Date: Mon, 25 Oct 1999 05:43:02 -0700 (PDT) From: Cy.Schubert@uumail.gov.bc.ca To: FreeBSD-gnats-submit@freebsd.org Subject: ports/14515: New Tripwire 1.3 Port Message-ID: <199910251243.FAA71650@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help
>Number: 14515
>Category: ports
>Synopsis: New Tripwire 1.3 Port
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 25 05:50:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Cy Schubert
>Release: FreeBSD 3.3-RELEASE i386
>Organization:
ITSD, Province of BC
>Environment:
FreeBSD cwsys 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Wed Oct 13 08:09:56 PDT 1999 root@cwsys:/opt2/cvs-330/src/sys/compile/CWSYS i386
>Description:
New Tripwire 1.3 port. The copyright does not appear restrictive,
however the sales staff at TripwireSecurity call it the "academic
version".
>How-To-Repeat:
N/A
>Fix:
Enclosed is a shar archive. This has been running on various FreeBSD
systems for about 1 year.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# tripwire13
# tripwire13/files
# tripwire13/files/twcheck
# tripwire13/files/md5
# tripwire13/files/conf-freebsd2.h
# tripwire13/files/tw.conf.freebsd2
# tripwire13/patches
# tripwire13/patches/patch-ad
# tripwire13/patches/patch-aa
# tripwire13/patches/patch-ab
# tripwire13/patches/patch-ac
# tripwire13/pkg
# tripwire13/pkg/COMMENT
# tripwire13/pkg/DESCR
# tripwire13/pkg/PLIST
# tripwire13/Makefile
#
echo c - tripwire13
mkdir -p tripwire13 > /dev/null 2>&1
echo c - tripwire13/files
mkdir -p tripwire13/files > /dev/null 2>&1
echo x - tripwire13/files/twcheck
sed 's/^X//' >tripwire13/files/twcheck << 'END-of-tripwire13/files/twcheck'
X#! /bin/sh -
X
X./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config
END-of-tripwire13/files/twcheck
echo x - tripwire13/files/md5
sed 's/^X//' >tripwire13/files/md5 << 'END-of-tripwire13/files/md5'
XMD5 (tripwire-1.30-1.tar.gz) = fd3374db2ba26fe11428e5fac3a98cfa
END-of-tripwire13/files/md5
echo x - tripwire13/files/conf-freebsd2.h
sed 's/^X//' >tripwire13/files/conf-freebsd2.h << 'END-of-tripwire13/files/conf-freebsd2.h'
X/* $Id: conf-freebsd2.h,v 1.1.1.1 1997/04/01 04:44:00 jdp Exp $ */
X
X/*
X * conf-freebsd2.h
X *
X * Tripwire configuration file
X *
X * Joe Greco
X * sol.net Network Services
X * Derived from the other BSD config.h's
X */
X
X/***
X *** Operating System specifics
X ***
X *** If the answer to a question in the comment is "Yes", then
X *** change the corresponding "#undef" to a "#define"
X ***/
X
X/*
X * is your OS a System V derivitive? if so, what version?
X * (e.g., define SYSV 4)
X */
X
X#undef SYSV
X
X/*
X * does your system have a <malloc.h> like System V?
X */
X
X#undef MALLOCH
X
X/*
X * does your system have a <stdlib.h> like POSIX says you should?
X */
X
X#define STDLIBH
X
X/*
X * does your system use readdir(3) that returns (struct dirent *)?
X */
X
X#define DIRENT
X
X/*
X * is #include <string.h> ok? (as opposed to <strings.h>)
X */
X
X#define STRINGH
X
X/*
X * does your system have gethostname(2) (instead of uname(2))?
X */
X
X#define GETHOSTNAME
END-of-tripwire13/files/conf-freebsd2.h
echo x - tripwire13/files/tw.conf.freebsd2
sed 's/^X//' >tripwire13/files/tw.conf.freebsd2 << 'END-of-tripwire13/files/tw.conf.freebsd2'
X# $Id: tw.conf.freebsd2,v 1.3 1998/07/28 17:54:21 obrien Exp $
X#
X# tripwire.config
X# Generic version for FreeBSD
X# Will need editing...see comments below
X#
X# This file contains a list of files and directories that System
X# Preener will scan. Information collected from these files will be
X# stored in the tripwire.database file.
X#
X# Format: [!|=] entry [ignore-flags]
X#
X# where: '!' signifies the entry is to be pruned (inclusive) from
X# the list of files to be scanned.
X# '=' signifies the entry is to be added, but if it is
X# a directory, then all its contents are pruned
X# (useful for /tmp).
X#
X# where: entry is the absolute pathname of a file or a directory
X#
X# where ignore-flags are in the format:
X# [template][ [+|-][pinugsam12] ... ]
X#
X# - : ignore the following atributes
X# + : do not ignore the following attributes
X#
X# p : permission and file mode bits a: access timestamp
X# i : inode number m: modification timestamp
X# n : number of links (ref count) c: inode creation timestamp
X# u : user id of owner 1: signature 1
X# g : group id of owner 2: signature 2
X# s : size of file
X#
X#
X# Ex: The following entry will scan all the files in /etc, and report
X# any changes in mode bits, inode number, reference count, uid,
X# gid, modification and creation timestamp, and the signatures.
X# However, it will ignore any changes in the access timestamp.
X#
X# /etc +pinugsm12-a
X#
X# The following templates have been pre-defined to make these long ignore
X# mask descriptions unecessary.
X#
X# Templates: (default) R : [R]ead-only (+pinugsm12-a)
X# L : [L]og file (+pinug-sam12)
X# N : ignore [N]othing (+pinusgsamc12)
X# E : ignore [E]verything (-pinusgsamc12)
X#
X# By default, Tripwire uses the R template -- it ignores
X# only the access timestamp.
X#
X# You can use templates with modifiers, like:
X# Ex: /etc/lp E+ug
X#
X# Example configuration file:
X# /etc R # all system files
X# !/etc/lp R # ...but not those logs
X# =/tmp N # just the directory, not its files
X#
X# Note the difference between pruning (via "!") and ignoring everything
X# (via "E" template): Ignoring everything in a directory still monitors
X# for added and deleted files. Pruning a directory will prevent Tripwire
X# from even looking in the specified directory.
X#
X#
X# Tripwire running slowly? Modify your tripwire.config entries to
X# ignore the (signature 2) attribute when this computationally-exorbitant
X# protection is not needed. (See README and design document for further
X# details.)
X#
X
X# First, root's traditional "home". Note that FreeBSD's root's home (/root)
X# is protected by R-2 protections in the default config file.
X=/ L
X/.rhosts R # may not exist
X/.profile R # may not exist
X/.cshrc R # may not exist
X/.login R # may not exist
X/.exrc R # may not exist
X/.logout R # may not exist
X/.forward R # may not exist
X
X# Unix itself
X/kernel R
X
X# /bin
X/bin R-2
X
X# /dev
X/dev L
X
X# /etc
X/etc R-2
X/etc/aliases L
X/etc/dumpdates L
X/etc/motd L
X
X# my passwd database should be static at time of system build. yours may
X# not be, if not, uncomment the lines below.
X
X# /etc/passwd L
X# /etc/master.passwd L
X# /etc/pwd.db L
X# /etc/spwd.db L
X
X# /home
X=/home
X
X# /lkm
X/lkm R-2
X
X# /root
X/root R-2
X/root/.history L
X
X# /sbin
X/sbin R-2
X
X# /stand
X/stand R-2
X
X# /usr/bin
X/usr/bin R-2
X
X/usr/include R-12
X
X/usr/lib R-2
X
X/usr/libdata R-2
X
X/usr/libexec R-2
X
X/usr/local/bin R-2
X
X/usr/local/etc L
X
X/usr/local/lib R-2
X
X/usr/local/libexec R-2
X
X/usr/local/sbin R-2
X
X/usr/local/share R-2
X
X/usr/sbin R-2
X
X/usr/share R-2
X
X###########################################
END-of-tripwire13/files/tw.conf.freebsd2
echo c - tripwire13/patches
mkdir -p tripwire13/patches > /dev/null 2>&1
echo x - tripwire13/patches/patch-ad
sed 's/^X//' >tripwire13/patches/patch-ad << 'END-of-tripwire13/patches/patch-ad'
X--- src/Makefile.orig Mon Jul 20 11:11:48 1998
X+++ src/Makefile Fri Mar 19 16:54:23 1999
X@@ -104,8 +104,8 @@
X $(CC) $(CFLAGS) -c $<
X
X install: tripwire
X- $(INSTALL) tripwire $(DESTDIR) -m 555
X- $(INSTALL) siggen $(DESTDIR) -m 555
X+ $(INSTALL) -f noschg -s -m 555 tripwire $(DESTDIR)
X+ $(INSTALL) -f noschg -s -m 555 siggen $(DESTDIR)
X
X clean:
X -rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \
END-of-tripwire13/patches/patch-ad
echo x - tripwire13/patches/patch-aa
sed 's/^X//' >tripwire13/patches/patch-aa << 'END-of-tripwire13/patches/patch-aa'
X*** include/config.h.orig Fri Jul 15 06:02:52 1994
X--- include/config.h Sun Dec 31 18:56:20 1989
X***************
X*** 17,23 ****
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-svr4.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X--- 17,23 ----
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-freebsd2.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X***************
X*** 103,110 ****
X #endif
X */
X
X! #define CONFIG_PATH "/usr/local/bin/tw"
X! #define DATABASE_PATH "/var/tripwire"
X
X /******* name of Tripwire files **************************************
X *
X--- 103,110 ----
X #endif
X */
X
X! # define CONFIG_PATH "/var/adm/tcheck"
X! # define DATABASE_PATH "/var/adm/tcheck/databases"
X
X /******* name of Tripwire files **************************************
X *
END-of-tripwire13/patches/patch-aa
echo x - tripwire13/patches/patch-ab
sed 's/^X//' >tripwire13/patches/patch-ab << 'END-of-tripwire13/patches/patch-ab'
X--- Makefile.orig Mon Jul 20 11:11:48 1998
X+++ Makefile Fri Mar 19 17:19:27 1999
X@@ -10,11 +10,11 @@
X ###
X
X # destination directory for final executables
X-DESTDIR = /usr/local/bin/tw
X-DATADIR = /var/tripwire
X+DESTDIR = /usr/local/bin
X+DATADIR = /var/adm/tcheck
X
X # destination for man pages
X-MANDIR = /usr/man
X+MANDIR = /usr/local/man
X
X # system utilities
X LEX = lex
X@@ -106,10 +106,8 @@
X $(INSTALL) -d $(DESTDIR)
X (cd src; make INSTALL=$(INSTALL) DESTDIR=$(DESTDIR) install)
X (cd man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install)
X- (cd configs; $(INSTALL) tw.config $(DESTDIR) -m 444)
X- chmod 555 $(DESTDIR)
X- $(INSTALL) -d $(DATADIR) -m 0755
X- $(INSTALL) tests/tw.db_TEST $(DATADIR) -m 444
X+ $(INSTALL) -m 0755 -d $(DATADIR)
X+ (cd configs; $(INSTALL) -m 444 tw.config $(DATADIR))
X
X test: all
X (cd tests; make HOSTNAME=$(HOSTNAME) DIST=$(DIST) SHELL=$(SHELL) \
END-of-tripwire13/patches/patch-ab
echo x - tripwire13/patches/patch-ac
sed 's/^X//' >tripwire13/patches/patch-ac << 'END-of-tripwire13/patches/patch-ac'
XThis patch eliminates a compiler warning about LITTLE_ENDIAN begin
Xredefined.
X
X*** sigs/sha/sha.c.orig Mon Jul 25 08:46:45 1994
X--- sigs/sha/sha.c Mon Mar 31 19:55:23 1997
X***************
X*** 47,52 ****
X--- 47,54 ----
X #include "sha.h"
X
X #if BYTEORDER == 0x1234
X+ #undef BIG_ENDIAN
X+ #undef LITTLE_ENDIAN
X #define LITTLE_ENDIAN
X #endif
X
END-of-tripwire13/patches/patch-ac
echo c - tripwire13/pkg
mkdir -p tripwire13/pkg > /dev/null 2>&1
echo x - tripwire13/pkg/COMMENT
sed 's/^X//' >tripwire13/pkg/COMMENT << 'END-of-tripwire13/pkg/COMMENT'
XFile system security and verification program.
END-of-tripwire13/pkg/COMMENT
echo x - tripwire13/pkg/DESCR
sed 's/^X//' >tripwire13/pkg/DESCR << 'END-of-tripwire13/pkg/DESCR'
XTripwire is a tool that aids system administrators and
Xusers in monitoring a designated set of files for any changes.
XUsed with system files on a regular (e.g., daily) basis, Tripwire
Xcan notify system administrators of corrupted or tampered files,
Xso damage control measures can be taken in a timely manner.
X
XIf "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the
X"make" command line, this port will write the tripwire database to
Xa floppy disk, which should then be write-protected and used as a
Xreference for future runs. The diskette should be formatted and
Xpresent in the "A" drive before starting the "make install" step.
X
XJoe Greco <jgreco@ns.sol.net>
END-of-tripwire13/pkg/DESCR
echo x - tripwire13/pkg/PLIST
sed 's/^X//' >tripwire13/pkg/PLIST << 'END-of-tripwire13/pkg/PLIST'
Xbin/tripwire
Xbin/siggen
END-of-tripwire13/pkg/PLIST
echo x - tripwire13/Makefile
sed 's/^X//' >tripwire13/Makefile << 'END-of-tripwire13/Makefile'
X# New ports collection makefile for: tripwire
X# Version required: 1.2
X# Date created: 31 Mar 1997
X# Whom: Joe Greco <jgreco@ns.sol.net>
X#
X# $Id: Makefile,v 1.4 1998/12/01 08:33:29 asami Exp $
X#
X
XDISTNAME= tripwire-1.30-1
XCATEGORIES= security net
X
XMAINTAINER= Cy.Schubert@uumail.gov.bc.ca
X
XMAN5= tw.config.5
XMAN8= siggen.8 tripwire.8
XNO_CDROM= "cannot be redistributed for more than the cost of duplication"
XNO_PACKAGE= "requires local database to be built"
XRESTRICTED= "contains crypto class algorithms"
X
X# .if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})
X# IGNORE='Please read http://www.tripwiresecurity.com/ for details of how to obtain the Tripwire source. Put the file ${DISTNAME}${EXTRACT_SUFX} into the directory ${DISTDIR} and run make again.'
X# .endif
X
Xpre-configure:
X @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
X
Xpost-install:
X @ ${MKDIR} /var/adm/tcheck
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
X @ ${ECHO} Creating tripwire database
X @ (cd /var/adm/tcheck; tripwire -initialize)
X.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
X @ disklabel -w -B /dev/rfd0c fd1440
X @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
X @ mount /dev/fd0c /mnt
X @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
X @ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
X @ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
X > /mnt/tw.db_`hostname`.gz
X @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
X @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
X @ chmod 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
X @ umount /mnt
X @ ${ECHO} Do not forget to remove and write-protect the floppy.
X.endif
X
X.include <bsd.port.mk>
END-of-tripwire13/Makefile
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910251243.FAA71650>