================================================================
 #
-# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. All rights reserved.
 #
 # Linux is a registered trademark of Linus Torvalds.
--- a/policy/twpol-AIX.txt
+++ b/policy/twpol-AIX.txt
@ -60,14 +60,13 @@ HOSTNAME=;
 #
 ##############################################################################
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+Device        = +pugsdr-intlbamcCMSH ;
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+Dynamic       = +pinugtd-srlbamcCMSH ;
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+Growing       = +pinugtdl-srbamcCMSH ;
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+IgnoreAll     = -pinugtsdrlbamcCMSH ;
-SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+ReadOnly      = +pinugtsdbmCM-rlacSH ;
-SEC_TEMPORARY     = +pugt ;
+Temporary     = +pugt ;
@@section FS 
@ -84,10 +83,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(ReadOnly) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -104,14 +103,14 @@ SEC_TEMPORARY     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
-  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
  # don't scan the individual reports
-  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
 }
  ################################################
@ -125,7 +124,7 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc                          -> $(IgnoreNone) -SHa ;
 }
  ###################################################
@ -139,9 +138,9 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(SEC_READONLY) ;
+  /                             -> $(ReadOnly) ;
-  /usr                          -> $(SEC_READONLY) ;
+  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(SEC_READONLY) ;
+  /var                          -> $(ReadOnly) ;
 }
  ###################################################
@ -155,10 +154,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /lost+found                   -> $(SEC_READONLY) ;
+  /lost+found                   -> $(ReadOnly) ;
-  /hacmplocal                   -> $(SEC_READONLY) ;
+  /hacmplocal                   -> $(ReadOnly) ;
-  /homelocal                    -> $(SEC_READONLY) ;
+  /homelocal                    -> $(ReadOnly) ;
-  /opt                          -> $(SEC_READONLY) ;
+  /opt                          -> $(ReadOnly) ;
  !/var/adm/csd	;
 }
@ -173,7 +172,7 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(SEC_DEVICE) ;
+  /dev                          -> $(Device) ;
 }
  ################################################
@ -187,10 +186,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /sbin                         -> $(SEC_READONLY) ;
+  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(ReadOnly) ;
-  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(ReadOnly) ;
 }
  ################################################
@ -204,11 +203,11 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  #/.dtprofile                    -> $(SEC_DYNAMIC) ;
+  #/.dtprofile                    -> $(Dynamic) ;
  ! /.netscape/cache ; 
-  /.netscape/history.dat         -> $(SEC_DYNAMIC) ;
+  /.netscape/history.dat         -> $(Dynamic) ;
-  /.sh_history                   -> $(SEC_DYNAMIC) ;
+  /.sh_history                   -> $(Dynamic) ;
-  #/.Xauthority                   -> $(SEC_READONLY) ;
+  #/.Xauthority                   -> $(ReadOnly) ;
 }
  ################################################
@ -222,8 +221,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(SEC_TEMPORARY) ;
+  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(Temporary) ;
 }
  ################################################
@ -252,31 +251,31 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /etc/es/objrepos		-> $(SEC_READONLY) -SHacm ;
+  /etc/es/objrepos		-> $(ReadOnly) -SHacm ;
-  /etc/es/objrepos/HACMPresource -> $(SEC_READONLY) -SHCMcm ;
+  /etc/es/objrepos/HACMPresource -> $(ReadOnly) -SHCMcm ;
-  /etc/lpp/diagnostics/data 	-> $(SEC_READONLY) -SHCMacm ;
+  /etc/lpp/diagnostics/data 	-> $(ReadOnly) -SHCMacm ;
-  /etc/ntp.drift		-> $(SEC_READONLY) -SHiacm ;
+  /etc/ntp.drift		-> $(ReadOnly) -SHiacm ;
  !/etc/objrepos ;
-  /etc/security			-> $(SEC_READONLY) -SHacm ;
+  /etc/security			-> $(ReadOnly) -SHacm ;
-  /usr/es/adm/cluster.log	-> $(SEC_READONLY) -SHCMsbm ;
+  /usr/es/adm/cluster.log	-> $(ReadOnly) -SHCMsbm ;
-  /usr/es/sbin/cluster/etc/objrepos/active -> $(SEC_READONLY) -SHim ;
+  /usr/es/sbin/cluster/etc/objrepos/active -> $(ReadOnly) -SHim ;
  !/usr/etc/sbin/cluster/history ;
-  /usr/share/lib/objrepos      -> $(SEC_READONLY) -m ;
+  /usr/share/lib/objrepos      -> $(ReadOnly) -m ;
-  /usr/lib/objrepos      -> $(SEC_READONLY) -m ;
+  /usr/lib/objrepos      -> $(ReadOnly) -m ;
  !/var/adm/SPlogs ;
-  /var/ha/log                      -> $(SEC_GROWING) -i ;
+  /var/ha/log                      -> $(Growing) -i ;
  !/var/adm ;
  !/var/ct ;
-  #/var/backups                    -> $(SEC_DYNAMIC) -i ;
+  #/var/backups                    -> $(Dynamic) -i ;
-  #/var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  #/var/db/host.random             -> $(ReadOnly) -mCM ;
-  #/var/db/locate.database         -> $(SEC_READONLY) -misCM ;
+  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
-  #/var/cron                       -> $(SEC_GROWING) -i ;
+  #/var/cron                       -> $(Growing) -i ;
-  #/var/log                        -> $(SEC_GROWING) -i ;
+  #/var/log                        -> $(Growing) -i ;
-  #/var/run                        -> $(SEC_DYNAMIC) -i ;
+  #/var/run                        -> $(Dynamic) -i ;
-  #/var/mail                       -> $(SEC_GROWING) ;
+  #/var/mail                       -> $(Growing) ;
-  #/var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
-  #/var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  #/var/spool/clientmqueue         -> $(Temporary) ;
-  #/var/spool/mqueue               -> $(SEC_TEMPORARY) ;
+  #/var/spool/mqueue               -> $(Temporary) ;
  #!/var/tmp/vi.recover ;           # perl script periodically removes this
 }
--- a/policy/twpol-AROS.txt
+++ b/policy/twpol-AROS.txt
@ -1,132 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for AROS                               ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 (rulename="OS Files",)
 {
  AROS:System -> $(SEC_READONLY);
  AROS:Devs -> $(SEC_READONLY);
  AROS:Libs -> $(SEC_READONLY);
  AROS:Tools-> $(SEC_READONLY);
  AROS:Prefs -> $(SEC_READONLY);
  AROS:Utilities -> $(SEC_READONLY);
  AROS:WBStartup -> $(SEC_READONLY);
 }
 (rulename="Development Tools",)
 {
  Work:Development -> $(SEC_READONLY);
 }
 (rulename="Extras",)
 {
  Work:Extras -> $(SEC_READONLY);
 }
--- a/policy/twpol-Bitrig.txt
+++ b/policy/twpol-Bitrig.txt
@ -1,292 +0,0 @@
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 #                      Tripwire 2.4 policy for Bitrig                        # #
 #                            updated March 2018                              # #
 #                                                                            ##
 ##############################################################################
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 # Global Variable Definitions                                                # #
 #                                                                            # #
 # These are defined at install time by the installation script.  You may     # #
 # manually edit these if you are using this file directly and not from the   # #
 # installation script itself.                                                # #
 #                                                                            ##
 ##############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
  ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
@@section FS 
  ########################################
 #                                      ##
 ######################################## #
 #                                      # #
 #  Tripwire Binaries and Data Files    # #
 #                                      ##
 ########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
  # scanned using the real directory or mount point.  Otherwise we see
  # duplicates in the reports.
  !/home/local ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Boot and Configuration Files             # #
 #                                              ##
 ################################################
 (
  rulename = "OS Boot and Configuration Files",
 )
 {
  /boot                         -> $(SEC_READONLY) ;
  /bsd                          -> $(SEC_READONLY) ;
  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Mount Points                                   # #
 #                                                 ##
 ###################################################
 (
  rulename = "Mount Points",
 )
 {
  /                             -> $(SEC_READONLY) ;
  /cdrom                        -> $(SEC_DYNAMIC) ;
  /floppy                       -> $(SEC_DYNAMIC) ;
  /home                         -> $(SEC_READONLY) ;  # Modify as needed
  /mnt                          -> $(SEC_DYNAMIC) ;
  /usr                          -> $(SEC_READONLY) ;
  /var                          -> $(SEC_READONLY) ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Misc Top-Level Directories                     # #
 #                                                 ##
 ###################################################
 (
  rulename = "Misc Top-Level Directories",
 )
 {
  /altroot                      -> $(SEC_DYNAMIC) ;
  /stand                        -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #   System Devices                             # #
 #                                              ##
 ################################################
 (
  rulename = "System Devices",
 )
 {
  /dev                          -> $(SEC_DEVICE) ;
  /dev/fd                       -> $(SEC_DEVICE) ;
  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Binaries and Libraries                   # #   
 #                                              ##
 ################################################
 (
  rulename = "OS Binaries and Libraries",
 )
 {
  /bin                          -> $(SEC_READONLY) ;
  /sbin                         -> $(SEC_READONLY) ;
  /usr/bin                      -> $(SEC_READONLY) ;
  /usr/lib                      -> $(SEC_READONLY) ;
  /usr/libexec                  -> $(SEC_READONLY) ;
  /usr/sbin                     -> $(SEC_READONLY) ;
  /usr/X11R6/bin                -> $(SEC_READONLY) ;
  /usr/X11R6/lib                -> $(SEC_READONLY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Usr Local Files                             # #   
 #                                              ##
 ################################################
 #OK(
  #OKrulename = "Usr Local Files",
 #OK)
 #OK{
  #OK/usr/local                    -> $(SEC_READONLY) ;
  #OK/usr/local/bin                -> $(SEC_READONLY) ;
  #OK/usr/local/doc                -> $(SEC_READONLY) ;
  #OK/usr/local/etc                -> $(SEC_READONLY) ;
  #OK/usr/local/include            -> $(SEC_READONLY) ;
  #OK/usr/local/info               -> $(SEC_READONLY) ;
  #OK/usr/local/lib                -> $(SEC_READONLY) ;
  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
  #OK/usr/local/man                -> $(SEC_READONLY) ;
  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
  #OK/usr/local/share              -> $(SEC_READONLY) ;
  #OK/usr/local/src                -> $(SEC_READONLY) ;
 #OK}
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Root Directory and Files                    # #
 #                                              ##
 ################################################
 (
  rulename = "Root Directory and Files",
 )
 {
  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
  /root/.profile                 -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Temporary Directories                       # #
 #                                              ##
 ################################################
 (
  rulename = "Temporary Directories",
 )
 {
  /tmp                          -> $(SEC_TEMPORARY) ;
  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  System and Boot Changes                     # #
 #                                              ##
 ################################################
 (
  rulename = "System and Boot Changes",
 )
 {
  /var/backups                    -> $(SEC_DYNAMIC) -i ;
  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
  /var/cron                       -> $(SEC_GROWING) -i ;
  /var/log                        -> $(SEC_GROWING) -i ;
  /var/run                        -> $(SEC_DYNAMIC) -i ;
  /var/mail                       -> $(SEC_GROWING) ;
  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
 }
 #
 # $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
 #
--- a/policy/twpol-Cygwin.txt
+++ b/policy/twpol-Cygwin.txt
@ -1,163 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for Cygwin                             ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 (rulename="Binary files",)
 {
  /bin -> $(SEC_READONLY) -a;
  /usr/bin -> $(SEC_READONLY) -a;
  /usr/local/bin -> $(SEC_READONLY) -a;
 }
 (rulename="Development",)
 {
  /usr/x86_64-pc-cygwin -> $(SEC_READONLY) -a;
 }
 (rulename="Libexec",)
 {
  /usr/libexec -> $(SEC_READONLY) -a;
 }
 (rulename="Admin binaries",)
 {
  /sbin -> $(SEC_READONLY) -a;
  /usr/sbin -> $(SEC_READONLY) -a;
 }
 (rulename="Libraries",)
 {
  /lib -> $(SEC_READONLY) -a;
  /usr/lib -> $(SEC_READONLY) -a;
  /usr/local/lib -> $(SEC_READONLY) -a;
 }
 (rulename="Etc",)
 {
  /etc -> $(SEC_READONLY) -a;
  /usr/local/etc -> $(SEC_READONLY) -a;
 }
 (rulename="Dev",)
 {
  /dev -> $(SEC_DEVICE);
 }
 (rulename="Tmp",)
 {
  /tmp -> $(SEC_TEMPORARY);
  /var/tmp -> $(SEC_TEMPORARY);
  /usr/tmp -> $(SEC_TEMPORARY);
 }
 (rulename="Log",)
 {
  /var/log -> $(SEC_GROWING);
 }
--- a/policy/twpol-Darwin.txt
+++ b/policy/twpol-Darwin.txt
@ -2,8 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                 Tripwire 2.4 policy for Mac OS X                           # #
+#                    Policy file for Mac OS X                                # #
-#                       updated March 2018                                   # #
+#                        September 3, 2003                                   # #
 #                                                                            ##
 ##############################################################################
@ -28,7 +28,7 @@ TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
-HOSTNAME=;
+#USER1=frodo ;
  ##############################################################################
@ -67,10 +67,9 @@ SEC_DYNAMIC       = +pinugt-dsrlbamcCMSH ;
 SEC_READONLY      = +pinugtsbmCM-drlacSH ;
 SEC_GROWING       = +pinugtl-dsrbamcCMSH ;
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+IgnoreAll     = -pinugtsdrlbamcCMSH ;
-SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-SEC_TEMPORARY     = +pugt ;
+Temporary     = +pugt ;
@@section FS 
@ -110,7 +109,7 @@ SEC_TEMPORARY     = +pugt ;
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWLKEY)/local.key                  -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
@ -130,14 +129,14 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Boot and Configuration Files", severity=100
 )
 {
- #/mach.sym                               -> $(SEC_READONLY)-im ;
+  /mach.sym                               -> $(SEC_READONLY)-im ;
  /mach_kernel                            -> $(SEC_READONLY) ;
  /private/etc                            -> $(SEC_READONLY)-m ;
 #/private/etc/appletalk.cfg              -> $(SEC_READONLY)-im ;
 #/private/etc/appletalk.nvram.en0        -> $(SEC_DYNAMIC) ;
  /private/etc/cups/certs                 -> $(SEC_DYNAMIC) -i(recurse=0) ;
- #/private/etc/smb.conf                   -> $(SEC_READONLY)-im ;
+  /private/etc/smb.conf                   -> $(SEC_READONLY)-im ;
  /Library                                -> $(SEC_READONLY) ;
  /System                                 -> $(SEC_READONLY) ;
@ -183,6 +182,8 @@ SEC_TEMPORARY     = +pugt ;
 )
 {
  /dev                          -> $(SEC_DEVICE)(recurse=0) ;
 #/private/var/cron/tabs/.sock  -> $(SEC_DEVICE) ; 
 }
  ################################################
@ -202,8 +203,8 @@ SEC_TEMPORARY     = +pugt ;
  /usr/lib                      -> $(SEC_READONLY) ;
  /usr/libexec                  -> $(SEC_READONLY) ;
  /usr/sbin                     -> $(SEC_READONLY) ;
-  /usr/X11                      -> $(SEC_READONLY)(recurse=2) ;   # May not be present
+ #/usr/X11R6                    -> $(SEC_READONLY)(recurse=2) ;   # May not be present
- #/usr/X11/man                  -> $(SEC_DYNAMIC)-i(recurse=1) ;  # May not be present
+ #/usr/X11R6/man                -> $(SEC_DYNAMIC)-i(recurse=1) ;  # May not be present
  /usr/share                    -> $(SEC_READONLY) ;
  /usr/share/man                -> $(SEC_DYNAMIC)-i(recurse=1) ;
@ -222,6 +223,12 @@ SEC_TEMPORARY     = +pugt ;
 )
 {
   /Applications                -> $(SEC_READONLY)-im(recurse=2) ;
  "/Applications (Mac OS 9)"    -> $(SEC_READONLY) ;
  !/Applications/Internet/P2P/Downloads ;
  !/Applications/Games/"Warcraft III Folder"/Save ;
 }
  ################################################
@ -236,19 +243,10 @@ SEC_TEMPORARY     = +pugt ;
 )
 {
  /usr/local                    -> $(SEC_READONLY) ;
-  /usr/local/sbin               -> $(SEC_READONLY) ;
+ #/usr/local/bin                -> $(SEC_READONLY) ;
  /usr/local/bin                -> $(SEC_READONLY) ;
  /usr/local/include            -> $(SEC_READONLY) ;
  /usr/local/opt                -> $(SEC_READONLY) ;
  /usr/local/libexec            -> $(SEC_READONLY) ;
  /usr/local/lib                -> $(SEC_READONLY) ;
  /usr/local/etc                -> $(SEC_READONLY) ;
-  /usr/local/share              -> $(SEC_READONLY) ;
+ #/usr/local/sbin               -> $(SEC_READONLY) ;
-  /usr/local/man                -> $(SEC_READONLY) ;
+ #/usr/local/share              -> $(SEC_READONLY) ;
  /usr/local/Frameworks         -> $(SEC_READONLY) ;
  # Homebrew
  /usr/local/.git               -> $(SEC_READONLY) ;
  /usr/local/Cellar             -> $(SEC_READONLY) ;
 }
@ -265,26 +263,24 @@ SEC_TEMPORARY     = +pugt ;
 {
  /private/tmp                                 -> $(SEC_DYNAMIC)-in(recurse=0) ;
  /private/tftpboot                            -> $(SEC_READONLY)-i ;
  /private/var                                 -> $(SEC_READONLY)-i ;
  /private/var/backups                         -> $(SEC_READONLY)-imc(severity=100) ;
 #/private/var/backups/local.nidump            -> $(SEC_DYNAMIC) -i(severity=100) ;
 #/private/var/cron                            -> $(SEC_DYNAMIC) -i ;
  /private/var/db                              -> $(SEC_READONLY)-im ;
  /private/var/db/BootCache.playlist           -> $(SEC_DYNAMIC) -i ;
- #/private/var/db/netinfo/local.nidb/Store.384 -> $(SEC_READONLY)-imc(severity=100) ;
+  /private/var/db/netinfo/local.nidb/Store.384 -> $(SEC_READONLY)-imc(severity=100) ;
 #/private/var/db/netinfo/local.nidb/Store.672 -> $(SEC_READONLY)-imc(severity=100) ;
- #/private/var/db/prebindOnDemandBadFiles      -> $(SEC_DYNAMIC) -i ;
+  /private/var/db/prebindOnDemandBadFiles      -> $(SEC_DYNAMIC) -i ;
  /private/var/log                             -> $(SEC_DYNAMIC) -i ;
 #/private/var/mail                            -> $(SEC_DYNAMIC) ;
  /private/var/msgs/bounds                     -> $(SEC_READONLY)-smbCM ;
  /private/var/root/Library/Caches             -> $(SEC_DYNAMIC) -i ;
  /private/var/run                             -> $(SEC_DYNAMIC) -i(rulename="Running Services") ;
 #/private/var/slp.regfile                     -> $(SEC_READONLY)-im ;
- #/private/var/spool/clientmqueue              -> $(SEC_DYNAMIC)(recurse=0) ;
+  /private/var/spool/clientmqueue              -> $(SEC_DYNAMIC)(recurse=0) ;
  /private/var/spool/mqueue                    -> $(SEC_DYNAMIC)(recurse=0) ;
- #/private/var/spool/lock                      -> $(SEC_DYNAMIC) -i(recurse=1) ;
+  /private/var/spool/lock                      -> $(SEC_DYNAMIC) -i(recurse=1) ;
  /private/var/spool/cups                      -> $(SEC_DYNAMIC) -i(recurse=0) ;
  /private/var/tmp                             -> $(SEC_DYNAMIC) -i(recurse=0) ;
  /private/var/vm                              -> $(SEC_DYNAMIC)(recurse=0) ;
@ -298,19 +294,37 @@ SEC_TEMPORARY     = +pugt ;
 !/private/var/db/dhcpd_leases ;
 !/private/var/db/locate.database ;
 !/private/var/db/SystemEntropyCache ;
 !/private/var/db/mds/messages/se_SecurityMessages ;
 !/private/var/db/samba/secrets.tdb ;
- !/private/var/db/ntp.drift ;
+
 !/private/var/folders ;
 !/private/var/vm/sleepimage ;
 !/private/var/vm/swap0 ;
 !/private/var/vm/swap[1-9][0-9]* ;
 # Sophos
 !/Library/Caches/com.sophos.sau ;
 !/Library/Caches/com.sophos.sxld ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Classic Environment                         # #
 #                                              ##
 ################################################
 (
  rulename = "Classic Environment", severity=100
 )
 {
  /"System Folder"                     -> $(SEC_READONLY) ;
  /"System Folder"/Preferences         -> $(SEC_DYNAMIC)-i(recurse=0) ;
  /"System Folder"/Extensions          -> $(SEC_READONLY)-im ;
  /"System Folder/Apple Menu Items"   -> $(SEC_READONLY)-im(recurse=0) ;
  /"System Folder"/Clipboard           -> $(SEC_DYNAMIC) ;
 !/"System Folder"/VolumeNameIconPict ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
@ -361,3 +375,7 @@ SEC_TEMPORARY     = +pugt ;
 #!"/Users/$(USER1)/.lpoptions" ;
 #!"/Users/$(USER1)/.Trash" ;
 }
 #
 # JTI
 #
--- a/policy/twpol-DragonFly.txt
+++ b/policy/twpol-DragonFly.txt
@ -1,664 +0,0 @@
 #
 #                       Policy file for DragonFly BSD
 #                         (adapted from FreeBSD policy)
 #
 # $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
 # $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
 #
 # This is the example Tripwire Policy file.  It is intended as a place to
 # start creating your own custom Tripwire Policy file.  Referring to it as
 # well as the Tripwire Policy Guide should give you enough information to
 # make a good custom Tripwire Policy file that better covers your
 # configuration and security needs.  A text version of this policy file is
 # called twpol.txt.
 #
 # Note that this file is tuned to an install of FreeBSD using
 # buildworld.  If run unmodified, this file should create no errors on
 # database creation, or violations on a subsiquent integrity check.
 # However it is impossible for there to be one policy file for all machines,
 # so this existing one errs on the side of security.  Your FreeBSD
 # configuration will most likey differ from the one our policy file was
 # tuned to, and will therefore require some editing of the default
 # Tripwire Policy file.
 #
 # The example policy file is best run with 'Loose Directory Checking'
 # enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
 # file.
 #
 # Email support is not included and must be added to this file.
 # Add the 'emailto=' to the rule directive section of each rule (add a comma
 # after the 'severity=' line and add an 'emailto=' and include the email
 # addresses you want the violation reports to go to).  Addresses are
 # semi-colon delimited.
 #
 #
 # Global Variable Definitions
 #
 # These are defined at install time by the installation script.  You may
 # Manually edit these if you are using this file directly and not from the
 # installation script itself.
 #
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
@@section FS
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
 SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
 SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
 SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
 SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
 SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
 SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
 SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
 SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
  severity = $(SIG_HI)
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
  severity = $(SIG_HI)
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_CONFIG) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
  #don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
 }
 # Tripwire HQ Connector Binaries
 #(
 #  rulename = "Tripwire HQ Connector Binaries",
 #  severity = $(SIG_HI)
 #)
 #{
 #  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
 #}
 #
 # Tripwire HQ Connector - Configuration Files, Keys, and Logs
 #
 # Note: File locations here are different than in a stock HQ Connector
 # installation.  This is because Tripwire 2.3 uses a different path
 # structure than Tripwire 2.2.1.
 #
 # You may need to update your HQ Agent configuation file (or this policy
 # file) to correct the paths.  We have attempted to support the FHS standard
 # here by placing the HQ Agent files similarly to the way Tripwire 2.3
 # places them.
 #
 #(
 #  rulename = "Tripwire HQ Connector Data Files",
 #  severity = $(SIG_HI)
 #)
 #{
 #
 # # NOTE: Removing the inode attribute because when Tripwire creates a backup
 # # it does so by renaming the old file and creating a new one (which will
 # # have a new inode number).  Leaving inode turned on for keys, which
 # # shouldn't ever change.
 #
 #
 #  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
 #  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
 #  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
 #  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
 #
 #  # Uncomment if you have agent logging enabled.
 #  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
 #}
 # Commonly accessed directories that should remain static with regards to owner and group
 (
  rulename = "Invariant Directories",
  severity = $(SIG_MED)
 )
 {
  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
 }
 #
 # First, root's "home"
 #
 (
  rulename = "Root's home",
  severity = $(SIG_HI)
 )
 {
  # /.rhosts				-> $(SEC_CRIT) ;
  /.profile				-> $(SEC_CRIT) ;
  /.cshrc				-> $(SEC_CRIT) ;
  /.login				-> $(SEC_CRIT) ;
  # /.exrc				-> $(SEC_CRIT) ;
  # /.logout				-> $(SEC_CRIT) ;
  # /.forward				-> $(SEC_CRIT) ;
  /root					-> $(SEC_CRIT) (recurse = true) ;
  !/root/.history ;
  !/root/.bash_history ;
  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
 }
 #
 # FreeBSD Kernel
 #
 (
  rulename = "FreeBSD Kernel",
  severity = $(SIG_HI)
 )
 {
  /kernel				-> $(SEC_CRIT) ;
  /kernel.old				-> $(SEC_CRIT) ;
  /kernel.GENERIC			-> $(SEC_CRIT) ;
 }
 #
 # FreeBSD Modules
 #
 (
  rulename = "FreeBSD Modules",
  severity = $(SIG_HI)
 )
 {
  /modules				-> $(SEC_CRIT) (recurse = true) ;
  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
 }
 #
 # System Administration Programs
 #
 (
  rulename = "System Administration Programs",
  severity = $(SIG_HI)
 )
 {
  /sbin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # User Utilities
 #
 (
  rulename = "User Utilities",
  severity = $(SIG_HI)
 )
 {
  /bin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # /dev
 #
 (
  rulename = "/dev",
  severity = $(SIG_HI)
 )
 {
  /dev					-> $(Device) (recurse = true) ;
  !/dev/vga ;
  !/dev/dri ;
  /dev/console				-> $(SEC_TTY) ;
  /dev/ttyv0				-> $(SEC_TTY) ;
  /dev/ttyv1				-> $(SEC_TTY) ;
  /dev/ttyv2				-> $(SEC_TTY) ;
  /dev/ttyv3				-> $(SEC_TTY) ;
  /dev/ttyv4				-> $(SEC_TTY) ;
  /dev/ttyv5				-> $(SEC_TTY) ;
  /dev/ttyv6				-> $(SEC_TTY) ;
  /dev/ttyv7				-> $(SEC_TTY) ;
  /dev/ttyp0				-> $(SEC_TTY) ;
  /dev/ttyp1				-> $(SEC_TTY) ;
  /dev/ttyp2				-> $(SEC_TTY) ;
  /dev/ttyp3				-> $(SEC_TTY) ;
  /dev/ttyp4				-> $(SEC_TTY) ;
  /dev/ttyp5				-> $(SEC_TTY) ;
  /dev/ttyp6				-> $(SEC_TTY) ;
  /dev/ttyp7				-> $(SEC_TTY) ;
  /dev/ttyp8				-> $(SEC_TTY) ;
  /dev/ttyp9				-> $(SEC_TTY) ;
  /dev/ttypa				-> $(SEC_TTY) ;
  /dev/ttypb				-> $(SEC_TTY) ;
  /dev/ttypc				-> $(SEC_TTY) ;
  /dev/ttypd				-> $(SEC_TTY) ;
  /dev/ttype				-> $(SEC_TTY) ;
  /dev/ttypf				-> $(SEC_TTY) ;
  /dev/ttypg				-> $(SEC_TTY) ;
  /dev/ttyph				-> $(SEC_TTY) ;
  /dev/ttypi				-> $(SEC_TTY) ;
  /dev/ttypj				-> $(SEC_TTY) ;
  /dev/ttypl				-> $(SEC_TTY) ;
  /dev/ttypm				-> $(SEC_TTY) ;
  /dev/ttypn				-> $(SEC_TTY) ;
  /dev/ttypo				-> $(SEC_TTY) ;
  /dev/ttypp				-> $(SEC_TTY) ;
  /dev/ttypq				-> $(SEC_TTY) ;
  /dev/ttypr				-> $(SEC_TTY) ;
  /dev/ttyps				-> $(SEC_TTY) ;
  /dev/ttypt				-> $(SEC_TTY) ;
  /dev/ttypu				-> $(SEC_TTY) ;
  /dev/ttypv				-> $(SEC_TTY) ;
  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
 }
 #
 # /etc
 #
 (
  rulename = "/etc",
  severity = $(SIG_HI)
 )
 {
  /etc					-> $(SEC_CRIT) (recurse = true) ;
  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
  /etc/dumpdates			-> $(SEC_CONFIG) ;
  /etc/motd				-> $(SEC_CONFIG) ;
  !/etc/ppp/connect-errors ;
  /etc/skeykeys				-> $(SEC_CONFIG) ;
  # Uncomment the following 4 lines if your password file does not change
  # /etc/passwd				-> $(SEC_CONFIG) ;
  # /etc/master.passwd			-> $(SEC_CONFIG) ;
  # /etc/pwd.db				-> $(SEC_CONFIG) ;
  # /etc/spwd.db			-> $(SEC_CONFIG) ;
 }
 #
 # Copatibility (Linux)
 #
 (
  rulename = "Linux Compatibility",
  severity = $(SIG_HI)
 )
 {
  /compat				-> $(SEC_CRIT) (recurse = true) ;
 #
 # Uncomment the following if Linux compatibility is used.  Replace
 # HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
 # installed.
 #
 #@@ifhost HOSTNAME1 || HOSTNAME2
 #  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
 #  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
 #  !/compat/linux/etc/ld.so.cache ;
 #  !/compat/linux/var/spool/mail ;
 #@@endif
 }
 #
 # Libraries, include files, and other system files
 #
 (
  rulename = "Libraries, include files, and other system files",
  severity = $(SIG_HI)
 )
 {
  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man			-> $(SEC_CONFIG) ;
  !/usr/share/man/whatis ;
  !/usr/share/man/.glimpse_filenames ;
  !/usr/share/man/.glimpse_filenames_index ;
  !/usr/share/man/.glimpse_filetimes ;
  !/usr/share/man/.glimpse_filters ;
  !/usr/share/man/.glimpse_index ;
  !/usr/share/man/.glimpse_messages ;
  !/usr/share/man/.glimpse_partitions ;
  !/usr/share/man/.glimpse_statistics ;
  !/usr/share/man/.glimpse_turbo ;
  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/man/cat1 ;
  ! /usr/share/man/cat2 ;
  ! /usr/share/man/cat3 ;
  ! /usr/share/man/cat4 ;
  ! /usr/share/man/cat5 ;
  ! /usr/share/man/cat6 ;
  ! /usr/share/man/cat7 ;
  ! /usr/share/man/cat8 ;
  ! /usr/share/man/cat9 ;
  ! /usr/share/man/catl ;
  ! /usr/share/man/catn ;
  /usr/share/perl/man			-> $(SEC_CONFIG) ;
  !/usr/share/perl/man/whatis ;
  !/usr/share/perl/man/.glimpse_filenames ;
  !/usr/share/perl/man/.glimpse_filenames_index ;
  !/usr/share/perl/man/.glimpse_filetimes ;
  !/usr/share/perl/man/.glimpse_filters ;
  !/usr/share/perl/man/.glimpse_index ;
  !/usr/share/perl/man/.glimpse_messages ;
  !/usr/share/perl/man/.glimpse_partitions ;
  !/usr/share/perl/man/.glimpse_statistics ;
  !/usr/share/perl/man/.glimpse_turbo ;
  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/perl/man/cat3 ;
  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
  ! /usr/local/lib/perl5/5.00503/man/whatis ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
 }
 #
 # X11R6
 #
 (
  rulename = "X11R6",
  severity = $(SIG_HI)
 )
 {
  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
  /usr/X11R6/man			-> $(SEC_CONFIG) ;
  !/usr/X11R6/man/whatis ;
  !/usr/X11R6/man/.glimpse_filenames ;
  !/usr/X11R6/man/.glimpse_filenames_index ;
  !/usr/X11R6/man/.glimpse_filetimes ;
  !/usr/X11R6/man/.glimpse_filters ;
  !/usr/X11R6/man/.glimpse_index ;
  !/usr/X11R6/man/.glimpse_messages ;
  !/usr/X11R6/man/.glimpse_partitions ;
  !/usr/X11R6/man/.glimpse_statistics ;
  !/usr/X11R6/man/.glimpse_turbo ;
  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/X11R6/man/cat1 ;
  ! /usr/X11R6/man/cat2 ;
  ! /usr/X11R6/man/cat3 ;
  ! /usr/X11R6/man/cat4 ;
  ! /usr/X11R6/man/cat5 ;
  ! /usr/X11R6/man/cat6 ;
  ! /usr/X11R6/man/cat7 ;
  ! /usr/X11R6/man/cat8 ;
  ! /usr/X11R6/man/cat9 ;
  ! /usr/X11R6/man/catl ;
  ! /usr/X11R6/man/catn ;
 }
 #
 # sources
 #
 (
  rulename = "Sources",
  severity = $(SIG_HI)
 )
 {
  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
 }
 #
 # NIS
 #
 (
  rulename = "NIS",
  severity = $(SIG_HI)
 )
 {
  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
  !/var/yp/binding ;
 }
 #
 # Temporary directories
 #
 (
  rulename = "Temporary directories",
  recurse = false,
  severity = $(SIG_LOW)
 )
 {
  /usr/tmp                             -> $(SEC_INVARIANT) ;
  /var/tmp                             -> $(SEC_INVARIANT) ;
  /var/preserve                        -> $(SEC_INVARIANT) ;
  /tmp                                 -> $(SEC_INVARIANT) ;
 }
 #
 # Local files
 #
 (
  rulename = "Local files",
  severity = $(SIG_MED)
 )
 {
  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/man			-> $(SEC_CONFIG) ;
  !/usr/local/man/whatis ;
  !/usr/local/man/.glimpse_filenames ;
  !/usr/local/man/.glimpse_filenames_index ;
  !/usr/local/man/.glimpse_filetimes ;
  !/usr/local/man/.glimpse_filters ;
  !/usr/local/man/.glimpse_index ;
  !/usr/local/man/.glimpse_messages ;
  !/usr/local/man/.glimpse_partitions ;
  !/usr/local/man/.glimpse_statistics ;
  !/usr/local/man/.glimpse_turbo ;
  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/man/cat1 ;
  ! /usr/local/man/cat2 ;
  ! /usr/local/man/cat3 ;
  ! /usr/local/man/cat4 ;
  ! /usr/local/man/cat5 ;
  ! /usr/local/man/cat6 ;
  ! /usr/local/man/cat7 ;
  ! /usr/local/man/cat8 ;
  ! /usr/local/man/cat9 ;
  ! /usr/local/man/catl ;
  ! /usr/local/man/catn ;
  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
  !/usr/local/krb5/man/whatis ;
  !/usr/local/krb5/man/.glimpse_filenames ;
  !/usr/local/krb5/man/.glimpse_filenames_index ;
  !/usr/local/krb5/man/.glimpse_filetimes ;
  !/usr/local/krb5/man/.glimpse_filters ;
  !/usr/local/krb5/man/.glimpse_index ;
  !/usr/local/krb5/man/.glimpse_messages ;
  !/usr/local/krb5/man/.glimpse_partitions ;
  !/usr/local/krb5/man/.glimpse_statistics ;
  !/usr/local/krb5/man/.glimpse_turbo ;
  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/krb5/man/cat1 ;
  ! /usr/local/krb5/man/cat2 ;
  ! /usr/local/krb5/man/cat3 ;
  ! /usr/local/krb5/man/cat4 ;
  ! /usr/local/krb5/man/cat5 ;
  ! /usr/local/krb5/man/cat6 ;
  ! /usr/local/krb5/man/cat7 ;
  ! /usr/local/krb5/man/cat8 ;
  ! /usr/local/krb5/man/cat9 ;
  ! /usr/local/krb5/man/catl ;
  ! /usr/local/krb5/man/catn ;
  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
 }
 (
  rulename = "Security Control",
  severity = $(SIG_HI)
 )
 {
  /etc/group                           -> $(SEC_CRIT) ;
  /etc/crontab                         -> $(SEC_CRIT) ;
 }
 #=============================================================================
 #
 # Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # FreeBSD is a registered trademark of the FreeBSD Project Inc.
 #
 # UNIX is a registered trademark of The Open Group.
 #
 #=============================================================================
 #
 # Permission is granted to make and distribute verbatim copies of this document
 # provided the copyright notice and this permission notice are preserved on all
 # copies.
 #
 # Permission is granted to copy and distribute modified versions of this
 # document under the conditions for verbatim copying, provided that the entire
 # resulting derived work is distributed under the terms of a permission notice
 # identical to this one.
 #
 # Permission is granted to copy and distribute translations of this document
 # into another language, under the above conditions for modified versions,
 # except that this permission notice may be stated in a translation approved by
 # Tripwire, Inc.
 #
 # DCM
--- a/policy/twpol-FreeBSD.txt
+++ b/policy/twpol-FreeBSD.txt
@ -53,21 +53,13 @@ TWREPORT=;
 HOSTNAME=;
@@section FS
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
-SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_TTY    = $(Dynamic)-ugp ;        # Tty files that change ownership at login
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
-SEC_TEMPORARY     = +pugt ;
+SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
 SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
 SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
 SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
 SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
 SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
 SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
 SIG_LOW       = 33 ;                 # Non-critical files that are of minimal security impact
 SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
@ -637,7 +629,7 @@ SIG_HI        = 100 ;                    # Critical files that are significant p
 #=============================================================================
 #
-# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # FreeBSD is a registered trademark of the FreeBSD Project Inc.
--- a/policy/twpol-GENERIC.txt
+++ b/policy/twpol-GENERIC.txt
@ -65,21 +65,12 @@ TWREPORT=;
 HOSTNAME=;
@@section FS
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
-SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
 SEC_TEMPORARY     = +pugt ;
 SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
 SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
 SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
 SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
 SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
 SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
 SIG_LOW       = 33 ;                 # Non-critical files that are of minimal security impact
 SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
@ -123,6 +114,56 @@ SIG_HI        = 100 ;                    # Critical files that are significant p
 }
 # Tripwire HQ Connector Binaries
 #(
 #  rulename = "Tripwire HQ Connector Binaries",
 #  severity = $(SIG_HI)
 #)
 #{
 #  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
 #}
 #
 # Tripwire HQ Connector - Configuration Files, Keys, and Logs
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 # Note: File locations here are different than in a stock HQ Connector       # #
 # installation.  This is because Tripwire 2.3 uses a different path          # #
 # structure than Tripwire 2.2.1.                                             # #
 #                                                                            # #
 # You may need to update your HQ Agent configuation file (or this policy     # #
 # file) to correct the paths.  We have attempted to support the FHS standard # #
 # here by placing the HQ Agent files similarly to the way Tripwire 2.3       # #
 # places them.                                                               # #
 #                                                                            ##
 ##############################################################################
 #(
 #  rulename = "Tripwire HQ Connector Data Files",
 #  severity = $(SIG_HI)
 #)
 #{
 #   #############################################################################
 #  ##############################################################################
 #  # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
 #  # it does so by renaming the old file and creating a new one (which will    ##
 #  # have a new inode number).  Leaving inode turned on for keys, which        ##
 #  # shouldn't ever change.                                                    ##
 #  #############################################################################
 #
 #  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
 #  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
 #  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
 #  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
 #
 #  # Uncomment if you have agent logging enabled.
 #  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
 #}
 # Commonly accessed directories that should remain static with regards to owner and group
 (
  rulename = "Invariant Directories",
@ -1037,7 +1078,7 @@ SIG_HI        = 100 ;                    # Critical files that are significant p
 #=============================================================================
 #
-# Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # Linux is a registered trademark of Linus Torvalds.
--- a/policy/twpol-GNU.txt
+++ b/policy/twpol-GNU.txt
@ -1,159 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for GNU/Hurd                           ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 (rulename="Boot files",)
 {
  /boot -> $(SEC_READONLY) -a;
 }
 (rulename="Binary files",)
 {
  /bin -> $(SEC_READONLY) -a;
  /usr/bin -> $(SEC_READONLY) -a;
  /usr/local/bin -> $(SEC_READONLY) -a;
 }
 (rulename="Admin binaries",)
 {
  /servers -> $(SEC_READONLY) -a;
  /sbin -> $(SEC_READONLY) -a;
  /usr/sbin -> $(SEC_READONLY) -a;
  /hurd -> $(SEC_READONLY) -a;
 }
 (rulename="Libraries",)
 {
  /lib -> $(SEC_READONLY) -a;
  /usr/lib -> $(SEC_READONLY) -a;
  /usr/local/lib -> $(SEC_READONLY) -a;
 }
 (rulename="Etc",)
 {
  /etc -> $(SEC_READONLY) -a;
  /usr/local/etc -> $(SEC_READONLY) -a;
 }
 (rulename="Dev",)
 {
  /dev -> $(SEC_DEVICE);
 }
 (rulename="Tmp",)
 {
  /tmp -> $(SEC_TEMPORARY);
  /var/tmp -> $(SEC_TEMPORARY);
 }
 (rulename="Log",)
 {
  /var/log -> $(SEC_GROWING);
 }
--- a/policy/twpol-HP-UX.txt
+++ b/policy/twpol-HP-UX.txt
--- a/policy/twpol-Haiku.txt
+++ b/policy/twpol-Haiku.txt
@ -1,178 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for Haiku                              ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 ### System dir ###############################################################
 #
 (rulename = "System Directory",)
 {
   /boot/system -> $(SEC_READONLY) -a;
 }
 ### Other bin dirs ############################################################
 #
 (rulename = "Binary Directories",)
 {
  /boot/home/config/bin -> $(SEC_READONLY) -a;
  /boot/common/bin -> $(SEC_READONLY) -a;
  /boot/apps -> $(SEC_READONLY) -a;
 # /boot/develop/tools/gnupro/bin -> $(SEC_READONLY) -a; #uncomment to monitor dev tools if present
 }
 ### Other lib dirs ############################################################
 #
 (rulename = "Library Directories",)
 {
  /boot/common/lib -> $(SEC_READONLY) -a;
  /boot/home/config/lib -> $(SEC_READONLY) -a;
 }
 ### Other boot dirs ###########################################################
 #
 (rulename = "Boot Directories",)
 {
  /boot/common/boot -> $(SEC_READONLY) -a;
  /boot/home/config/boot -> $(SEC_READONLY) -a;
 }
 ### Settings ##################################################################
 #
 (rulename = "Settings",)
 {
  /boot/common/settings -> $(SEC_READONLY) -a;
  /boot/common/data -> $(SEC_READONLY) -a;
  /boot/common/etc -> $(SEC_READONLY) -a;
  /boot/home/config/settings -> $(SEC_READONLY) -a;
 }
 # Logs ########################################################################
 #
 (rulename = "Logs",)
 {
  /boot/common/var/log -> $(SEC_GROWING) -a;
 }
 # Dev #########################################################################
 #
 (rulename = "Devices",)
 {
  /dev -> $(SEC_DEVICE) -a;
 }
 # Temp dirs #########################
 #
 (rulename = "Temp Directories",)
 {
  /boot/common/cache/tmp -> $(SEC_TEMPORARY) -a;
 }
--- a/policy/twpol-LibertyBSD.txt
+++ b/policy/twpol-LibertyBSD.txt
@ -1,292 +0,0 @@
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 #                     Tripwire 2.4 policy for LibertyBSD                     # #
 #                            updated March 2018                              # #
 #                                                                            ##
 ##############################################################################
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 # Global Variable Definitions                                                # #
 #                                                                            # #
 # These are defined at install time by the installation script.  You may     # #
 # manually edit these if you are using this file directly and not from the   # #
 # installation script itself.                                                # #
 #                                                                            ##
 ##############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
  ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
@@section FS 
  ########################################
 #                                      ##
 ######################################## #
 #                                      # #
 #  Tripwire Binaries and Data Files    # #
 #                                      ##
 ########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
  # scanned using the real directory or mount point.  Otherwise we see
  # duplicates in the reports.
  !/home/local ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Boot and Configuration Files             # #
 #                                              ##
 ################################################
 (
  rulename = "OS Boot and Configuration Files",
 )
 {
  /boot                         -> $(SEC_READONLY) ;
  /bsd                          -> $(SEC_READONLY) ;
  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Mount Points                                   # #
 #                                                 ##
 ###################################################
 (
  rulename = "Mount Points",
 )
 {
  /                             -> $(SEC_READONLY) ;
  /cdrom                        -> $(SEC_DYNAMIC) ;
  /floppy                       -> $(SEC_DYNAMIC) ;
  /home                         -> $(SEC_READONLY) ;  # Modify as needed
  /mnt                          -> $(SEC_DYNAMIC) ;
  /usr                          -> $(SEC_READONLY) ;
  /var                          -> $(SEC_READONLY) ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Misc Top-Level Directories                     # #
 #                                                 ##
 ###################################################
 (
  rulename = "Misc Top-Level Directories",
 )
 {
  /altroot                      -> $(SEC_DYNAMIC) ;
  /stand                        -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #   System Devices                             # #
 #                                              ##
 ################################################
 (
  rulename = "System Devices",
 )
 {
  /dev                          -> $(SEC_DEVICE) ;
  /dev/fd                       -> $(SEC_DEVICE) ;
  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Binaries and Libraries                   # #   
 #                                              ##
 ################################################
 (
  rulename = "OS Binaries and Libraries",
 )
 {
  /bin                          -> $(SEC_READONLY) ;
  /sbin                         -> $(SEC_READONLY) ;
  /usr/bin                      -> $(SEC_READONLY) ;
  /usr/lib                      -> $(SEC_READONLY) ;
  /usr/libexec                  -> $(SEC_READONLY) ;
  /usr/sbin                     -> $(SEC_READONLY) ;
  /usr/X11R6/bin                -> $(SEC_READONLY) ;
  /usr/X11R6/lib                -> $(SEC_READONLY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Usr Local Files                             # #   
 #                                              ##
 ################################################
 #OK(
  #OKrulename = "Usr Local Files",
 #OK)
 #OK{
  #OK/usr/local                    -> $(SEC_READONLY) ;
  #OK/usr/local/bin                -> $(SEC_READONLY) ;
  #OK/usr/local/doc                -> $(SEC_READONLY) ;
  #OK/usr/local/etc                -> $(SEC_READONLY) ;
  #OK/usr/local/include            -> $(SEC_READONLY) ;
  #OK/usr/local/info               -> $(SEC_READONLY) ;
  #OK/usr/local/lib                -> $(SEC_READONLY) ;
  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
  #OK/usr/local/man                -> $(SEC_READONLY) ;
  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
  #OK/usr/local/share              -> $(SEC_READONLY) ;
  #OK/usr/local/src                -> $(SEC_READONLY) ;
 #OK}
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Root Directory and Files                    # #
 #                                              ##
 ################################################
 (
  rulename = "Root Directory and Files",
 )
 {
  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
  /root/.profile                 -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Temporary Directories                       # #
 #                                              ##
 ################################################
 (
  rulename = "Temporary Directories",
 )
 {
  /tmp                          -> $(SEC_TEMPORARY) ;
  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  System and Boot Changes                     # #
 #                                              ##
 ################################################
 (
  rulename = "System and Boot Changes",
 )
 {
  /var/backups                    -> $(SEC_DYNAMIC) -i ;
  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
  /var/cron                       -> $(SEC_GROWING) -i ;
  /var/log                        -> $(SEC_GROWING) -i ;
  /var/run                        -> $(SEC_DYNAMIC) -i ;
  /var/mail                       -> $(SEC_GROWING) ;
  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
 }
 #
 # $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
 #
--- a/policy/twpol-Linux.txt
+++ b/policy/twpol-Linux.txt
@ -2,8 +2,7 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                    Tripwire 2.4 policy for Linux (RPM)                     # #
+#                    Policy file for Red Hat Linux                           # #
 #                             updated March 2018                             # #
 #                                                                            ##
 ##############################################################################
@ -60,13 +59,13 @@ HOSTNAME=;
 #
 ##############################################################################
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+Device        = +pugsdr-intlbamcCMSH ;
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+Dynamic       = +pinugtd-srlbamcCMSH ;
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+Growing       = +pinugtdl-srbamcCMSH ;
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+IgnoreAll     = -pinugtsdrlbamcCMSH ;
-SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
+IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+ReadOnly      = +pinugtsdbmCM-rlacSH ;
-SEC_TEMPORARY       = +pugt ;
+Temporary     = +pugt ;
@@section FS 
@ -83,10 +82,10 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(ReadOnly) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -103,14 +102,14 @@ SEC_TEMPORARY       = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
-  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
  # don't scan the individual reports
-  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
 }
  ################################################
@ -124,10 +123,10 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "RPM Checksum Files",
 )
 {
-  /var/lib/rpm                  -> $(SEC_READONLY);
+  /var/lib/rpm                  -> $(ReadOnly);
-  /var/lib/rpm/__db.001         -> $(SEC_DYNAMIC) ;
+  /var/lib/rpm/__db.001         -> $(Dynamic) ;
-  /var/lib/rpm/__db.002         -> $(SEC_DYNAMIC) ;
+  /var/lib/rpm/__db.002         -> $(Dynamic) ;
-  /var/lib/rpm/__db.003         -> $(SEC_DYNAMIC) ;
+  /var/lib/rpm/__db.003         -> $(Dynamic) ;
 }
  ################################################
@ -141,18 +140,18 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "Global Configuration Files",
 )
 {
-  /etc                           -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc                           -> $(IgnoreNone) -SHa ;
-  /etc/adjtime                   -> $(SEC_DYNAMIC) ;
+  /etc/adjtime                   -> $(Dynamic) ;
-  /etc/aliases.db                -> $(SEC_DYNAMIC) ;
+  /etc/aliases.db                -> $(Dynamic) ;
-  /etc/bashrc                    -> $(SEC_DYNAMIC) ;
+  /etc/bashrc                    -> $(Dynamic) ;
-  /etc/csh.cshrc                 -> $(SEC_DYNAMIC) ;
+  /etc/csh.cshrc                 -> $(Dynamic) ;
-  /etc/csh.login                 -> $(SEC_DYNAMIC) ;
+  /etc/csh.login                 -> $(Dynamic) ;
-  /etc/mail/statistics           -> $(SEC_GROWING) ;
+  /etc/mail/statistics           -> $(Growing) ;
-  /etc/profile                   -> $(SEC_DYNAMIC) -i ;
+  /etc/profile                   -> $(Dynamic) -i ;
-  /etc/mtab                      -> $(SEC_DYNAMIC) -i ;
+  /etc/mtab                      -> $(Dynamic) -i ;
-  /etc/rc.d                      -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc/rc.d                      -> $(IgnoreNone) -SHa ;
-  /etc/sysconfig                 -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc/sysconfig                 -> $(IgnoreNone) -SHa ;
-  /etc/sysconfig/hwconf          -> $(SEC_DYNAMIC) -m ;
+  /etc/sysconfig/hwconf          -> $(Dynamic) -m ;
 }
  ################################################
@ -166,10 +165,10 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "OS Boot Files and Mount Points",
 )
 {
-  /boot                         -> $(SEC_READONLY) ;
+  /boot                         -> $(ReadOnly) ;
-  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /cdrom                        -> $(Dynamic) ;
-  /floppy                       -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(Dynamic) ;
-  /mnt                          -> $(SEC_DYNAMIC) ;
+  /mnt                          -> $(Dynamic) ;
 }
  ################################################
@ -183,12 +182,12 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "OS Devices and Misc Directories",
 )
 {
-  /dev                          -> $(SEC_DEVICE) ;
+  /dev                          -> $(Device) ;
-  /initrd                       -> $(SEC_DYNAMIC) ;
+  /initrd                       -> $(Dynamic) ;
-  /opt                          -> $(SEC_DYNAMIC) ;
+  /opt                          -> $(Dynamic) ;
-  /lost+found                   -> $(SEC_DYNAMIC) ;
+  /lost+found                   -> $(Dynamic) ;
-  /var/lost+found               -> $(SEC_DYNAMIC) ;
+  /var/lost+found               -> $(Dynamic) ;
-  /home/lost+found              -> $(SEC_DYNAMIC) ;
+  /home/lost+found              -> $(Dynamic) ;
  !/dev/pts ;			 # Ignore this file
  !/dev/shm ;			 # Ignore this file
 }
@ -204,14 +203,14 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /bin                          -> $(SEC_READONLY) ;
+  /bin                          -> $(ReadOnly) ;
-  /lib                          -> $(SEC_READONLY) ;
+  /lib                          -> $(ReadOnly) ;
-  /sbin                         -> $(SEC_READONLY) ;
+  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(ReadOnly) ;
-  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(ReadOnly) ;
-  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/X11R6/lib                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(ReadOnly) ;
 }
  ################################################
 #                                              ##
@ -225,19 +224,19 @@ SEC_TEMPORARY       = +pugt ;
 )
 {
  !/home/local;
-  /usr/local                    -> $(SEC_READONLY) ;
+  /usr/local                    -> $(ReadOnly) ;
-  /usr/local/bin                -> $(SEC_READONLY) ;
+  /usr/local/bin                -> $(ReadOnly) ;
-  /usr/local/doc                -> $(SEC_READONLY) ;
+  /usr/local/doc                -> $(ReadOnly) ;
-  /usr/local/etc                -> $(SEC_READONLY) ;
+  /usr/local/etc                -> $(ReadOnly) ;
-  /usr/local/games              -> $(SEC_READONLY) ;
+  /usr/local/games              -> $(ReadOnly) ;
-  /usr/local/include            -> $(SEC_READONLY) ;
+  /usr/local/include            -> $(ReadOnly) ;
-  /usr/local/lib                -> $(SEC_READONLY) ;
+  /usr/local/lib                -> $(ReadOnly) ;
-  /usr/local/libexec            -> $(SEC_READONLY) ;
+  /usr/local/libexec            -> $(ReadOnly) ;
-  /usr/local/man                -> $(SEC_READONLY) ;
+  /usr/local/man                -> $(ReadOnly) ;
-  /usr/local/sbin               -> $(SEC_READONLY) ;
+  /usr/local/sbin               -> $(ReadOnly) ;
-  /usr/local/share              -> $(SEC_READONLY) ;
+  /usr/local/share              -> $(ReadOnly) ;
-  /usr/local/src                -> $(SEC_READONLY) ;
+  /usr/local/src                -> $(ReadOnly) ;
-  /usr/local/sysinfo            -> $(SEC_READONLY) ;
+  /usr/local/sysinfo            -> $(ReadOnly) ;
 }
  ################################################
@ -251,29 +250,29 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  /root                         -> $(SEC_IGNORE_NONE) -SHa ;
+  /root                         -> $(IgnoreNone) -SHa ;
-  /root/.bashrc                 -> $(SEC_DYNAMIC) ;
+  /root/.bashrc                 -> $(Dynamic) ;
-  /root/.bash_history           -> $(SEC_DYNAMIC) ;
+  /root/.bash_history           -> $(Dynamic) ;
-  #/root/.bash_logout            -> $(SEC_DYNAMIC) ;
+  #/root/.bash_logout            -> $(Dynamic) ;
-  /root/.bash_profile           -> $(SEC_DYNAMIC) ;
+  /root/.bash_profile           -> $(Dynamic) ;
-  /root/.cshrc                  -> $(SEC_DYNAMIC) ;
+  /root/.cshrc                  -> $(Dynamic) ;
-  #/root/.enlightenment          -> $(SEC_DYNAMIC) ;
+  #/root/.enlightenment          -> $(Dynamic) ;
-  #/root/.esd-auth               -> $(SEC_DYNAMIC) ;
+  #/root/.esd-auth               -> $(Dynamic) ;
  !/root/.gconf ;
  !/root/.gconfd ;
-  #/root/.gnome                  -> $(SEC_DYNAMIC) ;
+  #/root/.gnome                  -> $(Dynamic) ;
-  #/root/.gnome-desktop          -> $(SEC_DYNAMIC) ;
+  #/root/.gnome-desktop          -> $(Dynamic) ;
-  #/root/.gnome2                 -> $(SEC_DYNAMIC) ;
+  #/root/.gnome2                 -> $(Dynamic) ;
-  #/root/.gtkrc                  -> $(SEC_DYNAMIC) ;
+  #/root/.gtkrc                  -> $(Dynamic) ;
-  #/root/.gtkrc-1.2-gnome2       -> $(SEC_DYNAMIC) ;
+  #/root/.gtkrc-1.2-gnome2       -> $(Dynamic) ;
-  #/root/.metacity               -> $(SEC_DYNAMIC) ;
+  #/root/.metacity               -> $(Dynamic) ;
-  #/root/.nautilus               -> $(SEC_DYNAMIC) ;
+  #/root/.nautilus               -> $(Dynamic) ;
-  #/root/.rhn-applet.conf        -> $(SEC_DYNAMIC) ;
+  #/root/.rhn-applet.conf        -> $(Dynamic) ;
-  #/root/.tcshrc                 -> $(SEC_DYNAMIC) ;
+  #/root/.tcshrc                 -> $(Dynamic) ;
-  #/root/.xauth                  -> $(SEC_DYNAMIC) ;
+  #/root/.xauth                  -> $(Dynamic) ;
-  #/root/.ICEauthority           -> $(SEC_DYNAMIC) ;
+  #/root/.ICEauthority           -> $(Dynamic) ;
-  #/root/.Xauthority             -> $(SEC_DYNAMIC) -i ;
+  #/root/.Xauthority             -> $(Dynamic) -i ;
-  #/root/.Xresources             -> $(SEC_DYNAMIC) ;
+  #/root/.Xresources             -> $(Dynamic) ;
 }
  ################################################
@ -287,12 +286,12 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /usr/tmp                      -> $(SEC_TEMPORARY) ;
+  /usr/tmp                      -> $(Temporary) ;
-  /var/tmp                      -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(Temporary) ;
-  /tmp                          -> $(SEC_TEMPORARY) ;
+  /tmp                          -> $(Temporary) ;
-  #/tmp/.fam-socket              -> $(SEC_TEMPORARY) ;
+  #/tmp/.fam-socket              -> $(Temporary) ;
-  #/tmp/.ICE-unix                -> $(SEC_TEMPORARY) ;
+  #/tmp/.ICE-unix                -> $(Temporary) ;
-  #/tmp/.X11-unix                -> $(SEC_TEMPORARY) ;
+  #/tmp/.X11-unix                -> $(Temporary) ;
  !/tmp/orbit-root ;
 }
@ -307,21 +306,21 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "System Boot Changes",
 )
 {
-  /.autofsck                    -> $(SEC_DYNAMIC) -m ;
+  /.autofsck                    -> $(Dynamic) -m ;
-  /var/cache/man/whatis         -> $(SEC_GROWING) ;
+  /var/cache/man/whatis         -> $(Growing) ;
-  /var/lib/logrotate.status     -> $(SEC_GROWING) ;
+  /var/lib/logrotate.status     -> $(Growing) ;
-  #/var/lib/nfs/statd            -> $(SEC_GROWING) ;
+  #/var/lib/nfs/statd            -> $(Growing) ;
  !/var/lib/random-seed ;
-  #/var/lib/slocate/slocate.db    -> $(SEC_GROWING) -is ;
+  #/var/lib/slocate/slocate.db    -> $(Growing) -is ;
-  /var/lock/subsys                -> $(SEC_DYNAMIC) -i ;
+  /var/lock/subsys                -> $(Dynamic) -i ;
-  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(Growing) -i ;
  !/var/log/sa;
  !/var/log/cisco;
-  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/run                        -> $(Dynamic) -i ;
-  /etc/cron.daily                 -> $(SEC_GROWING);
+  /etc/cron.daily                 -> $(Growing);
-  /etc/cron.weekly                -> $(SEC_GROWING);
+  /etc/cron.weekly                -> $(Growing);
-  /etc/cron.monthly               -> $(SEC_GROWING);
+  /etc/cron.monthly               -> $(Growing);
-  /var/spool/mail                 -> $(SEC_GROWING);
+  /var/spool/mail                 -> $(Growing);
 }
  ################################################
@ -335,10 +334,10 @@ SEC_TEMPORARY       = +pugt ;
  rulename = "Monitor Filesystems",
 )
 {
-  /                             -> $(SEC_READONLY) ;
+  /                             -> $(ReadOnly) ;
-  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /home                         -> $(ReadOnly) ;  # Modify as needed
-  /usr                          -> $(SEC_READONLY) ;
+  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(SEC_READONLY) ;
+  /var                          -> $(ReadOnly) ;
 }
  ################################################
--- a/policy/twpol-MidnightBSD.txt
+++ b/policy/twpol-MidnightBSD.txt
@ -1,664 +0,0 @@
 #
 #                       Policy file for MidnightBSD
 #                         (adapted from FreeBSD policy)
 #
 # $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
 # $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
 #
 # This is the example Tripwire Policy file.  It is intended as a place to
 # start creating your own custom Tripwire Policy file.  Referring to it as
 # well as the Tripwire Policy Guide should give you enough information to
 # make a good custom Tripwire Policy file that better covers your
 # configuration and security needs.  A text version of this policy file is
 # called twpol.txt.
 #
 # Note that this file is tuned to an install of FreeBSD using
 # buildworld.  If run unmodified, this file should create no errors on
 # database creation, or violations on a subsiquent integrity check.
 # However it is impossible for there to be one policy file for all machines,
 # so this existing one errs on the side of security.  Your FreeBSD
 # configuration will most likey differ from the one our policy file was
 # tuned to, and will therefore require some editing of the default
 # Tripwire Policy file.
 #
 # The example policy file is best run with 'Loose Directory Checking'
 # enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
 # file.
 #
 # Email support is not included and must be added to this file.
 # Add the 'emailto=' to the rule directive section of each rule (add a comma
 # after the 'severity=' line and add an 'emailto=' and include the email
 # addresses you want the violation reports to go to).  Addresses are
 # semi-colon delimited.
 #
 #
 # Global Variable Definitions
 #
 # These are defined at install time by the installation script.  You may
 # Manually edit these if you are using this file directly and not from the
 # installation script itself.
 #
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
@@section FS
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
 SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
 SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
 SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
 SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
 SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
 SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
 SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
 SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
  severity = $(SIG_HI)
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
  severity = $(SIG_HI)
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_CONFIG) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
  #don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
 }
 # Tripwire HQ Connector Binaries
 #(
 #  rulename = "Tripwire HQ Connector Binaries",
 #  severity = $(SIG_HI)
 #)
 #{
 #  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
 #}
 #
 # Tripwire HQ Connector - Configuration Files, Keys, and Logs
 #
 # Note: File locations here are different than in a stock HQ Connector
 # installation.  This is because Tripwire 2.3 uses a different path
 # structure than Tripwire 2.2.1.
 #
 # You may need to update your HQ Agent configuation file (or this policy
 # file) to correct the paths.  We have attempted to support the FHS standard
 # here by placing the HQ Agent files similarly to the way Tripwire 2.3
 # places them.
 #
 #(
 #  rulename = "Tripwire HQ Connector Data Files",
 #  severity = $(SIG_HI)
 #)
 #{
 #
 # # NOTE: Removing the inode attribute because when Tripwire creates a backup
 # # it does so by renaming the old file and creating a new one (which will
 # # have a new inode number).  Leaving inode turned on for keys, which
 # # shouldn't ever change.
 #
 #
 #  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
 #  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
 #  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
 #  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
 #
 #  # Uncomment if you have agent logging enabled.
 #  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
 #}
 # Commonly accessed directories that should remain static with regards to owner and group
 (
  rulename = "Invariant Directories",
  severity = $(SIG_MED)
 )
 {
  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
 }
 #
 # First, root's "home"
 #
 (
  rulename = "Root's home",
  severity = $(SIG_HI)
 )
 {
  # /.rhosts				-> $(SEC_CRIT) ;
  /.profile				-> $(SEC_CRIT) ;
  /.cshrc				-> $(SEC_CRIT) ;
  /.login				-> $(SEC_CRIT) ;
  # /.exrc				-> $(SEC_CRIT) ;
  # /.logout				-> $(SEC_CRIT) ;
  # /.forward				-> $(SEC_CRIT) ;
  /root					-> $(SEC_CRIT) (recurse = true) ;
  !/root/.history ;
  !/root/.bash_history ;
  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
 }
 #
 # FreeBSD Kernel
 #
 (
  rulename = "FreeBSD Kernel",
  severity = $(SIG_HI)
 )
 {
  /kernel				-> $(SEC_CRIT) ;
  /kernel.old				-> $(SEC_CRIT) ;
  /kernel.GENERIC			-> $(SEC_CRIT) ;
 }
 #
 # FreeBSD Modules
 #
 (
  rulename = "FreeBSD Modules",
  severity = $(SIG_HI)
 )
 {
  /modules				-> $(SEC_CRIT) (recurse = true) ;
  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
 }
 #
 # System Administration Programs
 #
 (
  rulename = "System Administration Programs",
  severity = $(SIG_HI)
 )
 {
  /sbin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # User Utilities
 #
 (
  rulename = "User Utilities",
  severity = $(SIG_HI)
 )
 {
  /bin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # /dev
 #
 (
  rulename = "/dev",
  severity = $(SIG_HI)
 )
 {
  /dev					-> $(Device) (recurse = true) ;
  !/dev/vga ;
  !/dev/dri ;
  /dev/console				-> $(SEC_TTY) ;
  /dev/ttyv0				-> $(SEC_TTY) ;
  /dev/ttyv1				-> $(SEC_TTY) ;
  /dev/ttyv2				-> $(SEC_TTY) ;
  /dev/ttyv3				-> $(SEC_TTY) ;
  /dev/ttyv4				-> $(SEC_TTY) ;
  /dev/ttyv5				-> $(SEC_TTY) ;
  /dev/ttyv6				-> $(SEC_TTY) ;
  /dev/ttyv7				-> $(SEC_TTY) ;
  /dev/ttyp0				-> $(SEC_TTY) ;
  /dev/ttyp1				-> $(SEC_TTY) ;
  /dev/ttyp2				-> $(SEC_TTY) ;
  /dev/ttyp3				-> $(SEC_TTY) ;
  /dev/ttyp4				-> $(SEC_TTY) ;
  /dev/ttyp5				-> $(SEC_TTY) ;
  /dev/ttyp6				-> $(SEC_TTY) ;
  /dev/ttyp7				-> $(SEC_TTY) ;
  /dev/ttyp8				-> $(SEC_TTY) ;
  /dev/ttyp9				-> $(SEC_TTY) ;
  /dev/ttypa				-> $(SEC_TTY) ;
  /dev/ttypb				-> $(SEC_TTY) ;
  /dev/ttypc				-> $(SEC_TTY) ;
  /dev/ttypd				-> $(SEC_TTY) ;
  /dev/ttype				-> $(SEC_TTY) ;
  /dev/ttypf				-> $(SEC_TTY) ;
  /dev/ttypg				-> $(SEC_TTY) ;
  /dev/ttyph				-> $(SEC_TTY) ;
  /dev/ttypi				-> $(SEC_TTY) ;
  /dev/ttypj				-> $(SEC_TTY) ;
  /dev/ttypl				-> $(SEC_TTY) ;
  /dev/ttypm				-> $(SEC_TTY) ;
  /dev/ttypn				-> $(SEC_TTY) ;
  /dev/ttypo				-> $(SEC_TTY) ;
  /dev/ttypp				-> $(SEC_TTY) ;
  /dev/ttypq				-> $(SEC_TTY) ;
  /dev/ttypr				-> $(SEC_TTY) ;
  /dev/ttyps				-> $(SEC_TTY) ;
  /dev/ttypt				-> $(SEC_TTY) ;
  /dev/ttypu				-> $(SEC_TTY) ;
  /dev/ttypv				-> $(SEC_TTY) ;
  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
 }
 #
 # /etc
 #
 (
  rulename = "/etc",
  severity = $(SIG_HI)
 )
 {
  /etc					-> $(SEC_CRIT) (recurse = true) ;
  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
  /etc/dumpdates			-> $(SEC_CONFIG) ;
  /etc/motd				-> $(SEC_CONFIG) ;
  !/etc/ppp/connect-errors ;
  /etc/skeykeys				-> $(SEC_CONFIG) ;
  # Uncomment the following 4 lines if your password file does not change
  # /etc/passwd				-> $(SEC_CONFIG) ;
  # /etc/master.passwd			-> $(SEC_CONFIG) ;
  # /etc/pwd.db				-> $(SEC_CONFIG) ;
  # /etc/spwd.db			-> $(SEC_CONFIG) ;
 }
 #
 # Copatibility (Linux)
 #
 (
  rulename = "Linux Compatibility",
  severity = $(SIG_HI)
 )
 {
  /compat				-> $(SEC_CRIT) (recurse = true) ;
 #
 # Uncomment the following if Linux compatibility is used.  Replace
 # HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
 # installed.
 #
 #@@ifhost HOSTNAME1 || HOSTNAME2
 #  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
 #  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
 #  !/compat/linux/etc/ld.so.cache ;
 #  !/compat/linux/var/spool/mail ;
 #@@endif
 }
 #
 # Libraries, include files, and other system files
 #
 (
  rulename = "Libraries, include files, and other system files",
  severity = $(SIG_HI)
 )
 {
  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man			-> $(SEC_CONFIG) ;
  !/usr/share/man/whatis ;
  !/usr/share/man/.glimpse_filenames ;
  !/usr/share/man/.glimpse_filenames_index ;
  !/usr/share/man/.glimpse_filetimes ;
  !/usr/share/man/.glimpse_filters ;
  !/usr/share/man/.glimpse_index ;
  !/usr/share/man/.glimpse_messages ;
  !/usr/share/man/.glimpse_partitions ;
  !/usr/share/man/.glimpse_statistics ;
  !/usr/share/man/.glimpse_turbo ;
  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/man/cat1 ;
  ! /usr/share/man/cat2 ;
  ! /usr/share/man/cat3 ;
  ! /usr/share/man/cat4 ;
  ! /usr/share/man/cat5 ;
  ! /usr/share/man/cat6 ;
  ! /usr/share/man/cat7 ;
  ! /usr/share/man/cat8 ;
  ! /usr/share/man/cat9 ;
  ! /usr/share/man/catl ;
  ! /usr/share/man/catn ;
  /usr/share/perl/man			-> $(SEC_CONFIG) ;
  !/usr/share/perl/man/whatis ;
  !/usr/share/perl/man/.glimpse_filenames ;
  !/usr/share/perl/man/.glimpse_filenames_index ;
  !/usr/share/perl/man/.glimpse_filetimes ;
  !/usr/share/perl/man/.glimpse_filters ;
  !/usr/share/perl/man/.glimpse_index ;
  !/usr/share/perl/man/.glimpse_messages ;
  !/usr/share/perl/man/.glimpse_partitions ;
  !/usr/share/perl/man/.glimpse_statistics ;
  !/usr/share/perl/man/.glimpse_turbo ;
  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/perl/man/cat3 ;
  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
  ! /usr/local/lib/perl5/5.00503/man/whatis ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
 }
 #
 # X11R6
 #
 (
  rulename = "X11R6",
  severity = $(SIG_HI)
 )
 {
  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
  /usr/X11R6/man			-> $(SEC_CONFIG) ;
  !/usr/X11R6/man/whatis ;
  !/usr/X11R6/man/.glimpse_filenames ;
  !/usr/X11R6/man/.glimpse_filenames_index ;
  !/usr/X11R6/man/.glimpse_filetimes ;
  !/usr/X11R6/man/.glimpse_filters ;
  !/usr/X11R6/man/.glimpse_index ;
  !/usr/X11R6/man/.glimpse_messages ;
  !/usr/X11R6/man/.glimpse_partitions ;
  !/usr/X11R6/man/.glimpse_statistics ;
  !/usr/X11R6/man/.glimpse_turbo ;
  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/X11R6/man/cat1 ;
  ! /usr/X11R6/man/cat2 ;
  ! /usr/X11R6/man/cat3 ;
  ! /usr/X11R6/man/cat4 ;
  ! /usr/X11R6/man/cat5 ;
  ! /usr/X11R6/man/cat6 ;
  ! /usr/X11R6/man/cat7 ;
  ! /usr/X11R6/man/cat8 ;
  ! /usr/X11R6/man/cat9 ;
  ! /usr/X11R6/man/catl ;
  ! /usr/X11R6/man/catn ;
 }
 #
 # sources
 #
 (
  rulename = "Sources",
  severity = $(SIG_HI)
 )
 {
  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
 }
 #
 # NIS
 #
 (
  rulename = "NIS",
  severity = $(SIG_HI)
 )
 {
  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
  !/var/yp/binding ;
 }
 #
 # Temporary directories
 #
 (
  rulename = "Temporary directories",
  recurse = false,
  severity = $(SIG_LOW)
 )
 {
  /usr/tmp                             -> $(SEC_INVARIANT) ;
  /var/tmp                             -> $(SEC_INVARIANT) ;
  /var/preserve                        -> $(SEC_INVARIANT) ;
  /tmp                                 -> $(SEC_INVARIANT) ;
 }
 #
 # Local files
 #
 (
  rulename = "Local files",
  severity = $(SIG_MED)
 )
 {
  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/man			-> $(SEC_CONFIG) ;
  !/usr/local/man/whatis ;
  !/usr/local/man/.glimpse_filenames ;
  !/usr/local/man/.glimpse_filenames_index ;
  !/usr/local/man/.glimpse_filetimes ;
  !/usr/local/man/.glimpse_filters ;
  !/usr/local/man/.glimpse_index ;
  !/usr/local/man/.glimpse_messages ;
  !/usr/local/man/.glimpse_partitions ;
  !/usr/local/man/.glimpse_statistics ;
  !/usr/local/man/.glimpse_turbo ;
  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/man/cat1 ;
  ! /usr/local/man/cat2 ;
  ! /usr/local/man/cat3 ;
  ! /usr/local/man/cat4 ;
  ! /usr/local/man/cat5 ;
  ! /usr/local/man/cat6 ;
  ! /usr/local/man/cat7 ;
  ! /usr/local/man/cat8 ;
  ! /usr/local/man/cat9 ;
  ! /usr/local/man/catl ;
  ! /usr/local/man/catn ;
  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
  !/usr/local/krb5/man/whatis ;
  !/usr/local/krb5/man/.glimpse_filenames ;
  !/usr/local/krb5/man/.glimpse_filenames_index ;
  !/usr/local/krb5/man/.glimpse_filetimes ;
  !/usr/local/krb5/man/.glimpse_filters ;
  !/usr/local/krb5/man/.glimpse_index ;
  !/usr/local/krb5/man/.glimpse_messages ;
  !/usr/local/krb5/man/.glimpse_partitions ;
  !/usr/local/krb5/man/.glimpse_statistics ;
  !/usr/local/krb5/man/.glimpse_turbo ;
  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/krb5/man/cat1 ;
  ! /usr/local/krb5/man/cat2 ;
  ! /usr/local/krb5/man/cat3 ;
  ! /usr/local/krb5/man/cat4 ;
  ! /usr/local/krb5/man/cat5 ;
  ! /usr/local/krb5/man/cat6 ;
  ! /usr/local/krb5/man/cat7 ;
  ! /usr/local/krb5/man/cat8 ;
  ! /usr/local/krb5/man/cat9 ;
  ! /usr/local/krb5/man/catl ;
  ! /usr/local/krb5/man/catn ;
  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
 }
 (
  rulename = "Security Control",
  severity = $(SIG_HI)
 )
 {
  /etc/group                           -> $(SEC_CRIT) ;
  /etc/crontab                         -> $(SEC_CRIT) ;
 }
 #=============================================================================
 #
 # Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # FreeBSD is a registered trademark of the FreeBSD Project Inc.
 #
 # UNIX is a registered trademark of The Open Group.
 #
 #=============================================================================
 #
 # Permission is granted to make and distribute verbatim copies of this document
 # provided the copyright notice and this permission notice are preserved on all
 # copies.
 #
 # Permission is granted to copy and distribute modified versions of this
 # document under the conditions for verbatim copying, provided that the entire
 # resulting derived work is distributed under the terms of a permission notice
 # identical to this one.
 #
 # Permission is granted to copy and distribute translations of this document
 # into another language, under the above conditions for modified versions,
 # except that this permission notice may be stated in a translation approved by
 # Tripwire, Inc.
 #
 # DCM
--- a/policy/twpol-Minix.txt
+++ b/policy/twpol-Minix.txt
@ -1,176 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for Minix                              ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 (rulename="Boot files",)
 {
  /boot -> $(SEC_READONLY) -a;
  /boot_monitor -> $(SEC_READONLY) -a;
  /boot.cfg -> $(SEC_READONLY) -a;
 }
 (rulename="Binary files",)
 {
  /bin -> $(SEC_READONLY) -a;
  /usr/bin -> $(SEC_READONLY) -a;
  /usr/local/bin -> $(SEC_READONLY) -a;
  /usr/pkg/bin -> $(SEC_READONLY) -a;
 }
 (rulename="Development",)
 {
  /usr/pkg/gnu/bin -> $(SEC_READONLY) -a;
  /usr/pkg/i386-elf32-minix/bin -> $(SEC_READONLY) -a;
 }
 (rulename="Libexec",)
 {
  /usr/libexec -> $(SEC_READONLY) -a;
  /usr/pkg/libexec -> $(SEC_READONLY) -a;
 }
 (rulename="Admin binaries",)
 {
  /service -> $(SEC_READONLY) -a;
  /sbin -> $(SEC_READONLY) -a;
  /usr/sbin -> $(SEC_READONLY) -a;
  /usr/pkg/sbin -> $(SEC_READONLY) -a;
 }
 (rulename="Libraries",)
 {
  /lib -> $(SEC_READONLY) -a;
  /usr/lib -> $(SEC_READONLY) -a;
  /usr/pkg/lib -> $(SEC_READONLY) -a;
 }
 (rulename="Etc",)
 {
  /etc -> $(SEC_READONLY) -a;
  /usr/etc -> $(SEC_READONLY) -a;
  /usr/pkg/etc -> $(SEC_READONLY) -a;
 }
 (rulename="Dev",)
 {
  /dev -> $(SEC_DEVICE);
 }
 (rulename="Tmp",)
 {
  /tmp -> $(SEC_TEMPORARY);
  /var/tmp -> $(SEC_TEMPORARY);
  /usr/tmp -> $(SEC_TEMPORARY);
 }
 (rulename="Log",)
 {
  /var/log -> $(SEC_GROWING);
 }
--- a/policy/twpol-MirBSD.txt
+++ b/policy/twpol-MirBSD.txt
@ -1,292 +0,0 @@
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 #                      Tripwire 2.4 policy for MirOS BSD                     # #
 #                            updated March 2018                              # #
 #                                                                            ##
 ##############################################################################
  ##############################################################################
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
 # Global Variable Definitions                                                # #
 #                                                                            # #
 # These are defined at install time by the installation script.  You may     # #
 # manually edit these if you are using this file directly and not from the   # #
 # installation script itself.                                                # #
 #                                                                            ##
 ##############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
  ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
@@section FS 
  ########################################
 #                                      ##
 ######################################## #
 #                                      # #
 #  Tripwire Binaries and Data Files    # #
 #                                      ##
 ########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
  # scanned using the real directory or mount point.  Otherwise we see
  # duplicates in the reports.
  !/home/local ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Boot and Configuration Files             # #
 #                                              ##
 ################################################
 (
  rulename = "OS Boot and Configuration Files",
 )
 {
  /boot                         -> $(SEC_READONLY) ;
  /bsd                          -> $(SEC_READONLY) ;
  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Mount Points                                   # #
 #                                                 ##
 ###################################################
 (
  rulename = "Mount Points",
 )
 {
  /                             -> $(SEC_READONLY) ;
  /cdrom                        -> $(SEC_DYNAMIC) ;
  /floppy                       -> $(SEC_DYNAMIC) ;
  /home                         -> $(SEC_READONLY) ;  # Modify as needed
  /mnt                          -> $(SEC_DYNAMIC) ;
  /usr                          -> $(SEC_READONLY) ;
  /var                          -> $(SEC_READONLY) ;
 }
  ###################################################
 #                                                 ##
 ################################################### #
 #                                                 # #
 #  Misc Top-Level Directories                     # #
 #                                                 ##
 ###################################################
 (
  rulename = "Misc Top-Level Directories",
 )
 {
  /altroot                      -> $(SEC_DYNAMIC) ;
  /stand                        -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #   System Devices                             # #
 #                                              ##
 ################################################
 (
  rulename = "System Devices",
 )
 {
  /dev                          -> $(SEC_DEVICE) ;
  /dev/fd                       -> $(SEC_DEVICE) ;
  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  OS Binaries and Libraries                   # #   
 #                                              ##
 ################################################
 (
  rulename = "OS Binaries and Libraries",
 )
 {
  /bin                          -> $(SEC_READONLY) ;
  /sbin                         -> $(SEC_READONLY) ;
  /usr/bin                      -> $(SEC_READONLY) ;
  /usr/lib                      -> $(SEC_READONLY) ;
  /usr/libexec                  -> $(SEC_READONLY) ;
  /usr/sbin                     -> $(SEC_READONLY) ;
  /usr/X11R6/bin                -> $(SEC_READONLY) ;
  /usr/X11R6/lib                -> $(SEC_READONLY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Usr Local Files                             # #   
 #                                              ##
 ################################################
 #OK(
  #OKrulename = "Usr Local Files",
 #OK)
 #OK{
  #OK/usr/local                    -> $(SEC_READONLY) ;
  #OK/usr/local/bin                -> $(SEC_READONLY) ;
  #OK/usr/local/doc                -> $(SEC_READONLY) ;
  #OK/usr/local/etc                -> $(SEC_READONLY) ;
  #OK/usr/local/include            -> $(SEC_READONLY) ;
  #OK/usr/local/info               -> $(SEC_READONLY) ;
  #OK/usr/local/lib                -> $(SEC_READONLY) ;
  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
  #OK/usr/local/man                -> $(SEC_READONLY) ;
  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
  #OK/usr/local/share              -> $(SEC_READONLY) ;
  #OK/usr/local/src                -> $(SEC_READONLY) ;
 #OK}
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Root Directory and Files                    # #
 #                                              ##
 ################################################
 (
  rulename = "Root Directory and Files",
 )
 {
  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
  /root/.profile                 -> $(SEC_DYNAMIC) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  Temporary Directories                       # #
 #                                              ##
 ################################################
 (
  rulename = "Temporary Directories",
 )
 {
  /tmp                          -> $(SEC_TEMPORARY) ;
  /var/tmp                      -> $(SEC_TEMPORARY) ;
 }
  ################################################
 #                                              ##
 ################################################ #
 #                                              # #
 #  System and Boot Changes                     # #
 #                                              ##
 ################################################
 (
  rulename = "System and Boot Changes",
 )
 {
  /var/backups                    -> $(SEC_DYNAMIC) -i ;
  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
  /var/cron                       -> $(SEC_GROWING) -i ;
  /var/log                        -> $(SEC_GROWING) -i ;
  /var/run                        -> $(SEC_DYNAMIC) -i ;
  /var/mail                       -> $(SEC_GROWING) ;
  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
 }
 #
 # $Id: twpol-OpenBSD.txt,v 1.2 2004/05/14 21:56:21 pherman Exp $
 #
--- a/policy/twpol-NetBSD.txt
+++ b/policy/twpol-NetBSD.txt
@ -1,664 +0,0 @@
 #
 #                       Policy file for NetBSD
 #                         (adapted from FreeBSD policy)
 #
 # $FreeBSD: ports/security/tripwire/files/twpol.txt,v 1.2 2002/03/04 16:55:21 cy Exp $
 # $Id: twpol-FreeBSD.txt,v 1.1 2003/06/08 02:00:06 pherman Exp $
 #
 # This is the example Tripwire Policy file.  It is intended as a place to
 # start creating your own custom Tripwire Policy file.  Referring to it as
 # well as the Tripwire Policy Guide should give you enough information to
 # make a good custom Tripwire Policy file that better covers your
 # configuration and security needs.  A text version of this policy file is
 # called twpol.txt.
 #
 # Note that this file is tuned to an install of FreeBSD using
 # buildworld.  If run unmodified, this file should create no errors on
 # database creation, or violations on a subsiquent integrity check.
 # However it is impossible for there to be one policy file for all machines,
 # so this existing one errs on the side of security.  Your FreeBSD
 # configuration will most likey differ from the one our policy file was
 # tuned to, and will therefore require some editing of the default
 # Tripwire Policy file.
 #
 # The example policy file is best run with 'Loose Directory Checking'
 # enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration
 # file.
 #
 # Email support is not included and must be added to this file.
 # Add the 'emailto=' to the rule directive section of each rule (add a comma
 # after the 'severity=' line and add an 'emailto=' and include the email
 # addresses you want the violation reports to go to).  Addresses are
 # semi-colon delimited.
 #
 #
 # Global Variable Definitions
 #
 # These are defined at install time by the installation script.  You may
 # Manually edit these if you are using this file directly and not from the
 # installation script itself.
 #
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
@@section FS
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY     = +pugt ;
 SEC_CRIT      = $(SEC_IGNORE_NONE)-SHa ; # Critical files that cannot change
 SEC_SUID      = $(SEC_IGNORE_NONE)-SHa ; # Binaries with the SUID or SGID flags set
 SEC_BIN       = $(SEC_READONLY) ;        # Binaries that should not change
 SEC_CONFIG    = $(SEC_DYNAMIC) ;         # Config files that are changed infrequently but accessed often
 SEC_TTY       = $(SEC_DYNAMIC)-ugp ;     # Tty files that change ownership at login
 SEC_LOG       = $(SEC_GROWING) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = $(SEC_TEMPORARY) ;       # Directories that should never change permission or ownership
 SIG_LOW       = 33 ;                     # Non-critical files that are of minimal security impact
 SIG_MED       = 66 ;                     # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                    # Critical files that are significant points of vulnerability
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
  severity = $(SIG_HI)
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
  severity = $(SIG_HI)
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_CONFIG) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
  $(TWPOL)/twcfg.txt                   -> $(SEC_BIN) ;
  $(TWPOL)/twpol.txt                   -> $(SEC_BIN) ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
  #don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
 }
 # Tripwire HQ Connector Binaries
 #(
 #  rulename = "Tripwire HQ Connector Binaries",
 #  severity = $(SIG_HI)
 #)
 #{
 #  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
 #}
 #
 # Tripwire HQ Connector - Configuration Files, Keys, and Logs
 #
 # Note: File locations here are different than in a stock HQ Connector
 # installation.  This is because Tripwire 2.3 uses a different path
 # structure than Tripwire 2.2.1.
 #
 # You may need to update your HQ Agent configuation file (or this policy
 # file) to correct the paths.  We have attempted to support the FHS standard
 # here by placing the HQ Agent files similarly to the way Tripwire 2.3
 # places them.
 #
 #(
 #  rulename = "Tripwire HQ Connector Data Files",
 #  severity = $(SIG_HI)
 #)
 #{
 #
 # # NOTE: Removing the inode attribute because when Tripwire creates a backup
 # # it does so by renaming the old file and creating a new one (which will
 # # have a new inode number).  Leaving inode turned on for keys, which
 # # shouldn't ever change.
 #
 #
 #  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
 #  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
 #  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
 #  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
 #
 #  # Uncomment if you have agent logging enabled.
 #  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
 #}
 # Commonly accessed directories that should remain static with regards to owner and group
 (
  rulename = "Invariant Directories",
  severity = $(SIG_MED)
 )
 {
  /                                    -> $(SEC_INVARIANT) (recurse = false) ;
  /home                                -> $(SEC_INVARIANT) (recurse = false) ;
 }
 #
 # First, root's "home"
 #
 (
  rulename = "Root's home",
  severity = $(SIG_HI)
 )
 {
  # /.rhosts				-> $(SEC_CRIT) ;
  /.profile				-> $(SEC_CRIT) ;
  /.cshrc				-> $(SEC_CRIT) ;
  /.login				-> $(SEC_CRIT) ;
  # /.exrc				-> $(SEC_CRIT) ;
  # /.logout				-> $(SEC_CRIT) ;
  # /.forward				-> $(SEC_CRIT) ;
  /root					-> $(SEC_CRIT) (recurse = true) ;
  !/root/.history ;
  !/root/.bash_history ;
  # !/root/.lsof_SYSTEM_NAME ;	# Uncomment if lsof is installed
 }
 #
 # FreeBSD Kernel
 #
 (
  rulename = "FreeBSD Kernel",
  severity = $(SIG_HI)
 )
 {
  /kernel				-> $(SEC_CRIT) ;
  /kernel.old				-> $(SEC_CRIT) ;
  /kernel.GENERIC			-> $(SEC_CRIT) ;
 }
 #
 # FreeBSD Modules
 #
 (
  rulename = "FreeBSD Modules",
  severity = $(SIG_HI)
 )
 {
  /modules				-> $(SEC_CRIT) (recurse = true) ;
  /modules.old				-> $(SEC_CRIT) (recurse = true) ;
  # /lkm				-> $(SEC_CRIT) (recurse = true) ; # uncomment if using lkm kld
 }
 #
 # System Administration Programs
 #
 (
  rulename = "System Administration Programs",
  severity = $(SIG_HI)
 )
 {
  /sbin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/sbin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # User Utilities
 #
 (
  rulename = "User Utilities",
  severity = $(SIG_HI)
 )
 {
  /bin					-> $(SEC_CRIT) (recurse = true) ;
  /usr/bin				-> $(SEC_CRIT) (recurse = true) ;
 }
 #
 # /dev
 #
 (
  rulename = "/dev",
  severity = $(SIG_HI)
 )
 {
  /dev					-> $(Device) (recurse = true) ;
  !/dev/vga ;
  !/dev/dri ;
  /dev/console				-> $(SEC_TTY) ;
  /dev/ttyv0				-> $(SEC_TTY) ;
  /dev/ttyv1				-> $(SEC_TTY) ;
  /dev/ttyv2				-> $(SEC_TTY) ;
  /dev/ttyv3				-> $(SEC_TTY) ;
  /dev/ttyv4				-> $(SEC_TTY) ;
  /dev/ttyv5				-> $(SEC_TTY) ;
  /dev/ttyv6				-> $(SEC_TTY) ;
  /dev/ttyv7				-> $(SEC_TTY) ;
  /dev/ttyp0				-> $(SEC_TTY) ;
  /dev/ttyp1				-> $(SEC_TTY) ;
  /dev/ttyp2				-> $(SEC_TTY) ;
  /dev/ttyp3				-> $(SEC_TTY) ;
  /dev/ttyp4				-> $(SEC_TTY) ;
  /dev/ttyp5				-> $(SEC_TTY) ;
  /dev/ttyp6				-> $(SEC_TTY) ;
  /dev/ttyp7				-> $(SEC_TTY) ;
  /dev/ttyp8				-> $(SEC_TTY) ;
  /dev/ttyp9				-> $(SEC_TTY) ;
  /dev/ttypa				-> $(SEC_TTY) ;
  /dev/ttypb				-> $(SEC_TTY) ;
  /dev/ttypc				-> $(SEC_TTY) ;
  /dev/ttypd				-> $(SEC_TTY) ;
  /dev/ttype				-> $(SEC_TTY) ;
  /dev/ttypf				-> $(SEC_TTY) ;
  /dev/ttypg				-> $(SEC_TTY) ;
  /dev/ttyph				-> $(SEC_TTY) ;
  /dev/ttypi				-> $(SEC_TTY) ;
  /dev/ttypj				-> $(SEC_TTY) ;
  /dev/ttypl				-> $(SEC_TTY) ;
  /dev/ttypm				-> $(SEC_TTY) ;
  /dev/ttypn				-> $(SEC_TTY) ;
  /dev/ttypo				-> $(SEC_TTY) ;
  /dev/ttypp				-> $(SEC_TTY) ;
  /dev/ttypq				-> $(SEC_TTY) ;
  /dev/ttypr				-> $(SEC_TTY) ;
  /dev/ttyps				-> $(SEC_TTY) ;
  /dev/ttypt				-> $(SEC_TTY) ;
  /dev/ttypu				-> $(SEC_TTY) ;
  /dev/ttypv				-> $(SEC_TTY) ;
  /dev/cuaa0				-> $(SEC_TTY) ;	# modem
 }
 #
 # /etc
 #
 (
  rulename = "/etc",
  severity = $(SIG_HI)
 )
 {
  /etc					-> $(SEC_CRIT) (recurse = true) ;
  # /etc/mail/aliases			-> $(SEC_CONFIG) ;
  /etc/dumpdates			-> $(SEC_CONFIG) ;
  /etc/motd				-> $(SEC_CONFIG) ;
  !/etc/ppp/connect-errors ;
  /etc/skeykeys				-> $(SEC_CONFIG) ;
  # Uncomment the following 4 lines if your password file does not change
  # /etc/passwd				-> $(SEC_CONFIG) ;
  # /etc/master.passwd			-> $(SEC_CONFIG) ;
  # /etc/pwd.db				-> $(SEC_CONFIG) ;
  # /etc/spwd.db			-> $(SEC_CONFIG) ;
 }
 #
 # Copatibility (Linux)
 #
 (
  rulename = "Linux Compatibility",
  severity = $(SIG_HI)
 )
 {
  /compat				-> $(SEC_CRIT) (recurse = true) ;
 #
 # Uncomment the following if Linux compatibility is used.  Replace
 # HOSTNAME1 and HOSTNAME2 with the hosts that have Linux emulation port
 # installed.
 #
 #@@ifhost HOSTNAME1 || HOSTNAME2
 #  /compat/linux/etc			-> $(SEC_INVARIANT) (recurse = false) ;
 #  /compat/linux/etc/X11			-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/pam.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/profile.d		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/real		-> $(SEC_CONFIG) (recurse = true) ;
 #  /compat/linux/etc/bashrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/csh.login		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/host.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.allow		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/hosts.deny		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/info-dir		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/inputrc		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/ld.so.conf		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/nsswitch.conf	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/profile		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/redhat-release	-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/rpc			-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/securetty		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/shells		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/termcap		-> $(SEC_CONFIG) ;
 #  /compat/linux/etc/yp.conf		-> $(SEC_CONFIG) ;
 #  !/compat/linux/etc/ld.so.cache ;
 #  !/compat/linux/var/spool/mail ;
 #@@endif
 }
 #
 # Libraries, include files, and other system files
 #
 (
  rulename = "Libraries, include files, and other system files",
  severity = $(SIG_HI)
 )
 {
  /usr/include				-> $(SEC_CRIT) (recurse = true) ;
  /usr/lib				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libdata				-> $(SEC_CRIT) (recurse = true) ;
  /usr/libexec				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share				-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man			-> $(SEC_CONFIG) ;
  !/usr/share/man/whatis ;
  !/usr/share/man/.glimpse_filenames ;
  !/usr/share/man/.glimpse_filenames_index ;
  !/usr/share/man/.glimpse_filetimes ;
  !/usr/share/man/.glimpse_filters ;
  !/usr/share/man/.glimpse_index ;
  !/usr/share/man/.glimpse_messages ;
  !/usr/share/man/.glimpse_partitions ;
  !/usr/share/man/.glimpse_statistics ;
  !/usr/share/man/.glimpse_turbo ;
  /usr/share/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/share/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/man/cat1 ;
  ! /usr/share/man/cat2 ;
  ! /usr/share/man/cat3 ;
  ! /usr/share/man/cat4 ;
  ! /usr/share/man/cat5 ;
  ! /usr/share/man/cat6 ;
  ! /usr/share/man/cat7 ;
  ! /usr/share/man/cat8 ;
  ! /usr/share/man/cat9 ;
  ! /usr/share/man/catl ;
  ! /usr/share/man/catn ;
  /usr/share/perl/man			-> $(SEC_CONFIG) ;
  !/usr/share/perl/man/whatis ;
  !/usr/share/perl/man/.glimpse_filenames ;
  !/usr/share/perl/man/.glimpse_filenames_index ;
  !/usr/share/perl/man/.glimpse_filetimes ;
  !/usr/share/perl/man/.glimpse_filters ;
  !/usr/share/perl/man/.glimpse_index ;
  !/usr/share/perl/man/.glimpse_messages ;
  !/usr/share/perl/man/.glimpse_partitions ;
  !/usr/share/perl/man/.glimpse_statistics ;
  !/usr/share/perl/man/.glimpse_turbo ;
  /usr/share/perl/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/share/perl/man/cat3 ;
  /usr/local/lib/perl5/5.00503/man	-> $(SEC_CONFIG) ;
  ! /usr/local/lib/perl5/5.00503/man/whatis ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filters ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filetimes ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_messages ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_statistics ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_index ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_turbo ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_partitions ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames ;
  ! /usr/local/lib/perl5/5.00503/man/.glimpse_filenames_index ;
  /usr/local/lib/perl5/5.00503/man/man3		-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/lib/perl5/5.00503/man/cat3 ;
 }
 #
 # X11R6
 #
 (
  rulename = "X11R6",
  severity = $(SIG_HI)
 )
 {
  /usr/X11R6				-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/lib/X11/xdm		-> $(SEC_CONFIG) (recurse = true) ;
  !/usr/X11R6/lib/X11/xdm/xdm-errors ;
  !/usr/X11R6/lib/X11/xdm/authdir/authfiles ;
  !/usr/X11R6/lib/X11/xdm/xdm-pid ;
  /usr/X11R6/lib/X11/xkb/compiled	-> $(SEC_CONFIG) (recurse = true) ;
  /usr/X11R6/man			-> $(SEC_CONFIG) ;
  !/usr/X11R6/man/whatis ;
  !/usr/X11R6/man/.glimpse_filenames ;
  !/usr/X11R6/man/.glimpse_filenames_index ;
  !/usr/X11R6/man/.glimpse_filetimes ;
  !/usr/X11R6/man/.glimpse_filters ;
  !/usr/X11R6/man/.glimpse_index ;
  !/usr/X11R6/man/.glimpse_messages ;
  !/usr/X11R6/man/.glimpse_partitions ;
  !/usr/X11R6/man/.glimpse_statistics ;
  !/usr/X11R6/man/.glimpse_turbo ;
  /usr/X11R6/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/X11R6/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/X11R6/man/cat1 ;
  ! /usr/X11R6/man/cat2 ;
  ! /usr/X11R6/man/cat3 ;
  ! /usr/X11R6/man/cat4 ;
  ! /usr/X11R6/man/cat5 ;
  ! /usr/X11R6/man/cat6 ;
  ! /usr/X11R6/man/cat7 ;
  ! /usr/X11R6/man/cat8 ;
  ! /usr/X11R6/man/cat9 ;
  ! /usr/X11R6/man/catl ;
  ! /usr/X11R6/man/catn ;
 }
 #
 # sources
 #
 (
  rulename = "Sources",
  severity = $(SIG_HI)
 )
 {
  /usr/src				-> $(SEC_CRIT) (recurse = true) ;
  /usr/src/sys/compile			-> $(SEC_CONFIG) (recurse = false) ;
 }
 #
 # NIS
 #
 (
  rulename = "NIS",
  severity = $(SIG_HI)
 )
 {
  /var/yp				-> $(SEC_CRIT) (recurse = true) ;
  !/var/yp/binding ;
 }
 #
 # Temporary directories
 #
 (
  rulename = "Temporary directories",
  recurse = false,
  severity = $(SIG_LOW)
 )
 {
  /usr/tmp                             -> $(SEC_INVARIANT) ;
  /var/tmp                             -> $(SEC_INVARIANT) ;
  /var/preserve                        -> $(SEC_INVARIANT) ;
  /tmp                                 -> $(SEC_INVARIANT) ;
 }
 #
 # Local files
 #
 (
  rulename = "Local files",
  severity = $(SIG_MED)
 )
 {
  /usr/local/bin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/sbin			-> $(SEC_BIN) (recurse = true) ;
  /usr/local/etc		 	-> $(SEC_BIN) (recurse = true) ;
  /usr/local/lib			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/libexec			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/share			-> $(SEC_BIN) (recurse = true ) ;
  /usr/local/man			-> $(SEC_CONFIG) ;
  !/usr/local/man/whatis ;
  !/usr/local/man/.glimpse_filenames ;
  !/usr/local/man/.glimpse_filenames_index ;
  !/usr/local/man/.glimpse_filetimes ;
  !/usr/local/man/.glimpse_filters ;
  !/usr/local/man/.glimpse_index ;
  !/usr/local/man/.glimpse_messages ;
  !/usr/local/man/.glimpse_partitions ;
  !/usr/local/man/.glimpse_statistics ;
  !/usr/local/man/.glimpse_turbo ;
  /usr/local/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/man/cat1 ;
  ! /usr/local/man/cat2 ;
  ! /usr/local/man/cat3 ;
  ! /usr/local/man/cat4 ;
  ! /usr/local/man/cat5 ;
  ! /usr/local/man/cat6 ;
  ! /usr/local/man/cat7 ;
  ! /usr/local/man/cat8 ;
  ! /usr/local/man/cat9 ;
  ! /usr/local/man/catl ;
  ! /usr/local/man/catn ;
  /usr/local/krb5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man			-> $(SEC_CONFIG) ;
  !/usr/local/krb5/man/whatis ;
  !/usr/local/krb5/man/.glimpse_filenames ;
  !/usr/local/krb5/man/.glimpse_filenames_index ;
  !/usr/local/krb5/man/.glimpse_filetimes ;
  !/usr/local/krb5/man/.glimpse_filters ;
  !/usr/local/krb5/man/.glimpse_index ;
  !/usr/local/krb5/man/.glimpse_messages ;
  !/usr/local/krb5/man/.glimpse_partitions ;
  !/usr/local/krb5/man/.glimpse_statistics ;
  !/usr/local/krb5/man/.glimpse_turbo ;
  /usr/local/krb5/man/man1			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man2			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man3			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man4			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man5			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man6			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man7			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man8			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/man9			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/manl			-> $(SEC_CRIT) (recurse = true) ;
  /usr/local/krb5/man/mann			-> $(SEC_CRIT) (recurse = true) ;
  ! /usr/local/krb5/man/cat1 ;
  ! /usr/local/krb5/man/cat2 ;
  ! /usr/local/krb5/man/cat3 ;
  ! /usr/local/krb5/man/cat4 ;
  ! /usr/local/krb5/man/cat5 ;
  ! /usr/local/krb5/man/cat6 ;
  ! /usr/local/krb5/man/cat7 ;
  ! /usr/local/krb5/man/cat8 ;
  ! /usr/local/krb5/man/cat9 ;
  ! /usr/local/krb5/man/catl ;
  ! /usr/local/krb5/man/catn ;
  /usr/local/www			-> $(SEC_CONFIG) (recurse = true) ;
 }
 (
  rulename = "Security Control",
  severity = $(SIG_HI)
 )
 {
  /etc/group                           -> $(SEC_CRIT) ;
  /etc/crontab                         -> $(SEC_CRIT) ;
 }
 #=============================================================================
 #
 # Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
 # Inc. in the United States and other countries. All rights reserved.
 #
 # FreeBSD is a registered trademark of the FreeBSD Project Inc.
 #
 # UNIX is a registered trademark of The Open Group.
 #
 #=============================================================================
 #
 # Permission is granted to make and distribute verbatim copies of this document
 # provided the copyright notice and this permission notice are preserved on all
 # copies.
 #
 # Permission is granted to copy and distribute modified versions of this
 # document under the conditions for verbatim copying, provided that the entire
 # resulting derived work is distributed under the terms of a permission notice
 # identical to this one.
 #
 # Permission is granted to copy and distribute translations of this document
 # into another language, under the above conditions for modified versions,
 # except that this permission notice may be stated in a translation approved by
 # Tripwire, Inc.
 #
 # DCM
--- a/policy/twpol-OpenBSD.txt
+++ b/policy/twpol-OpenBSD.txt
@ -2,8 +2,8 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                      Tripwire 2.4 policy for OpenBSD                       # #
+#                      Policy file for OpenBSD 3.5                           # #
-#                            updated March 2018                              # #
+#                             May 20, 2003                                   # #
 #                                                                            ##
 ##############################################################################
@ -60,13 +60,13 @@ HOSTNAME=;
 #
 ##############################################################################
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+Device        = +pugsdr-intlbamcCMSH ;
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+Dynamic       = +pinugtd-srlbamcCMSH ;
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+Growing       = +pinugtdl-srbamcCMSH ;
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+IgnoreAll     = -pinugtsdrlbamcCMSH ;
-SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+ReadOnly      = +pinugtsdbmCM-rlacSH ;
-SEC_TEMPORARY     = +pugt ;
+Temporary     = +pugt ;
@@section FS 
@ -83,10 +83,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(ReadOnly) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -103,14 +103,14 @@ SEC_TEMPORARY     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
-  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
  # don't scan the individual reports
-  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
@ -131,9 +131,9 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /boot                         -> $(SEC_READONLY) ;
+  /boot                         -> $(ReadOnly) ;
-  /bsd                          -> $(SEC_READONLY) ;
+  /bsd                          -> $(ReadOnly) ;
-  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc                          -> $(IgnoreNone) -SHa ;
 }
  ###################################################
@ -147,13 +147,13 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(SEC_READONLY) ;
+  /                             -> $(ReadOnly) ;
-  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /cdrom                        -> $(Dynamic) ;
-  /floppy                       -> $(SEC_DYNAMIC) ;
+  /floppy                       -> $(Dynamic) ;
-  /home                         -> $(SEC_READONLY) ;  # Modify as needed
+  /home                         -> $(ReadOnly) ;  # Modify as needed
-  /mnt                          -> $(SEC_DYNAMIC) ;
+  /mnt                          -> $(Dynamic) ;
-  /usr                          -> $(SEC_READONLY) ;
+  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(SEC_READONLY) ;
+  /var                          -> $(ReadOnly) ;
 }
  ###################################################
@ -167,8 +167,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /altroot                      -> $(SEC_DYNAMIC) ;
+  /altroot                      -> $(Dynamic) ;
-  /stand                        -> $(SEC_DYNAMIC) ;
+  /stand                        -> $(Dynamic) ;
 }
  ################################################
@ -182,10 +182,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(SEC_DEVICE) ;
+  /dev                          -> $(Device) ;
-  /dev/fd                       -> $(SEC_DEVICE) ;
+  /dev/fd                       -> $(Device) ;
-  /var/cron/tabs/.sock          -> $(SEC_DEVICE) ; 
+  /var/cron/tabs/.sock          -> $(Device) ; 
-  /var/empty/dev/log            -> $(SEC_DEVICE) ; 
+  /var/empty/dev/log            -> $(Device) ; 
 }
  ################################################
@ -199,14 +199,14 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /bin                          -> $(SEC_READONLY) ;
+  /bin                          -> $(ReadOnly) ;
-  /sbin                         -> $(SEC_READONLY) ;
+  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(ReadOnly) ;
-  /usr/libexec                  -> $(SEC_READONLY) ;
+  /usr/libexec                  -> $(ReadOnly) ;
-  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/X11R6/bin                -> $(SEC_READONLY) ;
+  /usr/X11R6/bin                -> $(ReadOnly) ;
-  /usr/X11R6/lib                -> $(SEC_READONLY) ;
+  /usr/X11R6/lib                -> $(ReadOnly) ;
 }
  ################################################
 #                                              ##
@ -219,19 +219,19 @@ SEC_TEMPORARY     = +pugt ;
  #OKrulename = "Usr Local Files",
 #OK)
 #OK{
-  #OK/usr/local                    -> $(SEC_READONLY) ;
+  #OK/usr/local                    -> $(ReadOnly) ;
-  #OK/usr/local/bin                -> $(SEC_READONLY) ;
+  #OK/usr/local/bin                -> $(ReadOnly) ;
-  #OK/usr/local/doc                -> $(SEC_READONLY) ;
+  #OK/usr/local/doc                -> $(ReadOnly) ;
-  #OK/usr/local/etc                -> $(SEC_READONLY) ;
+  #OK/usr/local/etc                -> $(ReadOnly) ;
-  #OK/usr/local/include            -> $(SEC_READONLY) ;
+  #OK/usr/local/include            -> $(ReadOnly) ;
-  #OK/usr/local/info               -> $(SEC_READONLY) ;
+  #OK/usr/local/info               -> $(ReadOnly) ;
-  #OK/usr/local/lib                -> $(SEC_READONLY) ;
+  #OK/usr/local/lib                -> $(ReadOnly) ;
-  #OK/usr/local/libdata            -> $(SEC_READONLY) ;
+  #OK/usr/local/libdata            -> $(ReadOnly) ;
-  #OK/usr/local/libexec            -> $(SEC_READONLY) ;
+  #OK/usr/local/libexec            -> $(ReadOnly) ;
-  #OK/usr/local/man                -> $(SEC_READONLY) ;
+  #OK/usr/local/man                -> $(ReadOnly) ;
-  #OK/usr/local/sbin               -> $(SEC_READONLY) ;
+  #OK/usr/local/sbin               -> $(ReadOnly) ;
-  #OK/usr/local/share              -> $(SEC_READONLY) ;
+  #OK/usr/local/share              -> $(ReadOnly) ;
-  #OK/usr/local/src                -> $(SEC_READONLY) ;
+  #OK/usr/local/src                -> $(ReadOnly) ;
 #OK}
  ################################################
@ -245,9 +245,9 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Root Directory and Files",
 )
 {
-  /root                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /root                          -> $(IgnoreNone) -SHa ;
-  /root/.cshrc                   -> $(SEC_DYNAMIC) ;
+  /root/.cshrc                   -> $(Dynamic) ;
-  /root/.profile                 -> $(SEC_DYNAMIC) ;
+  /root/.profile                 -> $(Dynamic) ;
 }
  ################################################
@ -261,8 +261,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(SEC_TEMPORARY) ;
+  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(Temporary) ;
 }
  ################################################
@ -276,15 +276,15 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /var/backups                    -> $(SEC_DYNAMIC) -i ;
+  /var/backups                    -> $(Dynamic) -i ;
-  /var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  /var/db/host.random             -> $(ReadOnly) -mCM ;
-  /var/cron                       -> $(SEC_GROWING) -i ;
+  /var/cron                       -> $(Growing) -i ;
-  /var/log                        -> $(SEC_GROWING) -i ;
+  /var/log                        -> $(Growing) -i ;
-  /var/run                        -> $(SEC_DYNAMIC) -i ;
+  /var/run                        -> $(Dynamic) -i ;
-  /var/mail                       -> $(SEC_GROWING) ;
+  /var/mail                       -> $(Growing) ;
-  /var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  /var/msgs/bounds                -> $(ReadOnly) -smbCM ;
-  /var/spool/clientmqueue         -> $(SEC_TEMPORARY) ;
+  /var/spool/clientmqueue         -> $(Temporary) ;
-  /var/spool/mqueue               -> $(SEC_TEMPORARY) ;
+  /var/spool/mqueue               -> $(Temporary) ;
 }
 #
--- a/policy/twpol-SunOS.txt
+++ b/policy/twpol-SunOS.txt
@ -2,8 +2,7 @@
 #                                                                            ##
 ############################################################################## #
 #                                                                            # #
-#                      Tripwire 2.4 policy for Solaris                       # #
+#                        Policy file for Solaris 8                           # #
 #                             updated March 2018                             # #
 #                                                                            ##
 ##############################################################################
@ -62,13 +61,13 @@ HOSTNAME=;
 #
 ##############################################################################
-SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
+Device        = +pugsdr-intlbamcCMSH ;
-SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
+Dynamic       = +pinugtd-srlbamcCMSH ;
-SEC_GROWING       = +pinugtdl-srbamcCMSH ;
+Growing       = +pinugtdl-srbamcCMSH ;
-SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
+IgnoreAll     = -pinugtsdrlbamcCMSH ;
-SEC_IGNORE_NONE   = +pinugtsdrbamcCMSH-l ;
+IgnoreNone    = +pinugtsdrbamcCMSH-l ;
-SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
+ReadOnly      = +pinugtsdbmCM-rlacSH ;
-SEC_TEMPORARY     = +pugt ;
+Temporary     = +pugt ;
@@section FS 
@ -85,10 +84,10 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Tripwire Binaries",
 )
 {
-  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
+  $(TWBIN)/siggen                      -> $(ReadOnly) ;
-  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
+  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
-  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
-  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
+  $(TWBIN)/twprint                     -> $(ReadOnly) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
@ -105,14 +104,14 @@ SEC_TEMPORARY     = +pugt ;
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
-  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
+  $(TWDB)                              -> $(Dynamic) -i ;
-  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
-  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
+  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
-  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
+  $(TWSKEY)/site.key                   -> $(ReadOnly) ;
  # don't scan the individual reports
-  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
+  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
  # In this configuration /usr/local is a symbolic link to /home/local.
  # We want to ignore the following directories since they are already
@ -133,8 +132,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Boot and Configuration Files",
 )
 {
-  /etc                          -> $(SEC_IGNORE_NONE) -SHa ;
+  /etc                          -> $(IgnoreNone) -SHa ;
-  /kernel		        -> $(SEC_READONLY) ;
+  /kernel		        -> $(ReadOnly) ;
 }
  ###################################################
@ -148,13 +147,13 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Mount Points",
 )
 {
-  /                             -> $(SEC_READONLY) ;
+  /                             -> $(ReadOnly) ;
-  /cdrom                        -> $(SEC_DYNAMIC) ;
+  /cdrom                        -> $(Dynamic) ;
-  /home                         -> $(SEC_READONLY) ;
+  /home                         -> $(ReadOnly) ;
-  /mnt                          -> $(SEC_DYNAMIC) ;
+  /mnt                          -> $(Dynamic) ;
-  /usr                          -> $(SEC_READONLY) ;
+  /usr                          -> $(ReadOnly) ;
-  /var                          -> $(SEC_READONLY) ;
+  /var                          -> $(ReadOnly) ;
-  /opt                          -> $(SEC_READONLY) ;
+  /opt                          -> $(ReadOnly) ;
 }
  ###################################################
@ -168,7 +167,7 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Misc Top-Level Directories",
 )
 {
-  /lost+found                   -> $(SEC_READONLY) ;
+  /lost+found                   -> $(ReadOnly) ;
 }
  ################################################
@ -182,8 +181,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System Devices",
 )
 {
-  /dev                          -> $(SEC_DEVICE) ;
+  /dev                          -> $(Device) ;
-  /devices                      -> $(SEC_DEVICE) ;
+  /devices                      -> $(Device) ;
 }
  ################################################
@ -197,12 +196,12 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "OS Binaries and Libraries",
 )
 {
-  /sbin                         -> $(SEC_READONLY) ;
+  /sbin                         -> $(ReadOnly) ;
-  /usr/bin                      -> $(SEC_READONLY) ;
+  /usr/bin                      -> $(ReadOnly) ;
-  /usr/lib                      -> $(SEC_READONLY) ;
+  /usr/lib                      -> $(ReadOnly) ;
-  /usr/sbin                     -> $(SEC_READONLY) ;
+  /usr/sbin                     -> $(ReadOnly) ;
-  /usr/openwin/bin              -> $(SEC_READONLY) ;
+  /usr/openwin/bin              -> $(ReadOnly) ;
-  /usr/openwin/lib              -> $(SEC_READONLY) ;
+  /usr/openwin/lib              -> $(ReadOnly) ;
 }
  ################################################
@ -217,9 +216,9 @@ SEC_TEMPORARY     = +pugt ;
 )
 {
  ! /.netscape/cache ; 
-  /.bash_history	         -> $(SEC_READONLY) -smbCM;
+  /.bash_history	         -> $(ReadOnly) -smbCM;
-  /.sh_history                   -> $(SEC_DYNAMIC) ;
+  /.sh_history                   -> $(Dynamic) ;
-  /.Xauthority                   -> $(SEC_READONLY) ;
+  /.Xauthority                   -> $(ReadOnly) ;
 }
  ################################################
@ -233,8 +232,8 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "Temporary Directories",
 )
 {
-  /tmp                          -> $(SEC_TEMPORARY) ;
+  /tmp                          -> $(Temporary) ;
-  /var/tmp                      -> $(SEC_TEMPORARY) ;
+  /var/tmp                      -> $(Temporary) ;
 }
  ################################################
@ -296,17 +295,17 @@ SEC_TEMPORARY     = +pugt ;
  rulename = "System and Boot Changes",
 )
 {
-  /etc/.pwd.lock		   -> $(SEC_READONLY) -cm;
+  /etc/.pwd.lock		   -> $(ReadOnly) -cm;
-  /etc/coreadm.conf		   -> $(SEC_READONLY) -cm;
+  /etc/coreadm.conf		   -> $(ReadOnly) -cm;
-  /var/adm                         -> $(SEC_GROWING) -i;
+  /var/adm                         -> $(Growing) -i;
-  #/var/backups                    -> $(SEC_DYNAMIC) -i ;
+  #/var/backups                    -> $(Dynamic) -i ;
-  /var/cron/log                    -> $(SEC_GROWING) -i ;
+  /var/cron/log                    -> $(Growing) -i ;
-  #/var/db/host.random             -> $(SEC_READONLY) -mCM ;
+  #/var/db/host.random             -> $(ReadOnly) -mCM ;
-  #/var/db/locate.database         -> $(SEC_READONLY) -misCM ;
+  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
-  /var/log                         -> $(SEC_GROWING) -i ;
+  /var/log                         -> $(Growing) -i ;
-  #/var/run                        -> $(SEC_DYNAMIC) -i ;
+  #/var/run                        -> $(Dynamic) -i ;
-  #/var/mail                       -> $(SEC_GROWING) ;
+  #/var/mail                       -> $(Growing) ;
-  #/var/msgs/bounds                -> $(SEC_READONLY) -smbCM ;
+  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
  !/var/sendmail ;
  !/var/spool/clientmqueue ;
  !/var/spool/mqueue ;
--- a/policy/twpol-Syllable.txt
+++ b/policy/twpol-Syllable.txt
@ -1,184 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for Syllable                           ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 ### System dir ###############################################################
 #
 (rulename = "System Directory",)
 {
   /boot/system -> $(SEC_READONLY) -a;
 }
 ### Other bin dirs ############################################################
 #
 (rulename = "Binary Directories",)
 {
  /boot/bin -> $(SEC_READONLY) -a;
  /usr/bin -> $(SEC_READONLY) -a;
  /usr/local/bin -> $(SEC_READONLY) -a;
  /boot/Applications -> $(SEC_READONLY) -a;
  /resources/index/bin -> $(SEC_READONLY) -a;
 }
 (rulename = "Admin Binary Directories",)
 {
  /usr/local/sbin -> $(SEC_READONLY) -a;
  /resources/index/sbin -> $(SEC_READONLY) -a;
  /usr/local/libexec -> $(SEC_READONLY) -a;
  /resources/index/libexec -> $(SEC_READONLY) -a;
 }
 ### Other lib dirs ############################################################
 #
 (rulename = "Library Directories",)
 {
  /usr/local/lib -> $(SEC_READONLY) -a;
  /resources/index/lib -> $(SEC_READONLY) -a;
 }
 ### Other boot dirs ###########################################################
 #
 (rulename = "Boot Directories",)
 {
  /boot/boot/grub -> $(SEC_READONLY) -a;
 }
 ### Settings ##################################################################
 #
 (rulename = "Settings",)
 {
  /boot/etc -> $(SEC_READONLY) -a;
  /usr/local/etc -> $(SEC_READONLY) -a;
 }
 # Logs ########################################################################
 #
 (rulename = "Logs",)
 {
  /var/log -> $(SEC_GROWING) -a;
 }
 # Dev #########################################################################
 #
 (rulename = "Devices",)
 {
  /dev -> $(SEC_DEVICE) -a;
 }
 # Temp dirs #########################
 #
 (rulename = "Temp Directories",)
 {
  /boot/tmp -> $(SEC_TEMPORARY) -a;
 }
--- a/policy/twpol-skyos.txt
+++ b/policy/twpol-skyos.txt
@ -1,183 +0,0 @@
 ###############################################################################
 #                                                                            ##
 #    Default Tripwire 2.4 Policy file for SkyOS                             ##
 #                                                                            ##
 ###############################################################################
 ###############################################################################
 #                                                                            ##
 # Global Variable Definitions                                                ##
 #                                                                            ##
 # These are defined at install time by the installation script.  You may     ##
 # Manually edit these if you are using this file directly and not from the   ##
 # installation script itself.                                                ##
 #                                                                            ##
 ###############################################################################
@@section GLOBAL
 TWROOT=;
 TWBIN=;
 TWPOL=;
 TWDB=;
 TWSKEY=;
 TWLKEY=;
 TWREPORT=;
 HOSTNAME=;
 ##############################################################################
 #  Predefined Variables                                                      #
 ##############################################################################
 #
 #  Property Masks
 #
 #  -  ignore the following properties
 #  +  check the following properties
 #
 #  a  access timestamp (mutually exclusive with +CMSH)
 #  b  number of blocks allocated
 #  c  inode creation/modification timestamp
 #  d  ID of device on which inode resides
 #  g  group id of owner
 #  i  inode number
 #  l  growing files (logfiles for example)
 #  m  modification timestamp
 #  n  number of links
 #  p  permission and file mode bits
 #  r  ID of device pointed to by inode (valid only for device objects)
 #  s  file size
 #  t  file type
 #  u  user id of owner
 #
 #  C  CRC-32 hash
 #  H  HAVAL hash
 #  M  MD5 hash
 #  S  SHA hash
 #
 ##############################################################################
 SEC_DEVICE        = +pugsdr-intlbamcCMSH ;
 SEC_DYNAMIC       = +pinugtd-srlbamcCMSH ;
 SEC_GROWING       = +pinugtdl-srbamcCMSH ;
 SEC_IGNORE_ALL    = -pinugtsdrlbamcCMSH ;
 SEC_IGNORE_NONE    = +pinugtsdrbamcCMSH-l ;
 SEC_READONLY      = +pinugtsdbmCM-rlacSH ;
 SEC_TEMPORARY       = +pugt ;
@@section FS 
 #########################################
 #                                      ##
 #  Tripwire Binaries and Data Files    ##
 #                                      ##
 #########################################
 # Tripwire Binaries
 (
  rulename = "Tripwire Binaries",
 )
 {
  $(TWBIN)/siggen                      -> $(SEC_READONLY) ;
  $(TWBIN)/tripwire                    -> $(SEC_READONLY) ;
  $(TWBIN)/twadmin                     -> $(SEC_READONLY) ;
  $(TWBIN)/twprint                     -> $(SEC_READONLY) ;
 }
 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
  rulename = "Tripwire Data Files",
 )
 {
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.
  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.
  $(TWDB)                              -> $(SEC_DYNAMIC) -i ;
  $(TWPOL)/tw.pol                      -> $(SEC_READONLY) -i ;
  $(TWPOL)/tw.cfg                      -> $(SEC_READONLY) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_READONLY) ;
  $(TWSKEY)/site.key                   -> $(SEC_READONLY) ;
  # don't scan the individual reports
  $(TWREPORT)                          -> $(SEC_DYNAMIC) (recurse=0) ;
 }
 ##############################################################################
 ### System dir ###############################################################
 #
 (rulename = "System Directory",)
 {
  /boot/system -> $(SEC_READONLY) -a;
  /boot/system/registry.rsm -> $(SEC_READONLY) -am; 
 }
 (rulename = "System Files",)
 {
  /boot/kernel.sys -> $(SEC_READONLY) -a;
  /boot/kernel.dbg -> $(SEC_READONLY) -a;
  /boot/init.scr -> $(SEC_READONLY) -a;
  /boot/install.sif -> $(SEC_READONLY) -a;
 }
 ### Other bin dirs ############################################################
 #
 (rulename = "Binary Directories",)
 {
  /boot/programs -> $(SEC_READONLY) -a;
 }
 ### Other lib dirs ############################################################
 #
 (rulename = "Library Directories",)
 {
  /usr/lib -> $(SEC_READONLY) -a;
  /usr/local/lib -> $(SEC_READONLY) -a;
 }
 ### Other boot dirs ###########################################################
 #
 (rulename = "Boot Directories",)
 {
  /boot/boot/grub -> $(SEC_READONLY) -a;
 }
 ### Settings ##################################################################
 #
 (rulename = "Settings",)
 {
  /boot/programs/unix/etc -> $(SEC_READONLY) -a;
  /usr/local/etc -> $(SEC_READONLY) -a;
 }
 # Logs ########################################################################
 #
 (rulename = "Logs",)
 {
  /var/log -> $(SEC_GROWING) -a;
 }
 # Dev #########################################################################
 #
 (rulename = "Devices",)
 {
  /dev -> $(SEC_DEVICE) -a;
  /fifo -> $(SEC_DEVICE) -a;
  /pty -> $(SEC_DEVICE) -as;
  /systeminterface -> $(SEC_DEVICE) -a;
  /umfs -> $(SEC_DEVICE) -a;
 }
 # Temp dirs #########################
 #
 (rulename = "Temp Directories",)
 {
  /boot/temp -> $(SEC_TEMPORARY) -a;
 }
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -8,7 +8,3 @@ install:
 uninstall:
 	true
 clean-local: clean-local-check
 .PHONY: clean-local-check
 clean-local-check:
 	-rm -rf test-harness/twtest
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -282,6 +282,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -519,7 +520,7 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-recursive
-clean-am: clean-generic clean-local mostlyclean-am
+clean-am: clean-generic mostlyclean-am
 distclean: distclean-recursive
 	-rm -f Makefile
@ -586,17 +587,16 @@ uninstall-am:
 .MAKE: $(am__recursive_targets) install-am install-strip
 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
-	check-am clean clean-generic clean-local cscopelist-am ctags \
+	check-am clean clean-generic cscopelist-am ctags ctags-am \
-	ctags-am distclean distclean-generic distclean-tags distdir \
+	distclean distclean-generic distclean-tags distdir dvi dvi-am \
-	dvi dvi-am html html-am info info-am install install-am \
+	html html-am info info-am install install-am install-data \
-	install-data install-data-am install-dvi install-dvi-am \
+	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec install-exec-am install-html install-html-am \
+	install-exec-am install-html install-html-am install-info \
-	install-info install-info-am install-man install-pdf \
+	install-info-am install-man install-pdf install-pdf-am \
-	install-pdf-am install-ps install-ps-am install-strip \
+	install-ps install-ps-am install-strip installcheck \
-	installcheck installcheck-am installdirs installdirs-am \
+	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean maintainer-clean-generic mostlyclean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
-	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
+	pdf-am ps ps-am tags tags-am uninstall uninstall-am
 	uninstall-am
 .PRECIOUS: Makefile
@ -607,11 +607,6 @@ install:
 uninstall:
 	true
 clean-local: clean-local-check
 .PHONY: clean-local-check
 clean-local-check:
 	-rm -rf test-harness/twtest
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
--- a/src/buildnum.h
+++ b/src/buildnum.h
@ -1 +1,2 @@
 #define BUILD_NUM _T("0")
--- a/src/core/Makefile.am
+++ b/src/core/Makefile.am
@ -9,33 +9,32 @@ libcore_a_SOURCES = \
   archive.cpp charutil.cpp		\
   cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp		\
   corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp		\
-   displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
+   displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp		\
   errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp		\
   growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp		\
-   refcountobj.cpp serializable.cpp serializer.cpp	\
+   objectpool.cpp refcountobj.cpp serializable.cpp serializer.cpp	\
   serializerimpl.cpp serializerutil.cpp serstring.cpp 			\
   srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp		\
-   timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp      	\
+   timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp	\
-   unixexcept.cpp usernotify.cpp usernotifystdout.cpp		\
+   unixexcept.cpp usernotify.cpp usernotifystdout.cpp utf8.cpp		\
   wchar16.cpp
 libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h       \
   core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h        \
-   displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
+   displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h      \
   errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h   \
   fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h       \
-   ntmbs.h package.h platform.h refcountobj.h resources.h                    \
+   ntmbs.h objectpool.h package.h platform.h refcountobj.h resources.h       \
   serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
   sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h    \
-   tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h                   \
+   tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h        \
   twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
-   usernotify.h usernotifystdout.h wchar16.h
+   usernotify.h usernotifystdout.h utf8.h wchar16.h
 libcore_a_LIBADD = @CORE_CRYPT_O@
 libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
 DEFS = @DEFS@		# This gets rid of the -I. so AM_CPPFLAGS must be more explicit
 CLEANFILES = *.gcno *.gcda
 all: $(noinst_LIBRARIES)
 	$(AR) ru ../../lib/libtripwire.a $(libcore_a_OBJECTS) $(libcore_a_LIBADD)
--- a/src/core/Makefile.in
+++ b/src/core/Makefile.in
@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@ -113,19 +113,20 @@ am_libcore_a_OBJECTS = file_unix.$(OBJEXT) unixfsservices.$(OBJEXT) \
 	archive.$(OBJEXT) charutil.$(OBJEXT) cmdlineparser.$(OBJEXT) \
 	codeconvert.$(OBJEXT) core.$(OBJEXT) coreerrors.$(OBJEXT) \
 	corestrings.$(OBJEXT) crc32.$(OBJEXT) debug.$(OBJEXT) \
-	displayencoder.$(OBJEXT) displayutil.$(OBJEXT) epoch.$(OBJEXT) \
+	displayencoder.$(OBJEXT) displayutil.$(OBJEXT) error.$(OBJEXT) \
-	error.$(OBJEXT) errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
+	errorbucketimpl.$(OBJEXT) errortable.$(OBJEXT) \
 	errorutil.$(OBJEXT) fileerror.$(OBJEXT) fileheader.$(OBJEXT) \
 	fsservices.$(OBJEXT) growheap.$(OBJEXT) hashtable.$(OBJEXT) \
 	haval.$(OBJEXT) msystem.$(OBJEXT) ntmbs.$(OBJEXT) \
-	refcountobj.$(OBJEXT) serializable.$(OBJEXT) \
+	objectpool.$(OBJEXT) refcountobj.$(OBJEXT) \
-	serializer.$(OBJEXT) serializerimpl.$(OBJEXT) \
+	serializable.$(OBJEXT) serializer.$(OBJEXT) \
-	serializerutil.$(OBJEXT) serstring.$(OBJEXT) \
+	serializerimpl.$(OBJEXT) serializerutil.$(OBJEXT) \
-	srefcountobj.$(OBJEXT) srefcounttbl.$(OBJEXT) \
+	serstring.$(OBJEXT) srefcountobj.$(OBJEXT) \
-	stdcore.$(OBJEXT) stringutil.$(OBJEXT) timeconvert.$(OBJEXT) \
+	srefcounttbl.$(OBJEXT) stdcore.$(OBJEXT) stringutil.$(OBJEXT) \
-	tw_signal.$(OBJEXT) twlimits.$(OBJEXT) twlocale.$(OBJEXT) \
+	timebomb.$(OBJEXT) timeconvert.$(OBJEXT) tw_signal.$(OBJEXT) \
-	unixexcept.$(OBJEXT) usernotify.$(OBJEXT) \
+	twlimits.$(OBJEXT) twlocale.$(OBJEXT) unixexcept.$(OBJEXT) \
-	usernotifystdout.$(OBJEXT) wchar16.$(OBJEXT)
+	usernotify.$(OBJEXT) usernotifystdout.$(OBJEXT) utf8.$(OBJEXT) \
 	wchar16.$(OBJEXT)
 libcore_a_OBJECTS = $(am_libcore_a_OBJECTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@ -313,6 +314,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@ -334,31 +336,30 @@ libcore_a_SOURCES = \
   archive.cpp charutil.cpp		\
   cmdlineparser.cpp codeconvert.cpp core.cpp coreerrors.cpp		\
   corestrings.cpp crc32.cpp debug.cpp displayencoder.cpp		\
-   displayutil.cpp epoch.cpp error.cpp errorbucketimpl.cpp errortable.cpp \
+   displayutil.cpp error.cpp errorbucketimpl.cpp errortable.cpp		\
   errorutil.cpp fileerror.cpp fileheader.cpp fsservices.cpp		\
   growheap.cpp hashtable.cpp haval.cpp msystem.cpp ntmbs.cpp		\
-   refcountobj.cpp serializable.cpp serializer.cpp	\
+   objectpool.cpp refcountobj.cpp serializable.cpp serializer.cpp	\
   serializerimpl.cpp serializerutil.cpp serstring.cpp 			\
   srefcountobj.cpp srefcounttbl.cpp stdcore.cpp stringutil.cpp		\
-   timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp      	\
+   timebomb.cpp timeconvert.cpp tw_signal.cpp twlimits.cpp twlocale.cpp	\
-   unixexcept.cpp usernotify.cpp usernotifystdout.cpp		\
+   unixexcept.cpp usernotify.cpp usernotifystdout.cpp utf8.cpp		\
   wchar16.cpp
 libcore_a_HEADERS = archive.h charutil.h cmdlineparser.h codeconvert.h       \
   core.h coreerrors.h corestrings.h crc32.h debug.h displayencoder.h        \
-   displayutil.h epoch.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h \
+   displayutil.h error.h errorbucket.h errorbucketimpl.h errorgeneral.h      \
   errortable.h errorutil.h file.h fileerror.h fileheader.h fixedfilebuf.h   \
   fsservices.h growheap.h hashtable.h haval.h md5.h msystem.h ntdbs.h       \
-   ntmbs.h package.h platform.h refcountobj.h resources.h                    \
+   ntmbs.h objectpool.h package.h platform.h refcountobj.h resources.h       \
   serializable.h serializer.h serializerimpl.h serializerutil.h serstring.h \
   sha.h srefcountobj.h srefcounttbl.h stdcore.h stringutil.h tasktimer.h    \
-   tchar.h timeconvert.h tw_signal.h twlimits.h twlocale.h                   \
+   tchar.h timebomb.h timeconvert.h tw_signal.h twlimits.h twlocale.h        \
   twstringslang.h typed.h types.h unixexcept.h unixfsservices.h upperbound.h \
-   usernotify.h usernotifystdout.h wchar16.h
+   usernotify.h usernotifystdout.h utf8.h wchar16.h
 libcore_a_LIBADD = @CORE_CRYPT_O@
 libcore_a_DEPENDENCIES = @CORE_CRYPT_O@
 CLEANFILES = *.gcno *.gcda
 all: all-am
 .SUFFIXES:
@ -545,7 +546,6 @@ install-strip:
 mostlyclean-generic:
 clean-generic:
 	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
--- a/src/core/archive.cpp
+++ b/src/core/archive.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -51,13 +51,35 @@
 #include "corestrings.h"    // for: STR_ERR2_ARCH_CRYPTO_ERR
 //=============================================================================
 // Utility Functions
 //=============================================================================
 ///////////////////////////////////////////////////////////////////////////////
 // util_IsDir -- returns true if a given file is a directory
 ///////////////////////////////////////////////////////////////////////////////
 bool util_IsDir( const TSTRING& fileName )
 {
    cFSStatArgs s;
    try
    {
        iFSServices::GetInstance()->Stat( fileName, s );        
    }
    catch( eFSServices )
    {
        return false;
    }
    return( s.mFileType == cFSStatArgs::TY_DIR );
 }
 //=============================================================================
 // eArchiveCrypto
 //=============================================================================
-TSTRING eArchiveCrypto::GetMsg() const
+TSTRING eArchiveCrypto::GetMsg( ) const
 {
    // RAD: Updated this to use new stringtable
-    return (mMsg + TSS_GetString(cCore, core::STR_ERR2_ARCH_CRYPTO_ERR));
+    return ( mMsg + TSS_GetString( cCore, core::STR_ERR2_ARCH_CRYPTO_ERR ) );
 }
@ -113,22 +135,22 @@ void cArchive::ReadString(TSTRING& ret) // throw(eArchive)
 {
    // read in size of string
    int16 size;
-    ReadInt16(size);
+    ReadInt16( size );
    // create buffer for WCHAR16 string
    wc16_string ws;
-    ws.resize(size);
+    ws.resize( size );
    WCHAR16* pwc = (WCHAR16*)ws.data();
-    for (int n = 0; n < size; n++)
+    for( int n = 0; n < size; n++ )
    {
        int16 i16;
-        ReadInt16(i16);
+        ReadInt16( i16 );
        *pwc++ = i16;
    }
    // convert WCHAR16 string to a TSTRING
-    ret = cStringUtil::WstrToTstr(ws);
+    ret = cStringUtil::WstrToTstr( ws );
 }
 int  cArchive::ReadBlob(void* pBlob, int count)
@ -163,20 +185,20 @@ void cArchive::WriteString(TSTRING s) // throw(eArchive)
 {
    // convert string to a UCS2 string
    wc16_string ws;
-    cStringUtil::Convert(ws, s); // Make convert "type-dispatched"
+    cStringUtil::Convert( ws, s );  // Make convert "type-dispatched"
    // we assume that we can represent the size as a unsigned 16-bit number    
    // (we actually write  it as a signed number, but we cast it)
-    if (ws.length() > TSS_INT16_MAX)
+    if( ws.length() > TSS_INT16_MAX )
-        ThrowAndAssert(eArchiveStringTooLong());
+        ThrowAndAssert( eArchiveStringTooLong() );
-    WriteInt16(static_cast<int16>(ws.length()));
+    WriteInt16( static_cast<int16>( ws.length() ) );
    // write out each 16 bit character
    // RAD:09/03/99 -- Optimized for performance with "const"
    wc16_string::const_iterator at = ws.begin();
-    while (at != ws.end())
+    while ( at != ws.end() )
-        WriteInt16(*at++);
+        WriteInt16( *at++ );
 }
@ -193,27 +215,24 @@ int32 cArchive::GetStorageSize(const TSTRING& str)
    // after the length, all of the characters in the string are written as 16-bit values, 
    // except for the null character
    //
-    size += (str.length() * 2);
+    size += ( str.length() * 2 );
    return size;
 }
 int64 cArchive::Copy(cArchive* pFrom, int64 amt)
 {
-    enum
+    enum { BUF_SIZE = 2048 };
    {
        BUF_SIZE = 2048
    };
    int8    buf[BUF_SIZE];
    int64   amtLeft = amt;
-    while (amtLeft > 0)
+    while(amtLeft > 0)
    {
        int64 amtToRead = amtLeft > (int64)BUF_SIZE ? (int64)BUF_SIZE : amtLeft;
-        int64 amtRead   = pFrom->ReadBlob(buf, static_cast<int>(amtToRead));
+        int64 amtRead = pFrom->ReadBlob(buf, static_cast<int>( amtToRead ) );
        amtLeft -= amtRead;
-        WriteBlob(buf, static_cast<int>(amtRead));
+        WriteBlob(buf, static_cast<int>( amtRead ) );
-        if (amtRead < amtToRead)
+        if(amtRead < amtToRead)
            break;
    }
@ -291,7 +310,8 @@ void cMemMappedArchive::SetNewMap(void* pMap, int64 offset, int64 length) const
 //      mapped.
 ///////////////////////////////////////////////////////////////////////////////
-cMemoryArchive::cMemoryArchive(int maxSize) : mMaxAllocatedLen(maxSize)
+cMemoryArchive::cMemoryArchive(int maxSize)
 :   mMaxAllocatedLen(maxSize)
 {
    ASSERT(maxSize > 0);
    mpMemory = 0;
@ -323,15 +343,13 @@ void cMemoryArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
        offset = mLogicalSize + (int)offset;
        break;
    default:
-        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
    }
    if (offset > mLogicalSize)
-        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
-    mReadHead = static_cast<int>(offset);
+    mReadHead = static_cast<int>( offset );
 }
 int64 cMemoryArchive::CurrentPos() const
@ -354,8 +372,8 @@ void cMemoryArchive::Truncate()
 void cMemoryArchive::MapArchive(int64 offset, int64 len) // throw(eArchive)
 {
-    if (offset + (int)len > mLogicalSize)
+    if ( offset + (int)len > mLogicalSize )
-        AllocateMemory(static_cast<int>(offset + len));
+        AllocateMemory( static_cast<int>( offset + len ) );
    SetNewMap(mpMemory + offset, offset, len);
 }
@ -403,12 +421,12 @@ void cMemoryArchive::AllocateMemory(int len) // throw(eArchive)
    {
        // grow the buffer
        // only error if we are in debug mode
-#ifdef DEBUG
+#ifdef _DEBUG
        if (len > mMaxAllocatedLen)
            ThrowAndAssert(eArchiveOutOfMem());
 #endif
-        if (0 == mAllocatedLen)
+        if( 0 == mAllocatedLen )
            mAllocatedLen = MIN_ALLOCATED_SIZE;
        while (mAllocatedLen < len)
@ -468,20 +486,26 @@ public:
 //-----------------------------------------------------------------------------
 // cFixedMemArchive
 //-----------------------------------------------------------------------------
-cFixedMemArchive::cFixedMemArchive() : mpMemory(0), mSize(0), mReadHead(0)
+cFixedMemArchive::cFixedMemArchive()
 :   mpMemory    (0),
    mSize       (0),
    mReadHead   (0)
 {
 }
-cFixedMemArchive::cFixedMemArchive(int8* pMem, int32 size) : mpMemory(0), mSize(0), mReadHead(0)
+cFixedMemArchive::cFixedMemArchive( int8* pMem, int32 size )
 :   mpMemory    (0),
    mSize       (0),
    mReadHead   (0)
 {
-    Attach(pMem, size);
+    Attach( pMem, size );
 }
 cFixedMemArchive::~cFixedMemArchive()
 {
 }
-void cFixedMemArchive::Attach(int8* pMem, int32 size)
+void cFixedMemArchive::Attach( int8* pMem, int32 size )
 {
    mpMemory    = pMem;
    mSize       = size;
@ -501,15 +525,13 @@ void cFixedMemArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
        offset = mSize + (int)offset;
        break;
    default:
-        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
    }
    if (offset > mSize)
-        ThrowAndAssert(eArchiveSeek(TSS_GetString(cCore, core::STR_MEMARCHIVE_FILENAME),
+        ThrowAndAssert(eArchiveSeek(TSS_GetString( cCore, core::STR_MEMARCHIVE_FILENAME), TSS_GetString( cCore, core::STR_MEMARCHIVE_ERRSTR)));
                                    TSS_GetString(cCore, core::STR_MEMARCHIVE_ERRSTR)));
-    mReadHead = static_cast<int32>(offset);
+    mReadHead = static_cast<int32>( offset );
 }
 int64 cFixedMemArchive::CurrentPos() const 
@ -529,10 +551,10 @@ bool cFixedMemArchive::EndOfFile()
 int cFixedMemArchive::Read(void* pDest, int count)          // throw(eArchive)
 {
-    ASSERT(pDest);
+    ASSERT( pDest );
    if (mReadHead + count > mSize)
    {
-        count = static_cast<int>(mSize - mReadHead);
+        count = static_cast<int>( mSize - mReadHead );
        if (count <= 0)
            return 0;
    }
@ -549,7 +571,7 @@ int cFixedMemArchive::Write(const void* pDest, int count) // throw(eArchive)
 {
    if (mReadHead + count > mSize)
    {
-        ASSERT(false);
+        ASSERT( false );
        throw eArchiveWrite();
    }
@ -566,9 +588,11 @@ int cFixedMemArchive::Write(const void* pDest, int count) // throw(eArchive)
 ///////////////////////////////////////////////////////////////////////////////
 //Ctor -- Initialize member variables to 0 or NULL equivalents.
-cFileArchive::cFileArchive() : mFileSize(0), mReadHead(0), isWritable(false)
+cFileArchive::cFileArchive() :
-{
+    mFileSize(0),
-}
+    mReadHead(0),
    isWritable(false)
 {}
 cFileArchive::~cFileArchive()
 {
@ -576,14 +600,14 @@ cFileArchive::~cFileArchive()
 bool cFileArchive::EndOfFile()
 {
-    return (mReadHead >= mFileSize);
+    return ( mReadHead >= mFileSize );
 }
 ////////////////////////////////////////////////////////////////////////
 // Seek -- This is where the actual offset is performed.  The default
 // for each archive will be 0.
 /////////////////////////////////////////////////////////////////////////
-void cFileArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
+void cFileArchive::Seek( int64 offset, SeekFrom from) // throw(eArchive)
 {
    try 
    {
@ -598,19 +622,19 @@ void cFileArchive::Seek(int64 offset, SeekFrom from) // throw(eArchive)
            offset = mFileSize + offset;
            break;
        default:
-            throw eArchiveSeek(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
+            throw eArchiveSeek( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
        }
-        if (offset > mFileSize)
+        if ( offset > mFileSize )
-            throw eArchiveSeek(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
+            throw eArchiveSeek( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
        mReadHead = offset;
        mCurrentFile.Seek(mReadHead, cFile::SEEK_BEGIN);
            //This is where the actual read/writehead is set!!
-    } //try
+    }//try
-    catch (eFile& fileError)
+    catch( eFile& fileError )
    {
-        throw(eArchiveSeek(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveSeek( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -628,9 +652,9 @@ int64 cFileArchive::Length(void) const
    {
        return mCurrentFile.GetSize();
    }
-    catch (eFile& fileError)
+    catch(eFile& fileError)
    {
-        throw(eArchiveSeek(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveSeek( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -643,22 +667,22 @@ void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags)
    {
        // set up open flags
        uint32 flags = cFile::OPEN_READ;
-        flags |= ((openFlags & FA_OPEN_TRUNCATE) ? cFile::OPEN_TRUNCATE : 0);
+        flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
-        flags |= ((openFlags & FA_OPEN_TEXT)     ? cFile::OPEN_TEXT     : 0);
+        flags |= ( ( openFlags & FA_OPEN_TEXT     ) ? cFile::OPEN_TEXT     : 0 );
-        flags |= ((openFlags & FA_SCANNING)      ? cFile::OPEN_SCANNING : 0);
+        flags |= ( ( openFlags & FA_SCANNING      ) ? cFile::OPEN_SCANNING : 0 );
-        flags |= ((openFlags & FA_DIRECT)        ? cFile::OPEN_DIRECT   : 0);
+        flags |= ( ( openFlags & FA_DIRECT        ) ? cFile::OPEN_DIRECT   : 0 );
        mOpenFlags = openFlags; 
        mCurrentFilename = filename;
-        mCurrentFile.Open(filename, flags);
+        mCurrentFile.Open( filename, flags );
        isWritable = false;
        mFileSize           = mCurrentFile.GetSize();
-        mReadHead = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);
+        mReadHead           = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
    }
-    catch (eFile& fileError)
+    catch(eFile& fileError)
    {
-        throw(eArchiveOpen(mCurrentFilename, fileError.GetDescription()));
+        throw(eArchiveOpen( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -671,22 +695,22 @@ void cFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
    {        
        // set up open flags
        uint32 flags = cFile::OPEN_WRITE;
-        flags |= ((openFlags & FA_OPEN_TRUNCATE) ? cFile::OPEN_TRUNCATE : 0);
+        flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
-        flags |= ((openFlags & FA_OPEN_TEXT)     ? cFile::OPEN_TEXT     : 0);
+        flags |= ( ( openFlags & FA_OPEN_TEXT     ) ? cFile::OPEN_TEXT     : 0 );
-        flags |= ((openFlags & FA_SCANNING)      ? cFile::OPEN_SCANNING : 0);
+        flags |= ( ( openFlags & FA_SCANNING      ) ? cFile::OPEN_SCANNING : 0 );
-        flags |= ((openFlags & FA_DIRECT)        ? cFile::OPEN_DIRECT   : 0);
+        flags |= ( ( openFlags & FA_DIRECT        ) ? cFile::OPEN_DIRECT   : 0 );
        mOpenFlags = openFlags;
        mCurrentFilename = filename;
-        mCurrentFile.Open(filename, flags);
+        mCurrentFile.Open( filename, flags );
        isWritable = true;
        mFileSize = mCurrentFile.GetSize();
-        mReadHead = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);
+        mReadHead = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
    }
-    catch (eFile& fileError)
+    catch(eFile& fileError)
    {
-        throw(eArchiveOpen(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveOpen( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -712,9 +736,9 @@ void cFileArchive::Close()
        mCurrentFilename = _T("");
    }
-    catch (eFile& fileError)
+    catch(eFile& fileError)
    {
-        throw(eArchive(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchive( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -727,42 +751,43 @@ int cFileArchive::Read(void* pDest, int count)
    try 
    {
-        if (mReadHead + count > mFileSize && !(mOpenFlags & FA_DIRECT))
+        if ( mReadHead + count > mFileSize && !(mOpenFlags & FA_DIRECT))
-            count = static_cast<int>(mFileSize - mReadHead);
+            count = static_cast<int>( mFileSize - mReadHead );
-        if (pDest != NULL)
+        if ( pDest != NULL )
        {
-            int nbRead = static_cast<int>(mCurrentFile.Read(pDest, count));
+            int nbRead = 
                static_cast<int>( mCurrentFile.Read( pDest, count ) );
            // 'count' may not be equal to 'nbRead' if the file is open in
            // text mode.
            count = nbRead;
-            if (count < 0)
+            if(count < 0) count = 0;
                count = 0;
        }
        else
        {
            int i;
            int32 dummy;
-            for (i = count;; i -= sizeof(int32))
+            for (i = count; ; i -= sizeof(int32))
            {
                if (i < (int)sizeof(int32))
                {
                    if (i > 0)
-                        mCurrentFile.Read(&dummy, i);
+                        mCurrentFile.Read( &dummy, i );
                    break;
                }
-                mCurrentFile.Read(&dummy, i);
+                mCurrentFile.Read( &dummy, i );
            }
        }
        mReadHead += count;
        return count;
    }
-    catch (eFile& fileError)
+    catch( eFile& fileError )
    {
-        throw(eArchiveRead(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveRead( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
 /////////////////////////////////////////////////////////////////////////
@ -774,35 +799,35 @@ int cFileArchive::Write(const void* pDest, int count) // throw(eArchive)
    try 
    {
        int64 actual_count = 0;
-        ASSERT(mCurrentFile.isWritable);
+        ASSERT( mCurrentFile.isWritable );
-        actual_count = mCurrentFile.Write(pDest, count);
+        actual_count = mCurrentFile.Write( pDest, count );
-        if (actual_count < count)
+        if ( actual_count < count )
        {
            //Disk full??
-            throw eArchiveWrite(mCurrentFilename, iFSServices::GetInstance()->GetErrString());
+            throw eArchiveWrite( mCurrentFilename, iFSServices::GetInstance()->GetErrString() ) ;
        }
        // increment the read/write head
        mReadHead += actual_count;
        // increase the size, if needed
-        if (mReadHead > mFileSize)
+        if( mReadHead > mFileSize )
        {
-#if 0 // IS_SUNPRO \
+            #if 0 // IS_SUNPRO
            // These two lines seem to be all there is between code that crashes and code that works for sunpro
            cDebug d("cFileArchive::Write()");
            d.TraceDebug(_T("file(%s) adjusted mFileSize = %d mReadHead = %d\n"), mCurrentFilename.c_str(), (int)mFileSize, (int)mReadHead);
-#endif
+            #endif
            mFileSize = mReadHead;
        }
        return (int)actual_count;
    }
-    catch (eFile& fileError)
+    catch( eFile& fileError )
    {
-        throw(eArchiveWrite(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveWrite( mCurrentFilename, fileError.GetDescription() ) );
    }
 }
@ -812,53 +837,53 @@ int cFileArchive::Write(const void* pDest, int count) // throw(eArchive)
 /////////////////////////////////////////////////////////////////////////
 void cFileArchive::Truncate() // throw(eArchive) 
 {
-    ASSERT(mCurrentFile.IsOpen());
+    ASSERT( mCurrentFile.IsOpen() );
-    ASSERT(mCurrentFile.isWritable);
+    ASSERT( mCurrentFile.isWritable );
    try 
    {
-        mCurrentFile.Truncate(mReadHead);
+        mCurrentFile.Truncate ( mReadHead );
    }
-    catch (eFile& fileError)
+    catch( eFile& fileError )
    {
        //TODO: create an error number for truncate...
-        throw(eArchiveWrite(mCurrentFilename, fileError.GetDescription()));
+        throw( eArchiveWrite( mCurrentFilename, fileError.GetDescription() ) );
    }
    mFileSize = mReadHead;
 }
 /////////////////////////////////////////////////////////////////////////
 // OpenReadWrite -- Opens the file to be read or written to
 //
 // since we'll never open an existing file, the truncateFile flag is unnecessary.
 /////////////////////////////////////////////////////////////////////////
-void cLockedTemporaryFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
+void cLockedTemporaryFileArchive::OpenReadWrite( const TCHAR* filename, uint32 openFlags )
 {
  TSTRING strTempFile;
-    try
+  try {
    {
-        ASSERT(!mCurrentFile.IsOpen()); // shouldn't be able to create a new file when we're already open
+    ASSERT( !mCurrentFile.IsOpen() ); // shouldn't be able to create a new file when we're already open
-        if (mCurrentFile.IsOpen())
+    if    ( mCurrentFile.IsOpen() ) 
-            throw(eArchive(mCurrentFilename, _T("Internal Error")));
+        throw( eArchive( mCurrentFilename, _T("Internal Error") ) );
    ///////////////////////////////////////////////////////////////////////////////
    // if filename is NULL, create a temp file for the caller
-        if (filename == NULL)
+    if( filename == NULL )
      {
        try
          {
-                iFSServices::GetInstance()->GetTempDirName(strTempFile);
+            iFSServices::GetInstance()->GetTempDirName( strTempFile );
            strTempFile += _T("twtempXXXXXX");  
-                iFSServices::GetInstance()->MakeTempFilename(strTempFile);
+            iFSServices::GetInstance()->MakeTempFilename( strTempFile );
          }
-            catch (eFSServices& fileError)
+        catch( eFSServices& fileError)
          {
-                TSTRING errStr = TSS_GetString(cCore, core::STR_BAD_TEMPDIRECTORY);
+            TSTRING errStr = TSS_GetString( cCore, core::STR_BAD_TEMPDIRECTORY );
            throw eArchiveOpen(strTempFile, errStr);
          }
      }
@ -869,28 +894,27 @@ void cLockedTemporaryFileArchive::OpenReadWrite(const TCHAR* filename, uint32 op
    // set up flags
    uint32 flags = cFile::OPEN_WRITE | cFile::OPEN_LOCKED_TEMP | cFile::OPEN_CREATE | cFile::OPEN_EXCLUSIVE;
-        if (openFlags & FA_OPEN_TRUNCATE)
+    if ( openFlags & FA_OPEN_TRUNCATE ) 
      flags |= cFile::OPEN_TRUNCATE;
-        if (openFlags & FA_OPEN_TEXT)
+    if ( openFlags & FA_OPEN_TEXT ) 
      flags |= cFile::OPEN_TEXT;
    // open file
    mCurrentFilename = filename ? filename : strTempFile.c_str();
-        mCurrentFile.Open(mCurrentFilename, flags);
+    mCurrentFile.Open( mCurrentFilename, flags );
    isWritable = true;
    mFileSize = mCurrentFile.GetSize();
-        mReadHead  = mCurrentFile.Seek(0, cFile::SEEK_BEGIN);
+    mReadHead = mCurrentFile.Seek( 0, cFile::SEEK_BEGIN );
 #if 0 // IS_SUNPRO
    cDebug d("cLockedTemporaryFileArchive::OpenReadWrite()");
    d.TraceDebug(_T("file(%s) set mFileSize to %d mReadHead to %d\n"), mCurrentFilename.c_str(), (int)mFileSize, (int)mReadHead);
 #endif
-    } //try
+  }//try
-    catch (eFile& fileError)
+  catch (eFile& fileError) {
-    {
+    TSTRING errStr = TSS_GetString( cCore, core::STR_BAD_TEMPDIRECTORY );
        TSTRING      errStr = TSS_GetString(cCore, core::STR_BAD_TEMPDIRECTORY);
    eArchiveOpen e(strTempFile, errStr);
    throw e;
  }
@ -905,3 +929,4 @@ void cLockedTemporaryFileArchive::Close()
    // Note: this deletes the file as well
    cFileArchive::Close();
 }
--- a/src/core/archive.h
+++ b/src/core/archive.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -56,24 +56,24 @@
 //=============================================================================
 // eArchive exception classes
 //=============================================================================
-TSS_FILE_EXCEPTION(eArchive, eFileError);
+TSS_FILE_EXCEPTION( eArchive,           eFileError );
-TSS_FILE_EXCEPTION(eArchiveOpen, eArchive);
+TSS_FILE_EXCEPTION( eArchiveOpen,       eArchive );
-TSS_FILE_EXCEPTION(eArchiveWrite, eArchive);
+TSS_FILE_EXCEPTION( eArchiveWrite,      eArchive );
-TSS_FILE_EXCEPTION(eArchiveRead, eArchive);
+TSS_FILE_EXCEPTION( eArchiveRead,       eArchive );
-TSS_FILE_EXCEPTION(eArchiveEOF, eArchive);
+TSS_FILE_EXCEPTION( eArchiveEOF,        eArchive );
-TSS_FILE_EXCEPTION(eArchiveSeek, eArchive);
+TSS_FILE_EXCEPTION( eArchiveSeek,       eArchive );
-TSS_FILE_EXCEPTION(eArchiveMemmap, eArchive);
+TSS_FILE_EXCEPTION( eArchiveMemmap,     eArchive );
-TSS_FILE_EXCEPTION(eArchiveOutOfMem, eArchive);
+TSS_FILE_EXCEPTION( eArchiveOutOfMem,   eArchive );
-TSS_FILE_EXCEPTION(eArchiveInvalidOp, eArchive);
+TSS_FILE_EXCEPTION( eArchiveInvalidOp,  eArchive );
-TSS_FILE_EXCEPTION(eArchiveFormat, eArchive);
+TSS_FILE_EXCEPTION( eArchiveFormat,     eArchive );
-TSS_FILE_EXCEPTION(eArchiveNotRegularFile, eArchive);
+TSS_FILE_EXCEPTION( eArchiveNotRegularFile, eArchive );
-TSS_BEGIN_EXCEPTION(eArchiveCrypto, eArchive)
+TSS_BEGIN_EXCEPTION( eArchiveCrypto,        eArchive )
-virtual TSTRING GetMsg() const;
+    virtual TSTRING GetMsg() const;
-// eCryptoArchive appends a special string to the end of
+        // eCryptoArchive appends a special string to the end of
-// all exception messages
+        // all exception messages
 TSS_END_EXCEPTION()
-TSS_EXCEPTION(eArchiveStringTooLong, eArchive);
+TSS_EXCEPTION( eArchiveStringTooLong, eArchive );
 //      throw( eArchiveOpen( cErrorUtil::MakeFileError( fileError.GetMsg(), strTempFile ) ) );
@ -85,9 +85,7 @@ TSS_EXCEPTION(eArchiveStringTooLong, eArchive);
 class cArchive
 {
 public:
-    virtual ~cArchive()
+    virtual ~cArchive() {}
    {
    }
    // convenience methods
    //
@ -139,8 +137,7 @@ protected:
 class cBidirArchive : public cArchive
 {
 public:
-    enum SeekFrom
+    enum SeekFrom {
    {
        BEGINNING = 0,
        CURRENT = 1,
        END = -1
@ -158,8 +155,7 @@ public:
 class cMemMappedArchive : public cBidirArchive
 {
 public:
-    enum
+    enum {
    {
        MAP_TO_EOF = -1
    };
@ -206,10 +202,7 @@ public:
            void    Truncate(); // set the length to the current pos
-    int8* GetMemory() const
+            int8*   GetMemory() const { return mpMemory; }
    {
        return mpMemory;
    }
 protected:
    int8*   mpMemory;
@ -231,21 +224,20 @@ class cFixedMemArchive : public cBidirArchive
 {
 public:
    cFixedMemArchive();
-    cFixedMemArchive(int8* pMem, int32 size);
+    cFixedMemArchive( int8* pMem, int32 size );
    virtual ~cFixedMemArchive();
-    void Attach(int8* pMem, int32 size);
+    void Attach( int8* pMem, int32 size );
        // this method associates the archive with pMem and sets the size of the
        // archive. Unlike cMemoryArchive, this may never grow or shrink in size.
    //-----------------------------------
    // cBidirArchive interface
    //-----------------------------------
-    virtual void  Seek(int64 offset, SeekFrom from); // throw(eArchive);
+    virtual void    Seek        (int64 offset, SeekFrom from) ; // throw(eArchive);
-    virtual int64 CurrentPos() const;
+    virtual int64   CurrentPos  () const ;
-    virtual int64 Length() const;
+    virtual int64   Length      () const ;
    virtual bool    EndOfFile();
 protected:
    //-----------------------------------
    // cArchive interface
@ -273,8 +265,8 @@ public:
    };
    // TODO: Open should throw
-    virtual void OpenRead(const TCHAR* filename, uint32 openFlags = 0);
+    virtual void    OpenRead(const TCHAR* filename, uint32 openFlags = 0 );
-    virtual void OpenReadWrite(const TCHAR* filename, uint32 openFlags = FA_OPEN_TRUNCATE);
+    virtual void    OpenReadWrite(const TCHAR* filename, uint32 openFlags = FA_OPEN_TRUNCATE );
        // opens a file for reading or writing; the file is always created if it doesn't exist,
        // and is truncated to zero length if truncateFile is set to true;
    TSTRING         GetCurrentFilename(void) const;
@ -315,7 +307,7 @@ protected:
 class cLockedTemporaryFileArchive : public cFileArchive
 {
 public:
-    virtual void OpenReadWrite(const TCHAR* filename = NULL, uint32 openFlags = FA_OPEN_TRUNCATE);
+    virtual void    OpenReadWrite       ( const TCHAR* filename = NULL, uint32 openFlags = FA_OPEN_TRUNCATE );
        // creates the file.  filename must not exist on the file system.  
        // if filename is NULL, the class will create and use a temporary file.
        // truncateFile has no meaning
@ -328,12 +320,32 @@ public:
 private:
    // open for read only makes no sense if we're always creating the file, 
    // so disallow read only file opens
-    virtual void OpenRead(const TCHAR*, uint32 openFlags = 0)
+    virtual void    OpenRead( const TCHAR*, uint32 openFlags = 0 ) { ASSERT( false ); THROW_INTERNAL("archive.h"); }
    {
        ASSERT(false);
        THROW_INTERNAL("archive.h");
    }
 };
 /* 
 // TODO: fill these out
 ///////////////////////////////////////////////////////////////////////////////
 // class cMMFileArchive --
 ///////////////////////////////////////////////////////////////////////////////
 class cMMFileArchive : public cMemMappedArchive
 {
 public:
 };
 ///////////////////////////////////////////////////////////////////////////////
 // class cNetArchive --
 ///////////////////////////////////////////////////////////////////////////////
 class cNetArchive : public cArchive
 {
 public:
 };
 */
 #endif 
--- a/src/core/charutil.cpp
+++ b/src/core/charutil.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -42,7 +42,7 @@
 #include "ntmbs.h"
 #if IS_ANDROID
-int mblen(const char* s, size_t n)
+int mblen(const char *s, size_t n)
 {
  return mbtowc(0, s, n);
 }
@ -64,26 +64,26 @@ int mblen(const char* s, size_t n)
 //
 /* static */
-bool cCharUtil::PeekNextChar(const TSTRING::const_iterator& cur,
+bool cCharUtil::PeekNextChar(  const TSTRING::const_iterator& cur, 
                               const TSTRING::const_iterator& end, 
                                     TSTRING::const_iterator& first, 
-                             TSTRING::const_iterator&       last)
+                                     TSTRING::const_iterator& last )
 {
    //
    // do we have a valid string here?
    //
-    if (cur > end)
+    if( cur > end )
    {
        return false;
    }
-    if (cur == end)
+    if( cur == end )
    {
        first = last = end;
        return false;
    }
-    if (*cur == _T('\0'))
+    if( *cur == _T('\0') )
    {
        first = last = cur;
        return false;
@ -98,7 +98,7 @@ bool cCharUtil::PeekNextChar(const TSTRING::const_iterator& cur,
    else
    {
 #if !IS_AROS
-        mblen(NULL, 0);
+    mblen (NULL, 0);
    int len = mblen(&*cur, MB_CUR_MAX);
    if (len < 0) //invalid multibyte sequence, but let's not blow up.
        len = 1;
@ -138,14 +138,16 @@ bool cCharUtil::PeekNextChar(const TSTRING::const_iterator& cur,
 //
 /* static */
-bool cCharUtil::PopNextChar(TSTRING::const_iterator&       cur,
+bool cCharUtil::PopNextChar(    TSTRING::const_iterator& cur, 
                          const TSTRING::const_iterator& end, 
                                TSTRING::const_iterator& first, 
-                            TSTRING::const_iterator&       last)
+                                TSTRING::const_iterator& last )
 {
-    bool f = PeekNextChar(cur, end, first, last);
+    bool f = PeekNextChar( cur, end, first, last );
    cur     = last;         // pop causes 'cur' to move to just beyond character ('last')
    return f;
 }
 // eof: charutil.cpp
--- a/src/core/charutil.h
+++ b/src/core/charutil.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -44,20 +44,23 @@
 class cCharUtil
 {
 public:
    // finds the next whole character in string identified by ['cur'-'end')
    // identifies beginning of char in 'first', then end of character in 'last'
    // returns 'are there more characters in string?'
    // if there are no more characters, will return 0 and first = last = end
-    static bool PeekNextChar(const TSTRING::const_iterator& cur,
+    static bool PeekNextChar( const TSTRING::const_iterator& cur, 
                              const TSTRING::const_iterator& end, 
                                    TSTRING::const_iterator& first, 
-                             TSTRING::const_iterator&       last);
+                                    TSTRING::const_iterator& last );
    // same as PeekNextChar but increments 'cur' to 'last'
-    static bool PopNextChar(TSTRING::const_iterator&       cur,
+    static bool PopNextChar(    TSTRING::const_iterator& cur, 
                          const TSTRING::const_iterator& end, 
                                TSTRING::const_iterator& first, 
-                            TSTRING::const_iterator&       last);
+                                TSTRING::const_iterator& last );
 };
-#endif //__CHARUTIL_H
+#endif//__CHARUTIL_H
--- a/src/core/cmdlineparser.cpp
+++ b/src/core/cmdlineparser.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -38,7 +38,9 @@
 ///////////////////////////////////////////////////////////////////////////////
 // ctor, dotr
 ///////////////////////////////////////////////////////////////////////////////
-cCmdLineParser::cCmdLineParser() : mArgTable(HASH_VERY_SMALL), mLastArgInfo(-1, PARAM_NONE)
+cCmdLineParser::cCmdLineParser() :
    mArgTable(HASH_VERY_SMALL),
    mLastArgInfo(-1, PARAM_NONE)
 {
 }
@ -49,20 +51,19 @@ cCmdLineParser::~cCmdLineParser()
 ///////////////////////////////////////////////////////////////////////////////
 // AddArg
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::AddArg(
+void cCmdLineParser::AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed)
    int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed)
 {
-    if (arg.empty() && alias.empty())
+    if(arg.empty() && alias.empty())
    {
        // this refers to the list of parameters that comes after all the cmd line switches
        mLastArgInfo.mId        = argId;
        mLastArgInfo.mNumParams = numParams;
-        return;
+        return ;
    }
-    if (!arg.empty())
+    if(! arg.empty())
        mArgTable.Insert(arg,   cArgInfo(argId, numParams));
-    if (!alias.empty())
+    if(! alias.empty())
    {
        // put the alias in the table with a '-' prepended to it so it matches '--'
        TSTRING str(_T("-"));
@ -70,26 +71,26 @@ void cCmdLineParser::AddArg(
        mArgTable.Insert(str, cArgInfo(argId, numParams));
    }
    // This argument can appear more than once on the command line.
-    if (multipleAllowed)
+    if( multipleAllowed )
-        mMultipleAllowed.insert(argId);
+        mMultipleAllowed.insert( argId );
 }
 ///////////////////////////////////////////////////////////////////////////////
 // Clear
 ///////////////////////////////////////////////////////////////////////////////
-/*void cCmdLineParser::Clear()
+void cCmdLineParser::Clear()
 {
    mLastArgInfo.mId        = -1;
    mLastArgInfo.mNumParams = PARAM_INVALID;
    mArgTable.Clear();
    mArgData.clear();
    mMutExList.clear();
-}*/
+}
 ///////////////////////////////////////////////////////////////////////////////
 // Parse
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
+void cCmdLineParser::Parse(int argc, const TCHAR *const * argv)
 {
    // clear out any existing data
    mArgData.clear();
@ -98,30 +99,34 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
    bool bProcessedFinalParams = false;     // gets set to true when the parameters to the command line are processed
    // I assume argv[0] is the executable name...
-    for (int i = 1; i < argc; i++)
+    for(int i=1; i < argc; i++)
    {
-        if (argv[i][0] == _T('-'))
+        if(argv[i][0] == _T('-'))
        {
            pCurArg = argv[i];
            // this is a switch; find it in the table...
            cArgInfo argInfo;
-            if (!mArgTable.Lookup(TSTRING(&argv[i][1]), argInfo))
+            if ( !mArgTable.Lookup( TSTRING(&argv[i][1] ), argInfo ) )
            {
                // unknown switch!
-                throw eCmdLineInvalidArg(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
+                throw eCmdLineInvalidArg( 
                    TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS ) 
                        + pCurArg );
            }
            //
            // make sure this hasn't been specified yet...
            //
-            if (ArgInList(argInfo.mId))
+            if( ArgInList( argInfo.mId ) )
            {
                // Make sure it isn't okay for this one to appear more than once...
-                std::set<int>::iterator it = mMultipleAllowed.find(argInfo.mId);
+                std::set<int>::iterator it = mMultipleAllowed.find( argInfo.mId );
-                if (it == mMultipleAllowed.end())
+                if( it == mMultipleAllowed.end() )
                {
                    // It wasn't in our list of allowed params, so error.
-                    throw eCmdLineMultiArg(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + argv[i]);
+                    throw eCmdLineMultiArg(
                        TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS ) 
                            + argv[i] );
                }
            }
            //
@ -129,22 +134,24 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
            //
            mArgData.push_back(cArgData(argInfo.mId, TSTRING(argv[i])));
            cArgData& curArg = mArgData.back();
-            switch (argInfo.mNumParams)
+            switch( argInfo.mNumParams )
            {
            case PARAM_NONE:
                // make sure there are no parameters to this, but be careful because 
                // it is legal to start the parameters to the executable here.
-                if ((i + 1 < argc) && (argv[i + 1][0] != _T('-')))
+                if((i+1 < argc) && (argv[i+1][0] != _T('-')))
                {
                    // search for any more parameters
                    // TODO: In the future we may want to support a '--' switch that specifies the start
                    // of parameters to the executable.
-                    for (int j = i + 2; j < argc; ++j)
+                    for (int j = i + 2; j < argc; ++j )
                    {
                        if (argv[j][0] == _T('-'))
                        {
                            // >0 parameter passed !
-                            throw eCmdLineBadParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
+                            throw eCmdLineBadParam(
                                TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
                                    + pCurArg );
                        }
                    }
                }
@ -153,18 +160,20 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
            case PARAM_ONE:
                // get the next parameter...
                i++;
-                if ((i >= argc) || (argv[i][0] == _T('-')))
+                if ( (i >= argc) || (argv[i][0] == _T('-')) )
                {
                    // zero parameters passed to something that needed one param
-                    throw eCmdLineBadParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
+                    throw eCmdLineBadParam(
                        TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
                            + pCurArg );
                }
-                curArg.mParams.push_back(TSTRING(argv[i]));
+                curArg.mParams.push_back( TSTRING(argv[i]) );
                break;
            case PARAM_MANY:
                i++;
-                while ((i < argc) && (argv[i][0] != _T('-')))
+                while((i < argc) && (argv[i][0] != _T('-')))
                {
                    curArg.mParams.push_back(TSTRING(argv[i])); 
                    i++;
@ -173,7 +182,7 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
                break;
            default:
-                ASSERTMSG(false, "Unknown number of arguments to parser");
+                ASSERTMSG( false, "Unknown number of arguments to parser" );
            }
        }
        else
@ -182,14 +191,14 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
            // this must be the final "unnamed" arg
            // first, make sure it is consistent with the current info...
            bool bResult = true;
-            switch (mLastArgInfo.mNumParams)
+            switch(mLastArgInfo.mNumParams)
            {
            case PARAM_NONE:
                // this is an error; they didn't want any command line parameters...
                bResult = false;
                break;
            case PARAM_ONE:
-                if (i + 1 != argc)
+                if(i+1 != argc)
                    // there is >1 final parameter; it is an error
                    bResult = false;
                break;
@ -198,28 +207,33 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
                break;
            default:
                ASSERT(false);
            }
-            if (!bResult)
+            if(! bResult)
            {
-                throw eCmdLineBadParam();
+                throw eCmdLineBadParam( );
            }
            // ok, we can push the final parameter info onto the list...
            mArgData.push_back(cArgData(mLastArgInfo.mId));
            cArgData& curArg = mArgData.back();
-            while (i < argc)
+            while ( i < argc )
            {
-                if (argv[i][0] == _T('-'))
+                if ( argv[i][0] == _T('-') )
                {
-                    if (!pCurArg)
+                    if ( ! pCurArg )
                    {
-                        throw eCmdLineBadSwitchPos(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + argv[i]);
+                        throw eCmdLineBadSwitchPos(
                            TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
                                + argv[i] );
                    }
                    else
                    {
                        // there was an extra parameter passed somewhere!
-                        throw eCmdLineBadArgParam(TSS_GetString(cCore, core::STR_ERR2_BAD_ARG_PARAMS) + pCurArg);
+                        throw eCmdLineBadArgParam(
                            TSS_GetString( cCore, core::STR_ERR2_BAD_ARG_PARAMS )
                                + pCurArg );
                    }
                }
@ -227,18 +241,21 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
                curArg.mParams.push_back(TSTRING(argv[i]));
                i++;
            }
        }
    }
    // it is possible not to process the final command line parameters in the "else" case above
    // (this only occurs if there are no command line parameters specified) so let's make sure that
    // is consistent with what we are configured with...
    // NOTE -- it is ok to have no cmd line parameters if they specified PARAM_NONE or PARAM_MANY
-    if (!bProcessedFinalParams)
+    if(! bProcessedFinalParams)
    {
-        if (mLastArgInfo.mNumParams == PARAM_ONE)
+        if(mLastArgInfo.mNumParams == PARAM_ONE)
        {
-            throw eCmdLineBadParam();
+            throw eCmdLineBadParam( );
        }
    }
@ -252,24 +269,28 @@ void cCmdLineParser::Parse(int argc, const TCHAR* const* argv)
 ///////////////////////////////////////////////////////////////////////////////
 void cCmdLineParser::TestMutEx()
 {
-    std::list<std::pair<int, int> >::const_iterator i;
+    std::list<std::pair<int,int> >::const_iterator i;
    cCmdLineIter iter1(*this), iter2(*this);
-    for (i = mMutExList.begin(); i != mMutExList.end(); i++)
+    for(i = mMutExList.begin(); i != mMutExList.end(); i++)
    {
        //TODO -- there is a much more efficent way to do this (using cFCOPropVector, for example)
        //      the command line is presumably small enough, tho, that it probably isn't a big
        //      deal to do it this way.
        iter1.SeekToArg(i->first);
-        if (!iter1.Done())
+        if(! iter1.Done())
        {
            iter2.SeekToArg(i->second);
-            if (!iter2.Done())
+            if(! iter2.Done())
            {
                // we have a mutual exclusion violation!
-                throw eCmdLineMutEx(iter1.ActualParam() + _T(", ") + iter2.ActualParam());
+                throw eCmdLineMutEx( 
                    iter1.ActualParam() 
                        + _T(", ")
                        + iter2.ActualParam() );
            }
        }
    }
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -277,51 +298,51 @@ void cCmdLineParser::TestMutEx()
 ///////////////////////////////////////////////////////////////////////////////
 void cCmdLineParser::TestDependency()
 {
-    std::list<std::pair<std::pair<int, int>, bool> >::const_iterator i;
+    std::list< std::pair< std::pair< int, int>, bool > >::const_iterator i;
    cCmdLineIter iter1(*this), iter2(*this);
-    for (i = mDependencyList.begin(); i != mDependencyList.end(); ++i)
+    for( i = mDependencyList.begin(); i != mDependencyList.end(); ++i)
    {
-        iter1.SeekToArg(i->first.first);
+        iter1.SeekToArg( i->first.first );
        // was it on the command line?
-        if (!iter1.Done())
+        if( !iter1.Done() )
        {
            // it was, is the corresponding arg on the command line?
-            iter2.SeekToArg(i->first.second);
+            iter2.SeekToArg( i->first.second );
-            if (iter2.Done()) // it wasn't, dependency error
+            if( iter2.Done() ) // it wasn't, dependency error
            {
                TSTRING arg1, arg2, alias1, alias2;
-                cCmdLineParser::LookupArgInfo(i->first.first, arg1, alias1);
+                cCmdLineParser::LookupArgInfo( i->first.first, arg1, alias1 );
-                cCmdLineParser::LookupArgInfo(i->first.second, arg2, alias2);
+                cCmdLineParser::LookupArgInfo( i->first.second, arg2, alias2 );
                // determine in which form the user passed the arguments,
                // and construct the error message in the same form
-                if (iter1.ActualParam().length() == 2)
+                if ( iter1.ActualParam().length() == 2 )
-                    throw eCmdLineDependency(_T("The switch -") + arg1 + _T(" requires -") + arg2 + _T("."));
+                    throw eCmdLineDependency( _T("The switch -") + arg1 + _T(" requires -") + arg2 +_T(".") );
                else
-                    throw eCmdLineDependency(_T("The switch --") + alias1 + _T(" requires --") + alias2 + _T("."));
+                    throw eCmdLineDependency( _T("The switch --") + alias1 + _T(" requires --") + alias2 + _T(".") );
            }
        }
-        else if (i->second)
+        else if( i->second )
        // only make this second check if the dependencies are MUTUAL,
        // as indicated (or not) by the bool value.
        {
-            iter2.SeekToArg(i->first.second);
+            iter2.SeekToArg( i->first.second ); 
                // the first arg in the pair was not on the command line,
                // so just make sure the second isn't there...
-            if (!iter2.Done())
+            if( !iter2.Done() )
            {
                // arg2 appeared without arg1, so dependency error.
                TSTRING arg1, arg2, alias1, alias2;
-                cCmdLineParser::LookupArgInfo(i->first.first, arg1, alias1);
+                cCmdLineParser::LookupArgInfo( i->first.first, arg1, alias1 );
-                cCmdLineParser::LookupArgInfo(i->first.second, arg2, alias2);
+                cCmdLineParser::LookupArgInfo( i->first.second, arg2, alias2 );
                // determine in which form the user passed the arguments,
                // and construct the error message in the same form
-                if (iter1.ActualParam().length() == 2)
+                if ( iter1.ActualParam().length() == 2 )
-                    throw eCmdLineDependency(_T("The switch -") + arg2 + _T(" requires -") + arg1 + _T("."));
+                    throw eCmdLineDependency( _T("The switch -") + arg2 + _T(" requires -") + arg1 +_T(".") );
                else
-                    throw eCmdLineDependency(_T("The switch --") + alias2 + _T(" requires --") + alias1 + _T("."));
+                    throw eCmdLineDependency( _T("The switch --") + alias2 + _T(" requires --") + alias1 + _T(".") );
            }
        }
@ -343,32 +364,32 @@ void cCmdLineParser::AddMutEx(int argId1, int argId2)
 ///////////////////////////////////////////////////////////////////////////////
 // AddDependency
 ///////////////////////////////////////////////////////////////////////////////
-void cCmdLineParser::AddDependency(int argId1, int argId2, bool mutual)
+void cCmdLineParser::AddDependency(int argId1, int argId2, bool mutual )
 {
    // again, no checking for duplicates... would a set
    // prove to be a better container for this operation?
-    std::pair<int, int>                  Args(argId1, argId2);
+    std::pair< int, int > Args( argId1, argId2 );
-    std::pair<std::pair<int, int>, bool> Dep(Args, mutual);
+    std::pair< std::pair< int, int >, bool > Dep( Args, mutual ); 
    ASSERT(argId1 != argId2);
-    mDependencyList.push_back(Dep);
+    mDependencyList.push_back( Dep);
 }
 ///////////////////////////////////////////////////////////////////////////////
 // TraceContents
 ///////////////////////////////////////////////////////////////////////////////
-#ifdef DEBUG
+#ifdef _DEBUG
 void cCmdLineParser::TraceContents(int dl) 
 {
    cDebug d("cCmdLineParser::TraceContents");
-    if (dl == -1)
+    if(dl == -1)
        dl = cDebug::D_DEBUG;
    std::list<cArgData>::const_iterator i;
-    for (i = mArgData.begin(); i != mArgData.end(); i++)
+    for(i = mArgData.begin(); i != mArgData.end(); i++)
    {
        d.Trace(dl, "* Item id:%d\n", i->mId);
-        for (std::vector<TSTRING>::const_iterator vi = i->mParams.begin(); vi != i->mParams.end(); vi++)
+        for(std::vector<TSTRING>::const_iterator vi = i->mParams.begin(); vi != i->mParams.end(); vi++)
        {
            d.Trace(dl, "\t%s\n", vi->c_str());
        }
@ -377,7 +398,7 @@ void cCmdLineParser::TraceContents(int dl)
    d.Trace(dl, "--- Switch id table ---\n");
    cHashTableIter<TSTRING, cArgInfo> iter(mArgTable);
-    for (iter.SeekBegin(); !iter.Done(); iter.Next())
+    for(iter.SeekBegin(); ! iter.Done(); iter.Next())
    {
        d.Trace(dl, "[%d] %s\n", iter.Val().mId, iter.Key().c_str());
    }
@ -395,12 +416,12 @@ bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) cons
    alias   = _T("");
    cHashTableIter<TSTRING, cArgInfo> iter(mArgTable);
-    for (iter.SeekBegin(); !iter.Done(); iter.Next())
+    for(iter.SeekBegin(); ! iter.Done(); iter.Next())
    {
-        if (iter.Val().mId == argId)
+        if(iter.Val().mId == argId)
        {
            TSTRING str = iter.Key();
-            if ((str.length() > 0) && (str[0] == _T('-')))
+            if((str.length() > 0) && (str[0] == _T('-')))
            {
                // this is the alias!
                alias = (str.c_str() + 1);
@ -412,7 +433,7 @@ bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) cons
            }
        }
    }
-    return ((!arg.empty()) || (!alias.empty()));
+    return ((! arg.empty()) || (! alias.empty()));
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -421,9 +442,9 @@ bool cCmdLineParser::LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) cons
 bool cCmdLineParser::ArgInList(int argId)
 {
    std::list<cArgData>::iterator i;
-    for (i = mArgData.begin(); i != mArgData.end(); i++)
+    for( i = mArgData.begin(); i != mArgData.end(); i++ )
    {
-        if (i->mId == argId)
+        if( i->mId == argId )
            return true;
    }
    return false;
@ -439,11 +460,13 @@ bool cCmdLineParser::ArgInList(int argId)
 ///////////////////////////////////////////////////////////////////////////////
 bool    cCmdLineIter::SeekToArg(int argId) const
 {
-    for (SeekBegin(); !Done(); Next())
+    for(SeekBegin(); ! Done(); Next())
    {
-        if (ArgId() == argId)
+        if(ArgId() == argId)
            return true;
    }
    return false;
 }
--- a/src/core/cmdlineparser.h
+++ b/src/core/cmdlineparser.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -49,15 +49,14 @@
 //=============================================================================
 // eCmdLine
 //=============================================================================
-TSS_EXCEPTION(eCmdLine, eError)
+TSS_EXCEPTION( eCmdLine,            eError )
-TSS_EXCEPTION(eCmdLineInvalidArg, eCmdLine)  // an arg on the command line is not recognized
+TSS_EXCEPTION( eCmdLineInvalidArg,  eCmdLine ) // an arg on the command line is not recognized
-TSS_EXCEPTION(eCmdLineBadArgParam, eCmdLine) // wrong number of parameters to an argument
+TSS_EXCEPTION( eCmdLineBadArgParam, eCmdLine ) // wrong number of parameters to an argument
-TSS_EXCEPTION(eCmdLineBadParam,
+TSS_EXCEPTION( eCmdLineBadParam,    eCmdLine ) // wrong number of paramters to the executable (not associated with any arguments)
-              eCmdLine) // wrong number of paramters to the executable (not associated with any arguments)
+TSS_EXCEPTION( eCmdLineBadSwitchPos,eCmdLine ) // a '-' arg appeared after the final parameter list
-TSS_EXCEPTION(eCmdLineBadSwitchPos, eCmdLine) // a '-' arg appeared after the final parameter list
+TSS_EXCEPTION( eCmdLineMutEx,       eCmdLine ) // a mutual exclusion error has occured
-TSS_EXCEPTION(eCmdLineMutEx, eCmdLine)        // a mutual exclusion error has occured
+TSS_EXCEPTION( eCmdLineDependency,  eCmdLine ) // a dependency error has occurred.
-TSS_EXCEPTION(eCmdLineDependency, eCmdLine)   // a dependency error has occurred.
+TSS_EXCEPTION( eCmdLineMultiArg,    eCmdLine ) // an arg was found twice in the command line
 TSS_EXCEPTION(eCmdLineMultiArg, eCmdLine)     // an arg was found twice in the command line
 /*
@ -103,8 +102,7 @@ public:
        PARAM_INVALID   // top of enum
    };
-    void
+    void AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed = false);
    AddArg(int argId, const TSTRING& arg, const TSTRING& alias, ParamCount numParams, bool multipleAllowed = false);
        // this method should be called for each argument that can appear on the 
        // command line. 
        // argId -- a number that uniquely identifies the argument; no two arguments
@ -121,29 +119,29 @@ public:
        // argId2 both exist on the command line, then the parse will fail and the error 
        // value ERR_MUTUAL_EXCLUSION will be set.
-    void AddDependency(int argId1, int argId2, bool mutual = false);
+    void AddDependency(int argId1, int argId2, bool mutual = false );
        // This adds a dependency constraint.   When Parse() is called, if argId1 
        // exists on the command line independent from argId2, then the parse will fail.
        // If the default param mutual is true, then the command parser will check for
        // argId1 if argId2 is passed.   We do this, since it is possible for one arg to 
        // depend on another, but have the other arg alone on the command line, legally.
-    void Parse(int argc, const TCHAR* const* argv); // throw eCmdLine
+    void Parse(int argc, const TCHAR *const * argv); // throw eCmdLine
        // after AddArg() has been called for every argument that could be processed by the
        // command line, call this to tokenize argv. If the return value is false, then 
        // the input was invalid in some way; the actual error can be determined by calling
        // GetErrorInfo() below.
-    //    void Clear();
+    void Clear();
        // clear out all information that this class contains
    bool LookupArgInfo(int argId, TSTRING& arg, TSTRING& alias) const;
        // given an argId, fill out the strings with the argument and alias strings. Returns false
        // if the argId cannot be found. This method is not very fast, so don't use it often.
-#ifdef DEBUG
+    #ifdef _DEBUG
-    void TraceContents(int dl = -1);
+    void TraceContents(int dl = -1) ;
-#endif
+    #endif
 private:
    void TestMutEx();
        // tests for mutual exclusion violations; if it fails, the current error is set and false
@ -160,9 +158,7 @@ private:
        int         mId;
        ParamCount  mNumParams;
-        cArgInfo(int i = -1, ParamCount p = PARAM_INVALID) : mId(i), mNumParams(p)
+        cArgInfo(int i = -1, ParamCount p = PARAM_INVALID) : mId(i), mNumParams(p) {}
        {
        }
    };
    // for storing parsed argv information
    struct cArgData
@ -171,18 +167,15 @@ private:
        std::vector<TSTRING>    mParams;
        TSTRING                 mActualParam;   // a string representation of what was actually on the command line
-        cArgData(int id = -1, const TSTRING& actualParam = TSTRING(_T(""))) : mId(id), mActualParam(actualParam)
+        cArgData(int id = -1, const TSTRING& actualParam = TSTRING(_T(""))) : mId(id), mActualParam(actualParam) {}
        {
        }
    };
    cHashTable<TSTRING, cArgInfo>   mArgTable;
-    cArgInfo
+    cArgInfo                        mLastArgInfo;   // info on the argument that comes at the end of the command line (with no associated '-x' or '--x')
                                                     mLastArgInfo; // info on the argument that comes at the end of the command line (with no associated '-x' or '--x')
    std::list<cArgData>             mArgData;
-    std::list<std::pair<int, int> >                  mMutExList;      // all of the mutual exclusions
+    std::list<std::pair<int,int> >  mMutExList;      // all of the mutual exclusions
-    std::list<std::pair<std::pair<int, int>, bool> > mDependencyList; // all of the dependencies
+    std::list< std::pair < std::pair<int,int>, bool > > mDependencyList; // all of the dependencies
-    std::set<int>                                    mMultipleAllowed;
+    std::set< int >                 mMultipleAllowed;
    friend class cCmdLineIter;
 };
@ -225,7 +218,8 @@ private:
 //#############################################################################
 // inline implementation
 //#############################################################################
-inline cCmdLineIter::cCmdLineIter(const cCmdLineParser& parser) : mList(parser.mArgData)
+inline cCmdLineIter::cCmdLineIter(const cCmdLineParser& parser) :
    mList(parser.mArgData)
 {
    SeekBegin();
 }
@ -247,18 +241,18 @@ inline void cCmdLineIter::Next() const
 }
 inline int cCmdLineIter::ArgId() const
 {
-    ASSERT(!Done());
+    ASSERT(! Done());
    return mIter->mId;
 }
 inline int cCmdLineIter::NumParams() const
 {
-    ASSERT(!Done());
+    ASSERT(! Done());
    return mIter->mParams.size();
 }
 inline const TSTRING&   cCmdLineIter::ActualParam() const
 {
-    ASSERT(!Done());
+    ASSERT(! Done());
    return mIter->mActualParam;
 }
@ -270,3 +264,4 @@ inline const TSTRING& cCmdLineIter::ParamAt(int index) const
 #endif
--- a/src/core/codeconvert.cpp
+++ b/src/core/codeconvert.cpp
--- a/src/core/codeconvert.h
+++ b/src/core/codeconvert.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -66,11 +66,11 @@
 /// Exceptions
-TSS_EXCEPTION(eConverter, eError);
+TSS_EXCEPTION( eConverter,                      eError );
-TSS_EXCEPTION(eConverterReset, eConverter);
+TSS_EXCEPTION( eConverterReset,                 eConverter );
-TSS_EXCEPTION(eConverterFatal, eConverter);
+TSS_EXCEPTION( eConverterFatal,                 eConverter );
-TSS_EXCEPTION(eConverterUnsupportedConversion, eConverter);
+TSS_EXCEPTION( eConverterUnsupportedConversion, eConverter );
-TSS_EXCEPTION(eConverterUnknownCodepage, eConverter);
+TSS_EXCEPTION( eConverterUnknownCodepage,       eConverter );
 /// Classes
@ -90,38 +90,43 @@ TSS_EXCEPTION(eConverterUnknownCodepage, eConverter);
 */
 class iCodeConverter
 {
-public:
+    public:
        static iCodeConverter*  GetInstance();      // Singleton
    static void            Finit();
        /// Subclass Responsibilities
-    virtual int Convert(ntmbs_t,            // NTMBS buffer
+        virtual
        int 
        Convert( 
            ntmbs_t,                // NTMBS buffer
            size_t,                 // Capacity in mbchar_t's (bytes)
            const_ntdbs_t,          // null terminated two-byte wide character (UCS2 rep)
-                        size_t nCount) = 0; // Amount to convert in dbchar_t's
+            size_t nCount ) = 0;    // Amount to convert in dbchar_t's
        // returns number of buffer items converted, -1 on error
-    virtual int Convert(ntdbs_t,       // NTDBS (Null-terminated two byte sequence) buf
+        virtual
        int 
        Convert( 
            ntdbs_t,                // NTDBS (Null-terminated two byte sequence) buf
            size_t,                 // Capacity in dbchar_t's
            const_ntmbs_t,          // Null-terminated multi-byte sequence
-                        size_t) = 0;   // Capacity in mbchar_t's (bytes)
+            size_t ) = 0;           // Capacity in mbchar_t's (bytes)
        // returns number of buffer items converted, -1 on error
-protected:
+    protected:
-    iCodeConverter()
+
-    {
+        iCodeConverter() {}
-    }
+        virtual ~iCodeConverter() {}
-    virtual ~iCodeConverter()
+    
-    {
+    private:
    }
 private:
        static iCodeConverter* CreateConverter();
        static iCodeConverter* CreateGoodEnoughConverter();
        static iCodeConverter* m_pInst;
 };
@ -132,39 +137,41 @@ private:
 #ifdef HAVE_ICONV_H
 #include <iconv.h>
-#    ifdef HAVE_LANGINFO_H
+#ifdef HAVE_LANGINFO_H
-#        ifndef __USE_XOPEN
+#ifndef __USE_XOPEN
-#            define __USE_XOPEN 1
+#define __USE_XOPEN 1
-#        endif
+#endif
-#        include <langinfo.h>
+#include <langinfo.h>
-#    endif
+#endif
 class cIconvUtil
 {
-public:
+    public:
        static const char*  GetCodePageID(); // gets code page id for current locale, throws if error
-    static bool        GetCodePageID(const char** ppCP);
+        static bool         GetCodePageID( const char** ppCP );
        static const char*  GetIconvDbIdentifier();
        static const char*  GetMiddleIdentifier();
-    static void        ResetConverter(iconv_t);
+        static void         ResetConverter( iconv_t );
-    static bool        TestConverter(const char* pTo, const char* pFrom);
+        static bool         TestConverter( const char* pTo, const char* pFrom );
-    static iconv_t     OpenHandle(const char* pTo, const char* pFrom); // throws
+        static iconv_t      OpenHandle(    const char* pTo, const char* pFrom ); // throws
-    static void        CloseHandle(iconv_t ic);
+        static void         CloseHandle( iconv_t ic );
 };
 class cIconvConverter : public iCodeConverter
 {
-public:
+    public:
        static  bool Test(); // is there a conversion for the current codepage?
-    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+        virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+        virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
        cIconvConverter();
        virtual ~cIconvConverter();
-private:
+    private:
        void Init();
        iconv_t icToDb;
@ -173,16 +180,18 @@ private:
 class cDoubleIconvConverter : public iCodeConverter
 {
-public:
+    public:
        static  bool Test(); // is there a conversion for the current codepage?
-    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+        virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+        virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
        cDoubleIconvConverter();
        virtual ~cDoubleIconvConverter();
-private:
+    private:
        void Init();    
        iconv_t icMbToUTF8;
@ -209,12 +218,10 @@ private:
 class cWcharIs32BitUcs2Converterer : public iCodeConverter
 {
 public:    
-    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    virtual ~cWcharIs32BitUcs2Converterer()
+    virtual ~cWcharIs32BitUcs2Converterer() {}
    {
    }
 };
 #endif // WCHAR_IS_32_BITS
@ -231,12 +238,10 @@ public:
 class cWcharIs16BitUcs2Converterer : public iCodeConverter
 {
 public:    
-    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    virtual ~cWcharIs16BitUcs2Converterer()
+    virtual ~cWcharIs16BitUcs2Converterer() {}
    {
    }
 };
 #endif // WCHAR_IS_16_BITS
@ -246,12 +251,10 @@ public:
 class cGoodEnoughConverterer : public iCodeConverter
 {
 public:    
-    virtual int Convert(ntmbs_t, size_t, const_ntdbs_t, size_t);
+    virtual int  Convert( ntmbs_t, size_t, const_ntdbs_t, size_t );
-    virtual int Convert(ntdbs_t, size_t, const_ntmbs_t, size_t);
+    virtual int  Convert( ntdbs_t, size_t, const_ntmbs_t, size_t );
-    virtual ~cGoodEnoughConverterer()
+    virtual ~cGoodEnoughConverterer() {}
    {
    }
 };
@ -264,14 +267,14 @@ class cConvertUtil
        TSS_HIGH_ASCII_START    = 0x0080u,
        TSS_HIGH_ASCII_END      = 0x00FFu
    };
 public:
-    static dbchar_t ConvertNonChar(mbchar_t ch);
+    static dbchar_t ConvertNonChar( mbchar_t ch );
-    static mbchar_t ConvertNonChar(dbchar_t ch);
+    static mbchar_t ConvertNonChar( dbchar_t ch );
-    static bool ValueInReservedRange(mbchar_t ch);
+    static bool     ValueInReservedRange( mbchar_t ch );
-    static bool ValueInReservedRange(dbchar_t ch);
+    static bool     ValueInReservedRange( dbchar_t ch );
 };
 #endif //__CODECONVERT_H
--- a/src/core/core.cpp
+++ b/src/core/core.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -42,25 +42,23 @@
 #include "codeconvert.h"        // for: iCodeConverter::GetInstance
 #include "twlocale.h"           // for: cTWLocale::InitGlobalLocale
-TSS_ImplementPackage(cCore)
+TSS_ImplementPackage( cCore )
 cCore::cCore()
 {
-    TSS_REGISTER_PKG_ERRORS(core);
+    TSS_REGISTER_PKG_ERRORS( core );
    // NOTE: Initialize code converter when cCore is a dependency
    // of another package (created on first call to GetInstance(),
    // forcing creation here to hasten the display of any errors)
-    cDebug::SetDebugLevel(cDebug::D_DEBUG);
+    cDebug::SetDebugLevel( cDebug::D_DEBUG );
-    cDebug::AddOutTarget(cDebug::OUT_STDOUT);
+    cDebug::AddOutTarget( cDebug::OUT_STDOUT );
    cTWLocale::InitGlobalLocale();
    iCodeConverter::GetInstance();
 }
-cCore::~cCore()
+
-{
+// eof: core.cpp
    iCodeConverter::Finit();
 }
--- a/src/core/core.h
+++ b/src/core/core.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -47,14 +47,15 @@
 //--Classes
-TSS_BeginPackage(cCore)
+TSS_BeginPackage( cCore )
    TSS_DECLARE_STRINGTABLE;
-public:
+    public:
 cCore();
 ~cCore();
-TSS_EndPackage(cCore)
+        cCore();
 TSS_EndPackage( cCore )
 #endif //__CORE_H
--- a/src/core/coreerrors.cpp
+++ b/src/core/coreerrors.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -49,118 +49,120 @@
 #include "ntmbs.h"
 #include "displayencoder.h"
-TSS_BEGIN_ERROR_REGISTRATION(core)
+TSS_BEGIN_ERROR_REGISTRATION( core )
 /// Internal
-TSS_REGISTER_ERROR(eInternal(), _T("Internal error."))
+TSS_REGISTER_ERROR( eInternal(),        _T("Internal error.") )
 /// General
-TSS_REGISTER_ERROR(eErrorGeneral(), _T("General Error"));
+TSS_REGISTER_ERROR( eErrorGeneral(),    _T("General Error") );
-TSS_REGISTER_ERROR(eOpen(), _T("File could not be opened."));
+TSS_REGISTER_ERROR( eOpen(),            _T("File could not be opened.") );
-TSS_REGISTER_ERROR(eOpenRead(), _T("File could not be opened for reading."));
+TSS_REGISTER_ERROR( eOpenRead(),        _T("File could not be opened for reading.") );
-TSS_REGISTER_ERROR(eOpenWrite(), _T("File could not be opened for writing."));
+TSS_REGISTER_ERROR( eOpenWrite(),       _T("File could not be opened for writing.") );
-TSS_REGISTER_ERROR(eBadModeSwitch(), _T("Unknown mode specified."));
+TSS_REGISTER_ERROR( eBadModeSwitch(),   _T("Unknown mode specified.") );
-TSS_REGISTER_ERROR(eBadCmdLine(), _T("Command line error."));
+TSS_REGISTER_ERROR( eBadCmdLine(),      _T("Command line error.") );
 /// Archive 
-TSS_REGISTER_ERROR(eArchive(), _T("Archive error."))
+TSS_REGISTER_ERROR( eArchive(),         _T("Archive error.") )
-TSS_REGISTER_ERROR(eArchiveOpen(), _T("File could not be opened."))
+TSS_REGISTER_ERROR( eArchiveOpen(),     _T("File could not be opened.") )
-TSS_REGISTER_ERROR(eArchiveWrite(), _T("File could not be written."))
+TSS_REGISTER_ERROR( eArchiveWrite(),    _T("File could not be written.") )
-TSS_REGISTER_ERROR(eArchiveRead(), _T("File could not be read."))
+TSS_REGISTER_ERROR( eArchiveRead(),     _T("File could not be read.") )
-TSS_REGISTER_ERROR(eArchiveEOF(), _T("End of file reached."))
+TSS_REGISTER_ERROR( eArchiveEOF(),      _T("End of file reached.") )
-TSS_REGISTER_ERROR(eArchiveSeek(), _T("File seek failed."))
+TSS_REGISTER_ERROR( eArchiveSeek(),     _T("File seek failed.") )
-TSS_REGISTER_ERROR(eArchiveMemmap(), _T("Memory mapped archive file invalid."))
+TSS_REGISTER_ERROR( eArchiveMemmap(),   _T("Memory mapped archive file invalid.") )
-TSS_REGISTER_ERROR(eArchiveOutOfMem(), _T("Archive ran out of memory."))
+TSS_REGISTER_ERROR( eArchiveOutOfMem(), _T("Archive ran out of memory.") )
-TSS_REGISTER_ERROR(eArchiveInvalidOp(), _T("Archive logic error."))
+TSS_REGISTER_ERROR( eArchiveInvalidOp(),_T("Archive logic error.") )
-TSS_REGISTER_ERROR(eArchiveFormat(), _T("Archive file format invalid."))
+TSS_REGISTER_ERROR( eArchiveFormat(),   _T("Archive file format invalid.") )
-TSS_REGISTER_ERROR(eArchiveNotRegularFile(), _T("File is not a regular file."))
+TSS_REGISTER_ERROR( eArchiveNotRegularFile(), _T("File is not a regular file.") )
-TSS_REGISTER_ERROR(eArchiveCrypto(), _T("File could not be decrypted."))
+TSS_REGISTER_ERROR( eArchiveCrypto(),   _T("File could not be decrypted.") )
-TSS_REGISTER_ERROR(eArchiveStringTooLong(), _T("String was too long."))
+TSS_REGISTER_ERROR( eArchiveStringTooLong(),    _T("String was too long.") )
 /// File
-TSS_REGISTER_ERROR(eFile(), _T("File error."))
+TSS_REGISTER_ERROR( eFile(),            _T("File error.") )
-TSS_REGISTER_ERROR(eFileOpen(), _T("File could not be opened."))
+TSS_REGISTER_ERROR( eFileOpen(),        _T("File could not be opened.") )
-TSS_REGISTER_ERROR(eFileWrite(), _T("File could not be written."))
+TSS_REGISTER_ERROR( eFileWrite(),       _T("File could not be written.") )
-TSS_REGISTER_ERROR(eFileRead(), _T("File could not be read."))
+TSS_REGISTER_ERROR( eFileRead(),        _T("File could not be read.") )
-TSS_REGISTER_ERROR(eFileEOF(), _T("End of file reached."))
+TSS_REGISTER_ERROR( eFileEOF(),         _T("End of file reached.") )
-TSS_REGISTER_ERROR(eFileSeek(), _T("File seek failed."))
+TSS_REGISTER_ERROR( eFileSeek(),        _T("File seek failed.") )
-TSS_REGISTER_ERROR(eFileInvalidOp(), _T("File logic error."))
+TSS_REGISTER_ERROR( eFileInvalidOp(),   _T("File logic error.") )
-TSS_REGISTER_ERROR(eFileTrunc(), _T("File could not be truncated."))
+TSS_REGISTER_ERROR( eFileTrunc(),       _T("File could not be truncated.") )
-TSS_REGISTER_ERROR(eFileClose(), _T("File could not be closed."))
+TSS_REGISTER_ERROR( eFileClose(),       _T("File could not be closed.") )
-TSS_REGISTER_ERROR(eFileFlush(), _T("File could not be flushed."))
+TSS_REGISTER_ERROR( eFileFlush(),       _T("File could not be flushed.") )
-TSS_REGISTER_ERROR(eFileRewind(), _T("File could not be rewound."))
+TSS_REGISTER_ERROR( eFileRewind(),      _T("File could not be rewound.") )
-/// General API failures
+/// Win32
 TSS_REGISTER_ERROR(eUnix(), _T("Unix API failure."))
 #if IS_UNIX
 TSS_REGISTER_ERROR(eUnix(),               _T("Unix API failure.") )
 #endif
 /// FSServices
-TSS_REGISTER_ERROR(eFSServices(), _T("File system error."))
+TSS_REGISTER_ERROR( eFSServices(),       _T("File system error.") )
-TSS_REGISTER_ERROR(eFSServicesGeneric(), _T("File system error."))
+TSS_REGISTER_ERROR( eFSServicesGeneric(),_T("File system error.") )
 /// Serializer
-TSS_REGISTER_ERROR(eSerializerUnknownType(),
+TSS_REGISTER_ERROR( eSerializerUnknownType(),           _T("Unknown type encountered in file.\nFile format may not be valid for this platform.") )
-                   _T("Unknown type encountered in file.\nFile format may not be valid for this platform."))
+TSS_REGISTER_ERROR( eSerializerInputStreamFmt(),        _T("Invalid input stream format.") )
-TSS_REGISTER_ERROR(eSerializerInputStreamFmt(), _T("Invalid input stream format."))
+TSS_REGISTER_ERROR( eSerializerOutputStreamFmt(),       _T("Invalid output stream format.") )
-TSS_REGISTER_ERROR(eSerializerOutputStreamFmt(), _T("Invalid output stream format."))
+TSS_REGISTER_ERROR( eSerializerInputStremTypeArray(),   _T("A bad index was encountered in file.") )
-TSS_REGISTER_ERROR(eSerializerInputStremTypeArray(), _T("A bad index was encountered in file."))
+TSS_REGISTER_ERROR( eSerializerArchive(),               _T("File read encountered an archive error.") )
-TSS_REGISTER_ERROR(eSerializerArchive(), _T("File read encountered an archive error."))
+TSS_REGISTER_ERROR( eSerializerVersionMismatch(),       _T("File version mismatch.") )
-TSS_REGISTER_ERROR(eSerializerVersionMismatch(), _T("File version mismatch."))
+TSS_REGISTER_ERROR( eSerializerEncryption(),            _T("File encryption error.") )
-TSS_REGISTER_ERROR(eSerializerEncryption(), _T("File encryption error."))
+TSS_REGISTER_ERROR( eSerializer(),                      _T("File format error.") )
 TSS_REGISTER_ERROR(eSerializer(), _T("File format error."))
 /// Command Line
-TSS_REGISTER_ERROR(eCmdLine(), _T("Command line parsing error."))
+TSS_REGISTER_ERROR( eCmdLine(),             _T("Command line parsing error.") )
-TSS_REGISTER_ERROR(eCmdLineInvalidArg(), _T("Invalid argument passed on command line."))
+TSS_REGISTER_ERROR( eCmdLineInvalidArg(),   _T("Invalid argument passed on command line.") )
-TSS_REGISTER_ERROR(eCmdLineBadArgParam(), _T("Incorrect number of parameters to a command line argument."))
+TSS_REGISTER_ERROR( eCmdLineBadArgParam(),  _T("Incorrect number of parameters to a command line argument.") )
-TSS_REGISTER_ERROR(eCmdLineBadParam(), _T("Incorrect number of parameters on command line."))
+TSS_REGISTER_ERROR( eCmdLineBadParam(),     _T("Incorrect number of parameters on command line.") )
-TSS_REGISTER_ERROR(eCmdLineBadSwitchPos(), _T("Switch appears after final command line parameter."))
+TSS_REGISTER_ERROR( eCmdLineBadSwitchPos(), _T("Switch appears after final command line parameter.") )
-TSS_REGISTER_ERROR(eCmdLineMutEx(), _T("Specified command line switches are mutually exclusive."))
+TSS_REGISTER_ERROR( eCmdLineMutEx(),        _T("Specified command line switches are mutually exclusive.") )
-TSS_REGISTER_ERROR(eCmdLineDependency(), _T("Command line parameter missing."))
+TSS_REGISTER_ERROR( eCmdLineDependency(),   _T("Command line parameter missing.") )
-TSS_REGISTER_ERROR(eCmdLineMultiArg(), _T("Command line argument specified more than once."))
+TSS_REGISTER_ERROR( eCmdLineMultiArg(),     _T("Command line argument specified more than once.") )
 /// TWLocale
-TSS_REGISTER_ERROR(eTWLocale(), _T("Localization error."))
+TSS_REGISTER_ERROR( eTWLocale(),            _T("Localization error.") )
-TSS_REGISTER_ERROR(eTWLocaleBadNumFormat(), _T("Bad number format."))
+TSS_REGISTER_ERROR( eTWLocaleBadNumFormat(),_T("Bad number format.") )
 /// Character Handling (defined in ntmbs.h)
-TSS_REGISTER_ERROR(eCharacter(), _T("General Character Handling Error."))
+TSS_REGISTER_ERROR( eCharacter(),               _T("General Character Handling Error.") )
-TSS_REGISTER_ERROR(eCharacterEncoding(), _T("Character Encoding Error."))
+TSS_REGISTER_ERROR( eCharacterEncoding(),       _T("Character Encoding Error.") )
 /// Character Conversion Handling (defined in <codeconvert.h>)
-TSS_REGISTER_ERROR(eConverter(), _T("General conversion error."))
+TSS_REGISTER_ERROR( eConverter(),                       _T("General conversion error.") )
-TSS_REGISTER_ERROR(eConverterReset(), _T("Converter handle could not be reset."))
+TSS_REGISTER_ERROR( eConverterReset(),                  _T("Converter handle could not be reset.") )
-TSS_REGISTER_ERROR(eConverterFatal(), _T("Catastrophic conversion error."))
+TSS_REGISTER_ERROR( eConverterFatal(),                  _T("Catastrophic conversion error.") )
-TSS_REGISTER_ERROR(eConverterUnsupportedConversion(), _T("Unsupported character conversion."))
+TSS_REGISTER_ERROR( eConverterUnsupportedConversion(),  _T("Unsupported character conversion.") )
-TSS_REGISTER_ERROR(eConverterUnknownCodepage(), _T("Could not identify code page."))
+TSS_REGISTER_ERROR( eConverterUnknownCodepage(),        _T("Could not identify code page.") )
 //
 // Display Encoder
 //
-TSS_REGISTER_ERROR(eEncoder(), _T("Display encoder error."))
+TSS_REGISTER_ERROR( eEncoder(),                 _T("Display encoder error.") )
-TSS_REGISTER_ERROR(eBadDecoderInput(), _T("Bad input to display encoder."))
+TSS_REGISTER_ERROR( eBadDecoderInput(),         _T("Bad input to display encoder.") )
-TSS_REGISTER_ERROR(eBadHexConversion(), _T("Bad hex conversion in display encoder."))
+TSS_REGISTER_ERROR( eBadHexConversion(),        _T("Bad hex conversion in display encoder.") )
-TSS_REGISTER_ERROR(eUnknownEscapeEncoding(), _T("Unknown encoding in display encoder input."))
+TSS_REGISTER_ERROR( eUnknownEscapeEncoding(),   _T("Unknown encoding in display encoder input.") )
 TSS_END_ERROR_REGISTRATION()
--- a/src/core/coreerrors.h
+++ b/src/core/coreerrors.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -41,7 +41,8 @@
 #include "core/errortable.h"
-TSS_DECLARE_ERROR_REGISTRATION(core)
+TSS_DECLARE_ERROR_REGISTRATION( core )
-#endif //__COREERRORS_H
+#endif//__COREERRORS_H
--- a/src/core/corestrings.cpp
+++ b/src/core/corestrings.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -39,31 +39,35 @@
 #include "corestrings.h"        // for: cCore and core::STR_IDS
-TSS_BeginStringtable(cCore)
+TSS_BeginStringtable( cCore )
-    TSS_StringEntry(core::STR_ERR2_ARCH_CRYPTO_ERR, _T("File could not be decrypted.")),
+    TSS_StringEntry( core::STR_ERR2_ARCH_CRYPTO_ERR, _T("File could not be decrypted.") ),
-    TSS_StringEntry(core::STR_ERR2_BAD_ARG_PARAMS, _T("Argument: ")),
+    TSS_StringEntry( core::STR_ERR2_BAD_ARG_PARAMS,  _T("Argument: ") ), 
-    TSS_StringEntry(core::STR_ERROR_ERROR, _T("### Error")),
+    TSS_StringEntry( core::STR_ERROR_ERROR,          _T("### Error") ),
-    TSS_StringEntry(core::STR_ERROR_WARNING, _T("### Warning")), TSS_StringEntry(core::STR_ERROR_COLON, _T(":")),
+    TSS_StringEntry( core::STR_ERROR_WARNING,        _T("### Warning") ),
-    TSS_StringEntry(core::STR_ERROR_HEADER, _T("### ")), TSS_StringEntry(core::STR_ERROR_EXITING, _T("Exiting...")),
+    TSS_StringEntry( core::STR_ERROR_COLON,          _T(":") ),
-    TSS_StringEntry(core::STR_ERROR_CONTINUING, _T("Continuing...")),
+    TSS_StringEntry( core::STR_ERROR_HEADER,         _T("### ") ),
-    TSS_StringEntry(core::STR_ERR2_FILENAME, _T("Filename: ")),
+    TSS_StringEntry( core::STR_ERROR_EXITING,        _T("Exiting...") ),
-    TSS_StringEntry(core::STR_ERROR_FILENAME, _T("Filename: ")), TSS_StringEntry(core::STR_UNKNOWN, _T("Unknown")),
+    TSS_StringEntry( core::STR_ERROR_CONTINUING,     _T("Continuing...") ),
-    TSS_StringEntry(core::STR_NUMBER_TOO_BIG, _T("Number too big")),
+    TSS_StringEntry( core::STR_ERR2_FILENAME,        _T("Filename: ") ),
-    TSS_StringEntry(core::STR_SIGNAL, _T("Software interrupt forced exit:")),
+    TSS_StringEntry( core::STR_ERROR_FILENAME,       _T("Filename: ") ),
-    TSS_StringEntry(core::STR_NEWLINE, _T("\n")),
+    TSS_StringEntry( core::STR_UNKNOWN,              _T("Unknown") ),
-    TSS_StringEntry(core::STR_MEMARCHIVE_FILENAME, _T("Error occured in internal memory file")),
+    TSS_StringEntry( core::STR_NUMBER_TOO_BIG,       _T("Number too big") ),
-    TSS_StringEntry(core::STR_MEMARCHIVE_ERRSTR, _T("")),
+    TSS_StringEntry( core::STR_SIGNAL,               _T("Software interrupt forced exit:") ),
-    TSS_StringEntry(core::STR_ENDOFTIME, _T("Tripwire is not designed to run past the year 2038.\nNow exiting...")),
+    TSS_StringEntry( core::STR_NEWLINE,              _T("\n") ),
-    TSS_StringEntry(core::STR_UNKNOWN_TIME, _T("Unknown time")),
+    TSS_StringEntry( core::STR_MEMARCHIVE_FILENAME,  _T("Error occured in internal memory file") ),
-    TSS_StringEntry(
+    TSS_StringEntry( core::STR_MEMARCHIVE_ERRSTR,    _T("") ),
-        core::STR_BAD_TEMPDIRECTORY,
+    TSS_StringEntry( core::STR_ENDOFTIME,            _T("Tripwire is not designed to run past the year 2038.\nNow exiting...") ),
-        _T("Solution: Check existence/permissions for directory specified by TEMPDIRECTORY in config file")),
+    TSS_StringEntry( core::STR_UNKNOWN_TIME,         _T("Unknown time") ),
    TSS_StringEntry( core::STR_BAD_TEMPDIRECTORY,    _T("Solution: Check existence/permissions for directory specified by TEMPDIRECTORY in config file") ),
    /// Particularly useful for eCharacter and eCharacterEncoding
-    TSS_StringEntry(core::STR_ERR_ISNULL, _T("Argument cannot be null.")),
+    TSS_StringEntry( core::STR_ERR_ISNULL,    _T("Argument cannot be null.") ),
-    TSS_StringEntry(core::STR_ERR_OVERFLOW, _T("An overflow has been detected.")),
+    TSS_StringEntry( core::STR_ERR_OVERFLOW,  _T("An overflow has been detected.") ),
-    TSS_StringEntry(core::STR_ERR_UNDERFLOW, _T("An underflow has been detected.")),
+    TSS_StringEntry( core::STR_ERR_UNDERFLOW, _T("An underflow has been detected.") ),
-    TSS_StringEntry(core::STR_ERR_BADCHAR, _T("Input contained an invalid character."))
+    TSS_StringEntry( core::STR_ERR_BADCHAR,   _T("Input contained an invalid character.") )
-        TSS_EndStringtable(cCore)
+TSS_EndStringtable( cCore )
 // eof: corestrings.cpp
--- a/src/core/corestrings.h
+++ b/src/core/corestrings.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -45,19 +45,37 @@
 //--Message Keys
-TSS_BeginStringIds(core)
+TSS_BeginStringIds( core )
    STR_ERR2_ARCH_CRYPTO_ERR,
-    STR_ERR2_BAD_ARG_PARAMS, STR_ERROR_ERROR, STR_ERROR_WARNING, STR_ERROR_COLON, STR_ERROR_HEADER, STR_ERROR_EXITING,
+    STR_ERR2_BAD_ARG_PARAMS,
-    STR_ERROR_CONTINUING, STR_ERR2_FILENAME, STR_ERROR_FILENAME, STR_NUMBER_TOO_BIG, STR_UNKNOWN, STR_SIGNAL,
+    STR_ERROR_ERROR,
-    STR_NEWLINE, STR_MEMARCHIVE_FILENAME, STR_MEMARCHIVE_ERRSTR, STR_ENDOFTIME, STR_UNKNOWN_TIME, STR_BAD_TEMPDIRECTORY,
+    STR_ERROR_WARNING,
    STR_ERROR_COLON,
    STR_ERROR_HEADER,
    STR_ERROR_EXITING,
    STR_ERROR_CONTINUING,
    STR_ERR2_FILENAME,
    STR_ERROR_FILENAME,
    STR_NUMBER_TOO_BIG,
    STR_UNKNOWN,
    STR_SIGNAL,
    STR_NEWLINE,
    STR_MEMARCHIVE_FILENAME,
    STR_MEMARCHIVE_ERRSTR,
    STR_ENDOFTIME,
    STR_UNKNOWN_TIME,
    STR_BAD_TEMPDIRECTORY,
    /// Particularly useful for eCharacterSet and eCharacterEncoding
-    STR_ERR_ISNULL, STR_ERR_OVERFLOW, STR_ERR_UNDERFLOW,
+    STR_ERR_ISNULL,
    STR_ERR_OVERFLOW,
    STR_ERR_UNDERFLOW,
    STR_ERR_BADCHAR
-    TSS_EndStringIds(core)
+TSS_EndStringIds( core )
 #endif //__CORESTRINGS_H
--- a/src/core/crc32.cpp
+++ b/src/core/crc32.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
--- a/src/core/crc32.h
+++ b/src/core/crc32.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
--- a/src/core/debug.cpp
+++ b/src/core/debug.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -37,9 +37,9 @@
 #ifdef DEBUG
-#    ifndef va_start
+#ifndef va_start
-#        include <cstdarg>
+#include <cstdarg>
-#    endif
+#endif
 #include <cwchar>
 #include <fstream>
 #include <cstdio>
@ -47,7 +47,7 @@
 int     cDebug::mDebugLevel(10);
 uint32  cDebug::mOutMask(cDebug::OUT_TRACE);
 std::ofstream cDebug::logfile;
-//mDebugLevel default == 10, mOutMask default == OUT_TRACE.
+    //mDebugLevel default == 10, mOutMask default == OUT_TRACE.
 ///////////////////////////////////////////////////////////////////////////////
 //  Constructors and Destructor
@ -61,14 +61,14 @@ cDebug::cDebug(const char* label)
    mLabel[cnt] = '\0';
 }
-cDebug::cDebug(const cDebug& rhs)
+cDebug::cDebug(const cDebug &rhs)
 {
-    strncpy(mLabel, rhs.mLabel, MAX_LABEL);
+    strcpy(mLabel, rhs.mLabel);
 }
 cDebug::~cDebug()
 {
-    if (logfile)
+    if(logfile)
        logfile.close();
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -86,6 +86,7 @@ void cDebug::Trace(int levelNum, const char* format, ...)
    va_start(args, format);
    DoTrace(format, args);
    va_end(args);
 }
@ -95,13 +96,13 @@ void cDebug::Trace(int levelNum, const char* format, ...)
 //      console, etc...
 ///////////////////////////////////////////////////////////////////////////////
-void cDebug::DoTrace(const char* format, va_list& args)
+void cDebug::DoTrace(const char *format, va_list &args)
 {
    size_t guard1 = 0xBABABABA;
    char out[2048];
    size_t guard2 = 0xBABABABA;
-    vsnprintf(out, 2048, format, args);
+    vsprintf(out, format, args);
    ASSERT(guard1 == 0xBABABABA && guard2 == 0xBABABABA); // string was too long
    ASSERT(strlen(out) < 1024);
@ -134,14 +135,14 @@ void cDebug::DoTrace(const char* format, va_list& args)
        logfile.flush();
    }
 }
-#    ifdef DEBUG
+#ifdef DEBUG
 //
 // wrappers around Trace() that requires less typing
 //      TODO: this is quick and dirty, but lets me check in all these files right away.  --ghk
 //
-void cDebug::TraceAlways(const char* format, ...)
+void cDebug::TraceAlways(const char *format, ...)
 {
    if (D_ALWAYS > mDebugLevel)
        return;
@ -153,7 +154,7 @@ void cDebug::TraceAlways(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceError(const char* format, ...)
+void cDebug::TraceError(const char *format, ...)
 {
    if (D_ERROR > mDebugLevel)
        return;
@ -165,7 +166,7 @@ void cDebug::TraceError(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceWarning(const char* format, ...)
+void cDebug::TraceWarning(const char *format, ...)
 {
    if (D_WARNING > mDebugLevel)
        return;
@ -177,7 +178,7 @@ void cDebug::TraceWarning(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceDebug(const char* format, ...)
+void cDebug::TraceDebug(const char *format, ...)
 {
    if (D_DEBUG > mDebugLevel)
        return;
@ -189,7 +190,7 @@ void cDebug::TraceDebug(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceDetail(const char* format, ...)
+void cDebug::TraceDetail(const char *format, ...)
 {
    if (D_DETAIL > mDebugLevel)
        return;
@ -201,7 +202,7 @@ void cDebug::TraceDetail(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceNever(const char* format, ...)
+void cDebug::TraceNever(const char *format, ...)
 {
    if (D_NEVER > mDebugLevel)
        return;
@ -213,12 +214,12 @@ void cDebug::TraceNever(const char* format, ...)
    va_end(args);
 }
-void cDebug::TraceVaArgs(int iDebugLevel, const char* format, va_list& args)
+void cDebug::TraceVaArgs( int iDebugLevel, const char *format, va_list &args )
 {
-    if (iDebugLevel <= mDebugLevel)
+    if ( iDebugLevel <= mDebugLevel )
-        DoTrace(format, args);
+        DoTrace( format, args);
 }
-#    endif // DEBUG
+#endif // DEBUG
 ///////////////////////////////////////////////////////////////////////////////
 //  AddOutTarget -- Attempts to add a new target for trace/debug output.  
@ -230,8 +231,7 @@ bool cDebug::AddOutTarget(OutTarget target)
        mOutMask |= OUT_STDOUT;
    if (target == OUT_TRACE)
        mOutMask |= OUT_TRACE;
-    if (target == OUT_FILE)
+    if (target == OUT_FILE) {
    {
        mOutMask |= OUT_FILE;
        return false;
    }
@ -286,12 +286,10 @@ bool cDebug::SetOutputFile(const char* filename)
            //make sure info. will not be clobbered.
    //Should be open now- if not, abort.
-    if (!logfile)
+    if (!logfile) {
    {
        mOutMask ^= OUT_FILE;
        return false;
-    }
+    } else
    else
        mOutMask |= OUT_FILE;
    return true;
 }
@ -300,18 +298,18 @@ bool cDebug::SetOutputFile(const char* filename)
 // DebugOut -- Works just like TRACE. note: there is an internal buffer size
 // of 1024; traces larger than that will have unpredictable results.
 //////////////////////////////////////////////////////////////////////////////
-void cDebug::DebugOut(const char* lpOutputString, ...)
+void cDebug::DebugOut( const char* lpOutputString, ... )
 {
    char buf[2048];
    // create the output buffer 
    va_list args;
    va_start(args, lpOutputString);
-    vsnprintf(buf, 2048, lpOutputString, args);
+    vsprintf(buf, lpOutputString, args);
    va_end(args);
-#    ifdef DEBUG
+	#ifdef _DEBUG
 	TCERR << buf;
-#    endif //_DEBUG
+	#endif  //_DEBUG
    TCOUT.flush();
 }
@ -320,3 +318,4 @@ void cDebug::DebugOut(const char* lpOutputString, ...)
 //////////////////////////////////////////////////////////////////////////////////
 // ASSERT macro support function
 //////////////////////////////////////////////////////////////////////////////////
--- a/src/core/debug.h
+++ b/src/core/debug.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -40,13 +40,15 @@
 #include <assert.h>
 #include <iostream>
 /* Do it in this order, because autoconf checks for <stdarg.h>
 * first  i.e. if HAVE_VARARGS_H is defined, it is only because
 * <stdarg.h> couldn't be found.
 */
 #ifdef HAVE_VARARGS_H
-#include <varargs.h>
+# include <varargs.h>
 #else
 # ifdef HAVE_STDARG_H
 #  include <stdarg.h>
@ -105,17 +107,17 @@ public:
    //  The wide character overloads of these functions will expect wide strings
    //  for %s options.
    //
-    void TraceAlways(const char* format, ...);
+    void    TraceAlways     (const char *format, ...);
-    void TraceError(const char* format, ...);
+    void    TraceError      (const char *format, ...);
-    void TraceWarning(const char* format, ...);
+    void    TraceWarning    (const char *format, ...);
-    void TraceDebug(const char* format, ...);
+    void    TraceDebug      (const char *format, ...);
-    void TraceDetail(const char* format, ...);
+    void    TraceDetail     (const char *format, ...);
-    void TraceNever(const char* format, ...);
+    void    TraceNever      (const char *format, ...);
    // these are of use if you are inside a function with a "..." as an argument
    // and you want to trace those args
-    void TraceVaArgs(int iDebugLevel, const char* format, va_list& args);
+    void    TraceVaArgs     (int iDebugLevel, const char *format,   va_list &args);
    // ...but you can still choose to use this interface...
@ -123,28 +125,26 @@ public:
        // Outputs based on levelnum.  If levelnum <= global debug, print.
 public:
    static bool AddOutTarget(OutTarget target);
    static bool RemoveOutTarget(OutTarget target);
    // used to specify the out target....
    static bool HasOutTarget(OutTarget target);
-    static bool SetOutputFile(const char* filename);
+    static bool AddOutTarget    (OutTarget target);
    static bool RemoveOutTarget (OutTarget target);
        // used to specify the out target....
    static bool HasOutTarget    (OutTarget target);
    static bool SetOutputFile   (const char* filename);
        // specifies the output file name used when OUT_FILE is set
-    static void SetDebugLevel(int level);
+    static void SetDebugLevel   (int level);
-    static int  GetDebugLevel(void);
+    static int  GetDebugLevel   (void);
        // gets and sets the global debug level. Trace output at or below this
        // level will be output.
-    static void DebugOut(const char* lpOutputString, ...);
+    static void DebugOut    ( const char* lpOutputString, ... );
        // Works just like TRACE
        // note: there is an internal buffer size of 1024; traces larger
        // than that will have unpredictable and probably bad results
 private:
 #ifdef DEBUG
-    enum
+    enum { MAX_LABEL = 128 };
    {
        MAX_LABEL = 128
    };
    static  int     mDebugLevel;
    static  uint32  mOutMask;
@ -152,15 +152,15 @@ private:
            char    mLabel[MAX_LABEL];
    // helper functions
-    void DoTrace(const char* format, va_list& args);
+    void DoTrace(const char *format, va_list &args);
 #endif
 };
-#ifdef DEBUG
+#ifdef _DEBUG
-#    define TRACE cDebug::DebugOut
+#define TRACE   cDebug::DebugOut
 #else
-#    define TRACE 1 ? (void)0 : cDebug::DebugOut
+#define TRACE   1 ? (void)0 : cDebug::DebugOut
-#endif // DEBUG
+#endif // _DEBUG
 //////////////////////////////////////////////////////////////////////////////////
 // inline implementation
@ -179,90 +179,57 @@ inline int cDebug::GetDebugLevel()
    return mDebugLevel;
 }
-#    else // DEBUG
+#else // DEBUG
-inline cDebug::cDebug(const char*)
+inline      cDebug::cDebug          (const char *) {}
-{
+inline      cDebug::~cDebug         () {}
-}
+inline      cDebug::cDebug          (const cDebug&) {}
-inline cDebug::~cDebug()
+inline void cDebug::TraceAlways     (const char *, ...) {}
-{
+inline void cDebug::TraceError      (const char *, ...) {}
-}
+inline void cDebug::TraceWarning    (const char *, ...) {}
-inline cDebug::cDebug(const cDebug&)
+inline void cDebug::TraceDebug      (const char *, ...) {}
-{
+inline void cDebug::TraceDetail     (const char *, ...) {}
-}
+inline void cDebug::TraceNever      (const char *, ...) {}
-inline void cDebug::TraceAlways(const char*, ...)
+inline void cDebug::TraceVaArgs     (int, const char *, va_list &) {}
-{
+inline void cDebug::Trace           (int, const char*, ...) {}
-}
+inline bool cDebug::AddOutTarget    (OutTarget) { return false; }
-inline void cDebug::TraceError(const char*, ...)
+inline bool cDebug::RemoveOutTarget (OutTarget) { return false; }
-{
+inline bool cDebug::HasOutTarget    (OutTarget) { return false; }
-}
+inline bool cDebug::SetOutputFile   (const char*) { return false; }
-inline void cDebug::TraceWarning(const char*, ...)
+inline void cDebug::SetDebugLevel   (int) {}
-{
+inline int  cDebug::GetDebugLevel   (void) { return 0; }
-}
+inline void cDebug::DebugOut        ( const char*, ... ) {}
-inline void cDebug::TraceDebug(const char*, ...)
+
-{
+#endif // DEBUG
 }
 inline void cDebug::TraceDetail(const char*, ...)
 {
 }
 inline void cDebug::TraceNever(const char*, ...)
 {
 }
 inline void cDebug::TraceVaArgs(int, const char*, va_list&)
 {
 }
 inline void cDebug::Trace(int, const char*, ...)
 {
 }
 inline bool cDebug::AddOutTarget(OutTarget)
 {
    return false;
 }
 inline bool cDebug::RemoveOutTarget(OutTarget)
 {
    return false;
 }
 inline bool cDebug::HasOutTarget(OutTarget)
 {
    return false;
 }
 inline bool cDebug::SetOutputFile(const char*)
 {
    return false;
 }
 inline void cDebug::SetDebugLevel(int)
 {
 }
 inline int cDebug::GetDebugLevel(void)
 {
    return 0;
 }
 inline void cDebug::DebugOut(const char*, ...)
 {
 }
 #    endif // DEBUG
 //////////////////////////////////////////////////////////////////////////////////
 // ASSERT macro
 //////////////////////////////////////////////////////////////////////////////////
-#    define ASSERTMSG(exp, s) assert((exp) != 0)
+
-#    define ASSERT(exp) assert((exp) != 0)
+#if IS_UNIX
    #define ASSERTMSG( exp, s ) assert( (exp) != 0 )
    #define ASSERT( exp )       assert( (exp) != 0 )
        // if we are not windows we will just use the standard assert()
-#    define TSS_DebugBreak() ASSERT(false);
+    #define TSS_DebugBreak()    ASSERT( false );
-#    ifndef ASSERT
+#endif// IS_UNIX
 #        error ASSERT did not get defined!!!
 #    endif
 #    ifndef ASSERTMSG
 #        error ASSERTMSG did not get defined!!!
 #    endif
-#    ifndef TSS_DebugBreak
+#ifndef ASSERT
-#        error TSS_DebugBreak did not get defined!!!
+#error  ASSERT did not get defined!!!
-#    endif
+#endif
 #ifndef ASSERTMSG
 #error  ASSERTMSG did not get defined!!!
 #endif
 #ifndef TSS_DebugBreak
 #error  TSS_DebugBreak did not get defined!!!
 #endif
 #endif //__DEBUG_H
--- a/src/core/displayencoder.cpp
+++ b/src/core/displayencoder.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -66,9 +66,10 @@
 //////////////////////////////////////////////////////////////////////////////
-inline bool IsSingleTCHAR(TSTRING::const_iterator first, TSTRING::const_iterator last)
+inline bool IsSingleTCHAR(  TSTRING::const_iterator first, 
                            TSTRING::const_iterator last )
 {
-    return (first + 1 == last);
+    return( first + 1 == last );
 }
 //////////////////////////////////////////////////////////////////////////////
@ -79,22 +80,24 @@ inline bool IsSingleTCHAR(TSTRING::const_iterator first, TSTRING::const_iterator
 class iCharEncoder
 {
-public:
+    public:
-    virtual ~iCharEncoder(){};
+        virtual bool    NeedsEncoding(  TSTRING::const_iterator first, 
-
+                                        TSTRING::const_iterator last ) const = 0;
    virtual bool NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const = 0;
        // Determines if character identified by [first,last) needs encoding.
        // Returns true if it does.
-    virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const = 0;
+        virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const = 0;
        // Encodes character identified by [first,last) in such a way that it 
        // can be decoded by Decode().  Returns encoded character sequence.
-    virtual TSTRING EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const = 0;
+        virtual TSTRING EncodePretty(   TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const = 0;
        // Encodes character identified by [first,last) in a manner that is not roundtrip,
        // but looks good.  Returns encoded character sequence.
-    virtual TSTRING Decode(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end) const = 0;
+        virtual TSTRING Decode(         TSTRING::const_iterator* pcur, 
                                  const TSTRING::const_iterator end  ) const = 0;
        // Decodes character sequence beginning with '*pcur' and ending before 'end'.
        // Returns decoded character or sequence of characters.  Advances *pcur beyond
        // the last character decoded.
@ -102,34 +105,31 @@ public:
        virtual TCHAR   Identifier() const = 0;        
-    static TCHAR EscapeChar()
+        static TCHAR    EscapeChar() { return char_escape; }
-    {
+
-        return char_escape;
+    protected:    
    }
 protected:
        static TCHAR        char_escape;
 };
 class cNonNarrowableCharEncoder : public iCharEncoder
 {
-public:
+    public:
-    virtual ~cNonNarrowableCharEncoder()
+        virtual bool    NeedsEncoding(  TSTRING::const_iterator first, 
-    {
+                                        TSTRING::const_iterator last ) const;
    }
-    virtual bool NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodePretty(   TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING Decode(         TSTRING::const_iterator* cur, 
-
+                                  const TSTRING::const_iterator end  ) const;
    virtual TSTRING Decode(TSTRING::const_iterator* cur, const TSTRING::const_iterator end) const;
        virtual TCHAR   Identifier() const;
-
+    private:
 private:
        static TCHAR char_identifier;
        static TCHAR char_replace;    
 };
@ -137,24 +137,24 @@ private:
 class cNonPrintableCharEncoder : public iCharEncoder
 {
-public:
+    public:
-    cNonPrintableCharEncoder(bool f_allowWS) : m_allowWS(f_allowWS){};
+        cNonPrintableCharEncoder( bool f_allowWS )
            : m_allowWS( f_allowWS ) {};
-    virtual ~cNonPrintableCharEncoder()
+        virtual bool    NeedsEncoding(  TSTRING::const_iterator first, 
-    {
+                                        TSTRING::const_iterator last ) const;
    }
-    virtual bool NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodePretty(   TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING Decode(         TSTRING::const_iterator* cur, 
-
+                                  const TSTRING::const_iterator end  ) const;
    virtual TSTRING Decode(TSTRING::const_iterator* cur, const TSTRING::const_iterator end) const;
        virtual TCHAR   Identifier() const;
-
+    private:
 private:
        static TCHAR char_identifier;
        static TCHAR char_replace;
@ -163,22 +163,21 @@ private:
 class cQuoteCharEncoder : public iCharEncoder
 {
-public:
+    public:
-    virtual ~cQuoteCharEncoder()
+        virtual bool    NeedsEncoding(  TSTRING::const_iterator first, 
-    {
+                                        TSTRING::const_iterator last ) const;
    }
-    virtual bool NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodePretty(   TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING Decode(         TSTRING::const_iterator* cur, 
-
+                                  const TSTRING::const_iterator end  ) const;
    virtual TSTRING Decode(TSTRING::const_iterator* cur, const TSTRING::const_iterator end) const;
        virtual TCHAR   Identifier() const;
-
+    private:
 private:
        static TCHAR char_test;
        static TCHAR char_identifier;
        static TCHAR char_replace;
@ -187,22 +186,21 @@ private:
 class cBackslashCharEncoder : public iCharEncoder
 {
-public:
+    public:
-    virtual ~cBackslashCharEncoder()
+        virtual bool    NeedsEncoding(  TSTRING::const_iterator first, 
-    {
+                                        TSTRING::const_iterator last ) const;
    }
-    virtual bool NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING EncodePretty(   TSTRING::const_iterator first, 
                                        TSTRING::const_iterator last ) const;
-    virtual TSTRING EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const;
+        virtual TSTRING Decode(         TSTRING::const_iterator* cur, 
-
+                                  const TSTRING::const_iterator end  ) const;
    virtual TSTRING Decode(TSTRING::const_iterator* cur, const TSTRING::const_iterator end) const;
        virtual TCHAR   Identifier() const;
-
+    private:
 private:
        static TCHAR char_test;
        static TCHAR char_identifier;
        static TCHAR char_replace;
@ -233,13 +231,18 @@ TCHAR cNonPrintableCharEncoder::char_replace  = _T('?');
 // TESTS
 //////////////////////////////////////////////////////////////////////////////
-bool cNonNarrowableCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+bool cNonNarrowableCharEncoder::NeedsEncoding( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    return false; // all chars are narrow
 }
-bool cNonPrintableCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+
 bool cNonPrintableCharEncoder::NeedsEncoding( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    // TODO:BAM -- handle this with mb chars
    // std::isprint<wchar_t> does a wctob() on the wchar!!?!?!
@ -262,23 +265,35 @@ bool cNonPrintableCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTR
    // 
    // assuming all unprintable chars are one TCHAR long
-    if (!IsSingleTCHAR(first, last))
+    if( ! IsSingleTCHAR( first, last ) )
        return false;
-    if (m_allowWS && cCharEncoderUtil::IsWhiteSpace(*first))
+    if( m_allowWS && cCharEncoderUtil::IsWhiteSpace( *first ) )
        return false;
-    return cCharEncoderUtil::IsPrintable(*first);
+    return cCharEncoderUtil::IsPrintable( *first );
 }
-bool cQuoteCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+bool cQuoteCharEncoder::NeedsEncoding( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
-    return (IsSingleTCHAR(first, last) && (*first == char_test));
+    return( 
            IsSingleTCHAR( first, last )
            &&
            ( *first == char_test )
          );
 }
-bool cBackslashCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+bool cBackslashCharEncoder::NeedsEncoding( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
-    return (IsSingleTCHAR(first, last) && (*first == char_test));
+    return( 
            IsSingleTCHAR( first, last )
            &&
            ( *first == char_test )
          );
 }
 //////////////////////////////////////////////////////////////////////////////
@ -286,37 +301,43 @@ bool cBackslashCharEncoder::NeedsEncoding(TSTRING::const_iterator first, TSTRING
 //////////////////////////////////////////////////////////////////////////////
-TSTRING cNonNarrowableCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cNonNarrowableCharEncoder::EncodeRoundtrip( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    TSTRING str;
    str += char_escape;
    str += char_identifier;
-    str += cCharEncoderUtil::CharStringToHexValue(TSTRING(first, last));
+    str += cCharEncoderUtil::CharStringToHexValue( TSTRING( first, last ) );
    return str;
 }
-TSTRING cNonPrintableCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cNonPrintableCharEncoder::EncodeRoundtrip( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
-    ASSERT(IsSingleTCHAR(first, last)); // non-prints are single char (see NOTE above)
+    ASSERT( IsSingleTCHAR( first, last ) ); // non-prints are single char (see NOTE above)
    TSTRING str;
    str += char_escape;
    str += char_identifier;
-    str += cCharEncoderUtil::CharStringToHexValue(TSTRING(first, last));
+    str += cCharEncoderUtil::CharStringToHexValue( TSTRING( first, last ) );
    return str;
 }
-TSTRING cQuoteCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cQuoteCharEncoder::EncodeRoundtrip( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    // should just be a quote
-    ASSERT(IsSingleTCHAR(first, last));
+    ASSERT( IsSingleTCHAR( first, last ) );
-    ASSERT(*first == char_test);
+    ASSERT( *first == char_test );
    TSTRING str;
@ -327,11 +348,14 @@ TSTRING cQuoteCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TSTRIN
 }
-TSTRING cBackslashCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+
 TSTRING cBackslashCharEncoder::EncodeRoundtrip( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    // should just be a backslash
-    ASSERT(IsSingleTCHAR(first, last));
+    ASSERT( IsSingleTCHAR( first, last ) );
-    ASSERT(*first == char_test);
+    ASSERT( *first == char_test );
    TSTRING str;
@ -346,35 +370,43 @@ TSTRING cBackslashCharEncoder::EncodeRoundtrip(TSTRING::const_iterator first, TS
 //////////////////////////////////////////////////////////////////////////////
-TSTRING cNonNarrowableCharEncoder::EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cNonNarrowableCharEncoder::EncodePretty( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
-    return EncodeRoundtrip(first, last);
+    return EncodeRoundtrip( first, last );
 }
-TSTRING cNonPrintableCharEncoder::EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cNonPrintableCharEncoder::EncodePretty( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
-    return EncodeRoundtrip(first, last);
+    return EncodeRoundtrip( first, last );
 }
-TSTRING cQuoteCharEncoder::EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cQuoteCharEncoder::EncodePretty( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    // should just be a quote
-    ASSERT(IsSingleTCHAR(first, last));
+    ASSERT( IsSingleTCHAR( first, last ) );
-    ASSERT(*first == char_test);
+    ASSERT( *first == char_test );
-    return TSTRING(1, char_replace);
+    return TSTRING( 1, char_replace );
 }
-TSTRING cBackslashCharEncoder::EncodePretty(TSTRING::const_iterator first, TSTRING::const_iterator last) const
+TSTRING cBackslashCharEncoder::EncodePretty( 
                                    TSTRING::const_iterator first, 
                                    TSTRING::const_iterator last ) const
 {
    // should just be a backslash
-    ASSERT(IsSingleTCHAR(first, last));
+    ASSERT( IsSingleTCHAR( first, last ) );
-    ASSERT(*first == char_test);
+    ASSERT( *first == char_test );
-    return TSTRING(1, char_replace);
+    return TSTRING( 1, char_replace );
 }
 //////////////////////////////////////////////////////////////////////////////
@ -382,45 +414,49 @@ TSTRING cBackslashCharEncoder::EncodePretty(TSTRING::const_iterator first, TSTRI
 //////////////////////////////////////////////////////////////////////////////
-TSTRING cNonNarrowableCharEncoder::Decode(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end) const
+TSTRING cNonNarrowableCharEncoder::Decode(  TSTRING::const_iterator* pcur, 
                                      const TSTRING::const_iterator  end  ) const
 {
    // check preconditions
-    if ((*pcur) >= end || *(*pcur) != Identifier())
+    if( (*pcur) >= end || *(*pcur) != Identifier() )
-        ThrowAndAssert(eBadDecoderInput());
+        ThrowAndAssert( eBadDecoderInput() );
-    return (cCharEncoderUtil::DecodeHexToChar(pcur, end));
+    return( cCharEncoderUtil::DecodeHexToChar( pcur, end ) );
 }
-TSTRING cNonPrintableCharEncoder::Decode(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end) const
+TSTRING cNonPrintableCharEncoder::Decode(  TSTRING::const_iterator* pcur, 
                                     const TSTRING::const_iterator  end  ) const
 {
    // check preconditions
-    if ((*pcur) >= end || *(*pcur) != Identifier())
+    if( (*pcur) >= end || *(*pcur) != Identifier() )
-        ThrowAndAssert(eBadDecoderInput());
+        ThrowAndAssert( eBadDecoderInput() );
-    return (cCharEncoderUtil::DecodeHexToChar(pcur, end));
+    return( cCharEncoderUtil::DecodeHexToChar( pcur, end ) );
 }
-TSTRING cQuoteCharEncoder::Decode(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end) const
+TSTRING cQuoteCharEncoder::Decode(  TSTRING::const_iterator* pcur, 
                              const TSTRING::const_iterator  end  ) const
 {
-    if ((*pcur) >= end || *(*pcur) != Identifier())
+    if( (*pcur) >= end || *(*pcur) != Identifier() )
-        ThrowAndAssert(eBadDecoderInput());
+        ThrowAndAssert( eBadDecoderInput() );
    (*pcur)++; // advance past part decoded
-    return TSTRING(1, Identifier());
+    return TSTRING( 1, Identifier() );
 }
-TSTRING cBackslashCharEncoder::Decode(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end) const
+TSTRING cBackslashCharEncoder::Decode(  TSTRING::const_iterator* pcur, 
                                  const TSTRING::const_iterator  end  ) const
 {
-    if ((*pcur) >= end || *(*pcur) != Identifier())
+    if( (*pcur) >= end || *(*pcur) != Identifier() )
-        ThrowAndAssert(eBadDecoderInput());
+        ThrowAndAssert( eBadDecoderInput() );
    (*pcur)++; // advance past part decoded
-    return TSTRING(1, Identifier());
+    return TSTRING( 1, Identifier() );
 }
 //////////////////////////////////////////////////////////////////////////////
@ -454,107 +490,120 @@ TCHAR cBackslashCharEncoder::Identifier() const
 // UTILITIES
 //////////////////////////////////////////////////////////////////////////////
-bool cCharEncoderUtil::IsWhiteSpace(TCHAR ch)
+bool cCharEncoderUtil::IsWhiteSpace( TCHAR ch )
 {
-    return (ch == '\r' || ch == '\n' || ch == '\t' || ch == '\v' || ch == ' ');
+    return ( ch == '\r' ||
             ch == '\n' ||
             ch == '\t' ||
             ch == '\v' ||
             ch == ' ' );
 }
-bool cCharEncoderUtil::IsPrintable(TCHAR ch)
+bool cCharEncoderUtil::IsPrintable( TCHAR ch )
 {
 #if USE_CLIB_LOCALE && !defined(__APPLE__)
-    return (!isprint(ch)); // kludge for KAI
+    return( ! isprint( ch ) );    // kludge for KAI
 #else // USE_CLIB_LOCALE
-    return (!std::isprint<TCHAR>(ch, std::locale()));
+#if IS_UNIX
        return( ! std::isprint<TCHAR>( ch, std::locale() ) );
    #endif
 #endif // USE_CLIB_LOCALE
 }
-TSTRING cCharEncoderUtil::CharStringToHexValue(const TSTRING& str)
+TSTRING cCharEncoderUtil::CharStringToHexValue( const TSTRING& str )
 {
    TSTRING strOut;
    TSTRING::const_iterator at;
-    for (at = str.begin(); at < str.end(); at++)
+    for( at = str.begin(); at < str.end(); at++ )
    {
-        strOut += char_to_hex(*at);
+        strOut += char_to_hex( *at );
    }
    return strOut;
 }
-TSTRING cCharEncoderUtil::HexValueToCharString(const TSTRING& str)
+TSTRING cCharEncoderUtil::HexValueToCharString( const TSTRING& str )
 {
    TSTRING strOut;    
    TSTRING::const_iterator     at;
-    for (at = str.begin(); at < str.end(); at += TCHAR_AS_HEX__IN_TCHARS)
+    for( at = str.begin(); at < str.end(); at += TCHAR_AS_HEX__IN_TCHARS )
    {
-        strOut += hex_to_char(at, at + TCHAR_AS_HEX__IN_TCHARS);
+        strOut += hex_to_char( at, at + TCHAR_AS_HEX__IN_TCHARS );
    }
    return strOut;
 }
-TCHAR cCharEncoderUtil::hex_to_char(TSTRING::const_iterator first, TSTRING::const_iterator last)
+TCHAR cCharEncoderUtil::hex_to_char( TSTRING::const_iterator first, 
                                     TSTRING::const_iterator last )
 {
    static const TCHAR max_char = std::numeric_limits<TCHAR>::max();
    static const TCHAR min_char = std::numeric_limits<TCHAR>::min();
-    if (first + TCHAR_AS_HEX__IN_TCHARS != last)
+    if( first + TCHAR_AS_HEX__IN_TCHARS != last )
-        ThrowAndAssert(eBadHexConversion());
+        ThrowAndAssert( eBadHexConversion() );
-    TISTRINGSTREAM ss(TSTRING(first, last));
+    TISTRINGSTREAM ss( TSTRING( first, last ) );
-    ss.imbue(std::locale::classic());
+    ss.imbue( std::locale::classic() );
-    ss.fill(_T('0'));
+    ss.fill ( _T('0') );
-    ss.setf(std::ios_base::hex, std::ios_base::basefield);
+    ss.setf( std::ios_base::hex, std::ios_base::basefield );
    unsigned long ch;
    ss >> ch;
-    if (ss.bad() || ss.fail())
+    if( ss.bad() || ss.fail() )
-        ThrowAndAssert(eBadHexConversion(TSTRING(first, last)));
+        ThrowAndAssert( eBadHexConversion( TSTRING( first, last ) ) );
-    if ((TCHAR)ch > max_char || (TCHAR)ch < min_char)
+    if( (TCHAR)ch > max_char || (TCHAR)ch < min_char )
-        ThrowAndAssert(eBadHexConversion(TSTRING(first, last)));
+        ThrowAndAssert( eBadHexConversion( TSTRING( first, last ) ) );
    return (TCHAR)ch;
 }
-TSTRING cCharEncoderUtil::char_to_hex(TCHAR ch)
+TSTRING cCharEncoderUtil::char_to_hex( TCHAR ch )
 {
    TOSTRINGSTREAM ss;
-    ss.imbue(std::locale::classic());
+    ss.imbue( std::locale::classic() );
-    ss.fill(_T('0'));
+    ss.fill ( _T('0') );
-    ss.width(TCHAR_AS_HEX__IN_TCHARS);
+    ss.width( TCHAR_AS_HEX__IN_TCHARS );
-    ss.setf(std::ios_base::hex, std::ios_base::basefield);
+    ss.setf( std::ios_base::hex, std::ios_base::basefield );
-    ss << tss::util::char_to_size(ch);
+    ss << tss::util::char_to_size( ch );
-    if (ss.bad() || ss.fail() || ss.str().length() != TCHAR_AS_HEX__IN_TCHARS)
+    if( ss.bad() || ss.fail() || 
-        ThrowAndAssert(eBadHexConversion(TSTRING(1, ch)));
+        ss.str().length() != TCHAR_AS_HEX__IN_TCHARS )
        ThrowAndAssert( eBadHexConversion( TSTRING( 1, ch ) ) );
    return ss.str();
 }
-TSTRING cCharEncoderUtil::DecodeHexToChar(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end)
+TSTRING cCharEncoderUtil::DecodeHexToChar(  TSTRING::const_iterator* pcur, 
                                      const TSTRING::const_iterator  end  )
 {
    // get hex numbers -- 2 chars
    TSTRING str;
    size_t n = 0;
-    for ((*pcur)++; n < TCHAR_AS_HEX__IN_TCHARS && (*pcur) != end; n++, (*pcur)++)
+    for( (*pcur)++; 
         n < TCHAR_AS_HEX__IN_TCHARS && 
             (*pcur) != end; 
         n++, (*pcur)++ )
    {
        str += *(*pcur);
    }
-    if (n != TCHAR_AS_HEX__IN_TCHARS)
+    if( n != TCHAR_AS_HEX__IN_TCHARS )
-        ThrowAndAssert(eBadDecoderInput());
+        ThrowAndAssert( eBadDecoderInput() );
    // convert hex numbers
-    return HexValueToCharString(str);
+    return HexValueToCharString( str );
 }
 //////////////////////////////////////////////////////////////////////////////
@ -562,23 +611,28 @@ TSTRING cCharEncoderUtil::DecodeHexToChar(TSTRING::const_iterator* pcur, const T
 //////////////////////////////////////////////////////////////////////////////
-cEncoder::cEncoder(int e, int f) : m_fFlags(f)
+cEncoder::cEncoder( int e, int f )
    : m_fFlags( f )
 {
    // add encodings
-    if (e & NON_NARROWABLE)
+    if( e & NON_NARROWABLE )
-        m_encodings.push_back(new cNonNarrowableCharEncoder);
+        m_encodings.push_back( new cNonNarrowableCharEncoder );    
-    if (e & NON_PRINTABLE)
+    if( e & NON_PRINTABLE )
-        m_encodings.push_back(new cNonPrintableCharEncoder(AllowWhiteSpace()));
+        m_encodings.push_back( new cNonPrintableCharEncoder( AllowWhiteSpace() ) );
-    if (e & BACKSLASH)
+    if( e & BACKSLASH )
-        m_encodings.push_back(new cBackslashCharEncoder);
+        m_encodings.push_back( new cBackslashCharEncoder );
-    if (e & DBL_QUOTE)
+    if( e & DBL_QUOTE )
-        m_encodings.push_back(new cQuoteCharEncoder);
+        m_encodings.push_back( new cQuoteCharEncoder );
    // assert that we weren't passed anything freaky
-    ASSERT(0 == (e & ~(NON_NARROWABLE | NON_PRINTABLE | BACKSLASH | DBL_QUOTE)));
+    ASSERT( 0 == ( e & ~( NON_NARROWABLE | 
                          NON_PRINTABLE | 
                          BACKSLASH | 
                          DBL_QUOTE ) ) );
    // add flags
-    ASSERT(!((m_fFlags & ROUNDTRIP) && (m_fFlags & NON_ROUNDTRIP)));
+    ASSERT( ! ( ( m_fFlags & ROUNDTRIP ) &&
                ( m_fFlags & NON_ROUNDTRIP ) ) );
 #ifdef TSS_DO_SCHEMA_VALIDATION
@ -586,31 +640,29 @@ cEncoder::cEncoder(int e, int f) : m_fFlags(f)
    ValidateSchema();
 #endif
 }
 cEncoder::~cEncoder() 
 {
    sack_type::iterator itr;
    for (itr = m_encodings.begin(); itr != m_encodings.end(); ++itr)
        delete *itr;
 }
 bool cEncoder::RoundTrip() const
 {
-    return (0 != (m_fFlags & ROUNDTRIP));
+    return( 0 != ( m_fFlags & ROUNDTRIP ) );
 }
 bool cEncoder::AllowWhiteSpace() const
 {
-    return (0 != (m_fFlags & ALLOW_WHITESPACE));
+    return( 0 != ( m_fFlags & ALLOW_WHITESPACE ) );
 }
 //////////////////////////////////////////////////////////////////////////////
 // ENCODER BASIC FUNCTIONALITY
 //////////////////////////////////////////////////////////////////////////////
-void cEncoder::Encode(TSTRING& strIn) const
+void cEncoder::Encode( TSTRING& strIn ) const
 {
    // TODO:BAM -- reserve space for strOut as an optimization?
    TSTRING strOut;         // encoded string we will build up
@ -621,27 +673,29 @@ void cEncoder::Encode(TSTRING& strIn) const
    TSTRING::const_iterator         last  = end;          // identifies end of current character
    // while get next char (updates cur)
-    while (cCharUtil::PopNextChar(cur, end, first, last))
+    while( cCharUtil::PopNextChar( cur, end, first, last ) )
    {
        bool fCharEncoded = false; // answers: did char need encoding?
        sack_type::const_iterator atE;
        // for all encoders
-        for (atE = m_encodings.begin(); atE != m_encodings.end(); atE++)
+        for( atE = m_encodings.begin(); 
             atE != m_encodings.end();
             atE++ )
        {
            // does char need encoding?
-            if ((*atE)->NeedsEncoding(first, last))
+            if( (*atE)->NeedsEncoding( first, last ) )
            {
-                strOut += Encode(first, last, atE);
+                strOut += Encode( first, last, atE );
                fCharEncoded = true;
                break;  // each char should only fail at most one 
                        // encoding test, so it should be cool to quit
            }
        }
-        if (!fCharEncoded)
+        if( ! fCharEncoded )
        {
-            strOut.append(first, last); // simply add current char to output since it needed no encoding
+            strOut.append( first, last ); // simply add current char to output since it needed no encoding
        }
    }
@ -649,17 +703,18 @@ void cEncoder::Encode(TSTRING& strIn) const
    strIn = strOut;
 }
-TSTRING
+TSTRING cEncoder::Encode( TSTRING::const_iterator first,
-cEncoder::Encode(TSTRING::const_iterator first, TSTRING::const_iterator last, sack_type::const_iterator encoding) const
+                          TSTRING::const_iterator last,
                          sack_type::const_iterator encoding ) const
 {
    // encode it 
-    if (RoundTrip())
+    if( RoundTrip() )
-        return (*encoding)->EncodeRoundtrip(first, last);
+        return (*encoding)->EncodeRoundtrip( first, last );
    else
-        return (*encoding)->EncodePretty(first, last);
+        return (*encoding)->EncodePretty( first, last );
 }
-void cEncoder::Decode(TSTRING& strIn) const
+void cEncoder::Decode( TSTRING& strIn ) const
 {
    // TODO:BAM -- reserve space for strOut as an optimization?
    TSTRING strOut;         // decoded string we will build up
@ -671,34 +726,37 @@ void cEncoder::Decode(TSTRING& strIn) const
    // while get next char (updates cur)
-    while (cCharUtil::PopNextChar(cur, end, first, last))
+    while( cCharUtil::PopNextChar( cur, end, first, last ) )
    {
        // is this char the escape character?
-        if (IsSingleTCHAR(first, last) && *first == iCharEncoder::EscapeChar())
+        if( IsSingleTCHAR( first, last ) && 
            *first == iCharEncoder::EscapeChar() )
        {
            // get to identifier
-            if (!cCharUtil::PopNextChar(cur, end, first, last))
+            if( ! cCharUtil::PopNextChar( cur, end, first, last ) )
-                ThrowAndAssert(eBadDecoderInput());
+                ThrowAndAssert( eBadDecoderInput() );
            // this algorithm assumes that all identifiers are single char
            // so anything following the escape char should be a 
            // single-char identifier
-            if (!IsSingleTCHAR(first, last))
+            if( ! IsSingleTCHAR( first, last ) ) 
-                THROW_INTERNAL("displayencoder.cpp");
+                THROW_INTERNAL( "displayencoder.cpp" );
            // determine to which encoding the identifier belongs
            bool fFoundEncoding = false;
            sack_type::const_iterator atE;
-            for (atE = m_encodings.begin(); atE != m_encodings.end(); atE++)
+            for( atE = m_encodings.begin(); 
                 atE != m_encodings.end(); 
                 atE++ )
            {
                // is this the right encoding?
-                if (*first == (*atE)->Identifier())
+                if( *first == (*atE)->Identifier() )
                {
                    // this is the correct encoding....
                    fFoundEncoding = true;
                    // ...so decode char
-                    strOut += (*atE)->Decode(&first, end); // should modify cur
+                    strOut += (*atE)->Decode( &first, end ); // should modify cur
                    cur = first; // advance current char pointer
@ -707,12 +765,12 @@ void cEncoder::Decode(TSTRING& strIn) const
                }
            }
-            if (!fFoundEncoding)
+            if( ! fFoundEncoding )
-                ThrowAndAssert(eUnknownEscapeEncoding(TSTRING(1, *first)));
+                ThrowAndAssert( eUnknownEscapeEncoding( TSTRING( 1, *first ) ) );
        }
        else
        {        
-            strOut.append(first, last);
+            strOut.append( first, last );
        }
    }
@ -725,8 +783,8 @@ void cEncoder::Decode(TSTRING& strIn) const
 void cEncoder::ValidateSchema() const
 {
-    ASSERT(OnlyOneCatagoryPerChar());
+    ASSERT( OnlyOneCatagoryPerChar() );
-    ASSERT(AllIdentifiersUnique());
+    ASSERT( AllIdentifiersUnique() );
 }
@ -735,27 +793,28 @@ bool cEncoder::OnlyOneCatagoryPerChar() const
 {
    // TODO:BAM - man, is there a better way to do this?
    TCHAR ch = std::numeric_limits<TCHAR>::min();
-    TSTRING ach(1, ch);
+    TSTRING ach(1,ch);
-    if (ch != std::numeric_limits<TCHAR>::max())
+    if( ch != std::numeric_limits<TCHAR>::max() )
    {
        do
        {
            bool fFailedATest = false;
            ach[0] = ch;
-            for (sack_type::const_iterator atE = m_encodings.begin(); atE != m_encodings.end(); atE++)
+            for( sack_type::const_iterator atE = m_encodings.begin(); atE != m_encodings.end(); atE++ )
            {
-                if ((*atE)->NeedsEncoding(ach.begin(), ach.end()))
+                if( (*atE)->NeedsEncoding( ach.begin(), ach.end() ) )
                {
-                    if (fFailedATest)
+                    if( fFailedATest )
                        return false; // each char can only fail one test
                    else
                        fFailedATest = true;
                }
            }
            ch++;
-        } while (ch != std::numeric_limits<TCHAR>::max());
+        }
        while( ch != std::numeric_limits<TCHAR>::max() );
    }
    return true;
 }
@ -764,10 +823,10 @@ bool cEncoder::OnlyOneCatagoryPerChar() const
 bool cEncoder::AllIdentifiersUnique() const
 {
    TSTRING chars;
-    for (sack_type::const_iterator atE = m_encodings.begin(); atE != m_encodings.end(); atE++)
+    for( sack_type::const_iterator atE = m_encodings.begin(); atE != m_encodings.end(); atE++ )
    {
        TCHAR chID = (*atE)->Identifier();
-        if (chars.find(chID) == TSTRING::npos)
+        if( chars.find( chID ) == TSTRING::npos )
            chars += chID;
        else
            return false;
@ -776,7 +835,7 @@ bool cEncoder::AllIdentifiersUnique() const
 }
-bool cEncoder::AllTestsRunOnEncodedString(const TSTRING& s) const
+bool cEncoder::AllTestsRunOnEncodedString( const TSTRING& s ) const
 {
    TSTRING::const_iterator         cur = s.begin();  // pointer to working position in s
    const TSTRING::const_iterator   end = s.end();    // end of s
@ -785,12 +844,14 @@ bool cEncoder::AllTestsRunOnEncodedString(const TSTRING& s) const
    // while get next char (updates cur)
-    while (cCharUtil::PopNextChar(cur, end, first, last))
+    while( cCharUtil::PopNextChar( cur, end, first, last ) )
    {
        sack_type::const_iterator atE;
-        for (atE = m_encodings.begin(); atE != m_encodings.end(); atE++)
+        for( atE = m_encodings.begin(); 
             atE != m_encodings.end(); 
             atE++ )
        {
-            if ((*atE)->NeedsEncoding(first, last))
+            if( (*atE)->NeedsEncoding( first, last ) )
            {
                return false;
            }
@ -806,17 +867,25 @@ bool cEncoder::AllTestsRunOnEncodedString(const TSTRING& s) const
 //////////////////////////////////////////////////////////////////////////////
-cDisplayEncoder::cDisplayEncoder(Flags f) : cEncoder(NON_NARROWABLE | NON_PRINTABLE | BACKSLASH | DBL_QUOTE, f)
+cDisplayEncoder::cDisplayEncoder( Flags f )
    : cEncoder( 
                        NON_NARROWABLE  |
                        NON_PRINTABLE |
                        BACKSLASH | 
                        DBL_QUOTE,
                        f
                        ) 
 {
 }
-void cDisplayEncoder::Encode(TSTRING& str) const
+void cDisplayEncoder::Encode( TSTRING& str ) const
 {
-    cEncoder::Encode(str);
+    cEncoder::Encode( str );
 }
-bool cDisplayEncoder::Decode(TSTRING& str) const
+bool cDisplayEncoder::Decode( TSTRING& str ) const
 {
-    cEncoder::Decode(str);
+    cEncoder::Decode( str );
    return true; // TODO:BAM -- throw error!
 }
--- a/src/core/displayencoder.h
+++ b/src/core/displayencoder.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -40,10 +40,10 @@
 // EXCEPTION DECLARATION
 //=========================================================================
-TSS_EXCEPTION(eEncoder, eError);
+TSS_EXCEPTION( eEncoder,                    eError );
-TSS_EXCEPTION(eBadDecoderInput, eEncoder);
+TSS_EXCEPTION( eBadDecoderInput,            eEncoder );
-TSS_EXCEPTION(eBadHexConversion, eEncoder);
+TSS_EXCEPTION( eBadHexConversion,           eEncoder );
-TSS_EXCEPTION(eUnknownEscapeEncoding, eEncoder);
+TSS_EXCEPTION( eUnknownEscapeEncoding,      eEncoder );
 //=========================================================================
 // DECLARATION OF CLASSES
@ -59,7 +59,7 @@ class iCharEncoder;
 // as long as AllIdentifiersUnique and OnlyOneCatagoryPerChar are true
 class cEncoder
 {
-public:
+    public:                
        enum Encodings 
        {
            NON_NARROWABLE = 0x01, // WC -> MB, MB alway narrowable: 
@ -75,22 +75,23 @@ public:
            ALLOW_WHITESPACE = 0x04
        };
-    cEncoder(int e, int f); // mask of Encodings
+        cEncoder( int e, int f ); // mask of Encodings
        virtual ~cEncoder();
-    void Encode(TSTRING& str) const;
+        void Encode( TSTRING& str ) const;
-    void Decode(TSTRING& str) const; // TODO:BAM -- throw error!
+        void Decode( TSTRING& str ) const; // TODO:BAM -- throw error!
        void ValidateSchema() const;
        bool OnlyOneCatagoryPerChar() const;
        bool AllIdentifiersUnique() const;
-    bool AllTestsRunOnEncodedString(const TSTRING& str) const;
+        bool AllTestsRunOnEncodedString( const TSTRING& str ) const;
-private:
+    private:
-    typedef std::vector<iCharEncoder*> sack_type;
+        typedef std::vector< iCharEncoder* > sack_type;
-    TSTRING
+        TSTRING Encode( TSTRING::const_iterator first,
-    Encode(TSTRING::const_iterator first, TSTRING::const_iterator last, sack_type::const_iterator encoding) const;
+                        TSTRING::const_iterator last,
                        sack_type::const_iterator encoding ) const;
        bool RoundTrip() const;
        bool AllowWhiteSpace() const;
@ -103,51 +104,55 @@ private:
 class cDisplayEncoder : public cEncoder
 {
-public:
+    public:
-    cDisplayEncoder(Flags f = NON_ROUNDTRIP);
+        cDisplayEncoder( Flags f = NON_ROUNDTRIP );
-    void Encode(TSTRING& str) const;
+        void Encode( TSTRING& str ) const;
-    bool Decode(TSTRING& str) const;
+        bool Decode( TSTRING& str ) const;
-    static TSTRING EncodeInline(const TSTRING& sIn)
+        static TSTRING EncodeInline( const TSTRING& sIn )
        {
            TSTRING sOut = sIn;
            cDisplayEncoder e;
-        e.Encode(sOut);
+            e.Encode( sOut );
            return sOut;
        }
-    static TSTRING EncodeInlineAllowWS(const TSTRING& sIn)
+        static TSTRING EncodeInlineAllowWS( const TSTRING& sIn )
        {
            TSTRING sOut = sIn;
-        cDisplayEncoder e((Flags)(NON_ROUNDTRIP | ALLOW_WHITESPACE));
+            cDisplayEncoder e( (Flags)( NON_ROUNDTRIP | ALLOW_WHITESPACE ) );
-        e.Encode(sOut);
+            e.Encode( sOut );
            return sOut;
        }
 };
 class cCharEncoderUtil
 {
-public:
+    public:
    static bool IsPrintable(TCHAR ch);
    static bool IsWhiteSpace(TCHAR ch);
-    static TSTRING CharStringToHexValue(const TSTRING& str);
+        static bool     IsPrintable( TCHAR ch );
        static bool     IsWhiteSpace( TCHAR ch );
-    static TSTRING HexValueToCharString(const TSTRING& str);
+        static TSTRING  CharStringToHexValue( const TSTRING& str );
-    static TCHAR hex_to_char(TSTRING::const_iterator first, TSTRING::const_iterator last);
+        static TSTRING  HexValueToCharString( const TSTRING& str );
-    static TSTRING char_to_hex(TCHAR ch);
+        static TCHAR    hex_to_char( TSTRING::const_iterator first, 
                                          TSTRING::const_iterator last );
-    static TSTRING DecodeHexToChar(TSTRING::const_iterator* pcur, const TSTRING::const_iterator end);
+        static TSTRING  char_to_hex( TCHAR ch );
        static TSTRING  DecodeHexToChar(  TSTRING::const_iterator* pcur, 
                                    const TSTRING::const_iterator  end  );
        enum 
        { 
            BYTE_AS_HEX__IN_TCHARS = 2,
-        BYTES_PER_TCHAR         = sizeof(TCHAR),
+            BYTES_PER_TCHAR = sizeof( TCHAR ),
            TCHAR_AS_HEX__IN_TCHARS = BYTE_AS_HEX__IN_TCHARS * BYTES_PER_TCHAR
        };
 };
@ -236,3 +241,4 @@ typedef cDisplayEncoder_<TCHAR> cDisplayEncoder;
 #endif //__DISPLAYENCODER_H
 */
--- a/src/core/displayutil.cpp
+++ b/src/core/displayutil.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -40,29 +40,29 @@
 #include "ntmbs.h"
 #include <iomanip>
-TSTRING cDisplayUtil::FormatMultiLineString(const TSTRING& str, int nOffset, int nWidth)
+TSTRING cDisplayUtil::FormatMultiLineString( const TSTRING& str, int nOffset, int nWidth )
 {
    TOSTRINGSTREAM sstr;
    TSTRING strT;
    bool fFirstLine = true;
-    for (TSTRING::const_iterator i = str.begin(); i != str.end(); i = *i ? i + 1 : i)
+    for( TSTRING::const_iterator i = str.begin(); i != str.end(); i = *i ? i + 1 : i )
    {
        // return found -- add line to output string
-        if (_T('\n') == *i)
+        if( _T('\n') == *i )
        {
            // only do offset for strings after the first
-            if (fFirstLine)
+            if( fFirstLine )
            {
                fFirstLine = false;
            }
            else
            {              
                // add offset
-                for (int j = 0; j < nOffset; j++)
+                for( int j = 0; j < nOffset; j++ )
                    sstr << _T(" ");
                // set width
-                sstr << std::setw(nWidth);
+                sstr << std::setw( nWidth );
            }
            // add to stringstream
@ -74,7 +74,7 @@ TSTRING cDisplayUtil::FormatMultiLineString(const TSTRING& str, int nOffset, int
        else
        {
            // add char to string   
-            strT.append(i, (TSTRING::const_iterator)(*i ? i + 1 : i));
+            strT.append( i, (TSTRING::const_iterator)(*i ? i + 1 : i) );
        }
    }    
@ -82,17 +82,19 @@ TSTRING cDisplayUtil::FormatMultiLineString(const TSTRING& str, int nOffset, int
    // we want our client to be able to say "out << PropAsString() << endl;"
    // add offset
-    if (!fFirstLine)
+    if( ! fFirstLine )
    {
-        for (int j = 0; j < nOffset; j++)
+        for( int j = 0; j < nOffset; j++ )
            sstr << _T(" ");
    }
    // set width
-    sstr << std::setw(nWidth);
+    sstr << std::setw( nWidth );
    // now add last string
    sstr << strT;
-    return (sstr.str());
+    return( sstr.str() );
 }
 // eof: displayutil.cpp
--- a/src/core/displayutil.h
+++ b/src/core/displayutil.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -41,7 +41,7 @@
 class cDisplayUtil
 {
 public:
-    static TSTRING FormatMultiLineString(const TSTRING& str, int nOffset, int nWidth);
+    static TSTRING FormatMultiLineString( const TSTRING& str, int nOffset, int nWidth );
 };
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@ -98,3 +98,4 @@ public:
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #endif // #ifndef __DISPLAYUTIL_H
--- a/src/core/error.cpp
+++ b/src/core/error.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -39,11 +39,13 @@
 ///////////////////////////////////////////////////////////////////////////////
 // CalcHash
 ///////////////////////////////////////////////////////////////////////////////
-uint32 eError::CalcHash(const char* name)
+uint32 eError::CalcHash( const char* name )
 {
    CRC_INFO crc;
-    crcInit(crc);
+    crcInit( crc );
-    crcUpdate(crc, (const uint8*)name, strlen(name));
+    crcUpdate( crc, (const uint8*)name, strlen( name ) );
-    crcFinit(crc);
+    crcFinit( crc );
    return crc.crc;
 }
--- a/src/core/error.h
+++ b/src/core/error.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -42,13 +42,14 @@
 class eError
 {
 public:
    //-------------------------------------------------------------------------
    // Construction and Assignment
    //-------------------------------------------------------------------------
-    eError(const TSTRING& msg, uint32 flags = 0);
+                eError( const TSTRING& msg, uint32 flags = 0 );
-    explicit eError(const eError& rhs);
+    explicit    eError( const eError& rhs ); 
    explicit    eError();
-    void operator=(const eError& rhs);
+    void operator=( const eError& rhs ); 
    //-------------------------------------------------------------------------
    // Destruction
@ -86,7 +87,7 @@ public:
        SUPRESS_THIRD_MSG       = 0x00000002        // supresses the "continuing" or "exiting" message
    };
-    void SetFlags(uint32 flags);
+    void SetFlags( uint32 flags );
    //-------------------------------------------------------------------------
    // Flag Convenience Methods
@ -103,7 +104,7 @@ public:
    //-------------------------------------------------------------------------
    // Utility Methods
    //-------------------------------------------------------------------------
-    static uint32 CalcHash(const char* name);
+    static uint32 CalcHash( const char* name );
        // calculates the CRC32 of the string passed in as name. This methods
        // asserts that name is non null. This is used to generate unique IDs 
        // for errors.
@ -128,51 +129,44 @@ protected:
 ///////////////////////////////////////////////////////////////////////////////
 #if HAVE_GCC
-#    define TSS_BEGIN_EXCEPTION_EXPLICIT
+#define TSS_BEGIN_EXCEPTION_EXPLICIT 
 #else
-#    define TSS_BEGIN_EXCEPTION_EXPLICIT explicit
+#define TSS_BEGIN_EXCEPTION_EXPLICIT explicit
 #endif
-#define TSS_BEGIN_EXCEPTION(except, base)                                  \
+#define TSS_BEGIN_EXCEPTION( except, base ) \
    class except : public base \
-    {                                                                      \
+    {\
-    public:                                                                \
+    public:\
-        except(const TSTRING& msg, uint32 flags = 0) : base(msg, flags)    \
+        except( const TSTRING& msg, uint32 flags = 0 ) \
-        {                                                                  \
+        : base( msg, flags ) {} \
-        }                                                                  \
+        TSS_BEGIN_EXCEPTION_EXPLICIT except( const except& rhs ) \
-        TSS_BEGIN_EXCEPTION_EXPLICIT except(const except& rhs) : base(rhs) \
+        : base( rhs ) {} \
-        {                                                                  \
+        explicit except() : base() {} \
        }                                                                  \
        explicit except() : base()                                         \
        {                                                                  \
        }                                                                  \
        \
        virtual uint32 GetID() const \
-        {                                                                  \
+        {\
-            return CalcHash(#except);                                      \
+            return CalcHash( #except ); \
-        }
+        }\
-#define TSS_END_EXCEPTION() \
+#define TSS_END_EXCEPTION( ) \
-    }                       \
+    };
    ;
 ///////////////////////////////////////////////////////////////////////////////
 // TSS_BEGIN_EXCEPTION_NO_CTOR
 //
 // Same as TSS_BEGIN_EXCEPTION, but doesn't define any ctors.
 ///////////////////////////////////////////////////////////////////////////////
-#define TSS_BEGIN_EXCEPTION_NO_CTOR(except, base) \
+#define TSS_BEGIN_EXCEPTION_NO_CTOR( except, base ) \
    class except : public base \
-    {                                             \
+    {\
-    public:                                       \
+    public:\
-        explicit except() : base()                \
+        explicit except() : base() {} \
        {                                         \
        }                                         \
        \
        virtual uint32 GetID() const \
-        {                                         \
+        {\
-            return CalcHash(#except);             \
+            return CalcHash( #except ); \
-        }
+        }\
 ///////////////////////////////////////////////////////////////////////////////
 // TSS_EXCEPTION
@ -184,8 +178,8 @@ protected:
 // TODO (mdb) -- do we want to cache the CRC? if we store it in a class static 
 //      variable, then we will need to define it in the cpp file as well ...
 ///////////////////////////////////////////////////////////////////////////////
-#define TSS_EXCEPTION(except, base)   \
+#define TSS_EXCEPTION( except, base ) \
-    TSS_BEGIN_EXCEPTION(except, base) \
+    TSS_BEGIN_EXCEPTION( except, base ) \
    TSS_END_EXCEPTION()
 //-----------------------------------------------------------------------------
@ -195,29 +189,38 @@ protected:
 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError(const TSTRING& msg, uint32 flags) : mMsg(msg), mFlags(flags)
+inline eError::eError( const TSTRING& msg, uint32 flags )
 :   mMsg    ( msg ),
    mFlags  ( flags )
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError(const eError& rhs) : mMsg(rhs.mMsg), mFlags(rhs.mFlags)
+inline eError::eError( const eError& rhs )
 :   mMsg    ( rhs.mMsg ),
    mFlags  ( rhs.mFlags )
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
 // eError
 ///////////////////////////////////////////////////////////////////////////////
-inline eError::eError() : mMsg(_T("")), mFlags(0)
+inline eError::eError( )
 :   mMsg    ( _T("") ),
    mFlags  ( 0 )
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
 // operator=
 ///////////////////////////////////////////////////////////////////////////////
-inline void eError::operator=(const eError& rhs)
+inline void eError::operator=( const eError& rhs )
 {
    mMsg    = rhs.mMsg;
    mFlags  = rhs.mFlags;
@ -228,6 +231,7 @@ inline void eError::operator=(const eError& rhs)
 ///////////////////////////////////////////////////////////////////////////////
 inline eError::~eError()
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -249,7 +253,7 @@ inline uint32 eError::GetFlags() const
 ///////////////////////////////////////////////////////////////////////////////
 // SetFlags
 ///////////////////////////////////////////////////////////////////////////////
-inline void eError::SetFlags(uint32 flags)
+inline void eError::SetFlags( uint32 flags )
 {
    mFlags = flags; 
 }
@ -271,6 +275,7 @@ inline void eError::SetFatality(bool fatal)
 inline bool eError::IsFatal() const
 {
    return (mFlags & (uint32)NON_FATAL) == 0;
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -293,4 +298,6 @@ inline bool eError::SupressThird() const
 }
 #endif //__ERROR_H
--- a/src/core/errorbucket.h
+++ b/src/core/errorbucket.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -57,9 +57,7 @@ class cErrorBucket
 {
 public:
    cErrorBucket();
-    virtual ~cErrorBucket()
+    virtual ~cErrorBucket() {}
    {
    }
    virtual void AddError(const eError& error);
        // add an error to the bucket
@ -83,7 +81,8 @@ protected:
 ///////////////////
 // cErrorBucket
 ///////////////////
-inline cErrorBucket::cErrorBucket() : mpChild(0)
+inline cErrorBucket::cErrorBucket() :
    mpChild(0)
 {
 }
@ -100,3 +99,4 @@ inline cErrorBucket* cErrorBucket::SetChild(cErrorBucket* pNewChild)
 }
 #endif
--- a/src/core/errorbucketimpl.cpp
+++ b/src/core/errorbucketimpl.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -43,7 +43,7 @@
 void cErrorBucket::AddError(const eError& error)
 {
    HandleError(error);
-    if (mpChild)
+    if(mpChild)
        mpChild->AddError(error);
 }
@ -52,7 +52,9 @@ void cErrorBucket::AddError(const eError& error)
 //#############################################################################
 void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
 {
-    cDisplayEncoder e((cDisplayEncoder::Flags)(cDisplayEncoder::NON_ROUNDTRIP | cDisplayEncoder::ALLOW_WHITESPACE));
+    cDisplayEncoder e( 
            (cDisplayEncoder::Flags) ( cDisplayEncoder::NON_ROUNDTRIP | 
                                       cDisplayEncoder::ALLOW_WHITESPACE ) );
    TSTRING errStr;
    //
@ -66,18 +68,19 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    // point is when we throw ePoly() with no constructor arguments.  At some point we want
    // to stop using the mechanism have non-printing errors, thus we leave in the ASSERT below.
    // But we don't want to break any release code, thus we return on the next line - June 2, 1999 DMB.
-    ASSERT(error.GetID() != 0);
+    ASSERT( error.GetID() != 0 );
-    if (error.GetID() == 0)
+    if( error.GetID() == 0 )
        return;
    // "First Part" header
-    errStr = TSS_GetString(cCore, error.IsFatal() ? core::STR_ERROR_ERROR : core::STR_ERROR_WARNING);
+    errStr = TSS_GetString( cCore, error.IsFatal() ? core::STR_ERROR_ERROR 
                                                   : core::STR_ERROR_WARNING );
    if (errStr.empty())
    {
        TOSTRINGSTREAM strm;
-        ASSERT(sizeof(uint32) == sizeof(unsigned int)); // for cast on next line
+        ASSERT( sizeof( uint32 ) == sizeof(unsigned int) ); // for cast on next line
        strm << _T("Unknown Error ID ") << (unsigned int)error.GetID();
        errStr = strm.str();
    }
@ -88,10 +91,10 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    // "First Part" error string
    TSTRING prependToSecond;
-    // #pragma message("errorbucketimpl.cpp needs a little help in the mb arena, with the findfirst/last and such")
+// #pragma message("errorbucketimpl.cpp needs a little help in the mb arena, with the findfirst/last and such")
-    errStr = cErrorTable::GetInstance()->Get(error.GetID());
+    errStr = cErrorTable::GetInstance()->Get( error.GetID() );
-    if (!errStr.empty())
+    if(! errStr.empty())
    {
        // If the first part has a '\n' in it, we take everything following and prepend it to the
        // second part.  This was added to allow specifing a verbose string as the second part
@ -105,7 +108,7 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
        ASSERT(errStr.length() + len + 6 < 80); // line too big for terminal?
                                                // Add 6 to account for "### ' and ': '
-        TCERR << TSS_GetString(cCore, core::STR_ERROR_COLON) << _T(" ") << errStr;
+        TCERR << TSS_GetString( cCore, core::STR_ERROR_COLON ) << _T(" ") << errStr;
        TCERR << std::endl;
    }
@ -114,8 +117,8 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
    const TCHAR SPACE = _T(' ');
    errStr = prependToSecond + error.GetMsg() + strExtra;
-    e.Encode(errStr);
+    e.Encode( errStr );
-    if (!errStr.empty())
+    if (! errStr.empty())
    {
        do 
        {
@ -129,12 +132,11 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
            {
                if (currentStr.length() <= (unsigned int)WIDTH)
                {
-                    TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER) << currentStr << std::endl;
+                    TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER ) << currentStr << std::endl;
                    break;
                }
-                TSTRING::size_type lastSpace =
+                TSTRING::size_type lastSpace = currentStr.find_last_of(SPACE, currentStr.length() >= WIDTH - 1 ? WIDTH - 1 : TSTRING::npos);
                    currentStr.find_last_of(SPACE, currentStr.length() >= WIDTH - 1 ? WIDTH - 1 : TSTRING::npos);
                if (lastSpace == TSTRING::npos)
                {
                    // can't find space to break at so this string will just have to be longer than screen width.
@ -146,21 +148,28 @@ void cErrorReporter::PrintErrorMsg(const eError& error, const TSTRING& strExtra)
                        lastSpace = currentStr.length();
                }
-                TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER) << currentStr.substr(0, lastSpace) << std::endl;
+                TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER )
                      << currentStr.substr( 0, lastSpace )
                      << std::endl;
-                currentStr.erase(0, lastSpace + 1);
+                currentStr.erase( 0, lastSpace + 1 );
-            } while (!currentStr.empty());
+            }
-        } while (!errStr.empty());
+            while ( !currentStr.empty() );
        }
        while ( !errStr.empty() );
    }
    // "Third Part" print 'exiting' or 'continuing'
    // note that we supress this part if the appropriate flag is set...
    //
-    if ((error.GetFlags() & eError::SUPRESS_THIRD_MSG) == 0)
+    if( (error.GetFlags() & eError::SUPRESS_THIRD_MSG) == 0 )
    {
-        TCERR << TSS_GetString(cCore, core::STR_ERROR_HEADER)
+        TCERR << TSS_GetString( cCore, core::STR_ERROR_HEADER) 
-              << TSS_GetString(cCore, error.IsFatal() ? core::STR_ERROR_EXITING : core::STR_ERROR_CONTINUING)
+              << TSS_GetString( 
-              << std::endl;
+                    cCore,
                    error.IsFatal()
                        ? core::STR_ERROR_EXITING 
                        : core::STR_ERROR_CONTINUING ) << std::endl;
    }
 }
@ -176,7 +185,9 @@ void cErrorTracer::HandleError(const eError& error)
 {
    cDebug d("cErrorTracer::HandleError");
-    d.TraceError(_T("%s : %s\n"), cErrorTable::GetInstance()->Get(error.GetID()).c_str(), error.GetMsg().c_str());
+    d.TraceError(   _T("%s : %s\n"), 
                    cErrorTable::GetInstance()->Get( error.GetID() ).c_str(), 
                    error.GetMsg().c_str() );
 }
 //#############################################################################
@ -196,15 +207,17 @@ int cErrorQueue::GetNumErrors() const
 void cErrorQueue::HandleError(const eError& error)
 {
-    mList.push_back(ePoly(error));
+    mList.push_back( ePoly( error ) );
 }
-cErrorQueueIter::cErrorQueueIter(cErrorQueue& queue) : mList(queue.mList)
+cErrorQueueIter::cErrorQueueIter(cErrorQueue& queue) :
    mList(queue.mList)
 {
    SeekBegin();
 }
-cErrorQueueIter::cErrorQueueIter(const cErrorQueue& queue) : mList(((cErrorQueue*)&queue)->mList)
+cErrorQueueIter::cErrorQueueIter(const cErrorQueue& queue)
 :   mList( ((cErrorQueue*)&queue)->mList )
 {
    SeekBegin();
 }
@ -227,7 +240,7 @@ bool cErrorQueueIter::Done() const
 const ePoly& cErrorQueueIter::GetError() const
 {
-    ASSERT(!Done());
+    ASSERT(! Done());
    return (*mIter);
 }
@ -242,18 +255,19 @@ void cErrorQueue::Read(iSerializer* pSerializer, int32 version)
    int32 size;
    mList.clear();
    pSerializer->ReadInt32(size);
-    for (int i = 0; i < size; ++i)
+    for(int i = 0; i < size; ++i)
    {
        int32   errorNumber;
        TSTRING errorString;
        int32   flags;
-        pSerializer->ReadInt32(errorNumber);
+        pSerializer->ReadInt32  (errorNumber);
-        pSerializer->ReadString(errorString);
+        pSerializer->ReadString (errorString);
-        pSerializer->ReadInt32(flags);
+        pSerializer->ReadInt32  (flags);
-        mList.push_back(ePoly(errorNumber, errorString, flags));
+        mList.push_back( ePoly( errorNumber, errorString, flags ) );        
    }
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -263,12 +277,13 @@ void cErrorQueue::Write(iSerializer* pSerializer) const
 {
    pSerializer->WriteInt32(mList.size());
    ListType::const_iterator i;
-    for (i = mList.begin(); i != mList.end(); ++i)
+    for( i = mList.begin(); i != mList.end(); ++i)
    {
-        pSerializer->WriteInt32((*i).GetID());
+        pSerializer->WriteInt32 ((*i).GetID());
        pSerializer->WriteString((*i).GetMsg());
-        pSerializer->WriteInt32((*i).GetFlags());
+        pSerializer->WriteInt32 ((*i).GetFlags());
    }
 }
@ -277,14 +292,15 @@ void cErrorQueue::Write(iSerializer* pSerializer) const
 ///////////////////////////////////////////////////////////////////////////////
 void cErrorQueue::TraceContents(int dl) const
 {
-    if (dl < 0)
+    if(dl < 0) 
        dl = cDebug::D_DEBUG;
    cDebug d("cFCOErrorQueue::TraceContents");
    ListType::const_iterator i;
    int counter = 0;
-    for (i = mList.begin(); i != mList.end(); i++, counter++)
+    for(i = mList.begin(); i != mList.end(); i++, counter++)
    {
-        d.Trace(dl, _T("Error[%d]: num = %x string = %s\n"), counter, (*i).GetID(), (*i).GetMsg().c_str());
+        d.Trace(dl, _T("Error[%d]: num = %x string = %s\n") , counter, (*i).GetID(), (*i).GetMsg().c_str()); 
    }
 }
--- a/src/core/errorbucketimpl.h
+++ b/src/core/errorbucketimpl.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -100,7 +100,6 @@ protected:
 class cErrorQueue : public cErrorBucket, public iTypedSerializable
 {
    friend class cErrorQueueIter;
 public:
    void Clear();   
        // remove all errors from the queue
@ -110,7 +109,7 @@ public:
    //
    // iSerializable interface
    //
-    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Read (iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
    virtual void Write(iSerializer* pSerializer) const; // throw (eSerializer, eArchive)
    //
@ -120,7 +119,6 @@ public:
 protected:
    virtual void HandleError(const eError& error);
 private:
    typedef std::list<ePoly> ListType;
    ListType mList;
@ -133,9 +131,7 @@ class cErrorQueueIter
 public:
    cErrorQueueIter(cErrorQueue& queue);
    cErrorQueueIter(const cErrorQueue& queue);
-    ~cErrorQueueIter()
+    ~cErrorQueueIter() {}
    {
    }
    // iteration methods
    void SeekBegin();
@ -157,14 +153,9 @@ private:
 //////////////////////////////////////////////////////
 class cErrorBucketNull : public cErrorBucket
 {
-    virtual void AddError(const eError&)
+    virtual void AddError(const eError& ) {}
    {
    }
 protected:
-    virtual void HandleError(const eError&)
+    virtual void HandleError(const eError& ) {}
    {
    }
 };
 //////////////////////////////////////////////////////
@ -174,10 +165,10 @@ protected:
 class cErrorBucketPassThru : public cErrorBucket
 {
 protected:
-    virtual void HandleError(const eError&)
+    virtual void HandleError(const eError& ) {}
    {
    }
 };
 #endif
--- a/src/core/errorgeneral.h
+++ b/src/core/errorgeneral.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -38,11 +38,12 @@
 #include "error.h"
-TSS_EXCEPTION(eErrorGeneral, eError);
+TSS_EXCEPTION( eErrorGeneral,   eError );
-TSS_EXCEPTION(eOpen, eErrorGeneral);
+TSS_EXCEPTION( eOpen,           eErrorGeneral );
-TSS_EXCEPTION(eOpenRead, eErrorGeneral);
+TSS_EXCEPTION( eOpenRead,       eErrorGeneral );
-TSS_EXCEPTION(eOpenWrite, eErrorGeneral);
+TSS_EXCEPTION( eOpenWrite,      eErrorGeneral );
-TSS_EXCEPTION(eBadCmdLine, eErrorGeneral);
+TSS_EXCEPTION( eBadCmdLine,     eErrorGeneral );
-TSS_EXCEPTION(eBadModeSwitch, eErrorGeneral);
+TSS_EXCEPTION( eBadModeSwitch,  eErrorGeneral );
 #endif //#ifndef __ERRORGENERAL_H
--- a/src/core/errortable.cpp
+++ b/src/core/errortable.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -35,7 +35,7 @@
 #include "stdcore.h"
 #include "errortable.h"
-#ifdef DEBUG
+#ifdef _DEBUG
 #include "package.h"
 #include "corestrings.h"
 #endif
@ -52,7 +52,7 @@ cErrorTable* cErrorTable::GetInstance()
 ///////////////////////////////////////////////////////////////////////////////
 // AssertMsgValidity
 ///////////////////////////////////////////////////////////////////////////////
-#ifdef DEBUG
+#ifdef _DEBUG
 void cErrorTable::AssertMsgValidity(const TCHAR* msg)
 {
    // Check to see that the first part of this error message is not too long.
@ -64,18 +64,18 @@ void cErrorTable::AssertMsgValidity(const TCHAR* msg)
    if (errSize == TSTRING::npos)
        errSize = errStr.length();
-#    if 0 //TODO: Figure out how to do this properly.
+    #if 0 //TODO: Figure out how to do this properly.
    TSTRING::size_type errorSize = TSS_GetString( cCore, core::STR_ERROR_ERROR ).length();
    TSTRING::size_type warningSize = TSS_GetString( cCore, core::STR_ERROR_WARNING ).length();
    TSTRING::size_type maxHeaderSize = (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
-#    else
+    #else
    // Sunpro got stuck in an infinite loop when we called GetString from this func;
    TSTRING::size_type errorSize = 9;
    TSTRING::size_type warningSize = 10;
-    TSTRING::size_type maxHeaderSize =
+    TSTRING::size_type maxHeaderSize = (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
-        (errorSize > warningSize ? errorSize : warningSize) + 6; // Add 6 to account for "### ' and ': '
+    #endif
 #    endif
    ASSERT(maxHeaderSize + errSize < 80);
 }
 #endif
--- a/src/core/errortable.h
+++ b/src/core/errortable.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -59,25 +59,25 @@ public:
    //
    // Convenience Methods
    //
-    void Put(const eError& e, const TCHAR* msg);
+    void Put( const eError& e, const TCHAR* msg );
    //
    // Singleton Interface
    //
    static cErrorTable* GetInstance();
 private:
-#ifdef DEBUG
+    #ifdef _DEBUG
    static void AssertMsgValidity(const TCHAR* msg);
-#endif
+    #endif
 };
-inline void cErrorTable::Put(const eError& e, const TCHAR* msg)
+inline void cErrorTable::Put( const eError& e, const TCHAR* msg )
 {
-#ifdef DEBUG
+    #ifdef _DEBUG
    AssertMsgValidity(msg);
-#endif
+    #endif
-    inherited::Put(e.GetID(), msg);
+    inherited::Put( e.GetID(), msg );
 }
 //-----------------------------------------------------------------------------
@ -109,27 +109,32 @@ inline void cErrorTable::Put(const eError& e, const TCHAR* msg)
 //===================
 // cpp file macros
 //===================
-#    define TSS_BEGIN_ERROR_REGISTRATION(pkgName)          \
+#define TSS_BEGIN_ERROR_REGISTRATION( pkgName ) \
    RegisterErrors##pkgName::RegisterErrors##pkgName() \
    { 
-#    define TSS_REGISTER_ERROR(err, str) cErrorTable::GetInstance()->Put(err, str);
+#define TSS_REGISTER_ERROR( err, str ) \
        cErrorTable::GetInstance()->Put \
            ( err, str );
-#    define TSS_END_ERROR_REGISTRATION() }
+#define TSS_END_ERROR_REGISTRATION() \
    } 
 //===================
 // h file macros
 //===================
-#    define TSS_DECLARE_ERROR_REGISTRATION(pkgName) \
+#define TSS_DECLARE_ERROR_REGISTRATION( pkgName ) \
    struct RegisterErrors##pkgName \
-        {                                           \
+    {\
        RegisterErrors##pkgName(); \
    };
 //===================
 // package init macros
 //===================
-#    define TSS_REGISTER_PKG_ERRORS(pkgName) RegisterErrors##pkgName register##pkgName;
+#define TSS_REGISTER_PKG_ERRORS( pkgName ) \
    RegisterErrors##pkgName register##pkgName;
 #endif //__ERRORTABLE_H
--- a/src/core/errorutil.cpp
+++ b/src/core/errorutil.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -40,23 +40,28 @@
 // class eInternal 
 //=============================================================================
 #if IS_UNIX
 namespace //unique
 {
-TCHAR* tw_itot(int value, TCHAR* string, int radix, int size)
+    TCHAR* tw_itot( int value, TCHAR* string, int radix)
-{
+    {
-    snprintf(string, size, "%d", value);
+        _stprintf( string, "%d", value );
        return string;
    }
 }
-} // namespace
+#else
  #define tw_itot _itot
 #endif //IS_UNIX
-eInternal::eInternal(TCHAR* sourceFile, int lineNum) : eError(_T(""))
+eInternal::eInternal(TCHAR* sourceFile, int lineNum)
 :   eError(_T(""))
 {
    TCHAR buf[256];
    mMsg = _T("File: ");
    mMsg += sourceFile;
    mMsg += _T(" Line: ");
-    mMsg += tw_itot(lineNum, buf, 10, 256);
+    mMsg += tw_itot(lineNum, buf, 10);
 }
 //=============================================================================
@ -66,17 +71,18 @@ eInternal::eInternal(TCHAR* sourceFile, int lineNum) : eError(_T(""))
 ///////////////////////////////////////////////////////////////////////////////
 // MakeFileError
 ///////////////////////////////////////////////////////////////////////////////
-TSTRING cErrorUtil::MakeFileError(const TSTRING& msg, const TSTRING& fileName)
+TSTRING cErrorUtil::MakeFileError( const TSTRING& msg, const TSTRING& fileName )
 {
    TSTRING ret;
-    ret = TSS_GetString(cCore, core::STR_ERR2_FILENAME);
+    ret = TSS_GetString( cCore, core::STR_ERR2_FILENAME );
-    ret.append(fileName);
+    ret.append( fileName );
-    ret.append(1, _T('\n'));
+    ret.append( 1, _T('\n') );
-    if (msg.length() > 0)
+    if ( msg.length() > 0 )
    {
        ret.append(msg);
    }
    return ret;
 }
--- a/src/core/errorutil.h
+++ b/src/core/errorutil.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -58,16 +58,16 @@ public:
    //-------------------------------------------------------------------------
    // Construction and Assignment
    //-------------------------------------------------------------------------
-    ePoly(uint32 id, const TSTRING& msg, uint32 flags = 0);
+                ePoly( uint32 id, const TSTRING& msg, uint32 flags = 0 );
-    explicit ePoly(const eError& rhs);
+    explicit    ePoly( const eError& rhs ); 
    explicit    ePoly();
-    void operator=(const eError& rhs);
+    void operator=( const eError& rhs ); 
    //-------------------------------------------------------------------------
    // ID manipulation
    //-------------------------------------------------------------------------
    virtual uint32  GetID() const;
-    void           SetID(uint32 id);
+    void            SetID( uint32 id );
 private:
    uint32  mID;
@ -76,9 +76,9 @@ private:
 //-----------------------------------------------------------------------------
 // eInternal
 //-----------------------------------------------------------------------------
-TSS_BEGIN_EXCEPTION(eInternal, eError)
+TSS_BEGIN_EXCEPTION( eInternal, eError )
 public:
-eInternal(TCHAR* file, int lineNum);
+    eInternal( TCHAR* file, int lineNum );
 TSS_END_EXCEPTION()
 //-----------------------------------------------------------------------------
@ -87,7 +87,7 @@ TSS_END_EXCEPTION()
 class cErrorUtil
 {
 public:
-    static TSTRING MakeFileError(const TSTRING& msg, const TSTRING& fileName);
+    static TSTRING MakeFileError( const TSTRING& msg, const TSTRING& fileName );
        // constructs an error message of the form:
        // File: <fileName> \n <msg> 
        // This is useful for constructing strings to pass as the msg parameter 
@ -108,11 +108,7 @@ public:
 // TODO: ASSERT is always fatal in Unix, perhaps we could #ifdef the ASSERT
 //      to echo to cout the line number the exception occured at?
-#define ThrowAndAssert(exception) \
+#define ThrowAndAssert(exception) { ASSERT(false); throw exception; }
    {                             \
        ASSERT(false);            \
        throw exception;          \
    }
 //-----------------------------------------------------------------------------
@ -122,14 +118,17 @@ public:
 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly(uint32 id, const TSTRING& msg, uint32 flags) : eError(msg, flags), mID(id)
+inline ePoly::ePoly( uint32 id, const TSTRING& msg, uint32 flags )
 :   eError( msg, flags ),
    mID( id )
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly(const eError& rhs)
+inline ePoly::ePoly( const eError& rhs )
 {
    *this = rhs;
 }
@ -137,14 +136,17 @@ inline ePoly::ePoly(const eError& rhs)
 ///////////////////////////////////////////////////////////////////////////////
 // ePoly
 ///////////////////////////////////////////////////////////////////////////////
-inline ePoly::ePoly() : eError(_T("")), mID(0)
+inline ePoly::ePoly()
 :   eError( _T("") ),
    mID( 0 )
 {
 }
 ///////////////////////////////////////////////////////////////////////////////
 // operator=
 ///////////////////////////////////////////////////////////////////////////////
-inline void ePoly::operator=(const eError& rhs)
+inline void ePoly::operator=( const eError& rhs )
 {
    mMsg = rhs.GetMsg();
    mFlags = rhs.GetFlags();
@ -162,9 +164,10 @@ inline uint32 ePoly::GetID() const
 ///////////////////////////////////////////////////////////////////////////////
 // SetID
 ///////////////////////////////////////////////////////////////////////////////
-inline void ePoly::SetID(uint32 id)
+inline void ePoly::SetID( uint32 id )
 {
    mID = id;   
 }
 #endif //__ERRORUTIL_H
--- a/src/core/file.h
+++ b/src/core/file.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -55,17 +55,17 @@
 // eFile exception class
 //=============================================================================
-TSS_FILE_EXCEPTION(eFile, eFileError);
+TSS_FILE_EXCEPTION( eFile,          eFileError );
-TSS_FILE_EXCEPTION(eFileOpen, eFile);
+TSS_FILE_EXCEPTION( eFileOpen,      eFile );
-TSS_FILE_EXCEPTION(eFileWrite, eFile);
+TSS_FILE_EXCEPTION( eFileWrite,     eFile );
-TSS_FILE_EXCEPTION(eFileRead, eFile);
+TSS_FILE_EXCEPTION( eFileRead,      eFile );
-TSS_FILE_EXCEPTION(eFileEOF, eFile); // never used!
+TSS_FILE_EXCEPTION( eFileEOF,       eFile );    // never used!
-TSS_FILE_EXCEPTION(eFileSeek, eFile);
+TSS_FILE_EXCEPTION( eFileSeek,      eFile );
-TSS_FILE_EXCEPTION(eFileInvalidOp, eFile); // never used!
+TSS_FILE_EXCEPTION( eFileInvalidOp, eFile );    // never used!
-TSS_FILE_EXCEPTION(eFileTrunc, eFile);
+TSS_FILE_EXCEPTION( eFileTrunc,     eFile );
-TSS_FILE_EXCEPTION(eFileClose, eFile); // never used!
+TSS_FILE_EXCEPTION( eFileClose,     eFile );    // never used!
-TSS_FILE_EXCEPTION(eFileFlush, eFile);
+TSS_FILE_EXCEPTION( eFileFlush,     eFile );
-TSS_FILE_EXCEPTION(eFileRewind, eFile);
+TSS_FILE_EXCEPTION( eFileRewind,    eFile );
 //=============================================================================
 // cFile
@ -74,7 +74,12 @@ struct cFile_i;
 class  cFile
 {
 public:
 #if IS_UNIX
    typedef off_t File_t;
 #else //WIN32
    typedef int64 File_t;
 #endif // IS_UNIX
    enum SeekFrom 
    {
@ -88,10 +93,8 @@ public:
            // note that reading from the file is implicit  
            OPEN_READ          = 0x00000001,    // not needed, but makes calls nice...
            OPEN_WRITE         = 0x00000002,    // we will be writing to the file
-        OPEN_LOCKED_TEMP =
+            OPEN_LOCKED_TEMP   = 0x00000004,    // the file should not be readable by other processes and should be removed when closed
-            0x00000004, // the file should not be readable by other processes and should be removed when closed
+            OPEN_TRUNCATE      = 0x00000008,    // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE
        OPEN_TRUNCATE =
            0x00000008, // opens an empty file. creates it if it doesn't exist. Doesn't make much sense without OF_WRITE
            OPEN_CREATE         = 0x00000010,   // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
            OPEN_TEXT           = 0x00000020,
            OPEN_EXCLUSIVE      = 0x00000040,   // Use O_CREAT | O_EXCL
@ -100,37 +103,37 @@ public:
    };
    //Ctor, Dtor, CpyCtor, Operator=:
-    cFile(void);
+    cFile               ( void );
-    ~cFile(void);
+    ~cFile              ( void );
    /************ User Interface **************************/
    // Both Open methods ALWAYS open files in BINARY mode!
-    void Open(const TSTRING& sFileName, uint32 flags = OPEN_READ); //throw(eFile)
+    void    Open                ( const TSTRING& sFileName, uint32 flags = OPEN_READ ); //throw(eFile)
-    void Close(void);                                              //throw(eFile)
+    void    Close               ( void );                                               //throw(eFile)
-    bool IsOpen(void) const;
+    bool    IsOpen              ( void ) const;
-    File_t Seek(File_t offset, SeekFrom From) const; //throw(eFile)
+    File_t  Seek                ( File_t offset, SeekFrom From ) const;             //throw(eFile)
        // Seek returns the current offset after completion
-    File_t Read(void* buffer, File_t nBytes) const; //throw(eFile)
+    File_t  Read                ( void* buffer, File_t nBytes ) const;  //throw(eFile)
        // Read returns the number of bytes that are actually read.  If the nBytes
        // parameter is 0, 0 bytes will be read and buffer will remain untouched.
        // If the read head is at EOF, no bytes will be read and 0 will be returned.
-    File_t Write(const void* buffer, File_t nBytes); //throw(eFile)
+    File_t  Write               ( const void* buffer, File_t nBytes );  //throw(eFile)
        // Write returns the number of bytes that are actually written.
-    File_t Tell(void) const;
+    File_t  Tell                ( void ) const;
        // Tell returns the current offset.
-    bool Flush(void); //throw(eFile)
+    bool    Flush               ( void );                                           //throw(eFile)
        // Flush returns 0 if the currently defined stream is successfully flushed.
-    void Rewind(void) const; //throw(eFile)
+    void    Rewind              ( void ) const;                                     //throw(eFile)
        // Sets the offset to 0.
-    File_t GetSize(void) const;
+    File_t  GetSize             ( void ) const;
        // Returns the size of the current file in bytes.  Returns -1 if no file is defined.
-    void Truncate(File_t offset); // throw(eFile)
+    void    Truncate            ( File_t offset );                                  // throw(eFile) 
 private:
-    cFile(const cFile& rhs);            //not impl.
+    cFile               ( const cFile& rhs );   //not impl.
-    cFile& operator=(const cFile& rhs); //not impl.
+    cFile& operator=    ( const cFile& rhs);    //not impl.
    //Pointer to the insulated implementation
    cFile_i*    mpData;
@ -140,48 +143,15 @@ public:
 };
-class cDosPath
+#if USES_DEVICE_PATH
 class cDevicePath
 {
 public:
    static TSTRING AsPosix(const TSTRING& in);
    static TSTRING AsNative(const TSTRING& in);
    static bool    IsAbsolutePath(const TSTRING& in);
    static TSTRING BackupName(const TSTRING& in);
 };
-
+#endif
 class cArosPath
 {
 public:
    static TSTRING AsPosix(const TSTRING& in);
    static TSTRING AsNative(const TSTRING& in);
    static bool    IsAbsolutePath(const TSTRING& in);
 };
 class cRiscosPath
 {
 public:
    static TSTRING AsPosix(const TSTRING& in);
    static TSTRING AsNative(const TSTRING& in);
    static bool    IsAbsolutePath(const TSTRING& in);
 };
 class cRedoxPath
 {
 public:
    static TSTRING AsPosix(const TSTRING& in);
    static TSTRING AsNative(const TSTRING& in);
    static bool    IsAbsolutePath(const TSTRING& in);
 };
 #    if IS_DOS_DJGPP
 #        define cDevicePath cDosPath
 #    elif IS_AROS
 #        define cDevicePath cArosPath
 #    elif IS_RISCOS
 #        define cDevicePath cRiscosPath
 #    elif IS_REDOX
 #        define cDevicePath cRedoxPath
 #    endif
 #endif //__FILE_H
--- a/src/core/file_unix.cpp
+++ b/src/core/file_unix.cpp
@ -1,6 +1,6 @@
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -41,7 +41,7 @@
 #include "core/stdcore.h"
 #if !IS_UNIX
-#    error Need to be unix to use unixfsservices
+#error Need to be unix to use unixfsservices
 #endif
 #include "core/file.h"
@ -54,7 +54,7 @@
 #include <errno.h>
 #if HAVE_SYS_FS_VX_IOCTL_H
-#include <sys/fs/vx_ioctl.h>
+# include <sys/fs/vx_ioctl.h>
 #endif
 #include "core/debug.h"
@ -62,10 +62,6 @@
 #include "core/fsservices.h"
 #include "core/errorutil.h"
 #if IS_RISCOS
 #include <unixlib/local.h>
 #endif
 ///////////////////////////////////////////////////////////////////////////
 // cFile_i : Insulated implementation for cFile objects.
 ///////////////////////////////////////////////////////////////////////////
@ -82,29 +78,29 @@ struct cFile_i
 };
 //Ctor
-cFile_i::cFile_i() : m_fd(-1), mpCurrStream(NULL), mFlags(0)
+cFile_i::cFile_i() :
-{
+    mpCurrStream(NULL)
-}
+{}
 //Dtor
 cFile_i::~cFile_i()
 {
    if (mpCurrStream != NULL)
-    {
+        fclose( mpCurrStream );
        fclose(mpCurrStream);
    mpCurrStream = NULL;
-#if !CAN_UNLINK_WHILE_OPEN // so unlink after close instead
+#if IS_AROS
-        if (mFlags & cFile::OPEN_LOCKED_TEMP)
+    if( mFlags & cFile::OPEN_LOCKED_TEMP )
    {
        // unlink this file 
-            if (0 != unlink(mFileName.c_str()))
+        if( 0 != unlink(mFileName.c_str()))
        {
-                throw(eFileOpen(mFileName, iFSServices::GetInstance()->GetErrString()));
+            throw( eFileOpen( mFileName, iFSServices::GetInstance()->GetErrString() ) );
        }
    }
 #endif
-    }
+
    mFileName.empty();
 }
 ///////////////////////////////////////////////////////////////////////////
@ -113,14 +109,15 @@ cFile_i::~cFile_i()
 ///////////////////////////////////////////////////////////////////////////
 ///////////////////////////////////////////////////////////////////////////
-cFile::cFile() : mpData(NULL), isWritable(false)
+cFile::cFile() :
    mpData(NULL), isWritable(false)
 {
    mpData = new cFile_i;
 }
 cFile::~cFile()
 {
-    if (mpData != NULL)
+    if( mpData != NULL)
    {
        delete mpData;
        mpData = NULL;
@ -132,10 +129,10 @@ cFile::~cFile()
 ///////////////////////////////////////////////////////////////////////////////
 #if !USES_DEVICE_PATH
-void cFile::Open(const TSTRING& sFileName, uint32 flags)
+void cFile::Open( const TSTRING& sFileName, uint32 flags )
 {
 #else
-void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
+void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
 {
    TSTRING sFileName = cDevicePath::AsNative(sFileNameC);
 #endif
@ -173,10 +170,9 @@ void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
        mode        = _T("rb");
    }
-    if (flags & OPEN_EXCLUSIVE)
+    if (flags & OPEN_EXCLUSIVE) {
    {
        perm |= O_CREAT | O_EXCL;
-        openmode = (mode_t)0600; // Make sure only root can read the file
+        openmode = (mode_t) 0600; // Make sure only root can read the file
    }
    if (flags & OPEN_CREATE)
@ -202,22 +198,22 @@ void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
    //
    // actually open the file
    //
-    int fh = _topen(sFileName.c_str(), perm, openmode);
+    int fh = _topen( sFileName.c_str(), perm, openmode );
-    if (fh == -1)
+    if( fh == -1 )
    {
-        throw(eFileOpen(sFileName, iFSServices::GetInstance()->GetErrString()));
+        throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) );
    }
    mpData->m_fd = fh;
-#if CAN_UNLINK_WHILE_OPEN
+#if !IS_AROS
-    if (flags & OPEN_LOCKED_TEMP)
+    if( flags & OPEN_LOCKED_TEMP )
    {
        // unlink this file 
-        if (0 != unlink(sFileName.c_str()))
+        if( 0 != unlink( sFileName.c_str() ) )
        {
            // we weren't able to unlink file, so close handle and fail
-            close(fh);
+            close( fh );
-            throw(eFileOpen(sFileName, iFSServices::GetInstance()->GetErrString()));
+            throw( eFileOpen( sFileName, iFSServices::GetInstance()->GetErrString() ) );
        }
    }
 #endif
@ -244,8 +240,8 @@ void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
 #if HAVE_POSIX_FADVISE
    if (flags & OPEN_SCANNING && !(flags & OPEN_DIRECT)) 
    {
-        posix_fadvise(fh, 0, 0, POSIX_FADV_SEQUENTIAL);
+        posix_fadvise(fh,0,0, POSIX_FADV_SEQUENTIAL);
-        posix_fadvise(fh, 0, 0, POSIX_FADV_NOREUSE);
+        posix_fadvise(fh,0,0, POSIX_FADV_NOREUSE);
    }
 #elif HAVE_SYS_FS_VX_IOCTL_H
@ -257,6 +253,7 @@ void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
            ioctl(fh, VX_SETCACHE, VX_SEQ | VX_NOREUSE);
    }
 #endif
 }
@ -265,13 +262,13 @@ void cFile::Open(const TSTRING& sFileNameC, uint32 flags)
 ///////////////////////////////////////////////////////////////////////////
 void cFile::Close() //throw(eFile)
 {
-    if (mpData->mpCurrStream != NULL)
+    if(mpData->mpCurrStream != NULL)
    {
 #ifdef HAVE_POSIX_FADVISE
-        posix_fadvise(fileno(mpData->mpCurrStream), 0, 0, POSIX_FADV_DONTNEED);
+        posix_fadvise(fileno(mpData->mpCurrStream),0,0, POSIX_FADV_DONTNEED);
 #endif
-        fclose(mpData->mpCurrStream);
+        fclose( mpData->mpCurrStream );
        mpData->mpCurrStream = NULL;
    }
@ -279,23 +276,23 @@ void cFile::Close() //throw(eFile)
    mpData->mFileName.empty();
 }
-bool cFile::IsOpen(void) const
+bool cFile::IsOpen( void ) const
 {
-    return (mpData->mpCurrStream != NULL);
+    return( mpData->mpCurrStream != NULL );
 }
 ///////////////////////////////////////////////////////////////////////////
 // Seek -- Positions the read/write offset in mpCurrStream.  Returns the
 //      current offset upon completion.  Returns 0 if no stream is defined.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Seek(File_t offset, SeekFrom From) const //throw(eFile)
+cFile::File_t cFile::Seek( File_t offset, SeekFrom From) const //throw(eFile)
 {
    //Check to see if a file as been opened yet...
-    ASSERT(mpData->mpCurrStream != 0);
+    ASSERT( mpData->mpCurrStream != 0);
    int apiFrom;
-    switch (From)
+    switch( From )
    {
    case cFile::SEEK_BEGIN:
        apiFrom = SEEK_SET;
@ -308,11 +305,11 @@ cFile::File_t cFile::Seek(File_t offset, SeekFrom From) const //throw(eFile)
        break;
    default:
        //An invalid SeekFrom parameter was passed.
-        throw(eInternal(_T("file_unix")));
+        throw( eInternal( _T("file_unix") ) );
    }
-// this is a hack to simulate running out of disk space
+    // this is a hack to simulate running out of disk space
-#if 0
+    #if 0
    static int blowupCount = 1;
    if (++blowupCount == 1075)
    {
@ -321,14 +318,14 @@ cFile::File_t cFile::Seek(File_t offset, SeekFrom From) const //throw(eFile)
        throw std::bad_alloc();
    }
    fprintf(stderr, "%d\n", blowupCount);
-#endif
+    #endif
-    if (fseeko(mpData->mpCurrStream, offset, apiFrom) != 0)
+    if (fseeko( mpData->mpCurrStream, offset, apiFrom ) != 0)
    {
-#ifdef DEBUG
+        #ifdef _DEBUG
        cDebug d("cFile::Seek");
        d.TraceDebug("Seek failed!\n");
-#endif
+        #endif
        throw eFileSeek();
    }
@ -339,31 +336,26 @@ cFile::File_t cFile::Seek(File_t offset, SeekFrom From) const //throw(eFile)
 // Read -- Returns the actual bytes read from mpCurrStream.  Returns 0 if
 //      mpCurrStream is undefined.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Read(void* buffer, File_t nBytes) const //throw(eFile)
+cFile::File_t cFile::Read( void* buffer, File_t nBytes ) const //throw(eFile)
 {
    File_t iBytesRead;
    // Has a file been opened?
-    ASSERT(mpData->mpCurrStream != NULL);
+    ASSERT( mpData->mpCurrStream != NULL );
    // Is the nBytes parameter 0?  If so, return without touching buffer:
-    if (nBytes == 0)
+    if( nBytes == 0 )
        return 0;
-    if (mpData->mFlags & OPEN_DIRECT)
+    if (mpData->mFlags & OPEN_DIRECT) {
    {
        iBytesRead = read(mpData->m_fd, buffer, nBytes);
-        if (iBytesRead < 0)
+        if (iBytesRead<0) {
        {
            throw eFileRead(mpData->mFileName, iFSServices::GetInstance()->GetErrString()); 
        }
-    }
+    } else { 
-    else
+        iBytesRead = fread( buffer, sizeof(byte), nBytes, mpData->mpCurrStream );
-    {
+        if( ferror( mpData->mpCurrStream ) != 0 ) {
-        iBytesRead = fread(buffer, sizeof(byte), nBytes, mpData->mpCurrStream);
+            throw eFileRead( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) ; 
        if (ferror(mpData->mpCurrStream) != 0)
        {
            throw eFileRead(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
        }
    }
@ -374,16 +366,16 @@ cFile::File_t cFile::Read(void* buffer, File_t nBytes) const //throw(eFile)
 // Write -- Returns the actual number of bytes written to mpCurrStream
 //      Returns 0 if no file has been opened.
 ///////////////////////////////////////////////////////////////////////////
-cFile::File_t cFile::Write(const void* buffer, File_t nBytes) //throw(eFile)
+cFile::File_t cFile::Write( const void* buffer, File_t nBytes )     //throw(eFile)
 {
    File_t actual_count = 0;
    // Has a file been opened? Is it writable?
-    ASSERT(mpData->mpCurrStream != NULL);
+    ASSERT( mpData->mpCurrStream != NULL );
-    ASSERT(isWritable);
+    ASSERT( isWritable );
-    if ((actual_count = fwrite(buffer, sizeof(byte), nBytes, mpData->mpCurrStream)) < nBytes)
+    if( ( actual_count = fwrite( buffer, sizeof(byte), nBytes, mpData->mpCurrStream ) ) < nBytes )
-        throw eFileWrite(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
+        throw eFileWrite( mpData->mFileName, iFSServices::GetInstance()->GetErrString() );
    else
        return actual_count;
 }
@ -394,9 +386,9 @@ cFile::File_t cFile::Write(const void* buffer, File_t nBytes) //throw(eFile)
 ///////////////////////////////////////////////////////////////////////////
 cFile::File_t cFile::Tell() const
 {
-    ASSERT(mpData->mpCurrStream != 0);
+    ASSERT( mpData->mpCurrStream != 0);
-    return ftell(mpData->mpCurrStream);
+    return ftell( mpData->mpCurrStream );
 }
 ///////////////////////////////////////////////////////////////////////////
@ -404,10 +396,10 @@ cFile::File_t cFile::Tell() const
 ///////////////////////////////////////////////////////////////////////////
 bool cFile::Flush() //throw(eFile)
 {
-    if (mpData->mpCurrStream == NULL)
+    if ( mpData->mpCurrStream == NULL )
-        throw eFileFlush(mpData->mFileName, iFSServices::GetInstance()->GetErrString());
+        throw eFileFlush( mpData->mFileName, iFSServices::GetInstance()->GetErrString() );
-    return (fflush(mpData->mpCurrStream) == 0);
+    return ( fflush( mpData->mpCurrStream) == 0 );
 }
 ///////////////////////////////////////////////////////////////////////////
 // Rewind -- Sets the offset to the beginning of the file.  If mpCurrStream
@ -416,11 +408,11 @@ bool cFile::Flush() //throw(eFile)
 ///////////////////////////////////////////////////////////////////////////
 void cFile::Rewind() const  //throw(eFile)
 {
-    ASSERT(mpData->mpCurrStream != 0);
+    ASSERT( mpData->mpCurrStream != 0);
-    rewind(mpData->mpCurrStream);
+    rewind( mpData->mpCurrStream );
-    if (ftell(mpData->mpCurrStream) != 0)
+    if( ftell( mpData->mpCurrStream ) != 0 )
-        throw(eFileRewind(mpData->mFileName, iFSServices::GetInstance()->GetErrString()));
+        throw( eFileRewind( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) );
 }
 ///////////////////////////////////////////////////////////////////////////
@ -433,11 +425,11 @@ cFile::File_t cFile::GetSize() const
    File_t ret;
    //Has a file been opened? If not, return -1
-    if (mpData->mpCurrStream == NULL)
+    if( mpData->mpCurrStream == NULL )
        return -1;
-    ret = Seek(0, cFile::SEEK_EOF);
+    ret = Seek( 0, cFile::SEEK_EOF );
-    Seek(vCurrentOffset, cFile::SEEK_BEGIN);
+    Seek( vCurrentOffset, cFile::SEEK_BEGIN );
        //return the offset to it's position prior to GetSize call.
    return ret;
@ -446,57 +438,42 @@ cFile::File_t cFile::GetSize() const
 /////////////////////////////////////////////////////////////////////////
 // Truncate
 /////////////////////////////////////////////////////////////////////////
-void cFile::Truncate(File_t offset) // throw(eFile)
+void cFile::Truncate( File_t offset ) // throw(eFile) 
 {
-    ASSERT(mpData->mpCurrStream != 0);
+    ASSERT( mpData->mpCurrStream != 0);
-    ASSERT(isWritable);
+    ASSERT( isWritable );
-    ftruncate(fileno(mpData->mpCurrStream), offset);
+    ftruncate( fileno(mpData->mpCurrStream), offset );
-    if (GetSize() != offset)
+    if( GetSize() != offset )
-        throw(eFileTrunc(mpData->mFileName, iFSServices::GetInstance()->GetErrString()));
+        throw( eFileTrunc( mpData->mFileName, iFSServices::GetInstance()->GetErrString() ) );
 }
-/////////////////////////////////////////////////////////////////////////
+#if USES_DEVICE_PATH
-// Platform path conversion methods
+// For paths of type DH0:/dir/file
-/////////////////////////////////////////////////////////////////////////
+TSTRING cDevicePath::AsPosix( const TSTRING& in )
 bool cDosPath::IsAbsolutePath(const TSTRING& in)
 {
    if (in.empty())
        return false;
    if (in[0] == '/')
        return true;
    if (in.length() >= 2 && in[1] == ':')
        return true;
    return false;
 }
 // For paths of type C:\DOS
 TSTRING cDosPath::AsPosix(const TSTRING& in)
 {
    if (in[0] == '/')
    {
        return in;
    }
-    TSTRING out = (cDosPath::IsAbsolutePath(in)) ? ("/dev/" + in) : in;
+#if IS_DOS_DJGPP
    TSTRING out = "/dev/" + in;
    std::replace(out.begin(), out.end(), '\\', '/');
-    out.erase(std::remove(out.begin(), out.end(), ':'), out.end());
+#else
    TSTRING out = '/' + in;
 #endif
    std::replace(out.begin(), out.end(), ':', '/');
    return out;
 }
-TSTRING cDosPath::AsNative(const TSTRING& in)
+TSTRING cDevicePath::AsNative( const TSTRING& in )
 {
    if (in[0] != '/')
    {
        return in;
    }
 #if IS_DOS_DJGPP
    if (in.find("/dev") != 0 || in.length() < 6)
        return in;
@ -506,180 +483,17 @@ TSTRING cDosPath::AsNative(const TSTRING& in)
    if (in.length() >= 8)
        out.append(in.substr(7));
    std::replace(out.begin(), out.end(), '/', '\\');
    return out;
 }
-TSTRING cDosPath::BackupName(const TSTRING& in)
+#elif IS_AROS
-{
+    int x = 1;
-    TSTRING                out = in;
+    for ( x; in[x] == '/' && x<in.length(); x++);
    std::string::size_type pos = out.find_last_of("\\");
    if (std::string::npos == pos)
        return in;
-    TSTRING path = in.substr(0, pos);
+    TSTRING out = in.substr(x); 
    TSTRING name = in.substr(pos, 9);
    std::replace(name.begin(), name.end(), '.', '_');
    path.append(name);
    return path;
 }
 /////////////////////////////////////////////////////////////////////////
 bool cArosPath::IsAbsolutePath(const TSTRING& in)
 {
    if (in.empty())
        return false;
    if (in[0] == '/')
        return true;
    if (in.find(":") != std::string::npos)
        return true;
    return false;
 }
 // For paths of type DH0:dir/file
 TSTRING cArosPath::AsPosix(const TSTRING& in)
 {
    if (in[0] == '/')
    {
        return in;
    }
    TSTRING out = IsAbsolutePath(in) ? '/' + in : in;
    std::replace(out.begin(), out.end(), ':', '/');
    return out;
 }
 TSTRING cArosPath::AsNative(const TSTRING& in)
 {
    if (in[0] != '/')
    {
        return in;
    }
    std::string::size_type drive = in.find_first_not_of("/");
    TSTRING                out   = (drive != std::string::npos) ? in.substr(drive) : in;
    TSTRING::size_type t = out.find_first_of('/');
    if (t != std::string::npos)
    out[t] = ':';
    else
        out.append(":");
    return out;
 }
 /////////////////////////////////////////////////////////////////////////
 bool cRiscosPath::IsAbsolutePath(const TSTRING& in)
 {
    if (in.empty())
        return false;
    if (in[0] == '/')
        return true;
    if (in.find("$") != std::string::npos)
        return true;
    return false;
 }
 // For paths of type SDFS::Volume.$.dir.file
 TSTRING cRiscosPath::AsPosix(const TSTRING& in)
 {
 #if IS_RISCOS
    if (in[0] == '/')
    {
        return in;
    }
    TSTRING out;
    char*   unixified = __unixify(in.c_str(), 0, 0, 0, 0);
    if (unixified)
    {
        out.assign(unixified);
        free(unixified);
        return out;
    }
    return in;
 #else
    return in;
 #endif
 } 
 TSTRING cRiscosPath::AsNative(const TSTRING& in)
 {
 #if IS_RISCOS
    if (in[0] != '/')
    {
        return in;
    }
    TSTRING           out;
    int               buf_size = in.length() + 100; // examples pad by 100
    std::vector<char> buf(buf_size);
    __riscosify(in.c_str(), 0, 0, &buf[0], buf_size, 0);
    if (buf[0])
    {
        out.assign(&buf[0]);
        return out;
    }
    return in;
 #else
    return in;
 #endif
 }
 /////////////////////////////////////////////////////////////////////////
 bool cRedoxPath::IsAbsolutePath(const TSTRING& in)
 {
    if (in.empty())
        return false;
    if (in[0] == '/')
        return true;
    if (in.find(":") != std::string::npos)
        return true;
    return false;
 }
 // For paths of type file:/dir/file
 TSTRING cRedoxPath::AsPosix(const TSTRING& in)
 {
    if (in[0] == '/')
    {
        return in;
    }
    TSTRING                out   = IsAbsolutePath(in) ? '/' + in : in;
    std::string::size_type colon = out.find_first_of(":");
    if (colon != std::string::npos)
        out.erase(colon, 1);
    return out;
 }
 TSTRING cRedoxPath::AsNative(const TSTRING& in)
 {
    if (in[0] != '/')
    {
        return in;
    }
    std::string::size_type drive = in.find_first_not_of("/");
    TSTRING                out   = (drive != std::string::npos) ? in.substr(drive) : in;
    TSTRING::size_type     slash = out.find_first_of('/');
    if (slash != std::string::npos)
        out.insert(slash, ":");
    else
        out.append(":/");
    return out;
 }
--- a/src/core/fileerror.cpp
+++ b/src/core/fileerror.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -37,7 +37,8 @@
 #include "corestrings.h"
 // TODO: Make this use MakeFileError() for consistency
-eFileError::eFileError(const TSTRING& filename, const TSTRING& description, uint32 flags) : eError(_T(""), flags)
+eFileError::eFileError( const TSTRING& filename, const TSTRING& description, uint32 flags )
 :   eError( _T(""), flags )
 {
    mFilename = filename;
    mMsg = description;
@ -57,14 +58,14 @@ TSTRING eFileError::GetDescription() const
 {
    TSTRING ret;
-    if (!mFilename.empty())
+    if( ! mFilename.empty() )
    {
-        ret = TSS_GetString(cCore, core::STR_ERROR_FILENAME) + mFilename;
+        ret = TSS_GetString( cCore, core::STR_ERROR_FILENAME ) + mFilename;
    }
-    if (!mMsg.empty())
+    if( ! mMsg.empty() )
    {
-        if (!mFilename.empty())
+        if ( ! mFilename.empty() )
            ret += _T("\n");
        ret += mMsg;
@ -72,3 +73,4 @@ TSTRING eFileError::GetDescription() const
    return ret;
 }
--- a/src/core/fileerror.h
+++ b/src/core/fileerror.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -51,33 +51,30 @@
 // ### Insufficient permission to open file.    <-- constructor parameter "msg"
 // ### Exiting...                               <-- appropriate third message
 //=============================================================================
-TSS_BEGIN_EXCEPTION_NO_CTOR(eFileError, eError)
+TSS_BEGIN_EXCEPTION_NO_CTOR( eFileError, eError )
 private:
-TSTRING mFilename;
+    TSTRING mFilename;
 public:
-eFileError(const TSTRING& filename, const TSTRING& description, uint32 flags = 0);
+    eFileError( const TSTRING& filename, const TSTRING& description, uint32 flags = 0 );
-explicit eFileError(const eFileError& rhs) : eError(rhs)
+    explicit eFileError( const eFileError& rhs )
-{
+        : eError( rhs ) { mFilename = rhs.mFilename; }
-    mFilename = rhs.mFilename;
+    eFileError( const TSTRING& msg, uint32 flags = 0 )
-}
+        : eError( msg, flags ) {}
 eFileError(const TSTRING& msg, uint32 flags = 0) : eError(msg, flags)
 {
 }
-TSTRING         GetFilename() const;
+    TSTRING GetFilename() const;
-TSTRING         GetDescription() const;
+    TSTRING GetDescription() const;
-virtual TSTRING GetMsg() const;
+    virtual TSTRING GetMsg() const;
 TSS_END_EXCEPTION()
-#    define TSS_FILE_EXCEPTION(except, base)                                                               \
+#define TSS_FILE_EXCEPTION( except, base ) \
-        TSS_BEGIN_EXCEPTION(except, base)                                                                  \
+    TSS_BEGIN_EXCEPTION( except, base ) \
-        except(const TSTRING& filename, const TSTRING& msg, uint32 flags = 0) : base(filename, msg, flags) \
+    except( const TSTRING& filename, const TSTRING& msg, uint32 flags = 0 ) \
-        {                                                                                                  \
+    : base( filename, msg, flags ) {} \
        }                                                                                                  \
    TSS_END_EXCEPTION()
 #endif
--- a/src/core/fileheader.cpp
+++ b/src/core/fileheader.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -50,7 +50,7 @@ cFileHeaderID::~cFileHeaderID()
 {
 }
-void cFileHeaderID::operator=(const TCHAR* pszId)
+void cFileHeaderID::operator=( const TCHAR* pszId )
 {
    // RAD:10/1/99 -- Not Needed
    // TODO:BAM -- I'm pretty sure that there's a bug hiding here...
@ -62,34 +62,36 @@ void cFileHeaderID::operator=(const TCHAR* pszId)
    //    return;
    //}
-    size_t N = ::strlen(pszId);
+    size_t N = ::strlen( pszId );
-    if (!(N < cFileHeaderID::MAXBYTES))
+    if ( !(N < cFileHeaderID::MAXBYTES) )
-        throw eCharacter(TSS_GetString(cCore, core::STR_ERR_OVERFLOW));
+        throw eCharacter( TSS_GetString( cCore, core::STR_ERR_OVERFLOW ) );
-    mIDLen = static_cast<int16>(N); // know len is less than MAXBYTES
+    mIDLen = static_cast<int16>( N ); // know len is less than MAXBYTES
-    ::memcpy(mID, pszId, N * sizeof(char));
+    ::memcpy( mID, pszId, N * sizeof(char) );
 }
-void cFileHeaderID::operator=(const cFileHeaderID& rhs)
+void cFileHeaderID::operator=( const cFileHeaderID& rhs )
 {
-    ASSERT(rhs.mIDLen < cFileHeaderID::MAXBYTES);
+    ASSERT( rhs.mIDLen < cFileHeaderID::MAXBYTES );
    mIDLen = rhs.mIDLen;
    memcpy(mID, rhs.mID, mIDLen * sizeof(char));
 }
-int cFileHeaderID::operator==(const cFileHeaderID& rhs) const
+int cFileHeaderID::operator==( const cFileHeaderID& rhs ) const
 {
-    return (mIDLen == rhs.mIDLen) && (::memcmp(mID, rhs.mID, mIDLen * sizeof(char)) == 0);
+    return 
        ( mIDLen == rhs.mIDLen ) &&
        ( ::memcmp( mID, rhs.mID, mIDLen * sizeof(char) ) == 0 );
 }
-void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eSerializer, eArchive)
+void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/ )  // throw (eSerializer, eArchive)
 {
    int16 len;
-    pSerializer->ReadInt16(len);
+    pSerializer->ReadInt16( len );
-    if ((len < 0) || (len >= cFileHeaderID::MAXBYTES))
+    if ( (len < 0) || (len >= cFileHeaderID::MAXBYTES ))
    {
        // this is invalid!
-        throw eSerializerInputStreamFmt(_T("File Header ID invalid"));
+        throw eSerializerInputStreamFmt( _T("File Header ID invalid") );
    }
    pSerializer->ReadBlob(mID, len * sizeof(char));
    mIDLen = len;
@ -97,18 +99,19 @@ void cFileHeaderID::Read(iSerializer* pSerializer, int32 /*version*/) // throw (
 void cFileHeaderID::Write(iSerializer* pSerializer) const // throw (eSerializer, eArchive)
 {
-    ASSERT(mIDLen >= 0 && mIDLen < cFileHeaderID::MAXBYTES);
+    ASSERT( mIDLen >= 0 && mIDLen < cFileHeaderID::MAXBYTES );
-    pSerializer->WriteInt16(mIDLen);
+    pSerializer->WriteInt16( mIDLen );
-    pSerializer->WriteBlob(mID, mIDLen * sizeof(char));
+    pSerializer->WriteBlob( mID, mIDLen * sizeof(char) );
 }
 ///////////////////////////////////////////////////////////////////////////////
 // class cFileHeader
-cFileHeader::cFileHeader() : mVersion(0)
+cFileHeader::cFileHeader()
 :   mVersion(0)
 {
-#ifdef DEBUG
+#ifdef _DEBUG
    mEncoding = LAST_ENCODING; // set to invalid value so we can assert on write
 #else
    mEncoding = NO_ENCODING;
@ -116,14 +119,20 @@ cFileHeader::cFileHeader() : mVersion(0)
 }
 cFileHeader::cFileHeader(const cFileHeader& rhs)
-    : iSerializable(), mID(rhs.mID), mVersion(rhs.mVersion), mEncoding(rhs.mEncoding)
+:   iSerializable(),
    mID(rhs.mID),
    mVersion(rhs.mVersion),
    mEncoding(rhs.mEncoding)
 {
    if (rhs.mBaggage.Length() > 0)
    {
        mBaggage.MapArchive(0, rhs.mBaggage.Length());
        rhs.mBaggage.MapArchive(0, rhs.mBaggage.Length());
-        ::memcpy(mBaggage.GetMap(), rhs.mBaggage.GetMap(), static_cast<size_t>(rhs.mBaggage.Length()));
+        ::memcpy(
            mBaggage.GetMap(),
            rhs.mBaggage.GetMap(),
            static_cast<size_t>( rhs.mBaggage.Length() ) ); 
        mBaggage.MapArchive(0, 0);
        rhs.mBaggage.MapArchive(0, 0);
@ -162,7 +171,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
    if ((unsigned int)magicNumber != FILE_HEADER_MAGIC_NUMBER)
    {
        d.TraceDebug("Bad magic number");
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName());
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
    }
    // Note this version refers to the format of this data structure in the
@ -173,7 +182,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
    {
        // don't understand the version
        d.TraceDebug("Bad version");
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName());
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
    }
    mID.Read(pSerializer);
@ -187,7 +196,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
    pSerializer->ReadInt32(len);
    if (len < 0 || len > 0xffff)
-        throw eSerializerInputStreamFmt(pSerializer->GetFileName());
+        throw eSerializerInputStreamFmt(pSerializer->GetFileName() );
    mBaggage.MapArchive(0, len);
@ -204,7 +213,7 @@ void cFileHeader::Read(iSerializer* pSerializer, int32 /*version*/) // throw (eS
 void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, eArchive)
 {
-#ifdef DEBUG
+#ifdef _DEBUG
    // check that we set some values
    cFileHeaderID id;
    ASSERT(mID != id);
@ -224,14 +233,14 @@ void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, e
    pSerializer->WriteInt32(mVersion);
-    pSerializer->WriteInt16(static_cast<int16>(mEncoding));
+    pSerializer->WriteInt16( static_cast<int16>(mEncoding) );
-    int32 len = static_cast<int32>(mBaggage.Length());
+    int32 len = static_cast<int32>( mBaggage.Length() );
    ASSERT(len >= 0);
    ASSERT(len <= 0xFFFF);
-    if (len < 0 || len > 0xFFFF)
+    if ( len < 0 || len > 0xFFFF )
        throw eSerializerOutputStreamFmt();
    pSerializer->WriteInt32(len);
@ -241,3 +250,4 @@ void cFileHeader::Write(iSerializer* pSerializer) const // throw (eSerializer, e
        pSerializer->WriteBlob(mBaggage.GetMap(), len);
    }
 }
--- a/src/core/fileheader.h
+++ b/src/core/fileheader.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -54,12 +54,12 @@ public:
    cFileHeaderID(const cFileHeaderID& rhs);
    virtual ~cFileHeaderID();
-    void operator=(const TCHAR* id);
+    void operator = (const TCHAR* id);
-    void operator=(const cFileHeaderID& rhs);
+    void operator = (const cFileHeaderID& rhs);
-    int  operator==(const cFileHeaderID& rhs) const;
+    int  operator == (const cFileHeaderID& rhs) const;
-    int  operator!=(const cFileHeaderID& rhs) const;
+    int  operator != (const cFileHeaderID& rhs) const;
-    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Read (iSerializer* pSerializer, int32 version = 0);    // throw (eSerializer, eArchive)
    virtual void Write(iSerializer* pSerializer) const;                 // throw (eSerializer, eArchive)
 private:
@ -70,11 +70,8 @@ private:
    // the program is the only person who will see them.
    int16   mIDLen;
-    enum
+    enum { MAXBYTES = 256 };
-    {
+    char mID[ MAXBYTES ];
        MAXBYTES = 256
    };
    char mID[MAXBYTES];
 };
 inline cFileHeaderID::cFileHeaderID()
@ -87,12 +84,14 @@ inline cFileHeaderID::cFileHeaderID(const TCHAR* id)
    *this = id;
 }
-inline cFileHeaderID::cFileHeaderID(const cFileHeaderID& rhs) : iSerializable(), mIDLen(rhs.mIDLen)
+inline
 cFileHeaderID::cFileHeaderID( const cFileHeaderID& rhs ) :
    iSerializable(), mIDLen( rhs.mIDLen ) 
 {
-    memcpy(mID, rhs.mID, MAXBYTES);
+    memcpy( mID, rhs.mID, MAXBYTES );
 }
-inline int cFileHeaderID::operator!=(const cFileHeaderID& rhs) const
+inline int cFileHeaderID::operator != (const cFileHeaderID& rhs) const
 {
    return !(*this == rhs);
 }
@ -128,7 +127,7 @@ public:
    cMemoryArchive&         GetBaggage();
    const cMemoryArchive&   GetBaggage() const;
-    virtual void Read(iSerializer* pSerializer, int32 version = 0); // throw (eSerializer, eArchive)
+    virtual void Read (iSerializer* pSerializer, int32 version = 0);    // throw (eSerializer, eArchive)
    virtual void Write(iSerializer* pSerializer) const;                 // throw (eSerializer, eArchive)
 protected:
@ -164,3 +163,4 @@ inline const cMemoryArchive& cFileHeader::GetBaggage() const
 }
 #endif
--- a/src/core/fixedfilebuf.h
+++ b/src/core/fixedfilebuf.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -45,6 +45,10 @@
 #define __FIXED_FILEBUF_H
 #include <fstream>
 #define fixed_basic_ofstream std::basic_ofstream
-#endif //__FIXED_FILEBUF_H
+#if IS_UNIX
 #define fixed_basic_ofstream std::basic_ofstream
 #endif // IS_WIN32/IS_UNIX
 #endif//__FIXED_FILEBUF_H
--- a/src/core/fsservices.cpp
+++ b/src/core/fsservices.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -43,3 +43,5 @@ iFSServices* iFSServices::mpInstance = 0;
 //#############################################################################
 // eFSServices
 //#############################################################################
--- a/src/core/fsservices.h
+++ b/src/core/fsservices.h
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -65,14 +65,15 @@
 // STANDARD LIBRARY INCLUDES
 //=========================================================================
-#if HAVE_SYS_PARAM_H
+#if IS_UNIX
-#include <sys/param.h>
+ #if HAVE_SYS_PARAM_H
-#endif
+  #include <sys/param.h>
 #endif
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
-
+#endif
 //=========================================================================
 // DEFINES AND MACROS
@ -80,18 +81,18 @@
 // macros for extracting the major and minor portions of int64's:    
 #if !defined(major)
-#    if !USES_GLIBC
+#if !USES_GLIBC
-#        define major(x) ((int)((x) >> 8) & 0xff)
+#define major(x) ((int)((x) >> 8) & 0xff)
-#        define minor(x) ((int)((x)&0xff))
+#define minor(x) ((int)((x) & 0xff))
-#    else
+#else
-#        ifdef WORDS_BIGENDIAN
+#ifdef WORDS_BIGENDIAN
-#            define major(x) (int)(((char*)&(x))[2])
+#define major(x) (int)(((char*)&(x))[2])
-#            define minor(x) (int)(((char*)&(x))[3])
+#define minor(x) (int)(((char*)&(x))[3])
-#        else
+#else
-#            define major(x) (int)(((char*)&(x))[1])
+#define major(x) (int)(((char*)&(x))[1])
-#            define minor(x) (int)(((char*)&(x))[0])
+#define minor(x) (int)(((char*)&(x))[0])
-#        endif
+#endif
-#    endif
+#endif
 #endif /* !major */
 //=========================================================================
@ -122,10 +123,8 @@ typedef int64 cFSType;
 // this class is used only to pass arguments to iFSServices
 //     it is the union of MAX(elem) for all the file systems that we support 
-struct cFSStatArgs
+struct cFSStatArgs {
-{
+   enum FileType  {
    enum FileType
    {
      TY_INVALID,       // lazy evaluation
      TY_FILE, 
      TY_DIR, 
@ -135,8 +134,7 @@ struct cFSStatArgs
      TY_FIFO,
      TY_SOCK,
      TY_DOOR,
-        TY_PORT,
+      TY_PORT
        TY_NAMED
   };
   // attr is fs dependent?
@ -156,7 +154,7 @@ struct cFSStatArgs
   int64 fstype;     // dep
    TSTRING usid;        // dep
    TSTRING gsid;        // dep
-                     // int64 mFileType;     // Matt's addition...
+// int64 mFileType;     // Matt's addition...
   FileType mFileType;     // redundant with other information in this struct, but
                     // broken out for convenience
@ -166,14 +164,15 @@ struct cFSStatArgs
 };
 //=========================================================================
 //
 // eFSServices -- exception class
 //
 //=========================================================================
-TSS_FILE_EXCEPTION(eFSServices, eFileError);
+TSS_FILE_EXCEPTION( eFSServices,         eFileError );
-TSS_FILE_EXCEPTION(eFSServicesGeneric, eFSServices);
+TSS_FILE_EXCEPTION( eFSServicesGeneric,   eFSServices );
 //=========================================================================
 //
@ -185,10 +184,8 @@ TSS_FILE_EXCEPTION(eFSServicesGeneric, eFSServices);
 class iFSServices 
 {
-public:
+ public:
-    virtual ~iFSServices()
+  virtual ~iFSServices() {}
    {
    }
  ///////////////////////////////////////////////////////////////
  // ENUMS
  ///////////////////////////////////////////////////////////////
@ -213,10 +210,12 @@ public:
  ////////////////////////////////////////
  enum
  {        
-#ifdef MAXPATHLEN
+#if IS_UNIX
  #ifdef MAXPATHLEN
      TW_MAX_PATH = MAXPATHLEN
-#else
+  #else
      TW_MAX_PATH = 1024
  #endif
 #endif
  };
@ -238,21 +237,21 @@ public:
  ////////////////////////////////////////
  // process functions
  ////////////////////////////////////////
-    virtual void Sleep(int nSeconds) const = 0;
+  virtual void        Sleep( int nSeconds ) const = 0;
  // makes the current process sleep for the specified number of seconds
  ////////////////////////////////////////
  // major filesystem functions
  ////////////////////////////////////////
-    virtual void Stat(const TSTRING& strFileName, cFSStatArgs& pStat) const = 0;
+  virtual void       Stat( const TSTRING& strFileName, cFSStatArgs& pStat ) const throw( eFSServices ) = 0;
  // fills out the cFSStatArgs structure with the stat info for the named file
-    virtual void GetTempDirName(TSTRING& strName) const = 0;
+  virtual void       GetTempDirName( TSTRING& strName ) const throw( eFSServices ) = 0;
  // makes directory if it doesn't exist already.  Dirname will end with a delimiter ( '/' )
-    virtual void SetTempDirName(TSTRING& tmpName) = 0;
+  virtual void       SetTempDirName( TSTRING& tmpName ) = 0;
-    virtual TSTRING& MakeTempFilename(TSTRING& strName) const = 0;
+  virtual TSTRING&   MakeTempFilename( TSTRING& strName ) const throw( eFSServices ) = 0;
  // create temporary file
  //      TSTRING must have the form ("baseXXXXXX"), where the X's are replaced with 
  //      characters to make it a unique file.  There must be at least 6 Xs.
@ -261,60 +260,62 @@ public:
  ////////////////////////////////////////
  // minor filesystem functions
  ////////////////////////////////////////
-    virtual void GetHostID(TSTRING& name) const = 0;
+  virtual void    GetHostID( TSTRING& name ) const = 0;
-    virtual void GetMachineName(TSTRING& name) const = 0;
+  virtual void    GetMachineName( TSTRING& name ) const throw(eFSServices) = 0;
-    virtual void GetMachineNameFullyQualified(TSTRING& name) const = 0;
+  virtual void    GetMachineNameFullyQualified( TSTRING& name ) const = 0;
-    virtual bool GetCurrentUserName(TSTRING& tstrName) const = 0;
+  virtual bool    GetCurrentUserName( TSTRING& tstrName ) const = 0;
-    virtual bool GetIPAddress(uint32& uiIPAddress) = 0;
+  virtual bool    GetIPAddress( uint32& uiIPAddress ) = 0;
  ////////////////////////////////////////
  // directory specific functions
  ////////////////////////////////////////
-    virtual void ReadDir(const TSTRING& strName, std::vector<TSTRING>& vDirContents, bool bFullPaths = true) const = 0;
+  virtual void        ReadDir( const TSTRING& strName, std::vector<TSTRING> &vDirContents, bool bFullPaths = true ) const throw( eFSServices ) = 0;
  // puts the contents of the specified directory, except for . and .., into the supplied vector. 
  // if bFullPaths is true, then the vector contains fully qualified path names; otherwise, it only contains the 
  // short names.
-    virtual void GetCurrentDir(TSTRING& strCurDir) const = 0;
+  virtual void        GetCurrentDir( TSTRING& strCurDir ) const throw( eFSServices ) = 0;
  // returns the current working directory
  ////////////////////////////////////////
  // file specific functions
  ////////////////////////////////////////
-    virtual bool FileDelete(const TSTRING& name) const = 0;
+  virtual bool        FileDelete( const TSTRING& name ) const = 0;
  ////////////////////////////////////////
  // directory and file functions
  ////////////////////////////////////////
-    virtual bool Rename(const TSTRING& strOldName, const TSTRING& strNewName, bool fOverWrite = true) const = 0;
+  virtual bool    Rename( const TSTRING& strOldName, const TSTRING& strNewName, bool fOverWrite = true ) const = 0;
  // rename a file
-    virtual bool GetUserName(uid_t user_id, TSTRING& tstrUser) const    = 0;
+  virtual bool        GetOwnerForFile( const TSTRING& tstrFilename, TSTRING& tstrUser ) const = 0;
-    virtual bool GetGroupName(gid_t group_id, TSTRING& tstrGroup) const = 0;
+  virtual bool        GetGroupForFile( const TSTRING& tstrFilename, TSTRING& tstrGroup ) const = 0;
  virtual bool        GetUserName( uid_t user_id, TSTRING& tstrUser ) const = 0;
  virtual bool        GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const = 0;
  //Set whether we try to resolve uid/gid to a name, since Linux static binaries can
  //have trouble (read: segfaulting) with name resolution given the right nsswitch.conf setup.
  //This defaults to true if not specified.
-    virtual void SetResolveNames(bool resolve) = 0;
+  virtual void        SetResolveNames(bool resolve)=0;
  ////////////////////////////////////////
  // miscellaneous utility functions
  ////////////////////////////////////////
-    virtual void ConvertModeToString(uint64 perm, TSTRING& tstrPerm) const = 0;
+  virtual void        ConvertModeToString( uint64 perm, TSTRING& tstrPerm ) const = 0;
  // takes a int64 permission (from stat) and changes it to look like UNIX's 'ls -l' (e.g. drwxrwxrwx)
-    virtual bool FullPath(TSTRING& fullPath, const TSTRING& relPath, const TSTRING& pathRelFrom = _T("")) const = 0;
+  virtual bool    FullPath( TSTRING& fullPath, const TSTRING& relPath, const TSTRING& pathRelFrom = _T("") ) const = 0;
  // converts relPath into a fully qualified path, storing it in FullPath. If this 
  // fails, false is returned.  if the path to which relPath is relative is not CWD, put it in pathRelFrom.
  // TODO: In some places we have depended on the behaviour that if relPath.empty() == true then we
  // fail or return an empty string.  Should we add this behaviour to the interface?
-    virtual bool GetExecutableFilename(TSTRING& strFullPath, const TSTRING& strFilename) const = 0;
+  virtual bool        GetExecutableFilename( TSTRING& strFullPath, const TSTRING& strFilename ) const = 0;
  // get the path to the current executable file
-    virtual bool IsRoot(const TSTRING& strPath) const = 0;
+  virtual bool        IsRoot( const TSTRING& strPath ) const = 0;
  // returns true if strPath denotes a root path
@ -332,13 +333,13 @@ public:
  // singleton manipulation
  ////////////////////////////////////////
  static iFSServices*         GetInstance();
-    static void         SetInstance(iFSServices* pInst);
+  static void                 SetInstance( iFSServices* pInst );
  ///////////////////////////////////////////////////////////////
  // PRIVATE DATA
  ///////////////////////////////////////////////////////////////
-private:
+ private:
  static iFSServices* mpInstance;
 };
@ -353,10 +354,11 @@ inline iFSServices* iFSServices::GetInstance()
   return mpInstance;
 }
-inline void iFSServices::SetInstance(iFSServices* pInst)
+inline void iFSServices::SetInstance( iFSServices* pInst )
 {
   mpInstance = pInst;
 }
 #endif
--- a/src/core/growheap.cpp
+++ b/src/core/growheap.cpp
@ -1,6 +1,6 @@
 //
 // The developer of the original code and/or files is Tripwire, Inc.
-// Portions created by Tripwire, Inc. are copyright (C) 2000-2018 Tripwire,
+// Portions created by Tripwire, Inc. are copyright (C) 2000 Tripwire,
 // Inc. Tripwire is a registered trademark of Tripwire, Inc.  All rights
 // reserved.
 // 
@ -47,10 +47,7 @@ public:
        size_t  mSize;
        int8*   mpData;
-        cHeap(size_t size) : mSize(size), mpData(new int8[size])
+        cHeap( size_t size ) : mSize( size ), mpData( new int8[size] ) { ASSERT(mpData != 0); } 
        {
            ASSERT(mpData != 0);
        }
            // Note: The above ASSERT should never occur!  If the new failed we should have thrown a bad_alloc().
    };
    typedef std::vector<cHeap> HeapList;
@ -61,34 +58,34 @@ public:
    TSTRING             mName;
    size_t              mCurOff;
-    cGrowHeap_i(size_t initialSize, size_t growBy, const TCHAR* name);
+    cGrowHeap_i( size_t initialSize, size_t growBy, const TCHAR* name  );
-    ~cGrowHeap_i()
+    ~cGrowHeap_i() { Clear(); }
    {
        Clear();
    }
-    size_t AlignSizeRequest(size_t size, size_t alignSize);
+    size_t  AlignSizeRequest( size_t size, size_t alignSize );
-    void*  Malloc(size_t size);
+    void*   Malloc( size_t size );
    void    Clear();
 };
-cGrowHeap_i::cGrowHeap_i(size_t initialSize, size_t growBy, const TCHAR* name)
+cGrowHeap_i::cGrowHeap_i( size_t initialSize, size_t growBy, const TCHAR* name  )
-    : mInitialSize(initialSize), mGrowBy(growBy), mName(name), mCurOff(0)
+:   mInitialSize( initialSize ),
    mGrowBy     ( growBy ),
    mName       ( name ),
    mCurOff     ( 0 )
 {
    // assure that initial size and growby are aligned
-    ASSERT(0 == (initialSize % BYTE_ALIGN));
+    ASSERT( 0 == ( initialSize % BYTE_ALIGN ) );
-    ASSERT(0 == (growBy % BYTE_ALIGN));
+    ASSERT( 0 == ( growBy % BYTE_ALIGN ) );
 }
 size_t cGrowHeap::TotalMemUsage() const
 {
    size_t usage = 0;
-    for (cGrowHeap_i::HeapList::const_iterator i = mpData->mHeaps.begin(); i != mpData->mHeaps.end(); i++)
+    for( cGrowHeap_i::HeapList::const_iterator i = mpData->mHeaps.begin(); i != mpData->mHeaps.end(); i++ )
    {
        usage += i->mSize;
    }
-    if (!mpData->mHeaps.empty())
+    if( ! mpData->mHeaps.empty() )
    {
        //  take off the unused portion...
        usage -= (mpData->mHeaps.back().mSize - mpData->mCurOff);
@ -97,23 +94,23 @@ size_t cGrowHeap::TotalMemUsage() const
 }
-void* cGrowHeap_i::Malloc(size_t size)
+void* cGrowHeap_i::Malloc( size_t size )
 {
-    size = AlignSizeRequest(size, BYTE_ALIGN);
+    size = AlignSizeRequest( size, BYTE_ALIGN );
-    ASSERT((size > 0) && (size < mGrowBy));
+    ASSERT( ( size > 0 )  && ( size < mGrowBy ) );
-    if (size >= mGrowBy)
+    if( size >= mGrowBy )
        return NULL;
-    if (mHeaps.empty())
+    if( mHeaps.empty() )
    {
-        mHeaps.push_back(cHeap(mInitialSize));
+        mHeaps.push_back( cHeap( mInitialSize ) );
        ASSERT(mHeaps.back().mpData != 0);
        mCurOff     = 0;
    }
-    if (mCurOff + size < mHeaps.back().mSize)
+    if( mCurOff + size < mHeaps.back().mSize )
    {
        // we have room to add this to the current heap.
        //
@ -125,43 +122,43 @@ void* cGrowHeap_i::Malloc(size_t size)
    }
    else
    {
-        mHeaps.push_back(cHeap(mGrowBy));
+        mHeaps.push_back( cHeap( mGrowBy ) );
        ASSERT(mHeaps.back().mpData != 0);
        mCurOff = 0;
-#ifdef _DEUBG
+        #ifdef _DEUBG
-        void* ret = Malloc(size);
+            void* ret = Malloc( size );
            ASSERT(ret != 0);
            return ret;
-#else
+        #else
-        return Malloc(size);
+            return Malloc( size );
-#endif
+        #endif
    }
 }
-size_t cGrowHeap_i::AlignSizeRequest(size_t size, size_t alignSize)
+size_t cGrowHeap_i::AlignSizeRequest( size_t size, size_t alignSize )
 {
    // The two's complement algorithm requires a non-zero size request size,
    // so make make all requests require it so that this function
    // acts the same no matter what the integer representation
-    if (0 == size)
+    if( 0 == size )
        size = 1;
 #if USES_2S_COMPLEMENT
    // This efficient algorithm assumes alignSize is power of two AND a 
    // 2's complement representation. Requires non-zero size request
-    ASSERT(0 == (alignSize % 2));
+    ASSERT( 0 == ( alignSize % 2 ) );
-    ASSERT(size > 0);
+    ASSERT( size > 0 );
-    return ((size + alignSize - 1) & ~(alignSize - 1));
+    return( ( size + alignSize - 1 ) & ~( alignSize - 1 ) );
 #else
    // this makes no assumption about BYTE_ALIGN or hardware integer representation
-    return (((size / alignSize) + ((size % alignSize) ? 1 : 0)) * alignSize);
+    return( ( ( size / alignSize ) + ( ( size % alignSize ) ? 1 : 0 ) ) * alignSize );
 #endif
 }
 void cGrowHeap_i::Clear()
 {
-    for (HeapList::iterator i = mHeaps.begin(); i != mHeaps.end(); i++)
+    for( HeapList::iterator i = mHeaps.begin(); i != mHeaps.end(); i++ )
    {
        delete [] i->mpData;
    }
@ -171,25 +168,27 @@ void cGrowHeap_i::Clear()
 //-----------------------------------------------------------------------------
 // cGrowHeap
 //-----------------------------------------------------------------------------
-cGrowHeap::cGrowHeap(size_t initialSize, size_t growBy, const TCHAR* name)
+cGrowHeap::cGrowHeap( size_t initialSize, size_t growBy, const TCHAR* name  ) :
-    : mpData(new cGrowHeap_i(initialSize, growBy, name))
+    mpData( new cGrowHeap_i( initialSize, growBy, name ) )
 {
 }
 cGrowHeap::~cGrowHeap()
 {
    cDebug d("FCO name heap stats");
-    d.TraceDebug(_T("Total heap memory usage for %s: %d\n"), mpData->mName.c_str(), TotalMemUsage());
+    d.TraceDebug( _T("Total heap memory usage for %s: %d\n"), mpData->mName.c_str(), TotalMemUsage() );
    delete mpData;
 }
-void* cGrowHeap::Malloc(size_t size)
+void* cGrowHeap::Malloc( size_t size )
 {
-    return mpData->Malloc(size);
+    return mpData->Malloc( size );
 }
 void cGrowHeap::Clear()
 {
    mpData->Clear();
 }
--- a/Show More
+++ b/Show More
`@ -1 +1,2 @@`
	`#define BUILD_NUM _T("0")`	`#define BUILD_NUM _T("0")`