Date: Thu, 04 Mar 2010 16:20:42 -0500 From: Mike Tancsa <mike@sentex.net> To: Dag-Erling =?iso-8859-1?Q?Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@FreeBSD.org Subject: Re: tripwire and device numbers Message-ID: <201003042120.o24LKVZF038956@lava.sentex.ca> In-Reply-To: <86ocj3hkth.fsf@ds4.des.no> References: <201003041953.o24JrDhi038522@lava.sentex.ca> <86ocj3hkth.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:51 PM 3/4/2010, Dag-Erling Sm=C3=B8rgrav wrote:
>Mike Tancsa <mike@sentex.net> writes:
> > While getting a box ready for deployment, I noticed on two occasions,
> > I would get some exception reports flagging all files as the
> > underlying device number through reboots had changed. Is this
> > "normal" for Tripwire and FreeBSD ?
>
>FreeBSD does not have fixed device numbers, they are allocated on the
>fly as each device attaches. I don't know if there is a way around
>this.
OK, I think there is a way around it in the config file.
I am thinking the FreeBSD default config could be changed to
@@section FS
-SEC_CRIT =3D $(IgnoreNone)-SHa ; # Critical files that cannot change
-SEC_SUID =3D $(IgnoreNone)-SHa ; # Binaries=20
with the SUID or SGID flags set
-SEC_BIN =3D $(ReadOnly) ; # Binaries that should not change
-SEC_CONFIG =3D $(Dynamic) ; # Config=20
files that are changed infrequently but accessed often
-SEC_TTY =3D $(Dynamic)-ugp ; # Tty files=20
that change ownership at login
-SEC_LOG =3D $(Growing) ; # Files=20
that grow, but that should never change ownership
-SEC_INVARIANT =3D +tpug ; #=20
Directories that should never change permission or ownership
+SEC_CRIT =3D $(IgnoreNone)-SHad ; # Critical files that cannot change
+SEC_SUID =3D $(IgnoreNone)-SHad ; # Binaries=20
with the SUID or SGID flags set
+SEC_BIN =3D $(ReadOnly)-d ; # Binaries that should not change
+SEC_CONFIG =3D $(Dynamic)-d ; # Config=20
files that are changed infrequently but accessed often
+SEC_TTY =3D $(Dynamic)-ugpd ; # Tty=20
files that change ownership at login
+SEC_LOG =3D $(Growing)-d ; # Files=20
that grow, but that should never change ownership
+SEC_INVARIANT =3D +tpug-d ; #=20
Directories that should never change permission or ownership
SIG_LOW =3D 33 ; #=20
Non-critical files that are of minimal security impact
SIG_MED =3D 66 ; #=20
Non-critical files that are of significant security impact
SIG_HI =3D 100 ; # Critical=20
files that are significant points of vulnerability
Where
=
###########################################################################=
###
# Predefined=20
Variables #
############################################################################=
##
#
# Property Masks
#
# - ignore the following properties
# + check the following properties
#
# a access timestamp (mutually exclusive with +CMSH)
# b number of blocks allocated
# c inode creation/modification timestamp
# d ID of device on which inode resides
# g group id of owner
# i inode number
# l growing files (logfiles for example)
# m modification timestamp
# n number of links
# p permission and file mode bits
# r ID of device pointed to by inode (valid only for device objects)
# s file size
# t file type
# u user id of owner
#
# C CRC-32 hash
# H HAVAL hash
# M MD5 hash
# S SHA hash
#
I have bcc'd the maintainer for input
Thanks,
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003042120.o24LKVZF038956>