]>
Commit | Line | Data |
---|---|---|
1 | @@section GLOBAL | |
2 | TWROOT=/usr/sbin; | |
3 | TWBIN=/usr/sbin; | |
4 | TWPOL="/var/ipfire/tripwire"; | |
5 | TWDB="/var/ipfire/tripwire"; | |
6 | TWSKEY="/var/ipfire/tripwire"; | |
7 | TWLKEY="/var/ipfire/tripwire"; | |
8 | TWREPORT="/var/ipfire/tripwire/report"; | |
9 | HOSTNAME=ipfire; | |
10 | ||
11 | @@section FS | |
12 | SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change | |
13 | SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often | |
14 | SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership | |
15 | SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership | |
16 | SIG_LOW = 33 ; # Non-critical files that are of minimal security impact | |
17 | SIG_MED = 66 ; # Non-critical files that are of significant security impact | |
18 | SIG_HI = 100 ; # Critical files that are significant points of vulnerability | |
19 | ||
20 | # System Files | |
21 | ||
22 | ( | |
23 | rulename = "System Files", | |
24 | severity = $(SIG_HI) | |
25 | ) | |
26 | { | |
27 | $(TWDB) -> $(SEC_CRIT) ; | |
28 | $(TWPOL)/tw.pol -> $(SEC_CRIT) -i ; | |
29 | $(TWPOL)/tw.cfg -> $(SEC_CRIT) -i ; | |
30 | $(TWLKEY)/local.key -> $(SEC_CRIT) ; | |
31 | $(TWSKEY)/site.key -> $(SEC_CRIT) ; | |
32 | ||
33 | /bin -> $(SEC_CRIT) ; | |
34 | /boot -> $(SEC_CRIT) ; | |
35 | /etc -> $(SEC_CRIT) ; | |
36 | /lib -> $(SEC_CRIT) ; | |
37 | /root -> $(SEC_CRIT) ; | |
38 | /root/.bash_history -> $(Dynamic) ; | |
39 | /sbin -> $(SEC_CRIT) ; | |
40 | /usr -> $(SEC_CRIT) ; | |
41 | !/usr/src ; | |
42 | /etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount | |
43 | ||
44 | #don't scan the individual reports | |
45 | $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ; | |
46 | } | |
47 | ||
48 | # Commonly accessed directories that should remain static with regards to owner and group | |
49 | ( | |
50 | rulename = "Invariant Directories", | |
51 | severity = $(SIG_MED) | |
52 | ) | |
53 | { | |
54 | / -> $(SEC_INVARIANT) (recurse = 0) ; | |
55 | /home -> $(SEC_INVARIANT) (recurse = 0) ; | |
56 | /tmp -> $(SEC_INVARIANT) ; | |
57 | } | |
58 | ||
59 | # Critical Devices | |
60 | ||
61 | ( | |
62 | rulename = "Critical devices", | |
63 | severity = $(SIG_HI), | |
64 | recurse = false | |
65 | ) | |
66 | { | |
67 | /dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout. | |
68 | /dev/initctl -> $(SEC_CONFIG) ; /dev/log -> $(SEC_CONFIG) ; | |
69 | /proc/modules -> $(Device) ; | |
70 | /proc/mounts -> $(Device) ; | |
71 | /proc/filesystems -> $(Device) ; | |
72 | /proc/misc -> $(Device) ; | |
73 | /var/log -> $(SEC_CONFIG) ; | |
74 | } |