############################################################################### # ## # Default Tripwire 2.4 Policy file for Cygwin ## # ## ############################################################################### ############################################################################### # ## # Global Variable Definitions ## # ## # These are defined at install time by the installation script. You may ## # Manually edit these if you are using this file directly and not from the ## # installation script itself. ## # ## ############################################################################### @@section GLOBAL TWROOT=; TWBIN=; TWPOL=; TWDB=; TWSKEY=; TWLKEY=; TWREPORT=; HOSTNAME=; ############################################################################## # Predefined Variables # ############################################################################## # # Property Masks # # - ignore the following properties # + check the following properties # # a access timestamp (mutually exclusive with +CMSH) # b number of blocks allocated # c inode creation/modification timestamp # d ID of device on which inode resides # g group id of owner # i inode number # l growing files (logfiles for example) # m modification timestamp # n number of links # p permission and file mode bits # r ID of device pointed to by inode (valid only for device objects) # s file size # t file type # u user id of owner # # C CRC-32 hash # H HAVAL hash # M MD5 hash # S SHA hash # ############################################################################## #Device = +pugsdr-intlbamcCMSH ; #Dynamic = +pinugtd-srlbamcCMSH ; #Growing = +pinugtdl-srbamcCMSH ; #IgnoreAll = -pinugtsdrlbamcCMSH ; #IgnoreNone = +pinugtsdrbamcCMSH-l ; #ReadOnly = +pinugtsdbmCM-rlacSH ; Temporary = +pugt ; @@section FS ######################################### # ## # Tripwire Binaries and Data Files ## # ## ######################################### # Tripwire Binaries ( rulename = "Tripwire Binaries", ) { $(TWBIN)/siggen -> $(ReadOnly) ; $(TWBIN)/tripwire -> $(ReadOnly) ; $(TWBIN)/twadmin -> $(ReadOnly) ; $(TWBIN)/twprint -> $(ReadOnly) ; } # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases ( rulename = "Tripwire Data Files", ) { # NOTE: We remove the inode attribute because when Tripwire creates a backup, # it does so by renaming the old file and creating a new one (which will # have a new inode number). Inode is left turned on for keys, which shouldn't # ever change. # NOTE: The first integrity check triggers this rule and each integrity check # afterward triggers this rule until a database update is run, since the # database file does not exist before that point. $(TWDB) -> $(Dynamic) -i ; $(TWPOL)/tw.pol -> $(ReadOnly) -i ; $(TWPOL)/tw.cfg -> $(ReadOnly) -i ; $(TWLKEY)/$(HOSTNAME)-local.key -> $(ReadOnly) ; $(TWSKEY)/site.key -> $(ReadOnly) ; # don't scan the individual reports $(TWREPORT) -> $(Dynamic) (recurse=0) ; } ############################################################################## (rulename="Binary files",) { /bin -> $(IgnoreNone) -a; /usr/bin -> $(IgnoreNone) -a; /usr/local/bin -> $(IgnoreNone) -a; } (rulename="Development",) { /usr/x86_64-pc-cygwin -> $(IgnoreNone) -a; } (rulename="Libexec",) { /usr/libexec -> $(IgnoreNone) -a; } (rulename="Admin binaries",) { /sbin -> $(IgnoreNone) -a; /usr/sbin -> $(IgnoreNone) -a; } (rulename="Libraries",) { /lib -> $(IgnoreNone) -a; /usr/lib -> $(IgnoreNone) -a; /usr/local/lib -> $(IgnoreNone) -a; } (rulename="Etc",) { /etc -> $(IgnoreNone) -a; /usr/local/etc -> $(IgnoreNone) -a; } (rulename="Dev",) { /dev -> $(Device); } (rulename="Tmp",) { /tmp -> $(Temporary); /var/tmp -> $(Temporary); /usr/tmp -> $(Temporary); } (rulename="Log",) { /var/log -> $(Growing); }