1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
# $Id: tw.conf.freebsd2,v 1.3 1998/07/28 17:54:21 obrien Exp $
#
# tripwire.config
# Generic version for FreeBSD
# Will need editing...see comments below
#
# This file contains a list of files and directories that System
# Preener will scan. Information collected from these files will be
# stored in the tripwire.database file.
#
# Format: [!|=] entry [ignore-flags]
#
# where: '!' signifies the entry is to be pruned (inclusive) from
# the list of files to be scanned.
# '=' signifies the entry is to be added, but if it is
# a directory, then all its contents are pruned
# (useful for /tmp).
#
# where: entry is the absolute pathname of a file or a directory
#
# where ignore-flags are in the format:
# [template][ [+|-][pinugsam12] ... ]
#
# - : ignore the following atributes
# + : do not ignore the following attributes
#
# p : permission and file mode bits a: access timestamp
# i : inode number m: modification timestamp
# n : number of links (ref count) c: inode creation timestamp
# u : user id of owner 1: signature 1
# g : group id of owner 2: signature 2
# s : size of file
#
#
# Ex: The following entry will scan all the files in /etc, and report
# any changes in mode bits, inode number, reference count, uid,
# gid, modification and creation timestamp, and the signatures.
# However, it will ignore any changes in the access timestamp.
#
# /etc +pinugsm12-a
#
# The following templates have been pre-defined to make these long ignore
# mask descriptions unecessary.
#
# Templates: (default) R : [R]ead-only (+pinugsm12-a)
# L : [L]og file (+pinug-sam12)
# N : ignore [N]othing (+pinusgsamc12)
# E : ignore [E]verything (-pinusgsamc12)
#
# By default, Tripwire uses the R template -- it ignores
# only the access timestamp.
#
# You can use templates with modifiers, like:
# Ex: /etc/lp E+ug
#
# Example configuration file:
# /etc R # all system files
# !/etc/lp R # ...but not those logs
# =/tmp N # just the directory, not its files
#
# Note the difference between pruning (via "!") and ignoring everything
# (via "E" template): Ignoring everything in a directory still monitors
# for added and deleted files. Pruning a directory will prevent Tripwire
# from even looking in the specified directory.
#
#
# Tripwire running slowly? Modify your tripwire.config entries to
# ignore the (signature 2) attribute when this computationally-exorbitant
# protection is not needed. (See README and design document for further
# details.)
#
# First, root's traditional "home". Note that FreeBSD's root's home (/root)
# is protected by R-2 protections in the default config file.
=/ L
/.rhosts R # may not exist
/.profile R # may not exist
/.cshrc R # may not exist
/.login R # may not exist
/.exrc R # may not exist
/.logout R # may not exist
/.forward R # may not exist
# Unix itself
/kernel R
# /bin
/bin R-2
# /dev
/dev L
# /etc
/etc R-2
/etc/aliases L
/etc/dumpdates L
/etc/motd L
# my passwd database should be static at time of system build. yours may
# not be, if not, uncomment the lines below.
# /etc/passwd L
# /etc/master.passwd L
# /etc/pwd.db L
# /etc/spwd.db L
# /home
=/home
# /lkm and /modules
/lkm R-2
/modules R-2
# /boot
/boot R-2
# /root
/root R-2
/root/.history L
# /sbin
/sbin R-2
# /stand
/stand R-2
# /usr/bin
/usr/bin R-2
/usr/include R-12
/usr/lib R-2
/usr/libdata R-2
/usr/libexec R-2
/usr/local/bin R-2
/usr/local/etc L
/usr/local/lib R-2
/usr/local/libexec R-2
/usr/local/sbin R-2
/usr/local/share R-2
/usr/sbin R-2
/usr/share R-2
###########################################
|