- $subipfire->{'10.pakfire'} = {'caption' => 'Pakfire',
- 'uri' => '/cgi-bin/pakfire.cgi',
- 'title' => "Pakfire",
- 'enabled' => 1,
- };
- $subipfire->{'20.asterisk'} = {'caption' => 'Asterisk',
- 'uri' => '/cgi-bin/asterisk.cgi',
- 'title' => "Asterisk",
- 'enabled' => 1,
- };
- $subipfire->{'30.samba'} = {'caption' => 'Samba',
- 'uri' => '/cgi-bin/samba.cgi',
- 'title' => "Samba",
- 'enabled' => 1,
- };
- $subipfire->{'99.help'} = {'caption' => $Lang::tr{'help'},
- 'uri' => '/cgi-bin/help.cgi',
- 'title' => "$Lang::tr{'help'}",
- 'enabled' => 1,
- };
+ $subipfire->{'10.pakfire'} = {'caption' => 'Pakfire',\r
+ 'uri' => '/cgi-bin/pakfire.cgi',\r
+ 'title' => "Pakfire",\r
+ 'enabled' => 1,\r
+ };\r
+ $subipfire->{'20.asterisk'} = {'caption' => 'Asterisk',\r
+ 'uri' => '/cgi-bin/asterisk.cgi',\r
+ 'title' => "Asterisk",\r
+ 'enabled' => 1,\r
+ };\r
+ $subipfire->{'30.samba'} = {'caption' => 'Samba',\r
+ 'uri' => '/cgi-bin/samba.cgi',\r
+ 'title' => "Samba",\r
+ 'enabled' => 1,\r
+ };\r
+ $subipfire->{'40.tripwire'} = {'caption' => 'Tripwire',\r
+ 'uri' => '/cgi-bin/tripwire.cgi',\r
+ 'title' => "Tripwire",\r
+ 'enabled' => 1,\r
+ };\r
+ $subipfire->{'99.help'} = {'caption' => $Lang::tr{'help'},\r
+ 'uri' => '/cgi-bin/help.cgi',\r
+ 'title' => "$Lang::tr{'help'}",\r
+ 'enabled' => 1,\r
+ };\r
-[homes]
-path = /home/%u
-comment = Benutzer-Verzeichnisse
-browseable = yes
-writeable = yes
-valid users = %S
-
-[netlogon]
-path = /var/samba/netlogon
-browseable = no
-writeable = no
-comment = NetLogON
-
-[profiles]
-path = /var/samba/profiles
-browseable = no
-writeable = yes
-comment = Benutzerprofile
-valid users = %S
-
+[homes]\r
+path = /home/%u\r
+comment = Benutzer-Verzeichnisse\r
+browseable = yes\r
+writeable = yes\r
+valid users = %S\r
+\r
+[netlogon]\r
+path = /var/ipfire/samba/netlogon\r
+browseable = no\r
+writeable = no\r
+comment = NetLogON\r
+\r
+[profiles]\r
+path = /var/ipfire/samba/profiles\r
+browseable = no\r
+writeable = yes\r
+comment = Benutzerprofile\r
+valid users = %S\r
+\r
-[Temp]
-path = /tmp
-comment = Temp
-browseable = yes
-writeable = yes
-create mask = 0777
-directory mask = 0777
-guest ok = yes
-force user = samba
-
-[P2P]
-path = /var/samba/p2p
-comment = P2P
-browseable = yes
-writeable = yes
-create mask = 0777
-directory mask = 0777
-guest ok = yes
-force user = samba
+[Temp]\r
+path = /tmp\r
+comment = Temp\r
+browseable = yes\r
+writeable = yes\r
+create mask = 0777\r
+directory mask = 0777\r
+guest ok = yes\r
+force user = samba\r
+\r
+[P2P]\r
+path = /var/ipfire/samba/p2p\r
+comment = P2P\r
+browseable = yes\r
+writeable = yes\r
+create mask = 0777\r
+directory mask = 0777\r
+guest ok = yes\r
+force user = samba\r
--- /dev/null
+ROOT =/usr/sbin
+POLFILE =/var/ipfire/tripwire/tw.pol
+DBFILE =/var/ipfire/tripwire/$(HOSTNAME).twd
+REPORTFILE =/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr
+SITEKEYFILE =/var/ipfire/tripwire/site.key
+LOCALKEYFILE =/var/ipfire/tripwire/$(HOSTNAME)-local.key
+EDITOR =/usr/bin/vi
+LATEPROMPTING =false
+LOOSEDIRECTORYCHECKING =false
+MAILNOVIOLATIONS =false
+EMAILREPORTLEVEL =3
+REPORTLEVEL =3
+#MAILMETHOD =SENDMAIL
+#MAILMETHOD =SMTP
+#SMTPHOST =phoenix.e-vector.com
+#SMTPPORT =25
+SYSLOGREPORTING =false
+#MAILPROGRAM =/usr/sbin/sendmail -oi -t
--- /dev/null
+ ##############################################################################
+ # ##
+############################################################################## #
+# # #
+# Policy file for Red Hat Linux # #
+# V1.2.0rh # #
+# August 9, 2001 # #
+# ##
+##############################################################################
+
+
+ ##############################################################################
+ # ##
+############################################################################## #
+# # #
+# This is the example Tripwire Policy file. It is intended as a place to # #
+# start creating your own custom Tripwire Policy file. Referring to it as # #
+# well as the Tripwire Policy Guide should give you enough information to # #
+# make a good custom Tripwire Policy file that better covers your # #
+# configuration and security needs. A text version of this policy file is # #
+# called twpol.txt. # #
+# # #
+# Note that this file is tuned to an 'everything' install of Red Hat Linux. # #
+# If run unmodified, this file should create no errors on database # #
+# creation, or violations on a subsiquent integrity check. However, it is # #
+# impossible for there to be one policy file for all machines, so this # #
+# existing one errs on the side of security. Your Linux configuration will # #
+# most likey differ from the one our policy file was tuned to, and will # #
+# therefore require some editing of the default Tripwire Policy file. # #
+# # #
+# The example policy file is best run with 'Loose Directory Checking' # #
+# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration # #
+# file. # #
+# # #
+# Email support is not included and must be added to this file. # #
+# Add the 'emailto=' to the rule directive section of each rule (add a comma # #
+# after the 'severity=' line and add an 'emailto=' and include the email # #
+# addresses you want the violation reports to go to). Addresses are # #
+# semi-colon delimited. # #
+# ##
+##############################################################################
+
+
+
+ ##############################################################################
+ # ##
+############################################################################## #
+# # #
+# Global Variable Definitions # #
+# # #
+# These are defined at install time by the installation script. You may # #
+# Manually edit these if you are using this file directly and not from the # #
+# installation script itself. # #
+# ##
+##############################################################################
+
+@@section GLOBAL
+TWROOT=/usr/sbin;
+TWBIN=/usr/sbin;
+TWPOL="/var/ipfire/tripwire";
+TWDB="/var/ipfire/tripwire";
+TWSKEY="/var/ipfire/tripwire";
+TWLKEY="/var/ipfire/tripwire";
+TWREPORT="/var/ipfire/tripwire/report";
+HOSTNAME=ipfire-test.homeip.net;
+
+@@section FS
+SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
+SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
+SEC_BIN = $(ReadOnly) ; # Binaries that should not change
+SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
+SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
+SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
+SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
+SIG_MED = 66 ; # Non-critical files that are of significant security impact
+SIG_HI = 100 ; # Critical files that are significant points of vulnerability
+
+
+# Tripwire Binaries
+(
+ rulename = "Tripwire Binaries",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ $(TWBIN)/siggen -> $(SEC_BIN) ;
+ $(TWBIN)/tripwire -> $(SEC_BIN) ;
+ $(TWBIN)/twadmin -> $(SEC_BIN) ;
+ $(TWBIN)/twprint -> $(SEC_BIN) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+ rulename = "Tripwire Data Files",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+ # it does so by renaming the old file and creating a new one (which will
+ # have a new inode number). Inode is left turned on for keys, which shouldn't
+ # ever change.
+
+ # NOTE: The first integrity check triggers this rule and each integrity check
+ # afterward triggers this rule until a database update is run, since the
+ # database file does not exist before that point.
+
+ $(TWDB) -> $(SEC_CONFIG) -i ;
+ $(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
+ $(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
+ $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
+ $(TWSKEY)/site.key -> $(SEC_BIN) ;
+
+ #don't scan the individual reports
+ $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
+}
+
+
+# Tripwire HQ Connector Binaries
+#(
+# rulename = "Tripwire HQ Connector Binaries",
+# emailto = <email addr>,
+# severity = $(SIG_HI)
+#)
+#{
+# $(TWBIN)/hqagent -> $(SEC_BIN) ;
+#}
+#
+# Tripwire HQ Connector - Configuration Files, Keys, and Logs
+
+ ##############################################################################
+ # ##
+############################################################################## #
+# # #
+# Note: File locations here are different than in a stock HQ Connector # #
+# installation. This is because Tripwire 2.3 uses a different path # #
+# structure than Tripwire 2.2.1. # #
+# # #
+# You may need to update your HQ Agent configuation file (or this policy # #
+# file) to correct the paths. We have attempted to support the FHS standard # #
+# here by placing the HQ Agent files similarly to the way Tripwire 2.3 # #
+# places them. # #
+# ##
+##############################################################################
+
+#(
+# rulename = "Tripwire HQ Connector Data Files",
+# emailto = <email addr>,
+# severity = $(SIG_HI)
+#)
+#{
+# #############################################################################
+# ##############################################################################
+# # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
+# # it does so by renaming the old file and creating a new one (which will ##
+# # have a new inode number). Leaving inode turned on for keys, which ##
+# # shouldn't ever change. ##
+# #############################################################################
+#
+# $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
+# $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
+# $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
+# $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
+#
+# # Uncomment if you have agent logging enabled.
+# #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
+#}
+
+
+
+# Commonly accessed directories that should remain static with regards to owner and group
+(
+ rulename = "Invariant Directories",
+# emailto = <email addr>,
+ severity = $(SIG_MED)
+)
+{
+ / -> $(SEC_INVARIANT) (recurse = 0) ;
+ /home -> $(SEC_INVARIANT) (recurse = 0) ;
+ /etc -> $(SEC_INVARIANT) (recurse = 0) ;
+}
+ ################################################
+ # ##
+################################################ #
+# # #
+# File System and Disk Administration Programs # #
+# ##
+################################################
+
+(
+ rulename = "File System and Disk Administraton Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/accton -> $(SEC_CRIT) ;
+ /sbin/badblocks -> $(SEC_CRIT) ;
+# /sbin/busybox -> $(SEC_CRIT) ;
+# /sbin/busybox.anaconda -> $(SEC_CRIT) ;
+# /sbin/convertquota -> $(SEC_CRIT) ;
+# /sbin/dosfsck -> $(SEC_CRIT) ;
+ /sbin/debugfs -> $(SEC_CRIT) ;
+# /sbin/debugreiserfs -> $(SEC_CRIT) ;
+ /sbin/dumpe2fs -> $(SEC_CRIT) ;
+# /sbin/dump -> $(SEC_CRIT) ;
+# /sbin/dump.static -> $(SEC_CRIT) ;
+ # /sbin/e2fsadm -> $(SEC_CRIT) ; tune2fs?
+ /sbin/e2fsck -> $(SEC_CRIT) ;
+ /sbin/e2label -> $(SEC_CRIT) ;
+ /sbin/fdisk -> $(SEC_CRIT) ;
+ /sbin/fsck -> $(SEC_CRIT) ;
+ /sbin/fsck.ext2 -> $(SEC_CRIT) ;
+ /sbin/fsck.ext3 -> $(SEC_CRIT) ;
+# /sbin/fsck.minix -> $(SEC_CRIT) ;
+# /sbin/fsck.msdos -> $(SEC_CRIT) ;
+# /sbin/fsck.vfat -> $(SEC_CRIT) ;
+# /sbin/ftl_check -> $(SEC_CRIT) ;
+# /sbin/ftl_format -> $(SEC_CRIT) ;
+ /sbin/hdparm -> $(SEC_CRIT) ;
+ #/sbin/lvchange -> $(SEC_CRIT) ;
+ #/sbin/lvcreate -> $(SEC_CRIT) ;
+ #/sbin/lvdisplay -> $(SEC_CRIT) ;
+ #/sbin/lvextend -> $(SEC_CRIT) ;
+ #/sbin/lvmchange -> $(SEC_CRIT) ;
+ #/sbin/lvmcreate_initrd -> $(SEC_CRIT) ;
+ #/sbin/lvmdiskscan -> $(SEC_CRIT) ;
+ #/sbin/lvmsadc -> $(SEC_CRIT) ;
+ #/sbin/lvmsar -> $(SEC_CRIT) ;
+ #/sbin/lvreduce -> $(SEC_CRIT) ;
+ #/sbin/lvremove -> $(SEC_CRIT) ;
+ #/sbin/lvrename -> $(SEC_CRIT) ;
+ #/sbin/lvscan -> $(SEC_CRIT) ;
+# /sbin/mkbootdisk -> $(SEC_CRIT) ;
+# /sbin/mkdosfs -> $(SEC_CRIT) ;
+ /sbin/mke2fs -> $(SEC_CRIT) ;
+ /sbin/mkfs -> $(SEC_CRIT) ;
+# /sbin/mkfs.bfs -> $(SEC_CRIT) ;
+ /sbin/mkfs.ext2 -> $(SEC_CRIT) ;
+# /sbin/mkfs.minix -> $(SEC_CRIT) ;
+# /sbin/mkfs.msdos -> $(SEC_CRIT) ;
+# /sbin/mkfs.vfat -> $(SEC_CRIT) ;
+ /sbin/mkinitrd -> $(SEC_CRIT) ;
+ #/sbin/mkpv -> $(SEC_CRIT) ;
+# /sbin/mkraid -> $(SEC_CRIT) ;
+# /sbin/mkreiserfs -> $(SEC_CRIT) ;
+ /sbin/mkswap -> $(SEC_CRIT) ;
+ #/sbin/mtx -> $(SEC_CRIT) ;
+# /sbin/pam_console_apply -> $(SEC_CRIT) ;
+# /sbin/parted -> $(SEC_CRIT) ;
+# /sbin/pcinitrd -> $(SEC_CRIT) ;
+ #/sbin/pvchange -> $(SEC_CRIT) ;
+ #/sbin/pvcreate -> $(SEC_CRIT) ;
+ #/sbin/pvdata -> $(SEC_CRIT) ;
+ #/sbin/pvdisplay -> $(SEC_CRIT) ;
+ #/sbin/pvmove -> $(SEC_CRIT) ;
+ #/sbin/pvscan -> $(SEC_CRIT) ;
+# /sbin/quotacheck -> $(SEC_CRIT) ;
+# /sbin/quotaon -> $(SEC_CRIT) ;
+# /sbin/raidstart -> $(SEC_CRIT) ;
+# /sbin/reiserfsck -> $(SEC_CRIT) ;
+# /sbin/resize2fs -> $(SEC_CRIT) ;
+# /sbin/resize_reiserfs -> $(SEC_CRIT) ;
+# /sbin/restore -> $(SEC_CRIT) ;
+# /sbin/restore.static -> $(SEC_CRIT) ;
+# /sbin/scsi_info -> $(SEC_CRIT) ;
+ /sbin/sfdisk -> $(SEC_CRIT) ;
+# /sbin/stinit -> $(SEC_CRIT) ;
+ #/sbin/tapeinfo -> $(SEC_CRIT) ;
+ /sbin/tune2fs -> $(SEC_CRIT) ;
+# /sbin/unpack -> $(SEC_CRIT) ;
+# /sbin/update -> $(SEC_CRIT) ;
+ #/sbin/vgcfgbackup -> $(SEC_CRIT) ;
+ #/sbin/vgcfgrestore -> $(SEC_CRIT) ;
+ #/sbin/vgchange -> $(SEC_CRIT) ;
+ #/sbin/vgck -> $(SEC_CRIT) ;
+ #/sbin/vgcreate -> $(SEC_CRIT) ;
+ #/sbin/vgdisplay -> $(SEC_CRIT) ;
+ #/sbin/vgexport -> $(SEC_CRIT) ;
+ #/sbin/vgextend -> $(SEC_CRIT) ;
+ #/sbin/vgimport -> $(SEC_CRIT) ;
+ #/sbin/vgmerge -> $(SEC_CRIT) ;
+ #/sbin/vgmknodes -> $(SEC_CRIT) ;
+ #/sbin/vgreduce -> $(SEC_CRIT) ;
+ #/sbin/vgremove -> $(SEC_CRIT) ;
+ #/sbin/vgrename -> $(SEC_CRIT) ;
+ #/sbin/vgscan -> $(SEC_CRIT) ;
+ #/sbin/vgsplit -> $(SEC_CRIT) ;
+ /bin/chgrp -> $(SEC_CRIT) ;
+ /bin/chmod -> $(SEC_CRIT) ;
+ /bin/chown -> $(SEC_CRIT) ;
+ /bin/cp -> $(SEC_CRIT) ;
+# /bin/cpio -> $(SEC_CRIT) ;
+ /bin/mount -> $(SEC_CRIT) ;
+ /bin/umount -> $(SEC_CRIT) ;
+ /bin/mkdir -> $(SEC_CRIT) ;
+ /bin/mknod -> $(SEC_CRIT) ;
+# /bin/mktemp -> $(SEC_CRIT) ;
+ /bin/rm -> $(SEC_CRIT) ;
+ /bin/rmdir -> $(SEC_CRIT) ;
+# /bin/touch -> $(SEC_CRIT) ;
+}
+
+ ##################################
+ # ##
+################################## #
+# # #
+# Kernel Administration Programs # #
+# ##
+##################################
+
+(
+ rulename = "Kernel Administration Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/adjtimex -> $(SEC_CRIT) ;
+ /sbin/ctrlaltdel -> $(SEC_CRIT) ;
+ /sbin/depmod -> $(SEC_CRIT) ;
+# /sbin/insmod -> $(SEC_CRIT) ;
+ /sbin/insmod.static -> $(SEC_CRIT) ;
+# /sbin/insmod_ksymoops_clean -> $(SEC_CRIT) ;
+# /sbin/klogd -> $(SEC_CRIT) ;
+ /sbin/ldconfig -> $(SEC_CRIT) ;
+# /sbin/minilogd -> $(SEC_CRIT) ;
+ /sbin/modinfo -> $(SEC_CRIT) ;
+ #/sbin/nuactlun -> $(SEC_CRIT) ;
+ #/sbin/nuscsitcpd -> $(SEC_CRIT) ;
+ /sbin/pivot_root -> $(SEC_CRIT) ;
+# /sbin/sndconfig -> $(SEC_CRIT) ;
+ /sbin/sysctl -> $(SEC_CRIT) ;
+}
+
+ #######################
+ # ##
+####################### #
+# # #
+# Networking Programs # #
+# ##
+#######################
+
+(
+ rulename = "Networking Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /etc/sysconfig/network-scripts/ifdown -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-cipcb -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-ippp -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-ipv6 -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-isdn -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-post -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-ppp -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-sit -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifdown-sl -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-aliases -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-cipcb -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-ippp -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-ipv6 -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-isdn -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-plip -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-plusb -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-post -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-ppp -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-routes -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-sit -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-sl -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/ifup-wireless -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/network-functions -> $(SEC_CRIT) ;
+# /etc/sysconfig/network-scripts/network-functions-ipv6 -> $(SEC_CRIT) ;
+ /bin/ping -> $(SEC_CRIT) ;
+ /sbin/agetty -> $(SEC_CRIT) ;
+ /sbin/arp -> $(SEC_CRIT) ;
+# /sbin/arping -> $(SEC_CRIT) ;
+ /sbin/dhcpcd -> $(SEC_CRIT) ;
+# /sbin/ether-wake -> $(SEC_CRIT) ;
+ #/sbin/getty -> $(SEC_CRIT) ;
+# /sbin/ifcfg -> $(SEC_CRIT) ;
+ /sbin/ifconfig -> $(SEC_CRIT) ;
+# /sbin/ifdown -> $(SEC_CRIT) ;
+# /sbin/ifenslave -> $(SEC_CRIT) ;
+# /sbin/ifport -> $(SEC_CRIT) ;
+# /sbin/ifup -> $(SEC_CRIT) ;
+# /sbin/ifuser -> $(SEC_CRIT) ;
+ /sbin/ip -> $(SEC_CRIT) ;
+# /sbin/ip6tables -> $(SEC_CRIT) ;
+# /sbin/ipchains -> $(SEC_CRIT) ;
+# /sbin/ipchains-restore -> $(SEC_CRIT) ;
+# /sbin/ipchains-save -> $(SEC_CRIT) ;
+# /sbin/ipfwadm -> $(SEC_CRIT) ;
+ /sbin/ipmaddr -> $(SEC_CRIT) ;
+ /sbin/iptables -> $(SEC_CRIT) ;
+# /sbin/iptables-restore -> $(SEC_CRIT) ;
+# /sbin/iptables-save -> $(SEC_CRIT) ;
+# /sbin/iptunnel -> $(SEC_CRIT) ;
+# /sbin/ipvsadm -> $(SEC_CRIT) ;
+# /sbin/ipvsadm-restore -> $(SEC_CRIT) ;
+# /sbin/ipvsadm-save -> $(SEC_CRIT) ;
+# /sbin/ipx_configure -> $(SEC_CRIT) ;
+# /sbin/ipx_interface -> $(SEC_CRIT) ;
+# /sbin/ipx_internal_net -> $(SEC_CRIT) ;
+# /sbin/iwconfig -> $(SEC_CRIT) ;
+# /sbin/iwgetid -> $(SEC_CRIT) ;
+# /sbin/iwlist -> $(SEC_CRIT) ;
+# /sbin/iwpriv -> $(SEC_CRIT) ;
+# /sbin/iwspy -> $(SEC_CRIT) ;
+# /sbin/mgetty -> $(SEC_CRIT) ;
+# /sbin/mingetty -> $(SEC_CRIT) ;
+ /sbin/nameif -> $(SEC_CRIT) ;
+# /sbin/netreport -> $(SEC_CRIT) ;
+ /sbin/plipconfig -> $(SEC_CRIT) ;
+# /sbin/portmap -> $(SEC_CRIT) ;
+# /sbin/ppp-watch -> $(SEC_CRIT) ;
+ #/sbin/rarp -> $(SEC_CRIT) ;
+ /sbin/route -> $(SEC_CRIT) ;
+ /sbin/slattach -> $(SEC_CRIT) ;
+ /sbin/tc -> $(SEC_CRIT) ;
+ #/sbin/uugetty -> $(SEC_CRIT) ;
+# /sbin/vgetty -> $(SEC_CRIT) ;
+# /sbin/ypbind -> $(SEC_CRIT) ;
+}
+
+ ##################################
+ # ##
+################################## #
+# # #
+# System Administration Programs # #
+# ##
+##################################
+
+(
+ rulename = "System Administration Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/chkconfig -> $(SEC_CRIT) ;
+# /sbin/fuser -> $(SEC_CRIT) ;
+ /sbin/halt -> $(SEC_CRIT) ;
+ /sbin/init -> $(SEC_CRIT) ;
+# /sbin/initlog -> $(SEC_CRIT) ;
+# /sbin/install-info -> $(SEC_CRIT) ;
+ /sbin/killall5 -> $(SEC_CRIT) ;
+ #/sbin/linuxconf -> $(SEC_CRIT) ;
+ #/sbin/linuxconf-auth -> $(SEC_CRIT) ;
+ /sbin/pam_tally -> $(SEC_CRIT) ;
+# /sbin/pwdb_chkpwd -> $(SEC_CRIT) ;
+ #/sbin/remadmin -> $(SEC_CRIT) ;
+# /sbin/rescuept -> $(SEC_CRIT) ;
+# /sbin/rmt -> $(SEC_CRIT) ;
+# /sbin/rpc.lockd -> $(SEC_CRIT) ;
+# /sbin/rpc.statd -> $(SEC_CRIT) ;
+# /sbin/rpcdebug -> $(SEC_CRIT) ;
+# /sbin/service -> $(SEC_CRIT) ;
+# /sbin/setsysfont -> $(SEC_CRIT) ;
+ /sbin/shutdown -> $(SEC_CRIT) ;
+ /sbin/sulogin -> $(SEC_CRIT) ;
+ /sbin/swapon -> $(SEC_CRIT) ;
+# /sbin/syslogd -> $(SEC_CRIT) ;
+# /sbin/unix_chkpwd -> $(SEC_CRIT) ;
+ /bin/pwd -> $(SEC_CRIT) ;
+ /bin/uname -> $(SEC_CRIT) ;
+}
+
+ ########################################
+ # ##
+######################################## #
+# # #
+# Hardware and Device Control Programs # #
+# ##
+########################################
+(
+ rulename = "Hardware and Device Control Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /bin/setserial -> $(SEC_CRIT) ;
+# /bin/sfxload -> $(SEC_CRIT) ;
+ /sbin/blockdev -> $(SEC_CRIT) ;
+# /sbin/cardctl -> $(SEC_CRIT) ;
+# /sbin/cardmgr -> $(SEC_CRIT) ;
+# /sbin/cbq -> $(SEC_CRIT) ;
+# /sbin/dump_cis -> $(SEC_CRIT) ;
+ /sbin/elvtune -> $(SEC_CRIT) ;
+# /sbin/hotplug -> $(SEC_CRIT) ;
+ /sbin/hwclock -> $(SEC_CRIT) ;
+# /sbin/ide_info -> $(SEC_CRIT) ;
+ #/sbin/isapnp -> $(SEC_CRIT) ;
+ #/sbin/kbdrate -> $(SEC_CRIT) ;
+ /sbin/losetup -> $(SEC_CRIT) ;
+# /sbin/lspci -> $(SEC_CRIT) ;
+# /sbin/lspnp -> $(SEC_CRIT) ;
+ /sbin/mii-tool -> $(SEC_CRIT) ;
+# /sbin/pack_cis -> $(SEC_CRIT) ;
+ #/sbin/pnpdump -> $(SEC_CRIT) ;
+# /sbin/probe -> $(SEC_CRIT) ;
+ #/sbin/pump -> $(SEC_CRIT) ;
+# /sbin/setpci -> $(SEC_CRIT) ;
+# /sbin/shapecfg -> $(SEC_CRIT) ;
+}
+
+ ###############################
+ # ##
+############################### #
+# # #
+# System Information Programs # #
+# ##
+###############################
+(
+ rulename = "System Information Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/consoletype -> $(SEC_CRIT) ;
+# /sbin/kernelversion -> $(SEC_CRIT) ;
+ /sbin/runlevel -> $(SEC_CRIT) ;
+}
+
+ ####################################
+ # ##
+#################################### #
+# # #
+# Application Information Programs # #
+# ##
+####################################
+
+(
+ rulename = "Application Information Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/genksyms -> $(SEC_CRIT) ;
+ #/sbin/genksyms.old -> $(SEC_CRIT) ;
+ /sbin/rtmon -> $(SEC_CRIT) ;
+}
+
+ ##########################
+ # ##
+########################## #
+# # #
+# Shell Related Programs # #
+# ##
+##########################
+(
+ rulename = "Shell Related Programs",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+# /sbin/getkey -> $(SEC_CRIT) ;
+ /sbin/nash -> $(SEC_CRIT) ;
+# /sbin/sash -> $(SEC_CRIT) ;
+}
+
+
+ ################
+ # ##
+################ #
+# # #
+# OS Utilities # #
+# ##
+################
+(
+ rulename = "Operating System Utilities",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /bin/arch -> $(SEC_CRIT) ;
+# /bin/ash -> $(SEC_CRIT) ;
+# /bin/ash.static -> $(SEC_CRIT) ;
+# /bin/aumix-minimal -> $(SEC_CRIT) ;
+# /bin/basename -> $(SEC_CRIT) ;
+ /bin/cat -> $(SEC_CRIT) ;
+ #/bin/consolechars -> $(SEC_CRIT) ;
+# /bin/cut -> $(SEC_CRIT) ;
+ /bin/date -> $(SEC_CRIT) ;
+ /bin/dd -> $(SEC_CRIT) ;
+ /bin/df -> $(SEC_CRIT) ;
+ /bin/dmesg -> $(SEC_CRIT) ;
+# /bin/doexec -> $(SEC_CRIT) ;
+ /bin/echo -> $(SEC_CRIT) ;
+# /bin/ed -> $(SEC_CRIT) ;
+ /bin/egrep -> $(SEC_CRIT) ;
+ /bin/false -> $(SEC_CRIT) ;
+ /bin/fgrep -> $(SEC_CRIT) ;
+# /bin/gawk -> $(SEC_CRIT) ;
+# /bin/gawk-3.1.0 -> $(SEC_CRIT) ;
+# /bin/gettext -> $(SEC_CRIT) ;
+ /bin/grep -> $(SEC_CRIT) ;
+ /bin/gunzip -> $(SEC_CRIT) ;
+ /bin/gzip -> $(SEC_CRIT) ;
+ /bin/hostname -> $(SEC_CRIT) ;
+# /bin/igawk -> $(SEC_CRIT) ;
+# /bin/ipcalc -> $(SEC_CRIT) ;
+ /bin/kill -> $(SEC_CRIT) ;
+ /bin/ln -> $(SEC_CRIT) ;
+ /bin/loadkeys -> $(SEC_CRIT) ;
+ /bin/login -> $(SEC_CRIT) ;
+ /bin/ls -> $(SEC_CRIT) ;
+ /bin/mail -> $(SEC_CRIT) ;
+ /bin/more -> $(SEC_CRIT) ;
+# /bin/mt -> $(SEC_CRIT) ;
+ /bin/mv -> $(SEC_CRIT) ;
+ /bin/netstat -> $(SEC_CRIT) ;
+ /bin/nice -> $(SEC_CRIT) ;
+# /bin/pgawk -> $(SEC_CRIT) ;
+ /bin/ps -> $(SEC_CRIT) ;
+# /bin/rpm -> $(SEC_CRIT) ;
+ /bin/sed -> $(SEC_CRIT) ;
+ /bin/sleep -> $(SEC_CRIT) ;
+# /bin/sort -> $(SEC_CRIT) ;
+ /bin/stty -> $(SEC_CRIT) ;
+ /bin/su -> $(SEC_CRIT) ;
+ /bin/sync -> $(SEC_CRIT) ;
+ /bin/tar -> $(SEC_CRIT) ;
+ /bin/true -> $(SEC_CRIT) ;
+# /bin/usleep -> $(SEC_CRIT) ;
+# /bin/vi -> $(SEC_CRIT) ;
+ /bin/zcat -> $(SEC_CRIT) ;
+# /bin/zsh -> $(SEC_CRIT) ;
+# /bin/zsh-4.0.2 -> $(SEC_CRIT) ;
+# /sbin/sln -> $(SEC_CRIT) ;
+# /usr/bin/vimtutor -> $(SEC_CRIT) ;
+}
+
+ ##############################
+ # ##
+############################## #
+# # #
+# Critical Utility Sym-Links # #
+# ##
+##############################
+(
+ rulename = "Critical Utility Sym-Links",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ #/sbin/askrunlevel -> $(SEC_CRIT) ;
+# /sbin/clock -> $(SEC_CRIT) ;
+ #/sbin/fixperm -> $(SEC_CRIT) ;
+# /sbin/fsck.reiserfs -> $(SEC_CRIT) ;
+ #/sbin/fsconf -> $(SEC_CRIT) ;
+# /sbin/ipfwadm-wrapper -> $(SEC_CRIT) ;
+# /sbin/kallsyms -> $(SEC_CRIT) ;
+# /sbin/ksyms -> $(SEC_CRIT) ;
+# /sbin/lsmod -> $(SEC_CRIT) ;
+ #/sbin/mailconf -> $(SEC_CRIT) ;
+# /sbin/mkfs.reiserfs -> $(SEC_CRIT) ;
+ #/sbin/modemconf -> $(SEC_CRIT) ;
+ /sbin/modprobe -> $(SEC_CRIT) ;
+# /sbin/mount.ncp -> $(SEC_CRIT) ;
+# /sbin/mount.ncpfs -> $(SEC_CRIT) ;
+# /sbin/mount.smb -> $(SEC_CRIT) ;
+# /sbin/mount.smbfs -> $(SEC_CRIT) ;
+ #/sbin/netconf -> $(SEC_CRIT) ;
+# /sbin/pidof -> $(SEC_CRIT) ;
+ /sbin/poweroff -> $(SEC_CRIT) ;
+# /sbin/quotaoff -> $(SEC_CRIT) ;
+# /sbin/raid0run -> $(SEC_CRIT) ;
+# /sbin/raidhotadd -> $(SEC_CRIT) ;
+# /sbin/raidhotgenerateerror -> $(SEC_CRIT) ;
+# /sbin/raidhotremove -> $(SEC_CRIT) ;
+# /sbin/raidstop -> $(SEC_CRIT) ;
+# /sbin/rdump -> $(SEC_CRIT) ;
+# /sbin/rdump.static -> $(SEC_CRIT) ;
+ /sbin/reboot -> $(SEC_CRIT) ;
+ /sbin/rmmod -> $(SEC_CRIT) ;
+# /sbin/rrestore -> $(SEC_CRIT) ;
+# /sbin/rrestore.static -> $(SEC_CRIT) ;
+ /sbin/swapoff -> $(SEC_CRIT) ;
+ /sbin/telinit -> $(SEC_CRIT) ;
+ #/sbin/userconf -> $(SEC_CRIT) ;
+ #/sbin/uucpconf -> $(SEC_CRIT) ;
+ #/sbin/vregistry -> $(SEC_CRIT) ;
+# /bin/awk -> $(SEC_CRIT) ;
+# /bin/bash2 -> $(SEC_CRIT) ;
+# /bin/bsh -> $(SEC_CRIT) ;
+# /bin/csh -> $(SEC_CRIT) ;
+ /bin/dnsdomainname -> $(SEC_CRIT) ;
+ /bin/domainname -> $(SEC_CRIT) ;
+# /bin/ex -> $(SEC_CRIT) ;
+# /bin/gtar -> $(SEC_CRIT) ;
+ /bin/nisdomainname -> $(SEC_CRIT) ;
+# /bin/red -> $(SEC_CRIT) ;
+# /bin/rvi -> $(SEC_CRIT) ;
+# /bin/rview -> $(SEC_CRIT) ;
+# /bin/view -> $(SEC_CRIT) ;
+# /bin/ypdomainname -> $(SEC_CRIT) ;
+}
+
+
+ #########################
+ # ##
+######################### #
+# # #
+# Temporary directories # #
+# ##
+#########################
+(
+ rulename = "Temporary directories",
+# emailto = <email addr>,
+ recurse = false,
+ severity = $(SIG_LOW)
+)
+{
+ /var/tmp -> $(SEC_INVARIANT) ;
+ /tmp -> $(SEC_INVARIANT) ;
+}
+
+ ###############
+ # ##
+############### #
+# # #
+# Local files # #
+# ##
+###############
+(
+ rulename = "User binaries",
+# emailto = <email addr>,
+ severity = $(SIG_MED)
+)
+{
+ /sbin -> $(SEC_BIN) (recurse = 1) ;
+ /usr/bin -> $(SEC_BIN) (recurse = 1) ;
+ /usr/sbin -> $(SEC_BIN) (recurse = 1) ;
+ /usr/local/bin -> $(SEC_BIN) (recurse = 1) ;
+}
+
+(
+ rulename = "Shell Binaries",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /bin/bash -> $(SEC_BIN) ;
+ /bin/sh -> $(SEC_BIN) ;
+# /sbin/nologin -> $(SEC_BIN) ;
+}
+
+(
+ rulename = "Security Control",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /etc/group -> $(SEC_CRIT) ;
+ /etc/security -> $(SEC_CRIT) ;
+ #/var/spool/cron/crontabs -> $(SEC_CRIT) ; # Uncomment when this file exists
+}
+
+#(
+# rulename = "Boot Scripts",
+# emailto = <email addr>,
+# severity = $(SIG_HI)
+#)
+#{
+# /etc/rc -> $(SEC_CONFIG) ;
+# /etc/rc.bsdnet -> $(SEC_CONFIG) ;
+# /etc/rc.dt -> $(SEC_CONFIG) ;
+# /etc/rc.net -> $(SEC_CONFIG) ;
+# /etc/rc.net.serial -> $(SEC_CONFIG) ;
+# /etc/rc.nfs -> $(SEC_CONFIG) ;
+# /etc/rc.powerfail -> $(SEC_CONFIG) ;
+# /etc/rc.tcpip -> $(SEC_CONFIG) ;
+# /etc/trcfmt.Z -> $(SEC_CONFIG) ;
+#}
+
+(
+ rulename = "Login Scripts",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /etc/bashrc -> $(SEC_CONFIG) ;
+# /etc/csh.cshrc -> $(SEC_CONFIG) ;
+# /etc/csh.login -> $(SEC_CONFIG) ;
+ /etc/inputrc -> $(SEC_CONFIG) ;
+ # /etc/tsh_profile -> $(SEC_CONFIG) ; #Uncomment when this file exists
+ /etc/profile -> $(SEC_CONFIG) ;
+}
+
+# Libraries
+(
+ rulename = "Libraries",
+# emailto = <email addr>,
+ severity = $(SIG_MED)
+)
+{
+ /usr/lib -> $(SEC_BIN) ;
+ /usr/local/lib -> $(SEC_BIN) ;
+}
+
+
+ ######################################################
+ # ##
+###################################################### #
+# # #
+# Critical System Boot Files # #
+# These files are critical to a correct system boot. # #
+# ##
+######################################################
+
+(
+ rulename = "Critical system boot files",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /boot -> $(SEC_CRIT) ;
+ #/sbin/devfsd -> $(SEC_CRIT) ;
+# /sbin/grub -> $(SEC_CRIT) ;
+# /sbin/grub-install -> $(SEC_CRIT) ;
+# /sbin/grub-md5-crypt -> $(SEC_CRIT) ;
+# /sbin/installkernel -> $(SEC_CRIT) ;
+# /sbin/lilo -> $(SEC_CRIT) ;
+# /sbin/mkkerneldoth -> $(SEC_CRIT) ;
+ !/boot/System.map ;
+ !/boot/module-info ;
+ # other boot files may exist. Look for:
+ #/ufsboot -> $(SEC_CRIT) ;
+}
+ ##################################################
+ ###################################################
+ # These files change every time the system boots ##
+ ##################################################
+(
+ rulename = "System boot changes",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ !/var/run/ftp.pids-all ; # Comes and goes on reboot.
+ !/root/.enlightenment ;
+ /dev/log -> $(SEC_CONFIG) ;
+# /dev/cua0 -> $(SEC_CONFIG) ;
+ # /dev/printer -> $(SEC_CONFIG) ; # Uncomment if you have a printer device
+ /dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
+ /dev/tty1 -> $(SEC_CONFIG) ; # tty devices
+ /dev/tty2 -> $(SEC_CONFIG) ; # tty devices
+ /dev/tty3 -> $(SEC_CONFIG) ; # are extremely
+ /dev/tty4 -> $(SEC_CONFIG) ; # variable
+ /dev/tty5 -> $(SEC_CONFIG) ;
+ /dev/tty6 -> $(SEC_CONFIG) ;
+ /dev/urandom -> $(SEC_CONFIG) ;
+ /dev/initctl -> $(SEC_CONFIG) ;
+# /var/lock/subsys -> $(SEC_CONFIG) ;
+ /var/run -> $(SEC_CONFIG) ;
+ /var/log -> $(SEC_CONFIG) ;
+ ! /var/log/mrtg/red.log ;
+ ! /var/log/mrtg/red.old ;
+ ! /var/log/mrtg/green.log ;
+ ! /var/log/mrtg/green.old ;
+# /etc/ioctl.save -> $(SEC_CONFIG) ;
+# /etc/issue.net -> $(SEC_CONFIG) -i ; # Inode number changes
+ /etc/issue -> $(SEC_CONFIG) ;
+ /etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
+ /lib/modules -> $(SEC_CONFIG) ;
+ /etc/.pwd.lock -> $(SEC_CONFIG) ;
+ # /lib/modules/preferred -> $(SEC_CONFIG) ; #Uncomment when this file exists
+}
+
+# These files change the behavior of the root account
+(
+ rulename = "Root config files",
+# emailto = <email addr>,
+ severity = 100
+)
+{
+ /root -> $(SEC_CRIT) ; # Catch all additions to /root
+# /root/.Xresources -> $(SEC_CONFIG) ;
+# /root/.bashrc -> $(SEC_CONFIG) ;
+# /root/.bash_profile -> $(SEC_CONFIG) ;
+# /root/.bash_logout -> $(SEC_CONFIG) ;
+# /root/.cshrc -> $(SEC_CONFIG) ;
+# /root/.tcshrc -> $(SEC_CONFIG) ;
+ #/root/Mail -> $(SEC_CONFIG) ;
+ #/root/mail -> $(SEC_CONFIG) ;
+ #/root/.amandahosts -> $(SEC_CONFIG) ;
+ #/root/.addressbook.lu -> $(SEC_CONFIG) ;
+ #/root/.addressbook -> $(SEC_CONFIG) ;
+# /root/.bash_history -> $(SEC_CONFIG) ;
+ #/root/.elm -> $(SEC_CONFIG) ;
+# /root/.esd_auth -> $(SEC_CONFIG) ;
+# /root/.gnome_private -> $(SEC_CONFIG) ;
+# /root/.gnome-desktop -> $(SEC_CONFIG) ;
+# /root/.gnome -> $(SEC_CONFIG) ;
+# /root/.ICEauthority -> $(SEC_CONFIG) ;
+ #/root/.mc -> $(SEC_CONFIG) ;
+ #/root/.pinerc -> $(SEC_CONFIG) ;
+ #/root/.sawfish -> $(SEC_CONFIG) ;
+# /root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode number on login
+ #/root/.xauth -> $(SEC_CONFIG) ;
+ #/root/.xsession-errors -> $(SEC_CONFIG) ;
+}
+
+ ################################
+ # ##
+################################ #
+# # #
+# Critical configuration files # #
+# ##
+################################
+(
+ rulename = "Critical configuration files",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ #/etc/conf.linuxconf -> $(SEC_BIN) ;
+# /etc/crontab -> $(SEC_BIN) ;
+# /etc/cron.hourly -> $(SEC_BIN) ;
+# /etc/cron.daily -> $(SEC_BIN) ;
+# /etc/cron.weekly -> $(SEC_BIN) ;
+# /etc/cron.monthly -> $(SEC_BIN) ;
+ /etc/default -> $(SEC_BIN) ;
+ /etc/fstab -> $(SEC_BIN) ;
+# /etc/exports -> $(SEC_BIN) ;
+ /etc/group- -> $(SEC_BIN) ; # changes should be infrequent
+ /etc/host.conf -> $(SEC_BIN) ;
+ /etc/hosts.allow -> $(SEC_BIN) ;
+ /etc/hosts.deny -> $(SEC_BIN) ;
+ /etc/httpd/conf -> $(SEC_BIN) ; # changes should be infrequent
+ /etc/protocols -> $(SEC_BIN) ;
+ /etc/services -> $(SEC_BIN) ;
+ /etc/rc.d/init.d -> $(SEC_BIN) ;
+ /etc/rc.d -> $(SEC_BIN) ;
+# /etc/mail.rc -> $(SEC_BIN) ;
+ /etc/modules.conf -> $(SEC_BIN) ;
+# /etc/motd -> $(SEC_BIN) ;
+# /etc/named.conf -> $(SEC_BIN) ;
+ /etc/passwd -> $(SEC_CONFIG) ;
+ /etc/passwd- -> $(SEC_CONFIG) ;
+ /etc/profile.d -> $(SEC_BIN) ;
+# /var/lib/nfs/rmtab -> $(SEC_BIN) ;
+# /usr/sbin/fixrmtab -> $(SEC_BIN) ;
+# /etc/rpc -> $(SEC_BIN) ;
+# /etc/sysconfig -> $(SEC_BIN) ;
+ /var/ipfire/samba/smb.conf -> $(SEC_CONFIG) ;
+ #/etc/gettydefs -> $(SEC_BIN) ;
+ /etc/nsswitch.conf -> $(SEC_BIN) ;
+# /etc/yp.conf -> $(SEC_BIN) ;
+ /etc/hosts -> $(SEC_CONFIG) ;
+# /etc/xinetd.conf -> $(SEC_CONFIG) ;
+ /etc/inittab -> $(SEC_CONFIG) ;
+ /etc/resolv.conf -> $(SEC_CONFIG) ;
+ /etc/syslog.conf -> $(SEC_CONFIG) ;
+}
+
+ ####################
+ # ##
+#################### #
+# # #
+# Critical devices # #
+# ##
+####################
+(
+ rulename = "Critical devices",
+# emailto = <email addr>,
+ severity = $(SIG_HI),
+ recurse = false
+)
+{
+ /dev/kmem -> $(Device) ;
+ /dev/mem -> $(Device) ;
+ /dev/null -> $(Device) ;
+ /dev/zero -> $(Device) ;
+ /proc/devices -> $(Device) ;
+ /proc/net -> $(Device) ;
+# /proc/sys -> $(Device) ;
+ /proc/cpuinfo -> $(Device) ;
+ /proc/modules -> $(Device) ;
+ /proc/mounts -> $(Device) ;
+ /proc/dma -> $(Device) ;
+ /proc/filesystems -> $(Device) ;
+ /proc/pci -> $(Device) ;
+ /proc/interrupts -> $(Device) ;
+# /proc/driver/rtc -> $(Device) ;
+ /proc/ioports -> $(Device) ;
+# /proc/scsi -> $(Device) ;
+# /proc/kcore -> $(Device) ;
+ /proc/self -> $(Device) ;
+ /proc/kmsg -> $(Device) ;
+ /proc/stat -> $(Device) ;
+# /proc/ksyms -> $(Device) ;
+ /proc/loadavg -> $(Device) ;
+ /proc/uptime -> $(Device) ;
+ /proc/locks -> $(Device) ;
+ /proc/version -> $(Device) ;
+# /proc/mdstat -> $(Device) ;
+ /proc/meminfo -> $(Device) ;
+ /proc/cmdline -> $(Device) ;
+ /proc/misc -> $(Device) ;
+}
+
+# Rest of critical system binaries
+(
+ rulename = "OS executables and libraries",
+# emailto = <email addr>,
+ severity = $(SIG_HI)
+)
+{
+ /bin -> $(SEC_BIN) ;
+ /lib -> $(SEC_BIN) ;
+}
+
+
+#=============================================================================
+#
+# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Inc. in the United States and other countries. All rights reserved.
+#
+# Linux is a registered trademark of Linus Torvalds.
+#
+# UNIX is a registered trademark of The Open Group.
+#
+#=============================================================================
+#
+# Permission is granted to make and distribute verbatim copies of this document
+# provided the copyright notice and this permission notice are preserved on all
+# copies.
+#
+# Permission is granted to copy and distribute modified versions of this
+# document under the conditions for verbatim copying, provided that the entire
+# resulting derived work is distributed under the terms of a permission notice
+# identical to this one.
+#
+# Permission is granted to copy and distribute translations of this document
+# into another language, under the above conditions for modified versions,
+# except that this permission notice may be stated in a translation approved by
+# Tripwire, Inc.
+#
+# DCM
WARNING: translation string unused: current ovpn
WARNING: translation string unused: current profile
WARNING: translation string unused: dat without key
+WARNING: translation string unused: dbfile
WARNING: translation string unused: ddns help dnsmadeeasy
WARNING: translation string unused: ddns help freedns
WARNING: translation string unused: ddns help plus
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: download
WARNING: translation string unused: dynamic dns client
+WARNING: translation string unused: editor
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: javascript menu error2
WARNING: translation string unused: kernel version
WARNING: translation string unused: key stuff
+WARNING: translation string unused: lateprompting
WARNING: translation string unused: line
WARNING: translation string unused: linkq
WARNING: translation string unused: local hard disk
+WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: ls_free/swan
WARNING: translation string unused: package failed to install
WARNING: translation string unused: password crypting key
WARNING: translation string unused: pc
+WARNING: translation string unused: polfile
WARNING: translation string unused: pots
WARNING: translation string unused: profiles
WARNING: translation string unused: proxy no proxy extend
WARNING: translation string unused: refresh update list
WARNING: translation string unused: released
WARNING: translation string unused: removable device advice
+WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
WARNING: translation string unused: restore hardware settings
+WARNING: translation string unused: root
WARNING: translation string unused: root path
WARNING: translation string unused: root user password
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: sectors written to disk per second
WARNING: translation string unused: select media
WARNING: translation string unused: shared memory
+WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: written sectors
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year
-WARNING: translation string unused: yes
WARNING: untranslated string: IPFires hostname
WARNING: untranslated string: Number of IPs for the pie chart
WARNING: untranslated string: Number of Ports for the pie chart
WARNING: translation string unused: current profile
WARNING: translation string unused: daily firewallhits
WARNING: translation string unused: dat without key
+WARNING: translation string unused: dbfile
WARNING: translation string unused: debugme
WARNING: translation string unused: description
WARNING: translation string unused: dhcp server disabled on blue interface
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: done
WARNING: translation string unused: dynamic dns client
+WARNING: translation string unused: editor
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: javascript menu error2
WARNING: translation string unused: kernel version
WARNING: translation string unused: key stuff
+WARNING: translation string unused: lateprompting
WARNING: translation string unused: line
WARNING: translation string unused: linkq
WARNING: translation string unused: local hard disk
+WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: ls_free/swan
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
WARNING: translation string unused: pc
+WARNING: translation string unused: polfile
WARNING: translation string unused: pots
WARNING: translation string unused: profiles
WARNING: translation string unused: psk
WARNING: translation string unused: reboot schedule
WARNING: translation string unused: refresh update list
WARNING: translation string unused: released
+WARNING: translation string unused: reportfile
WARNING: translation string unused: requested data
WARNING: translation string unused: restore hardware settings
+WARNING: translation string unused: root
WARNING: translation string unused: root user password
WARNING: translation string unused: save error
WARNING: translation string unused: sectors read from disk per second
WARNING: translation string unused: sectors written to disk per second
WARNING: translation string unused: shaping add options
WARNING: translation string unused: shared memory
+WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: written sectors
WARNING: translation string unused: year
WARNING: translation string unused: yearly firewallhits
-WARNING: translation string unused: yes
WARNING: untranslated string: IPFires hostname
WARNING: untranslated string: Number of IPs for the pie chart
WARNING: untranslated string: Number of Ports for the pie chart
my $errormessage = "";
my @Logs = qx(ls /var/log/samba/);
my $Log =$Lang::tr{'no log selected'};
-my $defaultoption= "[Share]\npath = /var/samba/share1\ncomment = Share - Public Access\nbrowseable = yes\nwriteable = yes\ncreate mask = 0777\ndirectory mask = 0777\nguest ok = yes\npublic = yes\nforce user = samba";
+my $defaultoption= "[Share]\npath = /var/ipfire/samba/share1\ncomment = Share - Public Access\nbrowseable = yes\nwriteable = yes\ncreate mask = 0777\ndirectory mask = 0777\npublic = yes\nforce user = samba";
my $userentry = "";
my @user = ();
my @userline = ();
if ($sambasettings{'ACTION'} eq 'globalreset')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
- <tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>Globals zurück setzen?</b>
+ <tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>$Lang::tr{'resetglobals'}</b>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- Yes <input type='image' alt='Yes' src='/images/edit-redo.png' />
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='globalresetyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' alt='No' src='/images/dialog-error.png' /> No
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
if ($sambasettings{'ACTION'} eq 'sharesreset')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
- <tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>Shares zurück setzen?</b>
+ <tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>$Lang::tr{'resetshares'}</b>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- Yes <input type='image' alt='Yes' src='/images/edit-redo.png' />
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='sharesresetyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' alt='No' src='/images/dialog-error.png' /> No
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
&Header::openbox('100%', 'center', $Lang::tr{'samba'});
print <<END
<hr />
+ <br />
<table width='95%' cellspacing='0'>
END
;
}
print <<END
-<tr><td colspan='3'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'all services'}</b></td></tr>
</table><table width='95%' cellspacing='0'>
END
print <<END
</table>
+<br />
<table width='95%' cellspacing='0'>
-<tr><td colspan='4'><br /></td></tr>
<tr><td align='left' width='40%' />
<td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbstart' /><input type='image' alt='$Lang::tr{'smbstart'}' src='/images/go-up.png' /></form></td>
<td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbstop' /><input type='image' alt='$Lang::tr{'smbstop'}' src='/images/go-down.png' /></form></td>
<td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbrestart' /><input type='image' alt='$Lang::tr{'smbrestart'}' src='/images/view-refresh.png' /></form></td></tr>
</table>
-
+<br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
-<tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'workgroup'}</td><td align='left'><input type='text' name='WORKGRP' value='$sambasettings{'WORKGRP'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'netbios name'}</td><td align='left'><input type='text' name='NETBIOSNAME' value='$sambasettings{'NETBIOSNAME'}' size="30" /></td></tr>
print <<END
</table>
+<br />
<table width='10%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
<input type='image' alt='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td>
if ($sambasettings{'ACTION'} eq 'globalcaption')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save settings'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'restore settings'}</td></tr>
}
print <<END
<hr />
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='6'><br /></td></tr>
<tr><td colspan='6' align='left'></td></tr>
<tr><td bgcolor='${Header::table1colour}' colspan='7' align='left'><b>$Lang::tr{'accounting'}</b></td></tr>
<tr><td align='left'><u>$Lang::tr{'username'}</u></td><td align='left'><u>$Lang::tr{'password'}</u></td>
}
else
{
- print "<td align='left'><u>Typ</u></td>";
+ print "<td align='left'><u>$Lang::tr{'type'}</u></td>";
}
- print "<td align='left'><u>$Lang::tr{'interfaces'}</u></td><td colspan='3' width='5%' align='center'><u>$Lang::tr{'options'}</u></td></tr>";
+ print "<td align='left'><u>$Lang::tr{'status'}</u></td><td colspan='3' width='5%' align='center'><u>$Lang::tr{'options'}</u></td></tr>";
system('/usr/local/bin/sambactrl readsmbpasswd');
open(FILE, "</var/ipfire/samba/private/smbpasswd") or die "Can't read user file: $!";
@user = <FILE>;
if ($userline[4] =~ /D/)
{
print <<END
- inaktiv</td>
+ $Lang::tr{'inactive'}</td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='NAME' value='$userline[0]' />
<input type='hidden' name='ACTION' value='smbuserenable' />
else
{
print <<END
- aktiv</td>
+ $Lang::tr{'active'}</td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='NAME' value='$userline[0]' />
<input type='hidden' name='ACTION' value='smbuserdisable' />
}
print <<END
</table>
+ <br />
<table width='10%' cellspacing='0'>
- <tr><td colspan='3'><br /></td></tr>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='useradd' />
<input type='image' alt='$Lang::tr{'add user'}' src='/images/user-option-add.png' /></form></td>
if ($sambasettings{'ACTION'} eq 'usercaption')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td align='center' colspan='2'><br /></td></tr>
<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/user-option-add.png' /></td><td align='left'>$Lang::tr{'add user'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/network.png' /></td><td align='left'>$Lang::tr{'add pc'}</td></tr>
my $password = 'samba';
print <<END
<hr />
+ <br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'change passwords'}</b></td></tr>
<tr><td align='left'>$Lang::tr{'username'}</td><td><input type='text' name='USERNAME' value='$username' size='30' /></td></tr>
<tr><td align='left'>$Lang::tr{'password'}</td><td><input type='password' name='PASSWORD' value='$password' size='30' /></td></tr>
$password=~s/\s//g;
print <<END
<hr />
+ <br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'add user'}</b></td></tr>
<tr><td align='left'>$Lang::tr{'username'}</td><td><input type='text' name='USERNAME' value='$username' size='30' /></td></tr>
<tr><td align='left'>$Lang::tr{'password'}</td><td><input type='password' name='PASSWORD' value='$password' size='30' /></td></tr>
$pcname=~s/\s//g;
print <<END
<hr />
+ <br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'pc add'}</b></td></tr>
<tr><td align='left'>$Lang::tr{'client'}</td><td><input type='text' name='PCNAME' value='$pcname' size='30' /></td></tr>
<tr><td align='left'>$Lang::tr{'unix group'}</td><td><input type='text' name='GROUP' value='sambawks' size='30' /></td></tr>
print <<END
<hr />
+<br />
<table width='95%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
<tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'manage shares'}</b>
<tr><td align='left'><u>$Lang::tr{'sharename'}</u></td><td colspan='2' width="5%" align='center'><u>$Lang::tr{'options'}</u></td></tr>
END
print <<END
</table>
+<br />
<table width='10%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='shareadd' />
<input type='image' alt='$Lang::tr{'add share'}' src='/images/list-add.png' />
if ($sambasettings{'ACTION'} eq 'sharecaption')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td align='center' colspan='2'><br /></td></tr>
- <tr><td align='center' colspan='2'><b>Legende:</b></td></tr>
+ <tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/list-add.png' /></td><td align='left'>$Lang::tr{'add share'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/edit.gif' /></td><td align='left'>$Lang::tr{'edit share'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save config'}</td></tr>
{
print <<END
<hr />
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'add share'}</b></td></tr>
<tr><td colspan='2' align='center'></td></tr>
<tr><td colspan='2' align='center'>$Lang::tr{'show share options'}<form method='post' action='$ENV{'SCRIPT_NAME'}'>
</form></td></tr>
<form method='post' action='$ENV{'SCRIPT_NAME'}'><tr><td colspan='2' align='center'><textarea name="SHAREOPTION" cols="50" rows="15" Wrap="off">$defaultoption</textarea></td></tr>
</table>
+ <br />
<table width='10%' cellspacing='0'>
- <tr><td><br /></td></tr>
<tr><td align='center'><input type='hidden' name='ACTION' value='smbshareadd' />
<input type='image' alt='$Lang::tr{'add share'}' src='/images/media-floppy.png' /></td></tr></form>
</table>
}
print <<END
<hr />
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td colspan='2'><br /></td></tr>
<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'edit share'}</b></td></tr>
<tr><td colspan='2' align='center'></td></tr>
<tr><td colspan='2' align='center'>$Lang::tr{'show share options'}<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
<tr><td colspan='2' align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'><textarea name="SHAREOPTION" cols="50" rows="15" Wrap="off">$shareoption</textarea></td></tr>
</table>
+ <br />
<table width='10%' cellspacing='0'>
- <tr><td><br /></td></tr>
<tr><td align='center'><input type='hidden' name='NAME' value='$sambasettings{'NAME'}' />
<input type='image' alt='$Lang::tr{'change share'}' src='/images/media-floppy.png' />
<input type='hidden' name='ACTION' value='smbsharechange' /></form></td></tr>
if ($sambasettings{'ACTION'} eq 'optioncaption' || $sambasettings{'ACTION'} eq 'optioncaption2')
{
print <<END
+ <br />
<table width='95%' cellspacing='0'>
- <tr><td><br /></td></tr>
<tr><td><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td><u>$Lang::tr{'options'}</u></td><td><u>$Lang::tr{'meaning'}</u> / <u>$Lang::tr{'exampel'}</u></td></tr>
<tr><td>comment</td><td>$Lang::tr{'comment'}</td></tr>
print <<END
<hr />
+<br />
<table width='95%' cellspacing='0'>
-<tr><td colspan='4' align='left'><br /></td></tr>
<tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'samba status'}</b></td></tr>
<tr><td align='left'>$Status</td></tr>
</table>
print <<END
<hr />
+<br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
-<tr><td colspan='3' align='left'><br /></td></tr>
<tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'log view'}</b></td></tr>
<tr><td colspan='3' align='left'><br /></td></tr>
<tr><td align='left'><select name='LOG' style="width: 200px">
&Header::closebox();
&Header::openbox('100%', 'center', $Lang::tr{'memory'});
-print "<table><tr><td><table>";
+print "<table width='95%' cellspacing='5'>";
my $ram=0;
my $size=0;
my $used=0;
{
print <<END
<tr>
-<td> </td>
+<td align='center'> </td>
<td align='center' class='boldbase'><b>$Lang::tr{'size'}</b></td>
<td align='center' class='boldbase'><b>$Lang::tr{'used'}</b></td>
<td align='center' class='boldbase'><b>$Lang::tr{'free'}</b></td>
}
close FREE;
print <<END
-</table></td><td>
-<table>
+<tr><td class='boldbase' colspan='2'><br /></td></tr>
<tr><td class='boldbase'><b>$Lang::tr{'shared'}</b></td><td align='right'>$shared</td></tr>
<tr><td class='boldbase'><b>$Lang::tr{'buffers'}</b></td><td align='right'>$buffers</td></tr>
<tr><td class='boldbase'><b>$Lang::tr{'cached'}</b></td><td align='right'>$cached</td></tr>
</table>
-</td></tr></table>
END
;
&Header::closebox();
&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
-print "<table width=66%>\n";
+print "<table width='95%' cellspacing='5'>\n";
open(DF,'/bin/df -B M -x rootfs|');
while(<DF>)
{
}
}
close DF;
-print "<tr><td colspan='6'> \n<tr><td colspan='6'><h2>Inodes</h2>\n";
+print "<tr><td colspan='6'> \n<tr><td colspan='6'><h3>Inodes</h3>\n";
open(DF,'/bin/df -i -x rootfs|');
while(<DF>)
--- /dev/null
+#!/usr/bin/perl
+#
+# IPFire CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# (c) The IPFire Team
+
+use strict;
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %tripwiresettings = ();
+my %checked = ();
+my %netsettings = ();
+my $message = "";
+my $errormessage = "";
+my @Logs = qx(ls /var/ipfire/tripwire/report/);
+my $Log =$Lang::tr{'no log selected'};
+
+############################################################################################################################
+################################################# Tripwire Default Variablen ################################################
+
+$tripwiresettings{'ROOT'} = '/usr/sbin';
+$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
+$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
+$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr';
+$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
+$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/$(HOSTNAME)-local.key';
+$tripwiresettings{'EDITOR'} = '/usr/bin/vi';
+$tripwiresettings{'LATEPROMPTING'} = 'false';
+$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
+$tripwiresettings{'MAILNOVIOLATIONS'} = 'false';
+$tripwiresettings{'EMAILREPORTLEVEL'} = '3';
+$tripwiresettings{'REPORTLEVEL'} = '3';
+$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL';
+$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
+$tripwiresettings{'SMTPPORT'} = '25';
+$tripwiresettings{'SYSLOGREPORTING'} = 'false';
+$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
+$tripwiresettings{'SITEKEY'} = 'IPFire';
+$tripwiresettings{'LOCALKEY'} = 'IPFire';
+$tripwiresettings{'ACTION'} = '';
+
+############################################################################################################################
+######################################################### Tripwire HTML Part ###############################################
+
+&Header::showhttpheaders();
+&Header::getcgihash(\%tripwiresettings);
+&Header::openpage('Tripwire', 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+############################################################################################################################
+############################################### Tripwire Config Datei erstellen ############################################
+
+if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'})
+{
+system("/usr/local/bin/tripwirectrl readconfig");
+open (FILE, ">${General::swroot}/tripwire/tw.cfg") or die "Can't save tripwire config: $!";
+flock (FILE, 2);
+
+print FILE <<END
+
+ROOT =$tripwiresettings{'ROOT'}
+POLFILE =$tripwiresettings{'POLFILE'}
+DBFILE =$tripwiresettings{'DBFILE'}
+REPORTFILE =$tripwiresettings{'REPORTFILE'}
+SITEKEYFILE =$tripwiresettings{'SITEKEYFILE'}
+LOCALKEYFILE =$tripwiresettings{'LOCALKEYFILE'}
+EDITOR =$tripwiresettings{'EDITOR'}
+LATEPROMPTING =$tripwiresettings{'LATEPROMPTING'}
+LOOSEDIRECTORYCHECKING =$tripwiresettings{'LOOSEDIRECTORYCHECKING'}
+MAILNOVIOLATIONS =$tripwiresettings{'MAILNOVIOLATIONS'}
+EMAILREPORTLEVEL =$tripwiresettings{'EMAILREPORTLEVEL'}
+REPORTLEVEL =$tripwiresettings{'REPORTLEVEL'}
+MAILMETHOD =$tripwiresettings{'MAILMETHOD'}
+SMTPHOST =$tripwiresettings{'SMTPHOST'}
+SMTPPORT =$tripwiresettings{'SMTPPORT'}
+SYSLOGREPORTING =$tripwiresettings{'SYSLOGREPORTING'}
+MAILPROGRAM =$tripwiresettings{'MAILPROGRAM'}
+
+END
+;
+close FILE;
+
+&General::writehash("${General::swroot}/tripwire/settings", \%tripwiresettings);
+system("/usr/local/bin/tripwirectrl lockconfig");
+}
+
+############################################################################################################################
+################################################## Sicherheitsabfrage für CGI ##############################################
+
+if ($tripwiresettings{'ACTION'} eq 'globalreset')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'resetglobals'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'defaultwarning'}<br /><br /></font></td></tr>
+ <tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='globalresetyes' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'generatepolicypw')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'generatepolicy'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
+ <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+ <tr><td align='right' width='50%'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='generatepolicy' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'policyresetpw')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'resetpolicy'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
+ <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+ <tr><td align='right' width='50%'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='resetpolicyyes' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'updatedatabasepw')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'updatedatabase'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningdatabase'}<br /><br /></font></td></tr>
+ <tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
+ <tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='updatedatabaseyes' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+if ($tripwiresettings{'ACTION'} eq 'keyreset')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'keyreset'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
+ <tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='keyresetyes' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'generatekeys')
+ {
+ print <<END
+ <br />
+ <table width='95%' cellspacing='0'>
+ <tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'generatekeys'}</b>
+ <tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
+ <tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+ <input type='hidden' name='ACTION' value='generatekeysyes' /></form></td>
+ <td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'}
+ <input type='hidden' name='ACTION' value='cancel' /></form></td>
+ </tr>
+ </table>
+END
+;
+}
+
+############################################################################################################################
+######################################################## Tripwire Funktionen ###############################################
+
+if ($tripwiresettings{'ACTION'} eq 'globalresetyes'){system("/usr/local/bin/tripwirectrl globalreset");}
+if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){system("/usr/local/bin/tripwirectrl keys IPFire IPFire");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'generatereport'){system("/usr/local/bin/tripwirectrl generatereport");}
+
+############################################################################################################################
+##################################################### Tripwire globale Optionen ############################################
+
+&Header::openbox('100%', 'center', 'Tripwire');
+print <<END
+<hr />
+<br />
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'emailreportlevel'}</td><td align='left'><input type='text' name='EMAILREPORTLEVEL' value='$tripwiresettings{'EMAILREPORTLEVEL'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'reportlevel'}</td><td align='left'><input type='text' name='REPORTLEVEL' value='$tripwiresettings{'REPORTLEVEL'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'mailmethod'}</td><td align='left'><input type='text' name='MAILMETHOD' value='$tripwiresettings{'MAILMETHOD'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'smtphost'}</td><td align='left'><input type='text' name='SMTPHOST' value='$tripwiresettings{'SMTPHOST'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'smtpport'}</td><td align='left'><input type='text' name='SMTPPORT' value='$tripwiresettings{'SMTPPORT'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'mailprogramm'}</td><td align='left'><input type='text' name='MAILPROGRAM' value='$tripwiresettings{'MAILPROGRAM'}' size="30" /></td></tr>
+</table>
+<br />
+<table width='10%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
+ <input type='image' alt='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='globalreset' />
+ <input type='image' alt='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='globalcaption' />
+ <input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+</from>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'globalcaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save settings'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'restore settings'}</td></tr>
+</table>
+END
+;
+
+}
+
+&Header::closebox();
+
+############################################################################################################################
+################################################### Tripwire Init Policy and keygen ########################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'generate tripwire keys and init'});
+print <<END
+<hr />
+<br />
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'keys'}</b></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
+</table>
+<br />
+<table width='10%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='generatekeys'/>
+ <input type='image' alt='$Lang::tr{'generatekeys'}' src='/images/system-lock-screen.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='keyreset' />
+ <input type='image' alt='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='keycaption' />
+ <input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+</from>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'keycaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/system-lock-screen.png' /></td><td align='left'>$Lang::tr{'generatekeys'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'keyreset'}</td></tr>
+</table>
+END
+;
+
+}
+&Header::closebox();
+
+############################################################################################################################
+################################################# Tripwire general functions ###############################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'tripwire functions'});
+print <<END
+<hr />
+<br />
+
+<table width='95%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='generatepolicypw'/>
+ <input type='image' alt='$Lang::tr{'generatepolicy'}' src='/images/document-new.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='policyresetpw' />
+ <input type='image' alt='$Lang::tr{'resetpolicy'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='generatereport' />
+ <input type='image' alt='$Lang::tr{'generatereport'}' src='/images/document-properties.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='updatedatabasepw' />
+ <input type='image' alt='$Lang::tr{'updatedatabase'}' src='/images/network-server.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='policycaption' />
+ <input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'policycaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/document-new.png' /></td><td align='left'>$Lang::tr{'generatepolicy'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'resetpolicy'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/document-properties.png' /></td><td align='left'>$Lang::tr{'generatereport'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/network-server.png' /></td><td align='left'>$Lang::tr{'updatedatabase'}</td></tr>
+</table>
+END
+;
+
+}
+&Header::closebox();
+
+############################################################################################################################
+####################################################### Tripwire Init Policy ###############################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'});
+print <<END
+<hr />
+<br />
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'log view'}</b></td></tr>
+<tr><td colspan='3' align='left'><br /></td></tr>
+<tr><td align='left'><select name='LOG' style="width: 500px">
+END
+;
+foreach my $log (@Logs) {chomp $log;print"<option value='$log'>$log</option>";}
+print <<END
+
+</select></td><td align='left'><input type='hidden' name='ACTION' value='showlog' /><input type='image' alt='view Log' src='/images/format-justify-fill.png' /></td></tr>
+</table>
+</form>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'showlog')
+{
+$Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'});
+#$Log=~s/\n/<br \/>/g;
+#$Log=~s/\t/.... /g;
+print <<END
+<table width='95%' cellspacing='0'>
+<tr><td><br /></td></tr>
+<tr><td><pre>LOG - $Log </pre></td></tr>
+<tr><td><br /></td></tr>
+<tr><td align=center>$tripwiresettings{'LOG'}</td></tr>
+</table>
+END
+;
+
+}
+
+&Header::closebox();
+
+&Header::closebigbox();
+&Header::closepage();
\ No newline at end of file
'action' => 'Aktion',
'activate' => 'aktivieren',
'activate user' => 'Benutzer aktivieren',
+'active' => 'aktiv',
'add' => 'Hinzufügen',
'add a host' => 'Host hinzufügen:',
'add a new rule' => 'Neue Regel hinzufügen:',
'day after' => 'Tag danach',
'day before' => 'Tag davor',
'days' => 'Tage',
+'dbfile' => 'Dbfile',
'ddns help dnsmadeeasy' => 'Tragen Sie Ihre ID (oder ID Liste durch ; getrennt) in das Feld "Hostname" ein',
'ddns help freedns' => 'Tragen Sie den Connect String im Feld "Benutzername" ein',
'ddns help plus' => '<b>+</b> kennzeichnet ein Pflichtfeld',
'default networks' => 'Standard Netzwerke',
'default renewal time' => 'Standard-Aktualisierungszeit',
'default services' => 'Standard Dienste',
+'defaultwarning' => 'ACHTUNG - Ihre Einstellungen gehen hiermit verloren und werden durch die Standarteinstellungen ersetzt.',
'delete' => 'Löschen',
'delete pc' => 'PC löschen',
'delete share' => 'Freigabe löschen',
'edit network' => 'Netzwerk bearbeiten',
'edit service' => 'Dienst bearbeiten',
'edit share' => 'Freigabe bearbeiten',
+'editor' => 'Editor',
'eg' => 'z.B.:',
+'emailreportlevel' => 'Email Reportlevel',
'empty' => 'Dieses Feld kann leer bleiben',
'empty profile' => 'Unbenannt',
'enable ignore filter' => '"Ignorieren"-Filter ein',
'generate' => 'Root/Host Zertifikate generieren',
'generate a certificate' => 'Erzeuge ein Zertifikat:',
'generate root/host certificates' => 'Erzeuge Root/Host Zertifikate',
+'generate tripwire keys and init' => 'Tripwire Initalisierung',
+'generatekeys' => 'Neue Schlüssel erzeugen',
+'generatepolicy' => 'Neue Policy erstellen',
+'generatereport' => 'Neuen Report erstellen',
'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Die Erzeugung der Root und Host Zertifikate kann lange Zeit dauern. Auf älterer Hardware kann es mehrere Minuten lang dauern. Bitte haben Sie etwas Geduld.',
'genkey' => 'PSK erzeugen',
'global settings' => 'Globale Einstellungen',
'import' => 'Import',
'importkey' => 'PSK importieren',
'in' => 'Ein',
+'inactive' => 'inaktiv',
'incoming traffic in bytes per second' => 'Eingehender Verkehr in Bytes pro Sekunde',
'incorrect password' => 'Fehlerhaftes Passwort',
'info' => 'Info',
'kernel logging server' => 'Kernel-Protokollierungs-Server',
'kernel version' => 'Kernel-Version:',
'key stuff' => '2. Keys und Zertifikate',
+'keyreset' => 'Schlüssel zurück setzen',
+'keys' => 'Schlüssel',
'lan' => 'LAN',
'languagepurpose' => 'Wählen Sie eine Sprache, in der IPFire angezeigt werden soll:',
'last activity' => 'Letzte Aktivitaet',
+'lateprompting' => 'Late prompting',
'lease expires' => 'Zuordnung verfällt',
'legend' => 'Legende',
'line' => 'Leitung',
'local subnet' => 'Lokales Subnetz:',
'local subnet is invalid' => 'Lokales Subnet ist ungültig.',
'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP',
+'localkey' => 'Localkey',
+'localkeyfile' => 'Localkeyfile',
'log' => 'Protokoll:',
'log enabled' => 'Log aktiviert',
'log level' => 'Log Level',
'logging server' => 'Protokollierungs-Server',
'loginlogout' => 'Login/Logout',
'lookup failed' => 'Reverse Lookup gescheitert',
+'loosedirectorychecking' => 'Loose directorychecking',
'low' => 'Niedrig',
'ls_dhcpd' => 'DHCP-Server:',
'ls_disk space' => 'Plattenplatz:',
'mac address' => 'MAC-Adresse',
'mac address in use' => 'MAC-Adresse bereits vergeben',
'magic packet send to:' => 'Sende WOL-Paket an',
+'mailmethod' => 'Mail Methode',
+'mailprogramm' => 'Mail Programm',
'main page' => 'Startseite',
'manage ovpn' => '5. Tunnel Management',
'manage shares' => 'Freigaben verwalten',
'phonebook entry' => 'Telefonbuch-Eintrag:',
'ping disabled' => 'Ping Antwort deaktivieren',
'pkcs12 file password' => 'PKCS12 Datei-Passwort',
+'polfile' => 'Polfile',
'port' => 'Port',
'port forwarding configuration' => 'Konfiguration der Port-Weiterleitung',
'ports' => 'Ports',
'remove' => 'Löschen',
'remove ca certificate' => 'CA-Zertifikat entfernen',
'remove x509' => 'Entferne alle CA und Zertifizikate',
+'reportfile' => 'Reportfile',
+'reportlevel' => 'Report Level',
'requested data' => '1. Verbindungs Einstellungen',
'reserved dst port' => 'Dieser Zielport ist für die ausschließliche Benutzung durch IPFire reserviert:',
'reserved src port' => 'Dieser Quellport ist für die ausschließliche Benutzung durch IPFire reserviert:',
'reset' => 'Zurück setzen',
'reset shares' => 'Freigaben zurücksetzen',
+'resetglobals' => 'Globale Einstellungen zurücksetzen',
+'resetpolicy' => 'Policy zurück setzen',
+'resetshares' => 'Shares zurücksetzen?',
'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Zurücksetzen der VPN-Konfiguration wird die Root-CA, die Host-Zertifikate und alle weiteren Zertifikate und alle zertifikatsbasierten Verbindungen entfernen',
'restart' => 'Neustart',
'restart ovpn server' => 'OpenVPN Server neu starten',
'restore hardware settings' => 'Hardware-Einstellungen wiederherstellen',
'restore settings' => 'Einstellungen wiederherstellen',
'reverse sort' => 'In umgekehrter chronologischer Reihenfolge sortieren',
+'root' => 'Root',
'root certificate' => 'Root-Zertifikat',
'root path' => 'Root-Pfad',
'root user password' => 'Root Passwort',
'shutdown2' => 'Herunterfahren:',
'shutting down' => 'Fahre herunter',
'shutting down ipfire' => 'Fahre IPFire herunter',
+'sitekey' => 'Sitekey',
+'sitekeyfile' => 'Sitekeyfile',
'size' => 'Größe',
'smbreload' => 'Samba Dienste durchstarten',
'smbstart' => 'Samba Dienste starten',
'smbstop' => 'Samba Dienste beenden',
+'smtphost' => 'Smtp Host',
+'smtpport' => 'Smtp Port',
'snort hits' => 'Gesamtanzahl der aktivierten Intrusion-Regeln für',
'sort ascending' => 'Sortiere aufsteigend',
'sort descending' => 'Sortiere absteigend',
'traffic shaping settings' => 'Einstellungen der Datenflußkontrolle',
'transfer limits' => 'Transferbeschränkungen',
'transparent on' => 'Transparent auf',
+'tripwire functions' => 'Tripwire Funktionen',
+'tripwire reports' => 'Tripwire Reports',
+'tripwirewarningdatabase' => 'ACHTUNG - Ihre Datenbank wird auf den Stand des letzten Reports gesetzt, bitte versichern sie sich, dass keine unautorisiertend Änderungen vorgenommen wurden. Hierfür wird der Local-Key benötigt.',
+'tripwirewarningkeys' => 'ACHTUNG - Sie löschen hiermit ihre bestehenden Schlüssel, ihre Konfiguration und Datenbank und legen Alles neu an.',
+'tripwirewarningpolicy' => 'ACHTUNG - Ihr Policy wird neu erzeugt, anschließen wird die Datenbank neu initialisiert. Hierfür wird der Site-Key benötigt.',
'tuesday' => 'Dienstag',
'type' => 'Typ',
'umount' => 'Abmelden',
'update' => 'Aktualisieren',
'update time' => 'Aktualisiere die Uhrzeit:',
'update transcript' => 'Aktualisieren',
+'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen',
'updates' => 'Updates',
'updates installed' => 'Updates wurden installiert',
'updates is old1' => 'Ihre Update-Datei ist ',
'action' => 'Action',
'activate' => 'activate',
'activate user' => 'activate user',
+'active' => 'active',
'add' => 'Add',
'add a host' => 'Add a host:',
'add a new rule' => 'Add a new rule:',
'day after' => 'Day after',
'day before' => 'Day before',
'days' => 'days',
+'dbfile' => 'Dbfile',
'ddns hostname added' => 'Dynamic DNS hostname added',
'ddns hostname modified' => 'Dynamic DNS hostname modified',
'ddns hostname removed' => 'Dynamic DNS hostname removed',
'default networks' => 'Default networks',
'default renewal time' => 'Default Renewal Time',
'default services' => 'Default services',
+'defaultwarning' => 'WARNING - Your settings will be lost and replaced by the default ones.',
'delete' => 'Delete',
'delete pc' => 'delete workstation',
'delete share' => 'delete share',
'edit network' => 'Edit network',
'edit service' => 'Edit service',
'edit share' => 'edit share',
+'editor' => 'Editor',
'eg' => 'e.g:',
+'emailreportlevel' => 'Emailreportlevel',
'empty' => 'This field may be left blank',
'empty profile' => 'empty',
'enable ignore filter' => 'Enable ignore filter',
'generate' => 'Generate Root/Host Zertifikate',
'generate a certificate' => 'Generate a certificate:',
'generate root/host certificates' => 'Generate Root/Host Certificates',
+'generate tripwire keys and init' => 'generate tripwire keys and init',
+'generatekeys' => 'Generate Keys',
+'generatepolicy' => 'Generate new Policy',
+'generatereport' => 'Generate new Report',
'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generating the root and host certificates may take a long time. It can take up to several minutes on older hardware. Please be patient.',
'genkey' => 'Generate PSK',
'global settings' => 'Global settings',
'import' => 'Import',
'importkey' => 'Import PSK',
'in' => 'In',
+'inactive' => 'inactive',
'incoming traffic in bytes per second' => 'Incoming Traffic in Bytes per Second',
'incorrect password' => 'Incorrect password',
'info' => 'Info',
'kernel logging server' => 'Kernel logging server',
'kernel version' => 'Kernel version:',
'key stuff' => '2. Keys and Certificates',
+'keyreset' => 'Reset Keys',
+'keys' => 'keys',
'lan' => 'LAN',
'languagepurpose' => 'Select the language you wish IPFire to display in:',
'last activity' => 'Last Activity',
+'lateprompting' => 'Lateprompting',
'lease expires' => 'Lease expires',
'legend' => 'Legend',
'line' => 'Line',
'local subnet' => 'Local Subnet:',
'local subnet is invalid' => 'Local subnet is invalid.',
'local vpn hostname/ip' => 'Local VPN Hostname/IP',
+'localkey' => 'Localkey',
+'localkeyfile' => 'Localkeyfile',
'log' => 'Log:',
'log enabled' => 'Log Enabled',
'log level' => 'Log Level',
'log settings' => 'Log Settings',
'log summaries' => 'Log summaries',
'log summary' => 'Log Summary',
-'log view' => 'log view',
+'log view' => 'Log View',
'log viewer' => 'Log viewer',
'log viewing options' => 'Log viewing options',
'log-options' => 'Logfile options',
'logging server' => 'Logging server',
'loginlogout' => 'Login/Logout',
'lookup failed' => 'Reverse lookup failed',
+'loosedirectorychecking' => 'Loosedirectorychecking',
'low' => 'Low',
'ls_dhcpd' => 'DHCP Server:',
'ls_disk space' => 'Disk space:',
'mac address' => 'MAC Address',
'mac address in use' => 'MAC address already in use',
'magic packet send to:' => 'Magic packet send to:',
+'mailmethod' => 'Mailmethod',
+'mailprogramm' => 'Mailprogramm',
'main page' => 'Main page',
'manage ovpn' => '5. Tunnel Management:',
-'manage shares' => 'manage shares',
+'manage shares' => 'Manage Shares',
'manual' => 'Manual',
'manual control and status' => 'Manual control and status:',
'manually' => 'Manually',
'phonebook entry' => 'Phonebook entry:',
'ping disabled' => 'Disable ping response',
'pkcs12 file password' => 'PKCS12 File Password',
+'polfile' => 'Polfile',
'port' => 'Port',
'port forwarding configuration' => 'Port forwarding configuration',
'ports' => 'Ports',
'remote subnet is invalid' => 'Remote subnet is invalid.',
'remove' => 'Remove',
'remove ca certificate' => 'Remove CA Certificate',
+'reportfile' => 'Reportfile',
+'reportlevel' => 'Reportlevel',
'requested data' => '1. Connection Settings:',
'reserved dst port' => 'Destination port is reserved for IPFire use only:',
'reserved src port' => 'Source port is reserved for IPFire use only:',
'reset' => 'Reset',
'reset shares' => 'reset share',
+'resetglobals' => 'reset global settings',
+'resetpolicy' => 'Reset policy to default',
+'resetshares' => 'reset shares?',
'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the VPN configuration will remove the root CA, the host certificate and all certificate based connections',
'restart' => 'Restart',
'restart ovpn server' => 'Restart OpenVPN Server',
'restore hardware settings' => 'Restore hardware settings',
'restore settings' => 'Reset Settings',
'reverse sort' => 'Sort in reverse chronological order',
+'root' => 'Root',
'root certificate' => 'Root Certificate',
'root user password' => 'root password',
'route subnet is invalid' => 'Additional push route subnet is invalid',
'shutdown2' => 'Shutdown:',
'shutting down' => 'Shutting down',
'shutting down ipfire' => 'Shutting down IPFire',
+'sitekey' => 'Sitekey',
+'sitekeyfile' => 'Sitekeyfile',
'size' => 'Size',
'smbreload' => 'Samba Dienste durchstarten',
'smbstart' => 'Samba Dienste starten',
'smbstop' => 'Samba Dienste beenden',
+'smtphost' => 'Smtp Host',
+'smtpport' => 'Smtp Port',
'snort hits' => 'Total of number of Intrusion rules activated for',
'sort ascending' => 'Sort Ascending',
'sort descending' => 'Sort Descending',
'trafficto' => 'To',
'transfer limits' => 'Transfer limits',
'transparent on' => 'Transparent on',
+'tripwire functions' => 'tripwire functions',
+'tripwire reports' => 'tripwire reports',
+'tripwirewarningdatabase' => 'WARNING - Your Database will be updated with the data of the last report. Please ensure that no unauthorized changes are reported. Therefor the Local-Key is needed.',
+'tripwirewarningkeys' => 'WARNING - This will erase your current keys, config, and database and generate them new.',
+'tripwirewarningpolicy' => 'WARNING - Your policy will be rebuild, after that your database will be reinitalised. Therefor the Site-Key ist neeeded.',
'tuesday' => 'Tuesday',
-'type' => 'Type',
+'type' => 'type',
'unable to alter profiles while red is active' => 'Unable to alter profiles while RED is active.',
'unable to contact' => 'Unable to contact',
'unencrypted' => 'Unencrypted',
'update' => 'Update',
'update time' => 'Update the time:',
'update transcript' => 'Update transcript',
+'updatedatabase' => 'Update Database with last Report',
'updates' => 'Updates',
'updates installed' => 'Updates Installed',
'updates is old1' => 'Your update file is ',
cp -vf $(DIR_APP)/bin/$$i /usr/sbin; \
done
@rm -rf $(DIR_APP)
+ cp -vrf $(DIR_SRC)/config/tripwire/* /var/ipfire/tripwire/
+ cp -vfp /var/ipfire/tripwire/twcfg.txt /var/ipfire/tripwire/twcfg.default
+ cp -vfp /var/ipfire/tripwire/twpol.txt /var/ipfire/tripwire/twpol.default
@$(POSTBUILD)
if (strcmp(argv[1], "smbstop")==0)
{
safe_system("/etc/rc.d/init.d/samba stop");
+ printf(command);
return 0;
}
if (strcmp(argv[1], "smbstart")==0)
{
safe_system("/etc/rc.d/init.d/samba start");
+ printf(command);
return 0;
}
if (strcmp(argv[1], "smbrestart")==0)
{
safe_system("/etc/rc.d/init.d/samba restart");
+ printf(command);
return 0;
}
if (strcmp(argv[1], "smbreload")==0)
{
safe_system("/etc/rc.d/init.d/samba reload");
+ printf(command);
return 0;
}
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+#define BUFFER_SIZE 1024
+
+char command[BUFFER_SIZE];
+
+int main(int argc, char *argv[])
+{
+
+ if (!(initsetuid()))
+ exit(1);
+
+ // Check what command is asked
+ if (argc==1)
+ {
+ fprintf (stderr, "Missing tripwirectrl command!\n");
+ return 1;
+ }
+
+ if (strcmp(argv[1], "tripwirelog")==0)
+ {
+ char log;
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
+ log=safe_system(command);
+ printf(command);
+ return(log);
+ }
+
+ if (strcmp(argv[1], "generatereport")==0)
+ {
+ safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg");
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "updatedatabase")==0)
+ {
+ char file;
+ file=safe_system("ls -S | tail -1");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s --twrfile %s", argv[2], file);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "keys")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/$(HOSTNAME)-local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/$(HOSTNAME)-local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/$(HOSTNAME)-local.key", argv[3]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "generatepolicy")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "resetpolicy")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "readconfig")==0)
+ {
+ safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "lockconfig")==0)
+ {
+ safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
+ printf(command);
+ return 0;
+ }
+}
\ No newline at end of file