Viele kleine Änderungen an Samba und Tripwire

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@497 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

diff --git a/config/tripwire/twcfg.txt b/config/tripwire/twcfg.txt
index 9b02c84748d3116addb995f291d0e96692bdee2f..195819cb86d933c1aab135e9a6529e2e55686952 100644 (file)
--- a/config/tripwire/twcfg.txt
+++ b/config/tripwire/twcfg.txt
@@ -1,9 +1,9 @@
 ROOT                   =/usr/sbin
 POLFILE                =/var/ipfire/tripwire/tw.pol
 DBFILE                 =/var/ipfire/tripwire/$(HOSTNAME).twd
-REPORTFILE             =/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr
+REPORTFILE             =/var/ipfire/tripwire/report/$(DATE).twr
 SITEKEYFILE            =/var/ipfire/tripwire/site.key
-LOCALKEYFILE           =/var/ipfire/tripwire/$(HOSTNAME)-local.key
+LOCALKEYFILE           =/var/ipfire/tripwire/local.key
 EDITOR                 =/usr/bin/vi
 LATEPROMPTING          =false
 LOOSEDIRECTORYCHECKING =false

diff --git a/config/tripwire/twpol.txt b/config/tripwire/twpol.txt
index deaa6633ce92fa49f722ede2d3bdd943bf3174a7..01e6c1ed23f0a7624592a31e1d0347c90f3ce612 100644 (file)
--- a/config/tripwire/twpol.txt
+++ b/config/tripwire/twpol.txt
@@ -1,59 +1,3 @@
-  ##############################################################################
- #                                                                            ##
-############################################################################## #
-#                                                                            # #
-#                    Policy file for Red Hat Linux                           # #
-#                               V1.2.0rh                                     # #
-#                            August 9, 2001                                  # #
-#                                                                            ##
-##############################################################################
-
-
-  ##############################################################################
- #                                                                            ##
-############################################################################## #
-#                                                                            # #
-# This is the example Tripwire Policy file.  It is intended as a place to    # #
-# start creating your own custom Tripwire Policy file.  Referring to it as   # #
-# well as the Tripwire Policy Guide should give you enough information to    # #
-# make a good custom Tripwire Policy file that better covers your            # #
-# configuration and security needs.  A text version of this policy file is   # #
-# called twpol.txt.                                                          # #
-#                                                                            # #
-# Note that this file is tuned to an 'everything' install of Red Hat Linux.  # #
-# If run unmodified, this file should create no errors on database           # #
-# creation, or violations on a subsiquent integrity check.  However, it is   # #
-# impossible for there to be one policy file for all machines, so this       # #
-# existing one errs on the side of security.  Your Linux configuration will  # #
-# most likey differ from the one our policy file was tuned to, and will      # #
-# therefore require some editing of the default Tripwire Policy file.        # #
-#                                                                            # #
-# The example policy file is best run with 'Loose Directory Checking'        # #
-# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration     # #
-# file.                                                                      # #
-#                                                                            # #
-# Email support is not included and must be added to this file.              # #
-# Add the 'emailto=' to the rule directive section of each rule (add a comma # #
-# after the 'severity=' line and add an 'emailto=' and include the email     # #
-# addresses you want the violation reports to go to).  Addresses are         # #
-# semi-colon delimited.                                                      # #
-#                                                                            ##
-##############################################################################
-
-
-
-  ##############################################################################
- #                                                                            ##
-############################################################################## #
-#                                                                            # #
-# Global Variable Definitions                                                # #
-#                                                                            # #
-# These are defined at install time by the installation script.  You may     # #
-# Manually edit these if you are using this file directly and not from the   # #
-# installation script itself.                                                # #
-#                                                                            ##
-##############################################################################
-
 @@section GLOBAL
 TWROOT=/usr/sbin;
 TWBIN=/usr/sbin;
@@ -62,12 +6,10 @@ TWDB="/var/ipfire/tripwire";
 TWSKEY="/var/ipfire/tripwire";
 TWLKEY="/var/ipfire/tripwire";
 TWREPORT="/var/ipfire/tripwire/report";
-HOSTNAME=ipfire-test.homeip.net;
+HOSTNAME=ipfire;
 
 @@section FS
 SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
-SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
-SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
 SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
 SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
 SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
@@ -75,965 +17,58 @@ SIG_LOW       = 33 ;                 # Non-critical files that are of minimal se
 SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
 SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
 
+# System Files
 
-# Tripwire Binaries
-(
-  rulename = "Tripwire Binaries",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
-  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
-  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
-  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
-}
-
-# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
 (
-  rulename = "Tripwire Data Files",
-# emailto = <email addr>,
+  rulename = "System Files",
   severity = $(SIG_HI)
 )
 {
-  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
-  # it does so by renaming the old file and creating a new one (which will
-  # have a new inode number).  Inode is left turned on for keys, which shouldn't
-  # ever change.
-
-  # NOTE: The first integrity check triggers this rule and each integrity check
-  # afterward triggers this rule until a database update is run, since the
-  # database file does not exist before that point.
+  $(TWDB)                          -> $(SEC_CRIT) ;
+  $(TWPOL)/tw.pol                  -> $(SEC_CRIT) -i ;
+  $(TWPOL)/tw.cfg                  -> $(SEC_CRIT) -i ;
+  $(TWLKEY)/local.key  -> $(SEC_CRIT) ;
+  $(TWSKEY)/site.key               -> $(SEC_CRIT) ;
 
-  $(TWDB)                              -> $(SEC_CONFIG) -i ;
-  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
-  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
-  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
-  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
+  /bin                            -> $(SEC_CRIT) ;
+  /boot                            -> $(SEC_CRIT) ;
+  /etc                             -> $(SEC_CRIT) ;
+  /lib                             -> $(SEC_CRIT) ;
+  /root                            -> $(SEC_CRIT) ;
+  /root/.bash_history              -> $(Dynamic)  ;
+  /sbin                            -> $(SEC_CRIT) ;
+  /usr                             -> $(SEC_CRIT) ;
+  !/usr/src                                       ;
+  /etc/mtab                        -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
 
   #don't scan the individual reports
-  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
+  $(TWREPORT)                      -> $(SEC_CONFIG) (recurse=0) ;
 }
 
-
-# Tripwire HQ Connector Binaries
-#(
-#  rulename = "Tripwire HQ Connector Binaries",
-#  emailto = <email addr>,
-#  severity = $(SIG_HI)
-#)
-#{
-#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
-#}
-#
-# Tripwire HQ Connector - Configuration Files, Keys, and Logs
-
-  ##############################################################################
- #                                                                            ##
-############################################################################## #
-#                                                                            # #
-# Note: File locations here are different than in a stock HQ Connector       # #
-# installation.  This is because Tripwire 2.3 uses a different path          # #
-# structure than Tripwire 2.2.1.                                             # #
-#                                                                            # #
-# You may need to update your HQ Agent configuation file (or this policy     # #
-# file) to correct the paths.  We have attempted to support the FHS standard # #
-# here by placing the HQ Agent files similarly to the way Tripwire 2.3       # #
-# places them.                                                               # #
-#                                                                            ##
-##############################################################################
-
-#(
-#  rulename = "Tripwire HQ Connector Data Files",
-#  emailto = <email addr>,
-#  severity = $(SIG_HI)
-#)
-#{
-#   #############################################################################
-#  ##############################################################################
-#  # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
-#  # it does so by renaming the old file and creating a new one (which will    ##
-#  # have a new inode number).  Leaving inode turned on for keys, which        ##
-#  # shouldn't ever change.                                                    ##
-#  #############################################################################
-#
-#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
-#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
-#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
-#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
-#
-#  # Uncomment if you have agent logging enabled.
-#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
-#}
-
-
-
 # Commonly accessed directories that should remain static with regards to owner and group
 (
   rulename = "Invariant Directories",
-# emailto = <email addr>,
   severity = $(SIG_MED)
 )
 {
-  /                                    -> $(SEC_INVARIANT) (recurse = 0) ;
-  /home                                -> $(SEC_INVARIANT) (recurse = 0) ;
-  /etc                                 -> $(SEC_INVARIANT) (recurse = 0) ;
-}
-  ################################################
- #                                              ##
-################################################ #
-#                                              # #
-# File System and Disk Administration Programs # #
-#                                              ##
-################################################
-
-(
-  rulename = "File System and Disk Administraton Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/accton                         -> $(SEC_CRIT) ;
-  /sbin/badblocks                      -> $(SEC_CRIT) ;
-#  /sbin/busybox                        -> $(SEC_CRIT) ;
-#  /sbin/busybox.anaconda               -> $(SEC_CRIT) ;
-#  /sbin/convertquota                   -> $(SEC_CRIT) ;
-#  /sbin/dosfsck                        -> $(SEC_CRIT) ;
-  /sbin/debugfs                        -> $(SEC_CRIT) ;
-#  /sbin/debugreiserfs                  -> $(SEC_CRIT) ;
-  /sbin/dumpe2fs                       -> $(SEC_CRIT) ;
-#  /sbin/dump                           -> $(SEC_CRIT) ;
-#  /sbin/dump.static                    -> $(SEC_CRIT) ;
-  # /sbin/e2fsadm                        -> $(SEC_CRIT) ; tune2fs?
-  /sbin/e2fsck                         -> $(SEC_CRIT) ;
-  /sbin/e2label                        -> $(SEC_CRIT) ;
-  /sbin/fdisk                          -> $(SEC_CRIT) ;
-  /sbin/fsck                           -> $(SEC_CRIT) ;
-  /sbin/fsck.ext2                      -> $(SEC_CRIT) ;
-  /sbin/fsck.ext3                      -> $(SEC_CRIT) ;
-#  /sbin/fsck.minix                     -> $(SEC_CRIT) ;
-#  /sbin/fsck.msdos                     -> $(SEC_CRIT) ;
-#  /sbin/fsck.vfat                      -> $(SEC_CRIT) ;
-#  /sbin/ftl_check                      -> $(SEC_CRIT) ;
-#  /sbin/ftl_format                     -> $(SEC_CRIT) ;
-  /sbin/hdparm                         -> $(SEC_CRIT) ;
-  #/sbin/lvchange                       -> $(SEC_CRIT) ;
-  #/sbin/lvcreate                       -> $(SEC_CRIT) ;
-  #/sbin/lvdisplay                      -> $(SEC_CRIT) ;
-  #/sbin/lvextend                       -> $(SEC_CRIT) ;
-  #/sbin/lvmchange                      -> $(SEC_CRIT) ;
-  #/sbin/lvmcreate_initrd               -> $(SEC_CRIT) ;
-  #/sbin/lvmdiskscan                    -> $(SEC_CRIT) ;
-  #/sbin/lvmsadc                        -> $(SEC_CRIT) ;
-  #/sbin/lvmsar                         -> $(SEC_CRIT) ;
-  #/sbin/lvreduce                       -> $(SEC_CRIT) ;
-  #/sbin/lvremove                       -> $(SEC_CRIT) ;
-  #/sbin/lvrename                       -> $(SEC_CRIT) ;
-  #/sbin/lvscan                         -> $(SEC_CRIT) ;
-#  /sbin/mkbootdisk                     -> $(SEC_CRIT) ;
-#  /sbin/mkdosfs                        -> $(SEC_CRIT) ;
-  /sbin/mke2fs                         -> $(SEC_CRIT) ;
-  /sbin/mkfs                           -> $(SEC_CRIT) ;
-#  /sbin/mkfs.bfs                       -> $(SEC_CRIT) ;
-  /sbin/mkfs.ext2                      -> $(SEC_CRIT) ;
-#  /sbin/mkfs.minix                     -> $(SEC_CRIT) ;
-#  /sbin/mkfs.msdos                     -> $(SEC_CRIT) ;
-#  /sbin/mkfs.vfat                      -> $(SEC_CRIT) ;
-  /sbin/mkinitrd                       -> $(SEC_CRIT) ;
-  #/sbin/mkpv                         -> $(SEC_CRIT) ;
-#  /sbin/mkraid                         -> $(SEC_CRIT) ;
-#  /sbin/mkreiserfs                     -> $(SEC_CRIT) ;
-  /sbin/mkswap                         -> $(SEC_CRIT) ;
-  #/sbin/mtx                            -> $(SEC_CRIT) ;
-#  /sbin/pam_console_apply              -> $(SEC_CRIT) ;
-#  /sbin/parted                         -> $(SEC_CRIT) ;
-#  /sbin/pcinitrd                       -> $(SEC_CRIT) ;
-  #/sbin/pvchange                       -> $(SEC_CRIT) ;
-  #/sbin/pvcreate                       -> $(SEC_CRIT) ;
-  #/sbin/pvdata                         -> $(SEC_CRIT) ;
-  #/sbin/pvdisplay                      -> $(SEC_CRIT) ;
-  #/sbin/pvmove                         -> $(SEC_CRIT) ;
-  #/sbin/pvscan                         -> $(SEC_CRIT) ;
-#  /sbin/quotacheck                     -> $(SEC_CRIT) ;
-#  /sbin/quotaon                        -> $(SEC_CRIT) ;
-#  /sbin/raidstart                      -> $(SEC_CRIT) ;
-#  /sbin/reiserfsck                     -> $(SEC_CRIT) ;
-#  /sbin/resize2fs                      -> $(SEC_CRIT) ;
-#  /sbin/resize_reiserfs                -> $(SEC_CRIT) ;
-#  /sbin/restore                        -> $(SEC_CRIT) ;
-#  /sbin/restore.static                 -> $(SEC_CRIT) ;
-#  /sbin/scsi_info                      -> $(SEC_CRIT) ;
-  /sbin/sfdisk                         -> $(SEC_CRIT) ;
-#  /sbin/stinit                         -> $(SEC_CRIT) ;
-  #/sbin/tapeinfo                       -> $(SEC_CRIT) ;
-  /sbin/tune2fs                        -> $(SEC_CRIT) ;
-#  /sbin/unpack                         -> $(SEC_CRIT) ;
-#  /sbin/update                         -> $(SEC_CRIT) ;
-  #/sbin/vgcfgbackup                    -> $(SEC_CRIT) ;
-  #/sbin/vgcfgrestore                   -> $(SEC_CRIT) ;
-  #/sbin/vgchange                       -> $(SEC_CRIT) ;
-  #/sbin/vgck                           -> $(SEC_CRIT) ;
-  #/sbin/vgcreate                       -> $(SEC_CRIT) ;
-  #/sbin/vgdisplay                      -> $(SEC_CRIT) ;
-  #/sbin/vgexport                       -> $(SEC_CRIT) ;
-  #/sbin/vgextend                       -> $(SEC_CRIT) ;
-  #/sbin/vgimport                       -> $(SEC_CRIT) ;
-  #/sbin/vgmerge                        -> $(SEC_CRIT) ;
-  #/sbin/vgmknodes                      -> $(SEC_CRIT) ;
-  #/sbin/vgreduce                       -> $(SEC_CRIT) ;
-  #/sbin/vgremove                       -> $(SEC_CRIT) ;
-  #/sbin/vgrename                       -> $(SEC_CRIT) ;
-  #/sbin/vgscan                         -> $(SEC_CRIT) ;
-  #/sbin/vgsplit                        -> $(SEC_CRIT) ;
-  /bin/chgrp                           -> $(SEC_CRIT) ;
-  /bin/chmod                           -> $(SEC_CRIT) ;
-  /bin/chown                           -> $(SEC_CRIT) ;
-  /bin/cp                              -> $(SEC_CRIT) ;
-#  /bin/cpio                            -> $(SEC_CRIT) ;
-  /bin/mount                           -> $(SEC_CRIT) ;
-  /bin/umount                          -> $(SEC_CRIT) ;
-  /bin/mkdir                           -> $(SEC_CRIT) ;
-  /bin/mknod                           -> $(SEC_CRIT) ;
-#  /bin/mktemp                          -> $(SEC_CRIT) ;
-  /bin/rm                              -> $(SEC_CRIT) ;
-  /bin/rmdir                           -> $(SEC_CRIT) ;
-#  /bin/touch                           -> $(SEC_CRIT) ;
-}
-
-  ##################################
- #                                ##
-################################## #
-#                                # #
-# Kernel Administration Programs # #
-#                                ##
-##################################
-
-(
-  rulename = "Kernel Administration Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/adjtimex                       -> $(SEC_CRIT) ;
-  /sbin/ctrlaltdel                     -> $(SEC_CRIT) ;
-  /sbin/depmod                         -> $(SEC_CRIT) ;
-#  /sbin/insmod                         -> $(SEC_CRIT) ;
-  /sbin/insmod.static                  -> $(SEC_CRIT) ;
-#  /sbin/insmod_ksymoops_clean          -> $(SEC_CRIT) ;
-#  /sbin/klogd                          -> $(SEC_CRIT) ;
-  /sbin/ldconfig                       -> $(SEC_CRIT) ;
-#  /sbin/minilogd                       -> $(SEC_CRIT) ;
-  /sbin/modinfo                        -> $(SEC_CRIT) ;
-  #/sbin/nuactlun                       -> $(SEC_CRIT) ;
-  #/sbin/nuscsitcpd                     -> $(SEC_CRIT) ;
-  /sbin/pivot_root                     -> $(SEC_CRIT) ;
-#  /sbin/sndconfig                      -> $(SEC_CRIT) ;
-  /sbin/sysctl                         -> $(SEC_CRIT) ;
-}
-
-  #######################
- #                     ##
-####################### #
-#                     # #
-# Networking Programs # #
-#                     ##
-#######################
-
-(
-  rulename = "Networking Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /etc/sysconfig/network-scripts/ifdown                  -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-cipcb            -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-ippp             -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-ipv6             -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-isdn             -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-post             -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-ppp              -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-sit              -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifdown-sl               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup                    -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-aliases            -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-cipcb              -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-ippp               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-ipv6               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-isdn               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-plip               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-plusb              -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-post               -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-ppp                -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-routes             -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-sit                -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-sl                 -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/ifup-wireless           -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/network-functions       -> $(SEC_CRIT) ;
-#  /etc/sysconfig/network-scripts/network-functions-ipv6  -> $(SEC_CRIT) ;
-  /bin/ping                            -> $(SEC_CRIT) ;
-  /sbin/agetty                         -> $(SEC_CRIT) ;
-  /sbin/arp                            -> $(SEC_CRIT) ;
-#  /sbin/arping                         -> $(SEC_CRIT) ;
-  /sbin/dhcpcd                         -> $(SEC_CRIT) ;
-#  /sbin/ether-wake                     -> $(SEC_CRIT) ;
-  #/sbin/getty                          -> $(SEC_CRIT) ;
-#  /sbin/ifcfg                          -> $(SEC_CRIT) ;
-  /sbin/ifconfig                       -> $(SEC_CRIT) ;
-#  /sbin/ifdown                         -> $(SEC_CRIT) ;
-#  /sbin/ifenslave                      -> $(SEC_CRIT) ;
-#  /sbin/ifport                         -> $(SEC_CRIT) ;
-#  /sbin/ifup                           -> $(SEC_CRIT) ;
-#  /sbin/ifuser                         -> $(SEC_CRIT) ;
-  /sbin/ip                             -> $(SEC_CRIT) ;
-#  /sbin/ip6tables                      -> $(SEC_CRIT) ;
-#  /sbin/ipchains                       -> $(SEC_CRIT) ;
-#  /sbin/ipchains-restore               -> $(SEC_CRIT) ;
-#  /sbin/ipchains-save                  -> $(SEC_CRIT) ;
-#  /sbin/ipfwadm                        -> $(SEC_CRIT) ;
-  /sbin/ipmaddr                        -> $(SEC_CRIT) ;
-  /sbin/iptables                       -> $(SEC_CRIT) ;
-#  /sbin/iptables-restore               -> $(SEC_CRIT) ;
-#  /sbin/iptables-save                  -> $(SEC_CRIT) ;
-#  /sbin/iptunnel                       -> $(SEC_CRIT) ;
-#  /sbin/ipvsadm                        -> $(SEC_CRIT) ;
-#  /sbin/ipvsadm-restore                -> $(SEC_CRIT) ;
-#  /sbin/ipvsadm-save                   -> $(SEC_CRIT) ;
-#  /sbin/ipx_configure                  -> $(SEC_CRIT) ;
-#  /sbin/ipx_interface                  -> $(SEC_CRIT) ;
-#  /sbin/ipx_internal_net               -> $(SEC_CRIT) ;
-#  /sbin/iwconfig                       -> $(SEC_CRIT) ;
-#  /sbin/iwgetid                        -> $(SEC_CRIT) ;
-#  /sbin/iwlist                         -> $(SEC_CRIT) ;
-#  /sbin/iwpriv                         -> $(SEC_CRIT) ;
-#  /sbin/iwspy                          -> $(SEC_CRIT) ;
-#  /sbin/mgetty                         -> $(SEC_CRIT) ;
-#  /sbin/mingetty                       -> $(SEC_CRIT) ;
-  /sbin/nameif                         -> $(SEC_CRIT) ;
-#  /sbin/netreport                      -> $(SEC_CRIT) ;
-  /sbin/plipconfig                     -> $(SEC_CRIT) ;
-#  /sbin/portmap                        -> $(SEC_CRIT) ;
-#  /sbin/ppp-watch                      -> $(SEC_CRIT) ;
-  #/sbin/rarp                           -> $(SEC_CRIT) ;
-  /sbin/route                          -> $(SEC_CRIT) ;
-  /sbin/slattach                       -> $(SEC_CRIT) ;
-  /sbin/tc                             -> $(SEC_CRIT) ;
-  #/sbin/uugetty                        -> $(SEC_CRIT) ;
-#  /sbin/vgetty                         -> $(SEC_CRIT) ;
-#  /sbin/ypbind                         -> $(SEC_CRIT) ;
+  /                               -> $(SEC_INVARIANT) (recurse = 0) ;
+  /home                           -> $(SEC_INVARIANT) (recurse = 0) ;
+  /tmp                            -> $(SEC_INVARIANT) ;
 }
 
-  ##################################
- #                                ##
-################################## #
-#                                # #
-# System Administration Programs # #
-#                                ##
-##################################
-
-(
-  rulename = "System Administration Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/chkconfig                      -> $(SEC_CRIT) ;
-#  /sbin/fuser                          -> $(SEC_CRIT) ;
-  /sbin/halt                           -> $(SEC_CRIT) ;
-  /sbin/init                           -> $(SEC_CRIT) ;
-#  /sbin/initlog                        -> $(SEC_CRIT) ;
-#  /sbin/install-info                   -> $(SEC_CRIT) ;
-  /sbin/killall5                       -> $(SEC_CRIT) ;
-  #/sbin/linuxconf                      -> $(SEC_CRIT) ;
-  #/sbin/linuxconf-auth                 -> $(SEC_CRIT) ;
-  /sbin/pam_tally                      -> $(SEC_CRIT) ;
-#  /sbin/pwdb_chkpwd                    -> $(SEC_CRIT) ;
-  #/sbin/remadmin                       -> $(SEC_CRIT) ;
-#  /sbin/rescuept                       -> $(SEC_CRIT) ;
-#  /sbin/rmt                            -> $(SEC_CRIT) ;
-#  /sbin/rpc.lockd                      -> $(SEC_CRIT) ;
-#  /sbin/rpc.statd                      -> $(SEC_CRIT) ;
-#  /sbin/rpcdebug                       -> $(SEC_CRIT) ;
-#  /sbin/service                        -> $(SEC_CRIT) ;
-#  /sbin/setsysfont                     -> $(SEC_CRIT) ;
-  /sbin/shutdown                       -> $(SEC_CRIT) ;
-  /sbin/sulogin                        -> $(SEC_CRIT) ;
-  /sbin/swapon                         -> $(SEC_CRIT) ;
-#  /sbin/syslogd                        -> $(SEC_CRIT) ;
-#  /sbin/unix_chkpwd                    -> $(SEC_CRIT) ;
-  /bin/pwd                             -> $(SEC_CRIT) ;
-  /bin/uname                           -> $(SEC_CRIT) ;
-}
-
-  ########################################
- #                                      ##
-######################################## #
-#                                      # #
-# Hardware and Device Control Programs # #
-#                                      ##
-########################################
-(
-  rulename = "Hardware and Device Control Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  /bin/setserial                       -> $(SEC_CRIT) ;
-#  /bin/sfxload                         -> $(SEC_CRIT) ;
-  /sbin/blockdev                       -> $(SEC_CRIT) ;
-#  /sbin/cardctl                        -> $(SEC_CRIT) ;
-#  /sbin/cardmgr                        -> $(SEC_CRIT) ;
-#  /sbin/cbq                            -> $(SEC_CRIT) ;
-#  /sbin/dump_cis                       -> $(SEC_CRIT) ;
-  /sbin/elvtune                        -> $(SEC_CRIT) ;
-#  /sbin/hotplug                        -> $(SEC_CRIT) ;
-  /sbin/hwclock                        -> $(SEC_CRIT) ;
-#  /sbin/ide_info                       -> $(SEC_CRIT) ;
-  #/sbin/isapnp                         -> $(SEC_CRIT) ;
-  #/sbin/kbdrate                        -> $(SEC_CRIT) ;
-  /sbin/losetup                        -> $(SEC_CRIT) ;
-#  /sbin/lspci                          -> $(SEC_CRIT) ;
-#  /sbin/lspnp                          -> $(SEC_CRIT) ;
-  /sbin/mii-tool                       -> $(SEC_CRIT) ;
-#  /sbin/pack_cis                       -> $(SEC_CRIT) ;
-  #/sbin/pnpdump                        -> $(SEC_CRIT) ;
-#  /sbin/probe                          -> $(SEC_CRIT) ;
-  #/sbin/pump                           -> $(SEC_CRIT) ;
-#  /sbin/setpci                         -> $(SEC_CRIT) ;
-#  /sbin/shapecfg                       -> $(SEC_CRIT) ;
-}
-
-  ###############################
- #                             ##
-############################### #
-#                             # #
-# System Information Programs # #
-#                             ##
-###############################
-(
-  rulename = "System Information Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/consoletype                    -> $(SEC_CRIT) ;
-#  /sbin/kernelversion                  -> $(SEC_CRIT) ;
-  /sbin/runlevel                       -> $(SEC_CRIT) ;
-}
-
-  ####################################
- #                                  ##
-#################################### #
-#                                  # #
-# Application Information Programs # #
-#                                  ##
-####################################
-
-(
-  rulename = "Application Information Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/genksyms                       -> $(SEC_CRIT) ;
-  #/sbin/genksyms.old                   -> $(SEC_CRIT) ;
-  /sbin/rtmon                          -> $(SEC_CRIT) ;
-}
-
-  ##########################
- #                        ##
-########################## #
-#                        # #
-# Shell Related Programs # #
-#                        ##
-##########################
-(
-  rulename = "Shell Related Programs",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-#  /sbin/getkey                         -> $(SEC_CRIT) ;
-  /sbin/nash                           -> $(SEC_CRIT) ;
-#  /sbin/sash                           -> $(SEC_CRIT) ;
-}
-
-
-  ################
- #              ##
-################ #
-#              # #
-# OS Utilities # #
-#              ##
-################
-(
-  rulename = "Operating System Utilities",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  /bin/arch                            -> $(SEC_CRIT) ;
-#  /bin/ash                             -> $(SEC_CRIT) ;
-#  /bin/ash.static                      -> $(SEC_CRIT) ;
-#  /bin/aumix-minimal                   -> $(SEC_CRIT) ;
-#  /bin/basename                        -> $(SEC_CRIT) ;
-  /bin/cat                             -> $(SEC_CRIT) ;
-  #/bin/consolechars                    -> $(SEC_CRIT) ;
-#  /bin/cut                             -> $(SEC_CRIT) ;
-  /bin/date                            -> $(SEC_CRIT) ;
-  /bin/dd                              -> $(SEC_CRIT) ;
-  /bin/df                              -> $(SEC_CRIT) ;
-  /bin/dmesg                           -> $(SEC_CRIT) ;
-#  /bin/doexec                          -> $(SEC_CRIT) ;
-  /bin/echo                            -> $(SEC_CRIT) ;
-#  /bin/ed                              -> $(SEC_CRIT) ;
-  /bin/egrep                           -> $(SEC_CRIT) ;
-  /bin/false                           -> $(SEC_CRIT) ;
-  /bin/fgrep                           -> $(SEC_CRIT) ;
-#  /bin/gawk                            -> $(SEC_CRIT) ;
-#  /bin/gawk-3.1.0                      -> $(SEC_CRIT) ;
-#  /bin/gettext                         -> $(SEC_CRIT) ;
-  /bin/grep                            -> $(SEC_CRIT) ;
-  /bin/gunzip                          -> $(SEC_CRIT) ;
-  /bin/gzip                            -> $(SEC_CRIT) ;
-  /bin/hostname                        -> $(SEC_CRIT) ;
-#  /bin/igawk                           -> $(SEC_CRIT) ;
-#  /bin/ipcalc                          -> $(SEC_CRIT) ;
-  /bin/kill                            -> $(SEC_CRIT) ;
-  /bin/ln                              -> $(SEC_CRIT) ;
-  /bin/loadkeys                        -> $(SEC_CRIT) ;
-  /bin/login                           -> $(SEC_CRIT) ;
-  /bin/ls                              -> $(SEC_CRIT) ;
-  /bin/mail                            -> $(SEC_CRIT) ;
-  /bin/more                            -> $(SEC_CRIT) ;
-#  /bin/mt                              -> $(SEC_CRIT) ;
-  /bin/mv                              -> $(SEC_CRIT) ;
-  /bin/netstat                         -> $(SEC_CRIT) ;
-  /bin/nice                            -> $(SEC_CRIT) ;
-#  /bin/pgawk                           -> $(SEC_CRIT) ;
-  /bin/ps                              -> $(SEC_CRIT) ;
-#  /bin/rpm                             -> $(SEC_CRIT) ;
-  /bin/sed                             -> $(SEC_CRIT) ;
-  /bin/sleep                           -> $(SEC_CRIT) ;
-#  /bin/sort                            -> $(SEC_CRIT) ;
-  /bin/stty                            -> $(SEC_CRIT) ;
-  /bin/su                              -> $(SEC_CRIT) ;
-  /bin/sync                            -> $(SEC_CRIT) ;
-  /bin/tar                             -> $(SEC_CRIT) ;
-  /bin/true                            -> $(SEC_CRIT) ;
-#  /bin/usleep                          -> $(SEC_CRIT) ;
-#  /bin/vi                              -> $(SEC_CRIT) ;
-  /bin/zcat                            -> $(SEC_CRIT) ;
-#  /bin/zsh                             -> $(SEC_CRIT) ;
-#  /bin/zsh-4.0.2                       -> $(SEC_CRIT) ;
-#  /sbin/sln                            -> $(SEC_CRIT) ;
-#  /usr/bin/vimtutor                    -> $(SEC_CRIT) ;
-}
+# Critical Devices
 
-  ##############################
- #                            ##
-############################## #
-#                            # #
-# Critical Utility Sym-Links # #
-#                            ##
-##############################
-(
-  rulename = "Critical Utility Sym-Links",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  #/sbin/askrunlevel                    -> $(SEC_CRIT) ;
-#  /sbin/clock                          -> $(SEC_CRIT) ;
-  #/sbin/fixperm                        -> $(SEC_CRIT) ;
-#  /sbin/fsck.reiserfs                  -> $(SEC_CRIT) ;
-  #/sbin/fsconf                         -> $(SEC_CRIT) ;
-#  /sbin/ipfwadm-wrapper                -> $(SEC_CRIT) ;
-#  /sbin/kallsyms                       -> $(SEC_CRIT) ;
-#  /sbin/ksyms                          -> $(SEC_CRIT) ;
-#  /sbin/lsmod                          -> $(SEC_CRIT) ;
-  #/sbin/mailconf                       -> $(SEC_CRIT) ;
-#  /sbin/mkfs.reiserfs                  -> $(SEC_CRIT) ;
-  #/sbin/modemconf                      -> $(SEC_CRIT) ;
-  /sbin/modprobe                       -> $(SEC_CRIT) ;
-#  /sbin/mount.ncp                      -> $(SEC_CRIT) ;
-#  /sbin/mount.ncpfs                    -> $(SEC_CRIT) ;
-#  /sbin/mount.smb                      -> $(SEC_CRIT) ;
-#  /sbin/mount.smbfs                    -> $(SEC_CRIT) ;
-  #/sbin/netconf                        -> $(SEC_CRIT) ;
-#  /sbin/pidof                          -> $(SEC_CRIT) ;
-  /sbin/poweroff                       -> $(SEC_CRIT) ;
-#  /sbin/quotaoff                       -> $(SEC_CRIT) ;
-#  /sbin/raid0run                       -> $(SEC_CRIT) ;
-#  /sbin/raidhotadd                     -> $(SEC_CRIT) ;
-#  /sbin/raidhotgenerateerror           -> $(SEC_CRIT) ;
-#  /sbin/raidhotremove                  -> $(SEC_CRIT) ;
-#  /sbin/raidstop                       -> $(SEC_CRIT) ;
-#  /sbin/rdump                          -> $(SEC_CRIT) ;
-#  /sbin/rdump.static                   -> $(SEC_CRIT) ;
-  /sbin/reboot                         -> $(SEC_CRIT) ;
-  /sbin/rmmod                          -> $(SEC_CRIT) ;
-#  /sbin/rrestore                       -> $(SEC_CRIT) ;
-#  /sbin/rrestore.static                -> $(SEC_CRIT) ;
-  /sbin/swapoff                        -> $(SEC_CRIT) ;
-  /sbin/telinit                        -> $(SEC_CRIT) ;
-  #/sbin/userconf                       -> $(SEC_CRIT) ;
-  #/sbin/uucpconf                       -> $(SEC_CRIT) ;
-  #/sbin/vregistry                      -> $(SEC_CRIT) ;
-#  /bin/awk                             -> $(SEC_CRIT) ;
-#  /bin/bash2                           -> $(SEC_CRIT) ;
-#  /bin/bsh                             -> $(SEC_CRIT) ;
-#  /bin/csh                             -> $(SEC_CRIT) ;
-  /bin/dnsdomainname                   -> $(SEC_CRIT) ;
-  /bin/domainname                      -> $(SEC_CRIT) ;
-#  /bin/ex                              -> $(SEC_CRIT) ;
-#  /bin/gtar                            -> $(SEC_CRIT) ;
-  /bin/nisdomainname                   -> $(SEC_CRIT) ;
-#  /bin/red                             -> $(SEC_CRIT) ;
-#  /bin/rvi                             -> $(SEC_CRIT) ;
-#  /bin/rview                           -> $(SEC_CRIT) ;
-#  /bin/view                            -> $(SEC_CRIT) ;
-#  /bin/ypdomainname                    -> $(SEC_CRIT) ;
-}
-
-
-  #########################
- #                       ##
-######################### #
-#                       # #
-# Temporary directories # #
-#                       ##
-#########################
-(
-  rulename = "Temporary directories",
-# emailto = <email addr>,
-  recurse = false,
-  severity = $(SIG_LOW)
-)
-{
-  /var/tmp                             -> $(SEC_INVARIANT) ;
-  /tmp                                 -> $(SEC_INVARIANT) ;
-}
-
-  ###############
- #             ##
-############### #
-#             # #
-# Local files # #
-#             ##
-###############
-(
-  rulename = "User binaries",
-# emailto = <email addr>,
-  severity = $(SIG_MED)
-)
-{
-  /sbin                                -> $(SEC_BIN) (recurse = 1) ;
-  /usr/bin                             -> $(SEC_BIN) (recurse = 1) ;
-  /usr/sbin                            -> $(SEC_BIN) (recurse = 1) ;
-  /usr/local/bin                       -> $(SEC_BIN) (recurse = 1) ;
-}
-
-(
-  rulename = "Shell Binaries",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  /bin/bash                            -> $(SEC_BIN) ;
-  /bin/sh                              -> $(SEC_BIN) ;
-#  /sbin/nologin                        -> $(SEC_BIN) ;
-}
-
-(
-  rulename = "Security Control",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  /etc/group                           -> $(SEC_CRIT) ;
-  /etc/security                        -> $(SEC_CRIT) ;
-  #/var/spool/cron/crontabs             -> $(SEC_CRIT) ; # Uncomment when this file exists
-}
-
-#(
-#  rulename = "Boot Scripts",
-# emailto = <email addr>,
-#  severity = $(SIG_HI)
-#)
-#{
-#  /etc/rc                              -> $(SEC_CONFIG) ;
-#  /etc/rc.bsdnet                       -> $(SEC_CONFIG) ;
-#  /etc/rc.dt                           -> $(SEC_CONFIG) ;
-#  /etc/rc.net                          -> $(SEC_CONFIG) ;
-#  /etc/rc.net.serial                   -> $(SEC_CONFIG) ;
-#  /etc/rc.nfs                          -> $(SEC_CONFIG) ;
-#  /etc/rc.powerfail                    -> $(SEC_CONFIG) ;
-#  /etc/rc.tcpip                        -> $(SEC_CONFIG) ;
-#  /etc/trcfmt.Z                        -> $(SEC_CONFIG) ;
-#}
-
-(
-  rulename = "Login Scripts",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-  /etc/bashrc                          -> $(SEC_CONFIG) ;
-#  /etc/csh.cshrc                       -> $(SEC_CONFIG) ;
-#  /etc/csh.login                       -> $(SEC_CONFIG) ;
-  /etc/inputrc                         -> $(SEC_CONFIG) ;
-  # /etc/tsh_profile                     -> $(SEC_CONFIG) ; #Uncomment when this file exists
-  /etc/profile                         -> $(SEC_CONFIG) ;
-}
-
-# Libraries
-(
-  rulename = "Libraries",
-# emailto = <email addr>,
-  severity = $(SIG_MED)
-)
-{
-  /usr/lib                             -> $(SEC_BIN) ;
-  /usr/local/lib                       -> $(SEC_BIN) ;
-}
-
-
-  ######################################################
- #                                                    ##
-###################################################### #
-#                                                    # #
-# Critical System Boot Files                         # #
-# These files are critical to a correct system boot. # #
-#                                                    ##
-######################################################
-
-(
-  rulename = "Critical system boot files",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-     /boot                             -> $(SEC_CRIT) ;
-     #/sbin/devfsd                      -> $(SEC_CRIT) ;
-#     /sbin/grub                        -> $(SEC_CRIT) ;
-#     /sbin/grub-install                -> $(SEC_CRIT) ;
-#     /sbin/grub-md5-crypt              -> $(SEC_CRIT) ;
-#     /sbin/installkernel               -> $(SEC_CRIT) ;
-#     /sbin/lilo                        -> $(SEC_CRIT) ;
-#     /sbin/mkkerneldoth                -> $(SEC_CRIT) ;
-     !/boot/System.map ;
-     !/boot/module-info ;
-     # other boot files may exist.  Look for:
-     #/ufsboot                          -> $(SEC_CRIT) ;
-}
-   ##################################################
-  ###################################################
-  # These files change every time the system boots ##
-  ##################################################
-(
-  rulename = "System boot changes",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-     !/var/run/ftp.pids-all ; # Comes and goes on reboot.
-     !/root/.enlightenment ;
-     /dev/log                          -> $(SEC_CONFIG) ;
-#     /dev/cua0                         -> $(SEC_CONFIG) ;
-     # /dev/printer                      -> $(SEC_CONFIG) ; # Uncomment if you have a printer device
-     /dev/console                      -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
-     /dev/tty1                         -> $(SEC_CONFIG) ; # tty devices
-     /dev/tty2                         -> $(SEC_CONFIG) ; # tty devices
-     /dev/tty3                         -> $(SEC_CONFIG) ; # are extremely
-     /dev/tty4                         -> $(SEC_CONFIG) ; # variable
-     /dev/tty5                         -> $(SEC_CONFIG) ;
-     /dev/tty6                         -> $(SEC_CONFIG) ;
-     /dev/urandom                      -> $(SEC_CONFIG) ;
-     /dev/initctl                      -> $(SEC_CONFIG) ;
-#     /var/lock/subsys                  -> $(SEC_CONFIG) ;
-     /var/run                          -> $(SEC_CONFIG) ;
-     /var/log                          -> $(SEC_CONFIG) ;
-       ! /var/log/mrtg/red.log ;
-       ! /var/log/mrtg/red.old ;
-       ! /var/log/mrtg/green.log ;
-       ! /var/log/mrtg/green.old ;
-#     /etc/ioctl.save                   -> $(SEC_CONFIG) ;
-#     /etc/issue.net                    -> $(SEC_CONFIG) -i ; # Inode number changes
-     /etc/issue                        -> $(SEC_CONFIG) ;
-     /etc/mtab                         -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
-     /lib/modules                      -> $(SEC_CONFIG) ;
-     /etc/.pwd.lock                    -> $(SEC_CONFIG) ;
-     # /lib/modules/preferred            -> $(SEC_CONFIG) ; #Uncomment when this file exists
-}
-
-# These files change the behavior of the root account
-(
-  rulename = "Root config files",
-# emailto = <email addr>,
-  severity = 100
-)
-{
-     /root                             -> $(SEC_CRIT) ; # Catch all additions to /root
-#     /root/.Xresources                 -> $(SEC_CONFIG) ;
-#     /root/.bashrc                     -> $(SEC_CONFIG) ;
-#     /root/.bash_profile               -> $(SEC_CONFIG) ;
-#     /root/.bash_logout                -> $(SEC_CONFIG) ;
-#     /root/.cshrc                      -> $(SEC_CONFIG) ;
-#     /root/.tcshrc                     -> $(SEC_CONFIG) ;
-     #/root/Mail                        -> $(SEC_CONFIG) ;
-     #/root/mail                        -> $(SEC_CONFIG) ;
-     #/root/.amandahosts                -> $(SEC_CONFIG) ;
-     #/root/.addressbook.lu             -> $(SEC_CONFIG) ;
-     #/root/.addressbook                -> $(SEC_CONFIG) ;
-#     /root/.bash_history               -> $(SEC_CONFIG) ;
-     #/root/.elm                        -> $(SEC_CONFIG) ;
-#     /root/.esd_auth                   -> $(SEC_CONFIG) ;
-#     /root/.gnome_private              -> $(SEC_CONFIG) ;
-#     /root/.gnome-desktop              -> $(SEC_CONFIG) ;
-#     /root/.gnome                      -> $(SEC_CONFIG) ;
-#     /root/.ICEauthority               -> $(SEC_CONFIG) ;
-     #/root/.mc                         -> $(SEC_CONFIG) ;
-     #/root/.pinerc                     -> $(SEC_CONFIG) ;
-     #/root/.sawfish                    -> $(SEC_CONFIG) ;
-#     /root/.Xauthority                 -> $(SEC_CONFIG) -i ; # Changes Inode number on login
-     #/root/.xauth                      -> $(SEC_CONFIG) ;
-     #/root/.xsession-errors            -> $(SEC_CONFIG) ;
-}
-
-  ################################
- #                              ##
-################################ #
-#                              # #
-# Critical configuration files # #
-#                              ##
-################################
-(
-  rulename = "Critical configuration files",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-     #/etc/conf.linuxconf               -> $(SEC_BIN) ;
-#     /etc/crontab                      -> $(SEC_BIN) ;
-#     /etc/cron.hourly                  -> $(SEC_BIN) ;
-#     /etc/cron.daily                   -> $(SEC_BIN) ;
-#     /etc/cron.weekly                  -> $(SEC_BIN) ;
-#     /etc/cron.monthly                 -> $(SEC_BIN) ;
-     /etc/default                      -> $(SEC_BIN) ;
-     /etc/fstab                        -> $(SEC_BIN) ;
-#     /etc/exports                      -> $(SEC_BIN) ;
-     /etc/group-                       -> $(SEC_BIN) ;  # changes should be infrequent
-     /etc/host.conf                    -> $(SEC_BIN) ;
-     /etc/hosts.allow                  -> $(SEC_BIN) ;
-     /etc/hosts.deny                   -> $(SEC_BIN) ;
-     /etc/httpd/conf                   -> $(SEC_BIN) ;  # changes should be infrequent
-     /etc/protocols                    -> $(SEC_BIN) ;
-     /etc/services                     -> $(SEC_BIN) ;
-     /etc/rc.d/init.d                  -> $(SEC_BIN) ;
-     /etc/rc.d                         -> $(SEC_BIN) ;
-#     /etc/mail.rc                      -> $(SEC_BIN) ;
-     /etc/modules.conf                 -> $(SEC_BIN) ;
-#     /etc/motd                         -> $(SEC_BIN) ;
-#     /etc/named.conf                   -> $(SEC_BIN) ;
-     /etc/passwd                       -> $(SEC_CONFIG) ;
-     /etc/passwd-                      -> $(SEC_CONFIG) ;
-     /etc/profile.d                    -> $(SEC_BIN) ;
-#     /var/lib/nfs/rmtab                -> $(SEC_BIN) ;
-#     /usr/sbin/fixrmtab                -> $(SEC_BIN) ;
-#     /etc/rpc                          -> $(SEC_BIN) ;
-#     /etc/sysconfig                    -> $(SEC_BIN) ;
-     /var/ipfire/samba/smb.conf               -> $(SEC_CONFIG) ;
-     #/etc/gettydefs                    -> $(SEC_BIN) ;
-     /etc/nsswitch.conf                -> $(SEC_BIN) ;
-#     /etc/yp.conf                      -> $(SEC_BIN) ;
-     /etc/hosts                        -> $(SEC_CONFIG) ;
-#     /etc/xinetd.conf                  -> $(SEC_CONFIG) ;
-     /etc/inittab                      -> $(SEC_CONFIG) ;
-     /etc/resolv.conf                  -> $(SEC_CONFIG) ;
-     /etc/syslog.conf                  -> $(SEC_CONFIG) ;
-}
-
-  ####################
- #                  ##
-#################### #
-#                  # #
-# Critical devices # #
-#                  ##
-####################
 (
   rulename = "Critical devices",
-# emailto = <email addr>,
   severity = $(SIG_HI),
   recurse = false
 )
 {
-     /dev/kmem                         -> $(Device) ;
-     /dev/mem                          -> $(Device) ;
-     /dev/null                         -> $(Device) ;
-     /dev/zero                         -> $(Device) ;
-     /proc/devices                     -> $(Device) ;
-     /proc/net                         -> $(Device) ;
-#     /proc/sys                         -> $(Device) ;
-     /proc/cpuinfo                     -> $(Device) ;
-     /proc/modules                     -> $(Device) ;
-     /proc/mounts                      -> $(Device) ;
-     /proc/dma                         -> $(Device) ;
-     /proc/filesystems                 -> $(Device) ;
-     /proc/pci                         -> $(Device) ;
-     /proc/interrupts                  -> $(Device) ;
-#     /proc/driver/rtc                  -> $(Device) ;
-     /proc/ioports                     -> $(Device) ;
-#     /proc/scsi                        -> $(Device) ;
-#     /proc/kcore                       -> $(Device) ;
-     /proc/self                        -> $(Device) ;
-     /proc/kmsg                        -> $(Device) ;
-     /proc/stat                        -> $(Device) ;
-#     /proc/ksyms                       -> $(Device) ;
-     /proc/loadavg                     -> $(Device) ;
-     /proc/uptime                      -> $(Device) ;
-     /proc/locks                       -> $(Device) ;
-     /proc/version                     -> $(Device) ;
-#     /proc/mdstat                      -> $(Device) ;
-     /proc/meminfo                     -> $(Device) ;
-     /proc/cmdline                     -> $(Device) ;
-     /proc/misc                        -> $(Device) ;
-}
-
-# Rest of critical system binaries
-(
-  rulename = "OS executables and libraries",
-# emailto = <email addr>,
-  severity = $(SIG_HI)
-)
-{
-     /bin                              -> $(SEC_BIN) ;
-     /lib                              -> $(SEC_BIN) ;
-}
-
-
-#=============================================================================
-#
-# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
-# Inc. in the United States and other countries. All rights reserved.
-#
-# Linux is a registered trademark of Linus Torvalds.
-#
-# UNIX is a registered trademark of The Open Group.
-#
-#=============================================================================
-#
-# Permission is granted to make and distribute verbatim copies of this document
-# provided the copyright notice and this permission notice are preserved on all
-# copies.
-#
-# Permission is granted to copy and distribute modified versions of this
-# document under the conditions for verbatim copying, provided that the entire
-# resulting derived work is distributed under the terms of a permission notice
-# identical to this one.
-#
-# Permission is granted to copy and distribute translations of this document
-# into another language, under the above conditions for modified versions,
-# except that this permission notice may be stated in a translation approved by
-# Tripwire, Inc.
-#
-# DCM
+     /dev/console                 -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
+     /dev/initctl                 -> $(SEC_CONFIG) ;     /dev/log                     -> $(SEC_CONFIG) ;
+     /proc/modules                -> $(Device) ;
+     /proc/mounts                 -> $(Device) ;
+     /proc/filesystems            -> $(Device) ;
+     /proc/misc                   -> $(Device) ;
+     /var/log                     -> $(SEC_CONFIG) ;
+}
\ No newline at end of file

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 4adb38190b9e3fa156c66a100a9737ace9792c00..3b6e96a7090b8c88576b49ed5e263b4d9911dc41 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -222,7 +222,6 @@ WARNING: translation string unused: ovpnstatus log
 WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
 WARNING: translation string unused: password crypting key
-WARNING: translation string unused: pc
 WARNING: translation string unused: polfile
 WARNING: translation string unused: pots
 WARNING: translation string unused: profiles

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 2ef1a39a3e707148596ea4b6d7168bc02c232707..833a485ec0c18582858eadbd2716b3d3ee2dd32e 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -235,7 +235,6 @@ WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpnstatus log
 WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
-WARNING: translation string unused: pc
 WARNING: translation string unused: polfile
 WARNING: translation string unused: pots
 WARNING: translation string unused: profiles

diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 5e7d7fce8d48ca17062f91f88d840ba5674a8252..dc75afeb1b70b477c55c198b2c6fe8d706b77b90 100644 (file)
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -9,7 +9,7 @@
 # $Id: firewalllog.dat,v 1.4.2.18 2005/08/23 12:01:50 eoberlander Exp $
 #
 # July 28, 2003 - Darren Critchley - darren@kdi.ca
-#      - added source mac adapter to layout
+#       - added source mac adapter to layout
 #
 use strict;
 
@@ -35,11 +35,11 @@ my %logsettings=();
 my $errormessage = '';
 
 my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
-       'Sep', 'Oct', 'Nov', 'Dec' );
+        'Sep', 'Oct', 'Nov', 'Dec' );
 my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
-       $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
-       $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
-       $Lang::tr{'december'} );
+        $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+        $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+        $Lang::tr{'december'} );
 
 my @now = localtime();
 my $dow = $now[6];
@@ -60,17 +60,17 @@ my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index o
 
 if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
 {
-       my @temp = split(',',$ENV{'QUERY_STRING'});
-       $start = $temp[0];
-       $cgiparams{'MONTH'} = $temp[1];
-       $cgiparams{'DAY'} = $temp[2];
+        my @temp = split(',',$ENV{'QUERY_STRING'});
+        $start = $temp[0];
+        $cgiparams{'MONTH'} = $temp[1];
+        $cgiparams{'DAY'} = $temp[2];
 }
 
 if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
-       !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+        !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
 {
-       $cgiparams{'DAY'} = $now[3];
-       $cgiparams{'MONTH'} = $now[4];
+        $cgiparams{'DAY'} = $now[3];
+        $cgiparams{'MONTH'} = $now[4];
 }
 elsif($cgiparams{'ACTION'} eq '>>')
 {
@@ -78,16 +78,16 @@ elsif($cgiparams{'ACTION'} eq '>>')
         my @temp_now = localtime(time);
         $temp_now[4] = $cgiparams{'MONTH'};
         $temp_now[3] = $cgiparams{'DAY'};
-       if ($cgiparams{'DAY'}) {
+        if ($cgiparams{'DAY'}) {
             @temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
-           ## Retrieve the same time on the next day +
-           ## 86400 seconds in a day
-       } else {
-           $temp_now[3] = 1;
-           $temp_now[4] = ($temp_now[4]+1) %12;
-           @temp_then = localtime(POSIX::mktime(@temp_now) );
-           $temp_then[3] = 0;
-       }
+            ## Retrieve the same time on the next day +
+            ## 86400 seconds in a day
+        } else {
+            $temp_now[3] = 1;
+            $temp_now[4] = ($temp_now[4]+1) %12;
+            @temp_then = localtime(POSIX::mktime(@temp_now) );
+            $temp_then[3] = 0;
+        }
         $cgiparams{'MONTH'} = $temp_then[4];
         $cgiparams{'DAY'} = $temp_then[3];
 }
@@ -97,16 +97,16 @@ elsif($cgiparams{'ACTION'} eq '<<')
         my @temp_now = localtime(time);
         $temp_now[4] = $cgiparams{'MONTH'};
         $temp_now[3] = $cgiparams{'DAY'};
-       if ($cgiparams{'DAY'}) {
+        if ($cgiparams{'DAY'}) {
             @temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
-           ## Retrieve the same time on the next day -
-           ## 86400 seconds in a day
-       } else {
-           $temp_now[3] = 1;
-           $temp_now[4] = ($temp_now[4]-1) %12;
-           @temp_then = localtime(POSIX::mktime(@temp_now) );
-           $temp_then[3] = 0;
-       }
+            ## Retrieve the same time on the next day -
+            ## 86400 seconds in a day
+        } else {
+            $temp_now[3] = 1;
+            $temp_now[4] = ($temp_now[4]-1) %12;
+            @temp_then = localtime(POSIX::mktime(@temp_now) );
+            $temp_then[3] = 0;
+        }
         $cgiparams{'MONTH'} = $temp_then[4];
         $cgiparams{'DAY'} = $temp_then[3];
 }
@@ -135,9 +135,9 @@ my $date = $cgiparams{'DAY'} == 0 ? '' :  $cgiparams{'DAY'} <= 9 ? "0$cgiparams{
     $sunday += (6-$then[6]) * 86400;
 
     # Convert delta in second to full weeks
-       $gzindex = int (($sunday-$xday)/604800 );
+        $gzindex = int (($sunday-$xday)/604800 );
 }
-                                                                                          
+                                                                                           
 my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
 my $daystr =  $cgiparams{'DAY'} == 0 ?  '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
        
@@ -148,72 +148,72 @@ my $loop = 1;
 my $filestr = 0;
 my $lastdatetime;           # for debug
 my $search_for_end = 0;
-           
+            
 while ($gzindex >=0 && $loop) {
         # calculate file name
         if ($gzindex == 0) {
             $filestr = "/var/log/messages";
         } else {
             $filestr = "/var/log/messages.$gzindex";
-           $filestr = "$filestr.gz" if -f "$filestr.gz";
+            $filestr = "$filestr.gz" if -f "$filestr.gz";
         }
-       # now read file if existing
-       if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
-           #&General::log("reading $filestr");
-           READ:while (<FILE>) {
-               my $line = $_;
-               if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) {
-                   # when standart viewing, just keep in memory the correct slice
-                   # it starts a '$start' and size is $viewport
-                   # If export, then keep all lines...
-                   if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
-                       $log[$lines++] = "$line";
-                   } else {
-                       if ($lines++ < ($start + $Header::viewsize)) {
-                           push(@log,"$line");
-                           if (@log > $Header::viewsize) {
-                               shift (@log);
-                           }
-                       #} else { dont do this optimisation, need to count lines !
-                           #    $datetime = $maxtime; # we have read viewsize lines, stop main loop
-                           #    last READ;           # exit read file
-                       }
-                   }
-                   $search_for_end = 1;        # we find the start of slice, can look for end now
-               } else {
-                   if ($search_for_end == 1) {
-                       #finish read files when date is over (test month equality only)
-                       $line =~ /^(...) (..) ..:..:..*$/;
-                       $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
-                   }
-               }
-           }
-           close (FILE);
-       }
-       $gzindex--;     # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
-                       # for a long time
+        # now read file if existing
+        if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
+            #&General::log("reading $filestr");
+            READ:while (<FILE>) {
+                my $line = $_;
+                if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) {
+                    # when standart viewing, just keep in memory the correct slice
+                    # it starts a '$start' and size is $viewport
+                    # If export, then keep all lines...
+                    if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
+                        $log[$lines++] = "$line";
+                    } else {
+                        if ($lines++ < ($start + $Header::viewsize)) {
+                            push(@log,"$line");
+                            if (@log > $Header::viewsize) {
+                                shift (@log);
+                            }
+                        #} else { dont do this optimisation, need to count lines !
+                            #    $datetime = $maxtime; # we have read viewsize lines, stop main loop
+                            #    last READ;           # exit read file
+                        }
+                    }
+                    $search_for_end = 1;        # we find the start of slice, can look for end now
+                } else {
+                    if ($search_for_end == 1) {
+                        #finish read files when date is over (test month equality only)
+                        $line =~ /^(...) (..) ..:..:..*$/;
+                        $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
+                    }
+                }
+            }
+            close (FILE);
+        }
+        $gzindex--;     # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
+                        # for a long time
 }# while
 
 #  $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
 
 if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
 {
-       print "Content-type: text/plain\n\n";
-       print "IPFire firewall log\r\n";
-       print "$Lang::{'date'}: $date\r\n\r\n";
-
-       if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
-
-       foreach $_ (@log)
-       {
-               /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/;
-               my $day =  $1;
-               $day =~ tr / /0/;
-               my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
-               print "$time $3\r\n";
-               
-       }
-       exit 0;
+        print "Content-type: text/plain\n\n";
+        print "IPFire firewall log\r\n";
+        print "$Lang::{'date'}: $date\r\n\r\n";
+
+        if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+
+        foreach $_ (@log)
+        {
+                /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/;
+                my $day =  $1;
+                $day =~ tr / /0/;
+                my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+                print "$time $3\r\n";
+                
+        }
+        exit 0;
 }
 
 &Header::showhttpheaders();
@@ -223,9 +223,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
 if ($errormessage) {
-       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
-       print "<font class='base'>$errormessage&nbsp;</font>\n";
-       &Header::closebox();
+        &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+        print "<font class='base'>$errormessage&nbsp;</font>\n";
+        &Header::closebox();
 }
 
 &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
@@ -234,33 +234,33 @@ print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table width='100%'>
 <tr>
-       <td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
-       <td width='10%'>
-       <select name='MONTH'>
+        <td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+        <td width='10%'>
+        <select name='MONTH'>
 END
 ;
 for (my $month = 0; $month < 12; $month++)
 {
-       print "\t<option ";
-       if ($month == $cgiparams{'MONTH'}) {
-               print "selected='selected' "; }
-       print "value='$month'>$longmonths[$month]</option>\n";
+        print "\t<option ";
+        if ($month == $cgiparams{'MONTH'}) {
+                print "selected='selected' "; }
+        print "value='$month'>$longmonths[$month]</option>\n";
 }
 print <<END
-       </select>
-       </td>
-       <td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
-       <td width='40%'>
-       <select name='DAY'>
+        </select>
+        </td>
+        <td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+        <td width='40%'>
+        <select name='DAY'>
 END
 ;
 print "<option value='0'>$Lang::tr{'all'}</option>\n";
 for (my $day = 1; $day <= 31; $day++) 
 {
-       print "\t<option ";
-       if ($day == $cgiparams{'DAY'}) {
-               print "selected='selected' "; }
-       print "value='$day'>$day</option>\n";
+        print "\t<option ";
+        if ($day == $cgiparams{'DAY'}) {
+                print "selected='selected' "; }
+        print "value='$day'>$day</option>\n";
 }
 print <<END
 </select>
@@ -285,12 +285,12 @@ $start = 0 if ($start < 0);
 
 my $prev;
     if ($start == 0) {
-       $prev = -1;
+        $prev = -1;
     } else {
-       $prev = $start - ${Header::viewsize};
-       $prev = 0 if ( $prev < 0);
+        $prev = $start - ${Header::viewsize};
+        $prev = 0 if ( $prev < 0);
     }
-                                   
+                                    
 my $next;
     if ($start == $lines - ${Header::viewsize}) {
         $next = -1;
@@ -305,14 +305,14 @@ if ($lines != 0) { &oldernewer(); }
 print <<END
 <table width='100%'>
 <tr>
-       <td align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></td>
-       <td align='center' class='boldbase'><b>Flag</b></td>
-       <td align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></td>
+        <td align='center' class='boldbase'><b>Flag</b></td>
+        <td align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></td>
 </tr>
 END
 ;
@@ -321,51 +321,51 @@ END
 $lines = 0;
 foreach $_ (@log)
 {
-       /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
-       my $day =  $1;
-       $day =~ tr / /0/;
-       my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
-       my $comment = $3; 
-       my $packet = $4;
-
-       $packet =~ /IN=(\w+)/;       my $iface=$1;
-       $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
-       $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
-       $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
-       $packet =~ /PROTO=(\w+)/;    my $proto=$1;
-       $packet =~ /SPT=(\d+)/;      my $srcport=$1;
-       $packet =~ /DPT=(\d+)/;      my $dstport=$1;
-
-       my $gi = Geo::IP::PurePerl->new();
-       my $ccode = $gi->country_code_by_name($srcaddr);
-       my $fcode = lc($ccode);
-
-       my $servi = uc(getservbyport($srcport, lc($proto)));
-       if ($servi ne '' && $srcport < 1024) {
-               $srcport = "$srcport($servi)"; }
-       $servi = uc(getservbyport($dstport, lc($proto)));
-       if ($servi ne '' && $dstport < 1024) {
-               $dstport = "$dstport($servi)";}
-       my @mactemp = split(/:/,$macaddr);
-       $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]";
-       if ($lines % 2) {
-               print "<tr bgcolor='${Header::table1colour}'>\n"; }
-       else {
-               print "<tr bgcolor='${Header::table2colour}'>\n"; }
-       print <<END
-
-       <td align='center'>$time</td>
-       <td align='center'>$comment</td>
-       <td align='center'>$iface</td>
-       <td align='center'>$proto</td>
-       <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
-       <td align='center'>$srcport<br/>$dstport</td>
-       <td align='center'><a href='../country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode'></a></td>
-       <td align='center'>$macaddr</td>
+        /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+        my $day =  $1;
+        $day =~ tr / /0/;
+        my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+        my $comment = $3; 
+        my $packet = $4;
+
+        $packet =~ /IN=(\w+)/;       my $iface=$1;
+        $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
+        $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
+        $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
+        $packet =~ /PROTO=(\w+)/;    my $proto=$1;
+        $packet =~ /SPT=(\d+)/;      my $srcport=$1;
+        $packet =~ /DPT=(\d+)/;      my $dstport=$1;
+
+        my $gi = Geo::IP::PurePerl->new();
+        my $ccode = $gi->country_code_by_name($srcaddr);
+        my $fcode = lc($ccode);
+
+        my $servi = uc(getservbyport($srcport, lc($proto)));
+        if ($servi ne '' && $srcport < 1024) {
+                $srcport = "$srcport($servi)"; }
+        $servi = uc(getservbyport($dstport, lc($proto)));
+        if ($servi ne '' && $dstport < 1024) {
+                $dstport = "$dstport($servi)";}
+        my @mactemp = split(/:/,$macaddr);
+        $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]";
+        if ($lines % 2) {
+                print "<tr bgcolor='${Header::table1colour}'>\n"; }
+        else {
+                print "<tr bgcolor='${Header::table2colour}'>\n"; }
+        print <<END
+
+        <td align='center'>$time</td>
+        <td align='center'>$comment</td>
+        <td align='center'>$iface</td>
+        <td align='center'>$proto</td>
+        <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
+        <td align='center'>$srcport<br/>$dstport</td>
+        <td align='center'><a href='../country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode'></a></td>
+        <td align='center'>$macaddr</td>
 </tr>
 END
-       ;
-       $lines++;
+        ;
+        $lines++;
 }
 
 print "</table>";
@@ -388,16 +388,16 @@ END
 
 print "<td align='center' width='50%'>";
 if ($prev != -1) {
-       print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; }
+        print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; }
 else {
-       print "$Lang::tr{'older'}"; }
+        print "$Lang::tr{'older'}"; }
 print "</td>\n";
 
 print "<td align='center' width='50%'>";
 if ($next >= 0) {
-       print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a>"; }
+        print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a>"; }
 else {
-       print "$Lang::tr{'newer'}"; }
+        print "$Lang::tr{'newer'}"; }
 print "</td>\n";
 
 print <<END
@@ -406,3 +406,4 @@ print <<END
 END
 ;
 }
+

diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 375a7364129b40aea9edec6792a93ea774ce0aea..089cd3852c5cc38028b70053d3ecac006f17e4e9 100644 (file)
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -726,7 +726,7 @@ END
                        {
                        if ($userline[0] =~ /\$/)
                                {
-                               print "$Lang::tr{'interfaces'}</td><td align='left'>";
+                               print "$Lang::tr{'pc'}</td><td align='left'>";
                                }
                        else
                                {
@@ -960,10 +960,8 @@ print <<END
                                                                                                <input type='hidden' name='ACTION' value='sharesreset' />
                                                                                                <input type='image' alt='$Lang::tr{'reset'}' src='/images/reload.gif' />
                                                                                                </form></td>
-               <td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                                                                               <input type='hidden' name='ACTION' value='sharecaption' />
-                                                                                               <input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' />
-                                                                                               </form></td></tr>
+               <td align='center'><a target="popup" onClick="window.open ('', 'popup', 'width=580,height=360,scrollbars=no, toolbar=no,status=no, resizable=yes,menubar=no,location=no,directories=no,top=10,left=10')"href="sambahlp.cgi"><form method='post' action='$ENV{'SCRIPT_NAME'}'><img border="0" src="/images/help-browser.png"></a>
+</td></tr>
 </table>
 END
 ;
@@ -1048,64 +1046,7 @@ END
 ;
        }
 
-if ($sambasettings{'ACTION'} eq 'optioncaption' || $sambasettings{'ACTION'} eq 'optioncaption2')
-       {
-       print <<END
-       <br />
-       <table width='95%' cellspacing='0'>
-       <tr><td><b>$Lang::tr{'caption'}</b></td></tr>
-       <tr><td><u>$Lang::tr{'options'}</u></td><td><u>$Lang::tr{'meaning'}</u> / <u>$Lang::tr{'exampel'}</u></td></tr>
-       <tr><td>comment</td><td>$Lang::tr{'comment'}</td></tr>
-       <tr><td></td><td>comment = $Lang::tr{'my new share'}</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>path</td><td>$Lang::tr{'path to directory'}</td></tr>
-       <tr><td></td><td>path = /tmp</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>writeable</td><td>$Lang::tr{'directory writeable'}</td></tr>
-       <tr><td></td><td>writeable = yes</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>browseable</td><td>sichtbar in Verzeichnisliste</td></tr>
-       <tr><td></td><td>browsable = yes</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>user</td><td>Besitzer der Freigabe</td></tr>
-       <tr><td></td><td>user = samba</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>valid users</td><td>Liste der Zugriffsberechtigten</td></tr>
-       <tr><td></td><td>valid users = samba, user1</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>write list</td><td>$Lang::tr{'visible in browselist'}</td></tr>
-       <tr><td></td><td>write list = samba</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>hosts allow</td><td>$Lang::tr{'host allow'}</td></tr>
-       <tr><td></td><td>hosts allow = localhost 192.168.1.1 192.168.2.0/24</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>hosts deny</td><td>$Lang::tr{'host deny'}</td></tr>
-       <tr><td></td><td>hosts deny = 192.168.1.2 192.168.3.0/24</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>read list</td><td>$Lang::tr{'read list'}</td></tr>
-       <tr><td></td><td>read list = user1</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>admin users</td><td>$Lang::tr{'admin users'}</td></tr>
-       <tr><td></td><td>admin users = user1</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>invalid users</td><td>$Lang::tr{'invalid users'}</td></tr>
-       <tr><td></td><td>invalid users = user2</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>force user</td><td>$Lang::tr{'force user'}</td></tr>
-       <tr><td></td><td>force user = samba</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>directory mask</td><td>$Lang::tr{'directory mask'}</td></tr>
-       <tr><td></td><td>directory mask = 0777</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>create mask</td><td>U$Lang::tr{'create mask'}</td></tr>
-       <tr><td></td><td>create mask = 0777</td></tr>
-       <tr><td><br /></td><td></td></tr>
-       <tr><td>guest ok</td><td>$Lang::tr{'guest ok'}</td></tr>
-       <tr><td></td><td>guest ok = yes</td></tr>
-       </table>
-END
-;
-}
+
 
 &Header::closebox();
 

diff --git a/html/cgi-bin/sambahlp.cgi b/html/cgi-bin/sambahlp.cgi
new file mode 100644 (file)
index 0000000..0c19028
--- /dev/null
+++ b/html/cgi-bin/sambahlp.cgi
@@ -0,0 +1,81 @@
+#!/usr/bin/perl
+#
+# IPFire CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# (c) The IPFire Team
+
+use strict;
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+&Header::showhttpheaders();
+&Header::openpage('Samba', 1, '');
+&Header::openbigbox('100%', 'left', '', 'BigBox');
+&Header::openbox('100%', 'left', '', 'Sambahelp');
+
+       print <<END
+       <br />
+       <table width='95%' cellspacing='0'>
+       <tr><td><b>$Lang::tr{'caption'}</b></td></tr>
+       <tr><td><u>$Lang::tr{'options'}</u></td><td><u>$Lang::tr{'meaning'}</u> / <u>$Lang::tr{'exampel'}</u></td></tr>
+       <tr><td>comment</td><td>$Lang::tr{'comment'}</td></tr>
+       <tr><td></td><td>comment = $Lang::tr{'my new share'}</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>path</td><td>$Lang::tr{'path to directory'}</td></tr>
+       <tr><td></td><td>path = /tmp</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>writeable</td><td>$Lang::tr{'directory writeable'}</td></tr>
+       <tr><td></td><td>writeable = yes</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>browseable</td><td>sichtbar in Verzeichnisliste</td></tr>
+       <tr><td></td><td>browsable = yes</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>user</td><td>Besitzer der Freigabe</td></tr>
+       <tr><td></td><td>user = samba</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>valid users</td><td>Liste der Zugriffsberechtigten</td></tr>
+       <tr><td></td><td>valid users = samba, user1</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>write list</td><td>$Lang::tr{'visible in browselist'}</td></tr>
+       <tr><td></td><td>write list = samba</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>hosts allow</td><td>$Lang::tr{'host allow'}</td></tr>
+       <tr><td></td><td>hosts allow = localhost 192.168.1.1 192.168.2.0/24</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>hosts deny</td><td>$Lang::tr{'host deny'}</td></tr>
+       <tr><td></td><td>hosts deny = 192.168.1.2 192.168.3.0/24</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>read list</td><td>$Lang::tr{'read list'}</td></tr>
+       <tr><td></td><td>read list = user1</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>admin users</td><td>$Lang::tr{'admin users'}</td></tr>
+       <tr><td></td><td>admin users = user1</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>invalid users</td><td>$Lang::tr{'invalid users'}</td></tr>
+       <tr><td></td><td>invalid users = user2</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>force user</td><td>$Lang::tr{'force user'}</td></tr>
+       <tr><td></td><td>force user = samba</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>directory mask</td><td>$Lang::tr{'directory mask'}</td></tr>
+       <tr><td></td><td>directory mask = 0777</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>create mask</td><td>U$Lang::tr{'create mask'}</td></tr>
+       <tr><td></td><td>create mask = 0777</td></tr>
+       <tr><td><br /></td><td></td></tr>
+       <tr><td>guest ok</td><td>$Lang::tr{'guest ok'}</td></tr>
+       <tr><td></td><td>guest ok = yes</td></tr>
+       </table>
+END
+;
+
+&Header::closebox();
+&Header::closebigbox();
+&Header::closepage();

diff --git a/html/cgi-bin/tripwire.cgi b/html/cgi-bin/tripwire.cgi
index fcae3d98c5f78934a82df432d6efa658aedccdc1..aa87806f3c232cc121b0fba3e779e57d95cc743e 100755 (executable)
--- a/html/cgi-bin/tripwire.cgi
+++ b/html/cgi-bin/tripwire.cgi
@@ -20,7 +20,8 @@ my %checked = ();
 my %netsettings = ();
 my $message = "";
 my $errormessage = "";
-my @Logs = qx(ls /var/ipfire/tripwire/report/);
+my @Logs = qx(ls -r /var/ipfire/tripwire/report/);
+my $file = `ls -tr /var/ipfire/tripwire/report/ | tail -1`;
 my $Log =$Lang::tr{'no log selected'};
 
 ############################################################################################################################
@@ -29,9 +30,9 @@ my $Log =$Lang::tr{'no log selected'};
 $tripwiresettings{'ROOT'} = '/usr/sbin';
 $tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
 $tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
-$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr';
+$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr';
 $tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
-$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/$(HOSTNAME)-local.key';
+$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key';
 $tripwiresettings{'EDITOR'} = '/usr/bin/vi';
 $tripwiresettings{'LATEPROMPTING'} = 'false';
 $tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
@@ -43,10 +44,12 @@ $tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
 $tripwiresettings{'SMTPPORT'} = '25';
 $tripwiresettings{'SYSLOGREPORTING'} = 'false';
 $tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
-$tripwiresettings{'SITEKEY'} = 'IPFire';
-$tripwiresettings{'LOCALKEY'} = 'IPFire';
+$tripwiresettings{'SITEKEY'} = 'ipfire';
+$tripwiresettings{'LOCALKEY'} = 'ipfire';
 $tripwiresettings{'ACTION'} = '';
 
+&General::readhash("${General::swroot}/tripwire/settings", \%tripwiresettings);
+
 ############################################################################################################################
 ######################################################### Tripwire HTML Part ###############################################
 
@@ -61,7 +64,7 @@ $tripwiresettings{'ACTION'} = '';
 if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'})
 {
 system("/usr/local/bin/tripwirectrl readconfig");
-open (FILE, ">${General::swroot}/tripwire/tw.cfg") or die "Can't save tripwire config: $!";
+open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!";
 flock (FILE, 2);
 
 print FILE <<END
@@ -122,9 +125,10 @@ if ($tripwiresettings{'ACTION'} eq 'generatepolicypw')
        <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'generatepolicy'}</b>
        <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
        <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+       <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
        <tr><td align='right' width='50%'>
                                         $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
-                                       <input type='hidden' name='ACTION' value='generatepolicy' /></form></td>
+                                       <input type='hidden' name='ACTION' value='generatepolicyyes' /></form></td>
                        <td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
                                        <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
                                        <input type='hidden' name='ACTION' value='cancel' /></form></td>
@@ -142,6 +146,7 @@ if ($tripwiresettings{'ACTION'} eq 'policyresetpw')
        <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'resetpolicy'}</b>
        <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
        <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+       <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
        <tr><td align='right' width='50%'>
                                         $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
                                        <input type='hidden' name='ACTION' value='resetpolicyyes' /></form></td>
@@ -214,12 +219,63 @@ END
 ############################################################################################################################
 ######################################################## Tripwire Funktionen ###############################################
 
-if ($tripwiresettings{'ACTION'} eq 'globalresetyes'){system("/usr/local/bin/tripwirectrl globalreset");}
-if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
-if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){system("/usr/local/bin/tripwirectrl keys IPFire IPFire");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
-if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
-if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
-if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'globalresetyes')
+{
+$tripwiresettings{'ROOT'} = '/usr/sbin';
+$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
+$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
+$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr';
+$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
+$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key';
+$tripwiresettings{'EDITOR'} = '/usr/bin/vi';
+$tripwiresettings{'LATEPROMPTING'} = 'false';
+$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
+$tripwiresettings{'MAILNOVIOLATIONS'} = 'false';
+$tripwiresettings{'EMAILREPORTLEVEL'} = '3';
+$tripwiresettings{'REPORTLEVEL'} = '3';
+$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL';
+$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
+$tripwiresettings{'SMTPPORT'} = '25';
+$tripwiresettings{'SYSLOGREPORTING'} = 'false';
+$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
+$tripwiresettings{'SITEKEY'} = 'ipfire';
+$tripwiresettings{'LOCALKEY'} = 'ipfire';
+$tripwiresettings{'ACTION'} = '';
+system("/usr/local/bin/tripwirectrl readconfig");
+open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!";
+flock (FILE, 2);
+print FILE <<END
+
+ROOT                   =$tripwiresettings{'ROOT'}
+POLFILE                =$tripwiresettings{'POLFILE'}
+DBFILE                 =$tripwiresettings{'DBFILE'}
+REPORTFILE             =$tripwiresettings{'REPORTFILE'}
+SITEKEYFILE            =$tripwiresettings{'SITEKEYFILE'}
+LOCALKEYFILE           =$tripwiresettings{'LOCALKEYFILE'}
+EDITOR                 =$tripwiresettings{'EDITOR'}
+LATEPROMPTING          =$tripwiresettings{'LATEPROMPTING'}
+LOOSEDIRECTORYCHECKING =$tripwiresettings{'LOOSEDIRECTORYCHECKING'}
+MAILNOVIOLATIONS       =$tripwiresettings{'MAILNOVIOLATIONS'}
+EMAILREPORTLEVEL       =$tripwiresettings{'EMAILREPORTLEVEL'}
+REPORTLEVEL            =$tripwiresettings{'REPORTLEVEL'}
+MAILMETHOD             =$tripwiresettings{'MAILMETHOD'}
+SMTPHOST               =$tripwiresettings{'SMTPHOST'}
+SMTPPORT               =$tripwiresettings{'SMTPPORT'}
+SYSLOGREPORTING        =$tripwiresettings{'SYSLOGREPORTING'}
+MAILPROGRAM            =$tripwiresettings{'MAILPROGRAM'}
+
+END
+;
+close FILE;
+&General::writehash("${General::swroot}/tripwire/settings", \%tripwiresettings);
+system("/usr/local/bin/tripwirectrl lockconfig");
+system("/usr/local/bin/tripwirectrl keys ipfire ipfire");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';
+}
+if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
+if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){system("/usr/local/bin/tripwirectrl keys ipfire ipfire");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
+if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
+if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
+if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'} /var/ipfire/tripwire/report/$file");$tripwiresettings{'LOCALKEY'} = 'ipfire';}
 if ($tripwiresettings{'ACTION'} eq 'generatereport'){system("/usr/local/bin/tripwirectrl generatereport");}
 
 ############################################################################################################################
@@ -360,7 +416,7 @@ END
 &Header::closebox();
 
 ############################################################################################################################
-####################################################### Tripwire Init Policy ###############################################
+####################################################### Tripwire Log View ##################################################
 
 &Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'});
 print <<END
@@ -384,12 +440,11 @@ END
 if ($tripwiresettings{'ACTION'} eq 'showlog')
 {
 $Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'});
-#$Log=~s/\n/<br \/>/g;
-#$Log=~s/\t/....             /g;
+$Log=~s/--cfgfile \/var\/ipfire\/tripwire\/tw.cfg --polfile \/var\/ipfire\/tripwire\/tw.pol//g;
 print <<END
 <table width='95%' cellspacing='0'>
 <tr><td><br /></td></tr>
-<tr><td><pre>LOG - $Log </pre></td></tr>
+<tr><td><pre>$Log</pre></td></tr>
 <tr><td><br /></td></tr>
 <tr><td align=center>$tripwiresettings{'LOG'}</td></tr>
 </table>

diff --git a/lfs/samba b/lfs/samba
index df99866f4ec3373a470bb032bcde0ca81629f937..589b220db5fa0a52752ef22f788de8c3cff11c4e 100644 (file)
--- a/lfs/samba
+++ b/lfs/samba
@@ -108,6 +108,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cp -vfp /var/ipfire/samba/default.shares /var/ipfire/samba/shares
        cp -vfp /var/ipfire/samba/default.printer /var/ipfire/samba/printer
        cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
+       -mkdir -p /var/log/samba
        #useradd -c 'Samba User' -s /bin/false
        #groupadd sambauser
        #groupadd sambawks

diff --git a/src/initscripts/init.d/net/red/pppoe b/src/initscripts/init.d/net/red/pppoe
index 650977521fa0a976daf8e410c22ad4e711c4ed2c..912adddd2c448daff2e934365a8ebc024f9513a1 100644 (file)
--- a/src/initscripts/init.d/net/red/pppoe
+++ b/src/initscripts/init.d/net/red/pppoe
@@ -23,7 +23,7 @@ case "${2}" in
                
                if [ "${METHOD}" != "PPPOE_PLUGIN" ]; then
                        PPPCOMMAND="/usr/sbin/pppd pty"
-                       PPPOECOMMAND="/usr/sbin/pppoe -p /var/run/pppoe.pid -I ${1} -T 80 -U -m 1412"
+                       PPPOECOMMAND="/usr/sbin/pppoe -p /var/run/pppoe.pid -I ${1} -T 80 -U -m ${${MTU}-80}"
                        if [ -n ${SERVICENAME} ]; then
                                PPPOECOMMAND+=" -S ${SERVICENAME}"
                        fi

diff --git a/src/initscripts/init.d/samba b/src/initscripts/init.d/samba
index 32067ab83954bb3e073e467798f55cd9b47de609..5db06586908fc5417ffcce9190da3c66ce83e37d 100644 (file)
--- a/src/initscripts/init.d/samba
+++ b/src/initscripts/init.d/samba
@@ -37,7 +37,7 @@ case "$1" in
 
        restart)
                $0 stop
-               sleep 1
+               sleep 3
                $0 start
                ;;
 

diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c
index 7405848b1c852a47cefc81edafb6bbd0ffb5a829..315a8c2f9063a710b2e14f91c095ed03a121dcaf 100644 (file)
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -52,12 +52,24 @@ int main(int argc, char *argv[])
             return 0;
         }
 
+        if (strcmp(argv[1], "smbsafeconfcups")==0)
+        {
+            safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbsafeconfpdc")==0)
         {
             safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
             return 0;
         }
 
+        if (strcmp(argv[1], "smbsafeconfpdccups")==0)
+        {
+            safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbglobalreset")==0)
         {
             safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
@@ -74,31 +86,34 @@ int main(int argc, char *argv[])
             return 0;
         }
 
+        if (strcmp(argv[1], "smbprinterreset")==0)
+        {
+            safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf");
+            safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer");
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbstop")==0)
         {
             safe_system("/etc/rc.d/init.d/samba stop");
-            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbstart")==0)
         {
             safe_system("/etc/rc.d/init.d/samba start");
-            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbrestart")==0)
         {
             safe_system("/etc/rc.d/init.d/samba restart");
-            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbreload")==0)
         {
             safe_system("/etc/rc.d/init.d/samba reload");
-            printf(command);
             return 0;
         }
 
@@ -155,12 +170,5 @@ int main(int argc, char *argv[])
             safe_system("/bin/chmod 600 /var/ipfire/samba/private");
             return 0;
         }
-
-        if (strcmp(argv[1], "smbechotest")==0)
-        {
-            sprintf(command, BUFFER_SIZE-1, "/usr/bin/printf %s %s", argv[2], argv[3]);
-            printf(command);
-            safe_system(command);
-            return 0;
-        }
-}
+return 0;
+}
\ No newline at end of file

diff --git a/src/misc-progs/tripwirectrl.c b/src/misc-progs/tripwirectrl.c
index ab06a4a54ecbaf8518a0c1239622588fd0f0248a..7ab3da70555b517c81e48f87e8c491cdd08e0c4b 100644 (file)
--- a/src/misc-progs/tripwirectrl.c
+++ b/src/misc-progs/tripwirectrl.c
@@ -13,95 +13,88 @@ char command[BUFFER_SIZE];
 int main(int argc, char *argv[])
 {
 
-        if (!(initsetuid()))
-                exit(1);
+if (!(initsetuid()))
+ exit(1);
 
-        // Check what command is asked
-        if (argc==1)
-        {
-            fprintf (stderr, "Missing tripwirectrl command!\n");
-            return 1;
-        }
+// Check what command is asked
+if (argc==1)
+{
+fprintf (stderr, "Missing tripwirectrl command!\n");
+return 1;
+}
 
-        if (strcmp(argv[1], "tripwirelog")==0)
-        {
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "tripwirelog")==0)
+{
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "generatereport")==0)
-        {
-            safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol  >/dev/null 2>&1");
-            return 0;
-        }
+if (strcmp(argv[1], "generatereport")==0)
+{
+safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol  >/dev/null 2>&1");
+return 0;
+}
 
-        if (strcmp(argv[1], "deletereport")==0)
-        {
-                       sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "deletereport")==0)
+{
+sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "updatedatabase")==0)
-        {
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s  >/dev/null 2>&1", argv[2], argv[3]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "updatedatabase")==0)
+{
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s  >/dev/null 2>&1", argv[2], argv[3]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "keys")==0)
-        {
-            printf("Generating Site Key<br />");
-            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key  >/dev/null 2>&1", argv[2]);
-            safe_system(command);
-            printf("Generating Local Key<br />");
-            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key  >/dev/null 2>&1", argv[3]);
-            safe_system(command);
-            printf("Generating Config File<br />");
-            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg  >/dev/null 2>&1", argv[2]);
-            safe_system(command);
-            printf("Generating Policy File<br />");
-            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol  >/dev/null 2>&1", argv[2]);
-            safe_system(command);
-            printf("Initialising - This may take a while depending on your Policy<br />");
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s  >/dev/null 2>&1", argv[3]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "keys")==0)
+{
+snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s >/dev/null 2>&1 && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
+safe_system(command);
+snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s >/dev/null 2>&1 && chmod 640 /var/ipfire/tripwire/local.key", argv[3]);
+safe_system(command);
+snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt >/dev/null 2>&1 && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
+safe_system(command);
+snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt >/dev/null 2>&1 && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
+safe_system(command);
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s  >/dev/null 2>&1", argv[3]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "generatepolicy")==0)
-        {
-            printf("Generating Policy File<br />");
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt  >/dev/null 2>&1", argv[2]);
-            safe_system(command);
-            printf("Initialising - This may take a while depending on your Policy<br />");
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s  >/dev/null 2>&1", argv[3]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "generatepolicy")==0)
+{
+printf("Generating Policy File<br />");
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt  >/dev/null 2>&1", argv[2]);
+safe_system(command);
+printf("Initialising - This may take a while depending on your Policy<br />");
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s  >/dev/null 2>&1", argv[3]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "resetpolicy")==0)
-        {
-            printf("Generating Policy File<br />");
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default  >/dev/null 2>&1", argv[2]);
-            safe_system(command);
-            printf("Initialising - This may take a while depending on your Policy");
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s  >/dev/null 2>&1", argv[3]);
-            safe_system(command);
-            return 0;
-        }
+if (strcmp(argv[1], "resetpolicy")==0)
+{
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default  >/dev/null 2>&1", argv[2]);
+safe_system(command);
+snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s  >/dev/null 2>&1", argv[3]);
+safe_system(command);
+return 0;
+}
 
-        if (strcmp(argv[1], "readconfig")==0)
-        {
-            safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
-            return 0;
-        }
+if (strcmp(argv[1], "readconfig")==0)
+{
+safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
+return 0;
+}
 
-        if (strcmp(argv[1], "lockconfig")==0)
-        {
-            safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
-            return 0;
-        }
+if (strcmp(argv[1], "lockconfig")==0)
+{
+safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
 return 0;
 }
+return 0;
+}
\ No newline at end of file