]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - config/tripwire/twpol.txt
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Tripwire Gui integrierto>
[people/pmueller/ipfire-2.x.git] / config / tripwire / twpol.txt
1 ##############################################################################
2 # ##
3 ############################################################################## #
4 # # #
5 # Policy file for Red Hat Linux # #
6 # V1.2.0rh # #
7 # August 9, 2001 # #
8 # ##
9 ##############################################################################
10
11
12 ##############################################################################
13 # ##
14 ############################################################################## #
15 # # #
16 # This is the example Tripwire Policy file. It is intended as a place to # #
17 # start creating your own custom Tripwire Policy file. Referring to it as # #
18 # well as the Tripwire Policy Guide should give you enough information to # #
19 # make a good custom Tripwire Policy file that better covers your # #
20 # configuration and security needs. A text version of this policy file is # #
21 # called twpol.txt. # #
22 # # #
23 # Note that this file is tuned to an 'everything' install of Red Hat Linux. # #
24 # If run unmodified, this file should create no errors on database # #
25 # creation, or violations on a subsiquent integrity check. However, it is # #
26 # impossible for there to be one policy file for all machines, so this # #
27 # existing one errs on the side of security. Your Linux configuration will # #
28 # most likey differ from the one our policy file was tuned to, and will # #
29 # therefore require some editing of the default Tripwire Policy file. # #
30 # # #
31 # The example policy file is best run with 'Loose Directory Checking' # #
32 # enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration # #
33 # file. # #
34 # # #
35 # Email support is not included and must be added to this file. # #
36 # Add the 'emailto=' to the rule directive section of each rule (add a comma # #
37 # after the 'severity=' line and add an 'emailto=' and include the email # #
38 # addresses you want the violation reports to go to). Addresses are # #
39 # semi-colon delimited. # #
40 # ##
41 ##############################################################################
42
43
44
45 ##############################################################################
46 # ##
47 ############################################################################## #
48 # # #
49 # Global Variable Definitions # #
50 # # #
51 # These are defined at install time by the installation script. You may # #
52 # Manually edit these if you are using this file directly and not from the # #
53 # installation script itself. # #
54 # ##
55 ##############################################################################
56
57 @@section GLOBAL
58 TWROOT=/usr/sbin;
59 TWBIN=/usr/sbin;
60 TWPOL="/var/ipfire/tripwire";
61 TWDB="/var/ipfire/tripwire";
62 TWSKEY="/var/ipfire/tripwire";
63 TWLKEY="/var/ipfire/tripwire";
64 TWREPORT="/var/ipfire/tripwire/report";
65 HOSTNAME=ipfire-test.homeip.net;
66
67 @@section FS
68 SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
69 SEC_SUID = $(IgnoreNone)-SHa ; # Binaries with the SUID or SGID flags set
70 SEC_BIN = $(ReadOnly) ; # Binaries that should not change
71 SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
72 SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
73 SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
74 SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
75 SIG_MED = 66 ; # Non-critical files that are of significant security impact
76 SIG_HI = 100 ; # Critical files that are significant points of vulnerability
77
78
79 # Tripwire Binaries
80 (
81 rulename = "Tripwire Binaries",
82 # emailto = <email addr>,
83 severity = $(SIG_HI)
84 )
85 {
86 $(TWBIN)/siggen -> $(SEC_BIN) ;
87 $(TWBIN)/tripwire -> $(SEC_BIN) ;
88 $(TWBIN)/twadmin -> $(SEC_BIN) ;
89 $(TWBIN)/twprint -> $(SEC_BIN) ;
90 }
91
92 # Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
93 (
94 rulename = "Tripwire Data Files",
95 # emailto = <email addr>,
96 severity = $(SIG_HI)
97 )
98 {
99 # NOTE: We remove the inode attribute because when Tripwire creates a backup,
100 # it does so by renaming the old file and creating a new one (which will
101 # have a new inode number). Inode is left turned on for keys, which shouldn't
102 # ever change.
103
104 # NOTE: The first integrity check triggers this rule and each integrity check
105 # afterward triggers this rule until a database update is run, since the
106 # database file does not exist before that point.
107
108 $(TWDB) -> $(SEC_CONFIG) -i ;
109 $(TWPOL)/tw.pol -> $(SEC_BIN) -i ;
110 $(TWPOL)/tw.cfg -> $(SEC_BIN) -i ;
111 $(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
112 $(TWSKEY)/site.key -> $(SEC_BIN) ;
113
114 #don't scan the individual reports
115 $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
116 }
117
118
119 # Tripwire HQ Connector Binaries
120 #(
121 # rulename = "Tripwire HQ Connector Binaries",
122 # emailto = <email addr>,
123 # severity = $(SIG_HI)
124 #)
125 #{
126 # $(TWBIN)/hqagent -> $(SEC_BIN) ;
127 #}
128 #
129 # Tripwire HQ Connector - Configuration Files, Keys, and Logs
130
131 ##############################################################################
132 # ##
133 ############################################################################## #
134 # # #
135 # Note: File locations here are different than in a stock HQ Connector # #
136 # installation. This is because Tripwire 2.3 uses a different path # #
137 # structure than Tripwire 2.2.1. # #
138 # # #
139 # You may need to update your HQ Agent configuation file (or this policy # #
140 # file) to correct the paths. We have attempted to support the FHS standard # #
141 # here by placing the HQ Agent files similarly to the way Tripwire 2.3 # #
142 # places them. # #
143 # ##
144 ##############################################################################
145
146 #(
147 # rulename = "Tripwire HQ Connector Data Files",
148 # emailto = <email addr>,
149 # severity = $(SIG_HI)
150 #)
151 #{
152 # #############################################################################
153 # ##############################################################################
154 # # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
155 # # it does so by renaming the old file and creating a new one (which will ##
156 # # have a new inode number). Leaving inode turned on for keys, which ##
157 # # shouldn't ever change. ##
158 # #############################################################################
159 #
160 # $(TWBIN)/agent.cfg -> $(SEC_BIN) -i ;
161 # $(TWLKEY)/authentication.key -> $(SEC_BIN) ;
162 # $(TWDB)/tasks.dat -> $(SEC_CONFIG) ;
163 # $(TWDB)/schedule.dat -> $(SEC_CONFIG) ;
164 #
165 # # Uncomment if you have agent logging enabled.
166 # #/var/log/tripwire/agent.log -> $(SEC_LOG) ;
167 #}
168
169
170
171 # Commonly accessed directories that should remain static with regards to owner and group
172 (
173 rulename = "Invariant Directories",
174 # emailto = <email addr>,
175 severity = $(SIG_MED)
176 )
177 {
178 / -> $(SEC_INVARIANT) (recurse = 0) ;
179 /home -> $(SEC_INVARIANT) (recurse = 0) ;
180 /etc -> $(SEC_INVARIANT) (recurse = 0) ;
181 }
182 ################################################
183 # ##
184 ################################################ #
185 # # #
186 # File System and Disk Administration Programs # #
187 # ##
188 ################################################
189
190 (
191 rulename = "File System and Disk Administraton Programs",
192 # emailto = <email addr>,
193 severity = $(SIG_HI)
194 )
195 {
196 # /sbin/accton -> $(SEC_CRIT) ;
197 /sbin/badblocks -> $(SEC_CRIT) ;
198 # /sbin/busybox -> $(SEC_CRIT) ;
199 # /sbin/busybox.anaconda -> $(SEC_CRIT) ;
200 # /sbin/convertquota -> $(SEC_CRIT) ;
201 # /sbin/dosfsck -> $(SEC_CRIT) ;
202 /sbin/debugfs -> $(SEC_CRIT) ;
203 # /sbin/debugreiserfs -> $(SEC_CRIT) ;
204 /sbin/dumpe2fs -> $(SEC_CRIT) ;
205 # /sbin/dump -> $(SEC_CRIT) ;
206 # /sbin/dump.static -> $(SEC_CRIT) ;
207 # /sbin/e2fsadm -> $(SEC_CRIT) ; tune2fs?
208 /sbin/e2fsck -> $(SEC_CRIT) ;
209 /sbin/e2label -> $(SEC_CRIT) ;
210 /sbin/fdisk -> $(SEC_CRIT) ;
211 /sbin/fsck -> $(SEC_CRIT) ;
212 /sbin/fsck.ext2 -> $(SEC_CRIT) ;
213 /sbin/fsck.ext3 -> $(SEC_CRIT) ;
214 # /sbin/fsck.minix -> $(SEC_CRIT) ;
215 # /sbin/fsck.msdos -> $(SEC_CRIT) ;
216 # /sbin/fsck.vfat -> $(SEC_CRIT) ;
217 # /sbin/ftl_check -> $(SEC_CRIT) ;
218 # /sbin/ftl_format -> $(SEC_CRIT) ;
219 /sbin/hdparm -> $(SEC_CRIT) ;
220 #/sbin/lvchange -> $(SEC_CRIT) ;
221 #/sbin/lvcreate -> $(SEC_CRIT) ;
222 #/sbin/lvdisplay -> $(SEC_CRIT) ;
223 #/sbin/lvextend -> $(SEC_CRIT) ;
224 #/sbin/lvmchange -> $(SEC_CRIT) ;
225 #/sbin/lvmcreate_initrd -> $(SEC_CRIT) ;
226 #/sbin/lvmdiskscan -> $(SEC_CRIT) ;
227 #/sbin/lvmsadc -> $(SEC_CRIT) ;
228 #/sbin/lvmsar -> $(SEC_CRIT) ;
229 #/sbin/lvreduce -> $(SEC_CRIT) ;
230 #/sbin/lvremove -> $(SEC_CRIT) ;
231 #/sbin/lvrename -> $(SEC_CRIT) ;
232 #/sbin/lvscan -> $(SEC_CRIT) ;
233 # /sbin/mkbootdisk -> $(SEC_CRIT) ;
234 # /sbin/mkdosfs -> $(SEC_CRIT) ;
235 /sbin/mke2fs -> $(SEC_CRIT) ;
236 /sbin/mkfs -> $(SEC_CRIT) ;
237 # /sbin/mkfs.bfs -> $(SEC_CRIT) ;
238 /sbin/mkfs.ext2 -> $(SEC_CRIT) ;
239 # /sbin/mkfs.minix -> $(SEC_CRIT) ;
240 # /sbin/mkfs.msdos -> $(SEC_CRIT) ;
241 # /sbin/mkfs.vfat -> $(SEC_CRIT) ;
242 /sbin/mkinitrd -> $(SEC_CRIT) ;
243 #/sbin/mkpv -> $(SEC_CRIT) ;
244 # /sbin/mkraid -> $(SEC_CRIT) ;
245 # /sbin/mkreiserfs -> $(SEC_CRIT) ;
246 /sbin/mkswap -> $(SEC_CRIT) ;
247 #/sbin/mtx -> $(SEC_CRIT) ;
248 # /sbin/pam_console_apply -> $(SEC_CRIT) ;
249 # /sbin/parted -> $(SEC_CRIT) ;
250 # /sbin/pcinitrd -> $(SEC_CRIT) ;
251 #/sbin/pvchange -> $(SEC_CRIT) ;
252 #/sbin/pvcreate -> $(SEC_CRIT) ;
253 #/sbin/pvdata -> $(SEC_CRIT) ;
254 #/sbin/pvdisplay -> $(SEC_CRIT) ;
255 #/sbin/pvmove -> $(SEC_CRIT) ;
256 #/sbin/pvscan -> $(SEC_CRIT) ;
257 # /sbin/quotacheck -> $(SEC_CRIT) ;
258 # /sbin/quotaon -> $(SEC_CRIT) ;
259 # /sbin/raidstart -> $(SEC_CRIT) ;
260 # /sbin/reiserfsck -> $(SEC_CRIT) ;
261 # /sbin/resize2fs -> $(SEC_CRIT) ;
262 # /sbin/resize_reiserfs -> $(SEC_CRIT) ;
263 # /sbin/restore -> $(SEC_CRIT) ;
264 # /sbin/restore.static -> $(SEC_CRIT) ;
265 # /sbin/scsi_info -> $(SEC_CRIT) ;
266 /sbin/sfdisk -> $(SEC_CRIT) ;
267 # /sbin/stinit -> $(SEC_CRIT) ;
268 #/sbin/tapeinfo -> $(SEC_CRIT) ;
269 /sbin/tune2fs -> $(SEC_CRIT) ;
270 # /sbin/unpack -> $(SEC_CRIT) ;
271 # /sbin/update -> $(SEC_CRIT) ;
272 #/sbin/vgcfgbackup -> $(SEC_CRIT) ;
273 #/sbin/vgcfgrestore -> $(SEC_CRIT) ;
274 #/sbin/vgchange -> $(SEC_CRIT) ;
275 #/sbin/vgck -> $(SEC_CRIT) ;
276 #/sbin/vgcreate -> $(SEC_CRIT) ;
277 #/sbin/vgdisplay -> $(SEC_CRIT) ;
278 #/sbin/vgexport -> $(SEC_CRIT) ;
279 #/sbin/vgextend -> $(SEC_CRIT) ;
280 #/sbin/vgimport -> $(SEC_CRIT) ;
281 #/sbin/vgmerge -> $(SEC_CRIT) ;
282 #/sbin/vgmknodes -> $(SEC_CRIT) ;
283 #/sbin/vgreduce -> $(SEC_CRIT) ;
284 #/sbin/vgremove -> $(SEC_CRIT) ;
285 #/sbin/vgrename -> $(SEC_CRIT) ;
286 #/sbin/vgscan -> $(SEC_CRIT) ;
287 #/sbin/vgsplit -> $(SEC_CRIT) ;
288 /bin/chgrp -> $(SEC_CRIT) ;
289 /bin/chmod -> $(SEC_CRIT) ;
290 /bin/chown -> $(SEC_CRIT) ;
291 /bin/cp -> $(SEC_CRIT) ;
292 # /bin/cpio -> $(SEC_CRIT) ;
293 /bin/mount -> $(SEC_CRIT) ;
294 /bin/umount -> $(SEC_CRIT) ;
295 /bin/mkdir -> $(SEC_CRIT) ;
296 /bin/mknod -> $(SEC_CRIT) ;
297 # /bin/mktemp -> $(SEC_CRIT) ;
298 /bin/rm -> $(SEC_CRIT) ;
299 /bin/rmdir -> $(SEC_CRIT) ;
300 # /bin/touch -> $(SEC_CRIT) ;
301 }
302
303 ##################################
304 # ##
305 ################################## #
306 # # #
307 # Kernel Administration Programs # #
308 # ##
309 ##################################
310
311 (
312 rulename = "Kernel Administration Programs",
313 # emailto = <email addr>,
314 severity = $(SIG_HI)
315 )
316 {
317 # /sbin/adjtimex -> $(SEC_CRIT) ;
318 /sbin/ctrlaltdel -> $(SEC_CRIT) ;
319 /sbin/depmod -> $(SEC_CRIT) ;
320 # /sbin/insmod -> $(SEC_CRIT) ;
321 /sbin/insmod.static -> $(SEC_CRIT) ;
322 # /sbin/insmod_ksymoops_clean -> $(SEC_CRIT) ;
323 # /sbin/klogd -> $(SEC_CRIT) ;
324 /sbin/ldconfig -> $(SEC_CRIT) ;
325 # /sbin/minilogd -> $(SEC_CRIT) ;
326 /sbin/modinfo -> $(SEC_CRIT) ;
327 #/sbin/nuactlun -> $(SEC_CRIT) ;
328 #/sbin/nuscsitcpd -> $(SEC_CRIT) ;
329 /sbin/pivot_root -> $(SEC_CRIT) ;
330 # /sbin/sndconfig -> $(SEC_CRIT) ;
331 /sbin/sysctl -> $(SEC_CRIT) ;
332 }
333
334 #######################
335 # ##
336 ####################### #
337 # # #
338 # Networking Programs # #
339 # ##
340 #######################
341
342 (
343 rulename = "Networking Programs",
344 # emailto = <email addr>,
345 severity = $(SIG_HI)
346 )
347 {
348 # /etc/sysconfig/network-scripts/ifdown -> $(SEC_CRIT) ;
349 # /etc/sysconfig/network-scripts/ifdown-cipcb -> $(SEC_CRIT) ;
350 # /etc/sysconfig/network-scripts/ifdown-ippp -> $(SEC_CRIT) ;
351 # /etc/sysconfig/network-scripts/ifdown-ipv6 -> $(SEC_CRIT) ;
352 # /etc/sysconfig/network-scripts/ifdown-isdn -> $(SEC_CRIT) ;
353 # /etc/sysconfig/network-scripts/ifdown-post -> $(SEC_CRIT) ;
354 # /etc/sysconfig/network-scripts/ifdown-ppp -> $(SEC_CRIT) ;
355 # /etc/sysconfig/network-scripts/ifdown-sit -> $(SEC_CRIT) ;
356 # /etc/sysconfig/network-scripts/ifdown-sl -> $(SEC_CRIT) ;
357 # /etc/sysconfig/network-scripts/ifup -> $(SEC_CRIT) ;
358 # /etc/sysconfig/network-scripts/ifup-aliases -> $(SEC_CRIT) ;
359 # /etc/sysconfig/network-scripts/ifup-cipcb -> $(SEC_CRIT) ;
360 # /etc/sysconfig/network-scripts/ifup-ippp -> $(SEC_CRIT) ;
361 # /etc/sysconfig/network-scripts/ifup-ipv6 -> $(SEC_CRIT) ;
362 # /etc/sysconfig/network-scripts/ifup-isdn -> $(SEC_CRIT) ;
363 # /etc/sysconfig/network-scripts/ifup-plip -> $(SEC_CRIT) ;
364 # /etc/sysconfig/network-scripts/ifup-plusb -> $(SEC_CRIT) ;
365 # /etc/sysconfig/network-scripts/ifup-post -> $(SEC_CRIT) ;
366 # /etc/sysconfig/network-scripts/ifup-ppp -> $(SEC_CRIT) ;
367 # /etc/sysconfig/network-scripts/ifup-routes -> $(SEC_CRIT) ;
368 # /etc/sysconfig/network-scripts/ifup-sit -> $(SEC_CRIT) ;
369 # /etc/sysconfig/network-scripts/ifup-sl -> $(SEC_CRIT) ;
370 # /etc/sysconfig/network-scripts/ifup-wireless -> $(SEC_CRIT) ;
371 # /etc/sysconfig/network-scripts/network-functions -> $(SEC_CRIT) ;
372 # /etc/sysconfig/network-scripts/network-functions-ipv6 -> $(SEC_CRIT) ;
373 /bin/ping -> $(SEC_CRIT) ;
374 /sbin/agetty -> $(SEC_CRIT) ;
375 /sbin/arp -> $(SEC_CRIT) ;
376 # /sbin/arping -> $(SEC_CRIT) ;
377 /sbin/dhcpcd -> $(SEC_CRIT) ;
378 # /sbin/ether-wake -> $(SEC_CRIT) ;
379 #/sbin/getty -> $(SEC_CRIT) ;
380 # /sbin/ifcfg -> $(SEC_CRIT) ;
381 /sbin/ifconfig -> $(SEC_CRIT) ;
382 # /sbin/ifdown -> $(SEC_CRIT) ;
383 # /sbin/ifenslave -> $(SEC_CRIT) ;
384 # /sbin/ifport -> $(SEC_CRIT) ;
385 # /sbin/ifup -> $(SEC_CRIT) ;
386 # /sbin/ifuser -> $(SEC_CRIT) ;
387 /sbin/ip -> $(SEC_CRIT) ;
388 # /sbin/ip6tables -> $(SEC_CRIT) ;
389 # /sbin/ipchains -> $(SEC_CRIT) ;
390 # /sbin/ipchains-restore -> $(SEC_CRIT) ;
391 # /sbin/ipchains-save -> $(SEC_CRIT) ;
392 # /sbin/ipfwadm -> $(SEC_CRIT) ;
393 /sbin/ipmaddr -> $(SEC_CRIT) ;
394 /sbin/iptables -> $(SEC_CRIT) ;
395 # /sbin/iptables-restore -> $(SEC_CRIT) ;
396 # /sbin/iptables-save -> $(SEC_CRIT) ;
397 # /sbin/iptunnel -> $(SEC_CRIT) ;
398 # /sbin/ipvsadm -> $(SEC_CRIT) ;
399 # /sbin/ipvsadm-restore -> $(SEC_CRIT) ;
400 # /sbin/ipvsadm-save -> $(SEC_CRIT) ;
401 # /sbin/ipx_configure -> $(SEC_CRIT) ;
402 # /sbin/ipx_interface -> $(SEC_CRIT) ;
403 # /sbin/ipx_internal_net -> $(SEC_CRIT) ;
404 # /sbin/iwconfig -> $(SEC_CRIT) ;
405 # /sbin/iwgetid -> $(SEC_CRIT) ;
406 # /sbin/iwlist -> $(SEC_CRIT) ;
407 # /sbin/iwpriv -> $(SEC_CRIT) ;
408 # /sbin/iwspy -> $(SEC_CRIT) ;
409 # /sbin/mgetty -> $(SEC_CRIT) ;
410 # /sbin/mingetty -> $(SEC_CRIT) ;
411 /sbin/nameif -> $(SEC_CRIT) ;
412 # /sbin/netreport -> $(SEC_CRIT) ;
413 /sbin/plipconfig -> $(SEC_CRIT) ;
414 # /sbin/portmap -> $(SEC_CRIT) ;
415 # /sbin/ppp-watch -> $(SEC_CRIT) ;
416 #/sbin/rarp -> $(SEC_CRIT) ;
417 /sbin/route -> $(SEC_CRIT) ;
418 /sbin/slattach -> $(SEC_CRIT) ;
419 /sbin/tc -> $(SEC_CRIT) ;
420 #/sbin/uugetty -> $(SEC_CRIT) ;
421 # /sbin/vgetty -> $(SEC_CRIT) ;
422 # /sbin/ypbind -> $(SEC_CRIT) ;
423 }
424
425 ##################################
426 # ##
427 ################################## #
428 # # #
429 # System Administration Programs # #
430 # ##
431 ##################################
432
433 (
434 rulename = "System Administration Programs",
435 # emailto = <email addr>,
436 severity = $(SIG_HI)
437 )
438 {
439 # /sbin/chkconfig -> $(SEC_CRIT) ;
440 # /sbin/fuser -> $(SEC_CRIT) ;
441 /sbin/halt -> $(SEC_CRIT) ;
442 /sbin/init -> $(SEC_CRIT) ;
443 # /sbin/initlog -> $(SEC_CRIT) ;
444 # /sbin/install-info -> $(SEC_CRIT) ;
445 /sbin/killall5 -> $(SEC_CRIT) ;
446 #/sbin/linuxconf -> $(SEC_CRIT) ;
447 #/sbin/linuxconf-auth -> $(SEC_CRIT) ;
448 /sbin/pam_tally -> $(SEC_CRIT) ;
449 # /sbin/pwdb_chkpwd -> $(SEC_CRIT) ;
450 #/sbin/remadmin -> $(SEC_CRIT) ;
451 # /sbin/rescuept -> $(SEC_CRIT) ;
452 # /sbin/rmt -> $(SEC_CRIT) ;
453 # /sbin/rpc.lockd -> $(SEC_CRIT) ;
454 # /sbin/rpc.statd -> $(SEC_CRIT) ;
455 # /sbin/rpcdebug -> $(SEC_CRIT) ;
456 # /sbin/service -> $(SEC_CRIT) ;
457 # /sbin/setsysfont -> $(SEC_CRIT) ;
458 /sbin/shutdown -> $(SEC_CRIT) ;
459 /sbin/sulogin -> $(SEC_CRIT) ;
460 /sbin/swapon -> $(SEC_CRIT) ;
461 # /sbin/syslogd -> $(SEC_CRIT) ;
462 # /sbin/unix_chkpwd -> $(SEC_CRIT) ;
463 /bin/pwd -> $(SEC_CRIT) ;
464 /bin/uname -> $(SEC_CRIT) ;
465 }
466
467 ########################################
468 # ##
469 ######################################## #
470 # # #
471 # Hardware and Device Control Programs # #
472 # ##
473 ########################################
474 (
475 rulename = "Hardware and Device Control Programs",
476 # emailto = <email addr>,
477 severity = $(SIG_HI)
478 )
479 {
480 /bin/setserial -> $(SEC_CRIT) ;
481 # /bin/sfxload -> $(SEC_CRIT) ;
482 /sbin/blockdev -> $(SEC_CRIT) ;
483 # /sbin/cardctl -> $(SEC_CRIT) ;
484 # /sbin/cardmgr -> $(SEC_CRIT) ;
485 # /sbin/cbq -> $(SEC_CRIT) ;
486 # /sbin/dump_cis -> $(SEC_CRIT) ;
487 /sbin/elvtune -> $(SEC_CRIT) ;
488 # /sbin/hotplug -> $(SEC_CRIT) ;
489 /sbin/hwclock -> $(SEC_CRIT) ;
490 # /sbin/ide_info -> $(SEC_CRIT) ;
491 #/sbin/isapnp -> $(SEC_CRIT) ;
492 #/sbin/kbdrate -> $(SEC_CRIT) ;
493 /sbin/losetup -> $(SEC_CRIT) ;
494 # /sbin/lspci -> $(SEC_CRIT) ;
495 # /sbin/lspnp -> $(SEC_CRIT) ;
496 /sbin/mii-tool -> $(SEC_CRIT) ;
497 # /sbin/pack_cis -> $(SEC_CRIT) ;
498 #/sbin/pnpdump -> $(SEC_CRIT) ;
499 # /sbin/probe -> $(SEC_CRIT) ;
500 #/sbin/pump -> $(SEC_CRIT) ;
501 # /sbin/setpci -> $(SEC_CRIT) ;
502 # /sbin/shapecfg -> $(SEC_CRIT) ;
503 }
504
505 ###############################
506 # ##
507 ############################### #
508 # # #
509 # System Information Programs # #
510 # ##
511 ###############################
512 (
513 rulename = "System Information Programs",
514 # emailto = <email addr>,
515 severity = $(SIG_HI)
516 )
517 {
518 # /sbin/consoletype -> $(SEC_CRIT) ;
519 # /sbin/kernelversion -> $(SEC_CRIT) ;
520 /sbin/runlevel -> $(SEC_CRIT) ;
521 }
522
523 ####################################
524 # ##
525 #################################### #
526 # # #
527 # Application Information Programs # #
528 # ##
529 ####################################
530
531 (
532 rulename = "Application Information Programs",
533 # emailto = <email addr>,
534 severity = $(SIG_HI)
535 )
536 {
537 # /sbin/genksyms -> $(SEC_CRIT) ;
538 #/sbin/genksyms.old -> $(SEC_CRIT) ;
539 /sbin/rtmon -> $(SEC_CRIT) ;
540 }
541
542 ##########################
543 # ##
544 ########################## #
545 # # #
546 # Shell Related Programs # #
547 # ##
548 ##########################
549 (
550 rulename = "Shell Related Programs",
551 # emailto = <email addr>,
552 severity = $(SIG_HI)
553 )
554 {
555 # /sbin/getkey -> $(SEC_CRIT) ;
556 /sbin/nash -> $(SEC_CRIT) ;
557 # /sbin/sash -> $(SEC_CRIT) ;
558 }
559
560
561 ################
562 # ##
563 ################ #
564 # # #
565 # OS Utilities # #
566 # ##
567 ################
568 (
569 rulename = "Operating System Utilities",
570 # emailto = <email addr>,
571 severity = $(SIG_HI)
572 )
573 {
574 /bin/arch -> $(SEC_CRIT) ;
575 # /bin/ash -> $(SEC_CRIT) ;
576 # /bin/ash.static -> $(SEC_CRIT) ;
577 # /bin/aumix-minimal -> $(SEC_CRIT) ;
578 # /bin/basename -> $(SEC_CRIT) ;
579 /bin/cat -> $(SEC_CRIT) ;
580 #/bin/consolechars -> $(SEC_CRIT) ;
581 # /bin/cut -> $(SEC_CRIT) ;
582 /bin/date -> $(SEC_CRIT) ;
583 /bin/dd -> $(SEC_CRIT) ;
584 /bin/df -> $(SEC_CRIT) ;
585 /bin/dmesg -> $(SEC_CRIT) ;
586 # /bin/doexec -> $(SEC_CRIT) ;
587 /bin/echo -> $(SEC_CRIT) ;
588 # /bin/ed -> $(SEC_CRIT) ;
589 /bin/egrep -> $(SEC_CRIT) ;
590 /bin/false -> $(SEC_CRIT) ;
591 /bin/fgrep -> $(SEC_CRIT) ;
592 # /bin/gawk -> $(SEC_CRIT) ;
593 # /bin/gawk-3.1.0 -> $(SEC_CRIT) ;
594 # /bin/gettext -> $(SEC_CRIT) ;
595 /bin/grep -> $(SEC_CRIT) ;
596 /bin/gunzip -> $(SEC_CRIT) ;
597 /bin/gzip -> $(SEC_CRIT) ;
598 /bin/hostname -> $(SEC_CRIT) ;
599 # /bin/igawk -> $(SEC_CRIT) ;
600 # /bin/ipcalc -> $(SEC_CRIT) ;
601 /bin/kill -> $(SEC_CRIT) ;
602 /bin/ln -> $(SEC_CRIT) ;
603 /bin/loadkeys -> $(SEC_CRIT) ;
604 /bin/login -> $(SEC_CRIT) ;
605 /bin/ls -> $(SEC_CRIT) ;
606 /bin/mail -> $(SEC_CRIT) ;
607 /bin/more -> $(SEC_CRIT) ;
608 # /bin/mt -> $(SEC_CRIT) ;
609 /bin/mv -> $(SEC_CRIT) ;
610 /bin/netstat -> $(SEC_CRIT) ;
611 /bin/nice -> $(SEC_CRIT) ;
612 # /bin/pgawk -> $(SEC_CRIT) ;
613 /bin/ps -> $(SEC_CRIT) ;
614 # /bin/rpm -> $(SEC_CRIT) ;
615 /bin/sed -> $(SEC_CRIT) ;
616 /bin/sleep -> $(SEC_CRIT) ;
617 # /bin/sort -> $(SEC_CRIT) ;
618 /bin/stty -> $(SEC_CRIT) ;
619 /bin/su -> $(SEC_CRIT) ;
620 /bin/sync -> $(SEC_CRIT) ;
621 /bin/tar -> $(SEC_CRIT) ;
622 /bin/true -> $(SEC_CRIT) ;
623 # /bin/usleep -> $(SEC_CRIT) ;
624 # /bin/vi -> $(SEC_CRIT) ;
625 /bin/zcat -> $(SEC_CRIT) ;
626 # /bin/zsh -> $(SEC_CRIT) ;
627 # /bin/zsh-4.0.2 -> $(SEC_CRIT) ;
628 # /sbin/sln -> $(SEC_CRIT) ;
629 # /usr/bin/vimtutor -> $(SEC_CRIT) ;
630 }
631
632 ##############################
633 # ##
634 ############################## #
635 # # #
636 # Critical Utility Sym-Links # #
637 # ##
638 ##############################
639 (
640 rulename = "Critical Utility Sym-Links",
641 # emailto = <email addr>,
642 severity = $(SIG_HI)
643 )
644 {
645 #/sbin/askrunlevel -> $(SEC_CRIT) ;
646 # /sbin/clock -> $(SEC_CRIT) ;
647 #/sbin/fixperm -> $(SEC_CRIT) ;
648 # /sbin/fsck.reiserfs -> $(SEC_CRIT) ;
649 #/sbin/fsconf -> $(SEC_CRIT) ;
650 # /sbin/ipfwadm-wrapper -> $(SEC_CRIT) ;
651 # /sbin/kallsyms -> $(SEC_CRIT) ;
652 # /sbin/ksyms -> $(SEC_CRIT) ;
653 # /sbin/lsmod -> $(SEC_CRIT) ;
654 #/sbin/mailconf -> $(SEC_CRIT) ;
655 # /sbin/mkfs.reiserfs -> $(SEC_CRIT) ;
656 #/sbin/modemconf -> $(SEC_CRIT) ;
657 /sbin/modprobe -> $(SEC_CRIT) ;
658 # /sbin/mount.ncp -> $(SEC_CRIT) ;
659 # /sbin/mount.ncpfs -> $(SEC_CRIT) ;
660 # /sbin/mount.smb -> $(SEC_CRIT) ;
661 # /sbin/mount.smbfs -> $(SEC_CRIT) ;
662 #/sbin/netconf -> $(SEC_CRIT) ;
663 # /sbin/pidof -> $(SEC_CRIT) ;
664 /sbin/poweroff -> $(SEC_CRIT) ;
665 # /sbin/quotaoff -> $(SEC_CRIT) ;
666 # /sbin/raid0run -> $(SEC_CRIT) ;
667 # /sbin/raidhotadd -> $(SEC_CRIT) ;
668 # /sbin/raidhotgenerateerror -> $(SEC_CRIT) ;
669 # /sbin/raidhotremove -> $(SEC_CRIT) ;
670 # /sbin/raidstop -> $(SEC_CRIT) ;
671 # /sbin/rdump -> $(SEC_CRIT) ;
672 # /sbin/rdump.static -> $(SEC_CRIT) ;
673 /sbin/reboot -> $(SEC_CRIT) ;
674 /sbin/rmmod -> $(SEC_CRIT) ;
675 # /sbin/rrestore -> $(SEC_CRIT) ;
676 # /sbin/rrestore.static -> $(SEC_CRIT) ;
677 /sbin/swapoff -> $(SEC_CRIT) ;
678 /sbin/telinit -> $(SEC_CRIT) ;
679 #/sbin/userconf -> $(SEC_CRIT) ;
680 #/sbin/uucpconf -> $(SEC_CRIT) ;
681 #/sbin/vregistry -> $(SEC_CRIT) ;
682 # /bin/awk -> $(SEC_CRIT) ;
683 # /bin/bash2 -> $(SEC_CRIT) ;
684 # /bin/bsh -> $(SEC_CRIT) ;
685 # /bin/csh -> $(SEC_CRIT) ;
686 /bin/dnsdomainname -> $(SEC_CRIT) ;
687 /bin/domainname -> $(SEC_CRIT) ;
688 # /bin/ex -> $(SEC_CRIT) ;
689 # /bin/gtar -> $(SEC_CRIT) ;
690 /bin/nisdomainname -> $(SEC_CRIT) ;
691 # /bin/red -> $(SEC_CRIT) ;
692 # /bin/rvi -> $(SEC_CRIT) ;
693 # /bin/rview -> $(SEC_CRIT) ;
694 # /bin/view -> $(SEC_CRIT) ;
695 # /bin/ypdomainname -> $(SEC_CRIT) ;
696 }
697
698
699 #########################
700 # ##
701 ######################### #
702 # # #
703 # Temporary directories # #
704 # ##
705 #########################
706 (
707 rulename = "Temporary directories",
708 # emailto = <email addr>,
709 recurse = false,
710 severity = $(SIG_LOW)
711 )
712 {
713 /var/tmp -> $(SEC_INVARIANT) ;
714 /tmp -> $(SEC_INVARIANT) ;
715 }
716
717 ###############
718 # ##
719 ############### #
720 # # #
721 # Local files # #
722 # ##
723 ###############
724 (
725 rulename = "User binaries",
726 # emailto = <email addr>,
727 severity = $(SIG_MED)
728 )
729 {
730 /sbin -> $(SEC_BIN) (recurse = 1) ;
731 /usr/bin -> $(SEC_BIN) (recurse = 1) ;
732 /usr/sbin -> $(SEC_BIN) (recurse = 1) ;
733 /usr/local/bin -> $(SEC_BIN) (recurse = 1) ;
734 }
735
736 (
737 rulename = "Shell Binaries",
738 # emailto = <email addr>,
739 severity = $(SIG_HI)
740 )
741 {
742 /bin/bash -> $(SEC_BIN) ;
743 /bin/sh -> $(SEC_BIN) ;
744 # /sbin/nologin -> $(SEC_BIN) ;
745 }
746
747 (
748 rulename = "Security Control",
749 # emailto = <email addr>,
750 severity = $(SIG_HI)
751 )
752 {
753 /etc/group -> $(SEC_CRIT) ;
754 /etc/security -> $(SEC_CRIT) ;
755 #/var/spool/cron/crontabs -> $(SEC_CRIT) ; # Uncomment when this file exists
756 }
757
758 #(
759 # rulename = "Boot Scripts",
760 # emailto = <email addr>,
761 # severity = $(SIG_HI)
762 #)
763 #{
764 # /etc/rc -> $(SEC_CONFIG) ;
765 # /etc/rc.bsdnet -> $(SEC_CONFIG) ;
766 # /etc/rc.dt -> $(SEC_CONFIG) ;
767 # /etc/rc.net -> $(SEC_CONFIG) ;
768 # /etc/rc.net.serial -> $(SEC_CONFIG) ;
769 # /etc/rc.nfs -> $(SEC_CONFIG) ;
770 # /etc/rc.powerfail -> $(SEC_CONFIG) ;
771 # /etc/rc.tcpip -> $(SEC_CONFIG) ;
772 # /etc/trcfmt.Z -> $(SEC_CONFIG) ;
773 #}
774
775 (
776 rulename = "Login Scripts",
777 # emailto = <email addr>,
778 severity = $(SIG_HI)
779 )
780 {
781 /etc/bashrc -> $(SEC_CONFIG) ;
782 # /etc/csh.cshrc -> $(SEC_CONFIG) ;
783 # /etc/csh.login -> $(SEC_CONFIG) ;
784 /etc/inputrc -> $(SEC_CONFIG) ;
785 # /etc/tsh_profile -> $(SEC_CONFIG) ; #Uncomment when this file exists
786 /etc/profile -> $(SEC_CONFIG) ;
787 }
788
789 # Libraries
790 (
791 rulename = "Libraries",
792 # emailto = <email addr>,
793 severity = $(SIG_MED)
794 )
795 {
796 /usr/lib -> $(SEC_BIN) ;
797 /usr/local/lib -> $(SEC_BIN) ;
798 }
799
800
801 ######################################################
802 # ##
803 ###################################################### #
804 # # #
805 # Critical System Boot Files # #
806 # These files are critical to a correct system boot. # #
807 # ##
808 ######################################################
809
810 (
811 rulename = "Critical system boot files",
812 # emailto = <email addr>,
813 severity = $(SIG_HI)
814 )
815 {
816 /boot -> $(SEC_CRIT) ;
817 #/sbin/devfsd -> $(SEC_CRIT) ;
818 # /sbin/grub -> $(SEC_CRIT) ;
819 # /sbin/grub-install -> $(SEC_CRIT) ;
820 # /sbin/grub-md5-crypt -> $(SEC_CRIT) ;
821 # /sbin/installkernel -> $(SEC_CRIT) ;
822 # /sbin/lilo -> $(SEC_CRIT) ;
823 # /sbin/mkkerneldoth -> $(SEC_CRIT) ;
824 !/boot/System.map ;
825 !/boot/module-info ;
826 # other boot files may exist. Look for:
827 #/ufsboot -> $(SEC_CRIT) ;
828 }
829 ##################################################
830 ###################################################
831 # These files change every time the system boots ##
832 ##################################################
833 (
834 rulename = "System boot changes",
835 # emailto = <email addr>,
836 severity = $(SIG_HI)
837 )
838 {
839 !/var/run/ftp.pids-all ; # Comes and goes on reboot.
840 !/root/.enlightenment ;
841 /dev/log -> $(SEC_CONFIG) ;
842 # /dev/cua0 -> $(SEC_CONFIG) ;
843 # /dev/printer -> $(SEC_CONFIG) ; # Uncomment if you have a printer device
844 /dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
845 /dev/tty1 -> $(SEC_CONFIG) ; # tty devices
846 /dev/tty2 -> $(SEC_CONFIG) ; # tty devices
847 /dev/tty3 -> $(SEC_CONFIG) ; # are extremely
848 /dev/tty4 -> $(SEC_CONFIG) ; # variable
849 /dev/tty5 -> $(SEC_CONFIG) ;
850 /dev/tty6 -> $(SEC_CONFIG) ;
851 /dev/urandom -> $(SEC_CONFIG) ;
852 /dev/initctl -> $(SEC_CONFIG) ;
853 # /var/lock/subsys -> $(SEC_CONFIG) ;
854 /var/run -> $(SEC_CONFIG) ;
855 /var/log -> $(SEC_CONFIG) ;
856 ! /var/log/mrtg/red.log ;
857 ! /var/log/mrtg/red.old ;
858 ! /var/log/mrtg/green.log ;
859 ! /var/log/mrtg/green.old ;
860 # /etc/ioctl.save -> $(SEC_CONFIG) ;
861 # /etc/issue.net -> $(SEC_CONFIG) -i ; # Inode number changes
862 /etc/issue -> $(SEC_CONFIG) ;
863 /etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
864 /lib/modules -> $(SEC_CONFIG) ;
865 /etc/.pwd.lock -> $(SEC_CONFIG) ;
866 # /lib/modules/preferred -> $(SEC_CONFIG) ; #Uncomment when this file exists
867 }
868
869 # These files change the behavior of the root account
870 (
871 rulename = "Root config files",
872 # emailto = <email addr>,
873 severity = 100
874 )
875 {
876 /root -> $(SEC_CRIT) ; # Catch all additions to /root
877 # /root/.Xresources -> $(SEC_CONFIG) ;
878 # /root/.bashrc -> $(SEC_CONFIG) ;
879 # /root/.bash_profile -> $(SEC_CONFIG) ;
880 # /root/.bash_logout -> $(SEC_CONFIG) ;
881 # /root/.cshrc -> $(SEC_CONFIG) ;
882 # /root/.tcshrc -> $(SEC_CONFIG) ;
883 #/root/Mail -> $(SEC_CONFIG) ;
884 #/root/mail -> $(SEC_CONFIG) ;
885 #/root/.amandahosts -> $(SEC_CONFIG) ;
886 #/root/.addressbook.lu -> $(SEC_CONFIG) ;
887 #/root/.addressbook -> $(SEC_CONFIG) ;
888 # /root/.bash_history -> $(SEC_CONFIG) ;
889 #/root/.elm -> $(SEC_CONFIG) ;
890 # /root/.esd_auth -> $(SEC_CONFIG) ;
891 # /root/.gnome_private -> $(SEC_CONFIG) ;
892 # /root/.gnome-desktop -> $(SEC_CONFIG) ;
893 # /root/.gnome -> $(SEC_CONFIG) ;
894 # /root/.ICEauthority -> $(SEC_CONFIG) ;
895 #/root/.mc -> $(SEC_CONFIG) ;
896 #/root/.pinerc -> $(SEC_CONFIG) ;
897 #/root/.sawfish -> $(SEC_CONFIG) ;
898 # /root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode number on login
899 #/root/.xauth -> $(SEC_CONFIG) ;
900 #/root/.xsession-errors -> $(SEC_CONFIG) ;
901 }
902
903 ################################
904 # ##
905 ################################ #
906 # # #
907 # Critical configuration files # #
908 # ##
909 ################################
910 (
911 rulename = "Critical configuration files",
912 # emailto = <email addr>,
913 severity = $(SIG_HI)
914 )
915 {
916 #/etc/conf.linuxconf -> $(SEC_BIN) ;
917 # /etc/crontab -> $(SEC_BIN) ;
918 # /etc/cron.hourly -> $(SEC_BIN) ;
919 # /etc/cron.daily -> $(SEC_BIN) ;
920 # /etc/cron.weekly -> $(SEC_BIN) ;
921 # /etc/cron.monthly -> $(SEC_BIN) ;
922 /etc/default -> $(SEC_BIN) ;
923 /etc/fstab -> $(SEC_BIN) ;
924 # /etc/exports -> $(SEC_BIN) ;
925 /etc/group- -> $(SEC_BIN) ; # changes should be infrequent
926 /etc/host.conf -> $(SEC_BIN) ;
927 /etc/hosts.allow -> $(SEC_BIN) ;
928 /etc/hosts.deny -> $(SEC_BIN) ;
929 /etc/httpd/conf -> $(SEC_BIN) ; # changes should be infrequent
930 /etc/protocols -> $(SEC_BIN) ;
931 /etc/services -> $(SEC_BIN) ;
932 /etc/rc.d/init.d -> $(SEC_BIN) ;
933 /etc/rc.d -> $(SEC_BIN) ;
934 # /etc/mail.rc -> $(SEC_BIN) ;
935 /etc/modules.conf -> $(SEC_BIN) ;
936 # /etc/motd -> $(SEC_BIN) ;
937 # /etc/named.conf -> $(SEC_BIN) ;
938 /etc/passwd -> $(SEC_CONFIG) ;
939 /etc/passwd- -> $(SEC_CONFIG) ;
940 /etc/profile.d -> $(SEC_BIN) ;
941 # /var/lib/nfs/rmtab -> $(SEC_BIN) ;
942 # /usr/sbin/fixrmtab -> $(SEC_BIN) ;
943 # /etc/rpc -> $(SEC_BIN) ;
944 # /etc/sysconfig -> $(SEC_BIN) ;
945 /var/ipfire/samba/smb.conf -> $(SEC_CONFIG) ;
946 #/etc/gettydefs -> $(SEC_BIN) ;
947 /etc/nsswitch.conf -> $(SEC_BIN) ;
948 # /etc/yp.conf -> $(SEC_BIN) ;
949 /etc/hosts -> $(SEC_CONFIG) ;
950 # /etc/xinetd.conf -> $(SEC_CONFIG) ;
951 /etc/inittab -> $(SEC_CONFIG) ;
952 /etc/resolv.conf -> $(SEC_CONFIG) ;
953 /etc/syslog.conf -> $(SEC_CONFIG) ;
954 }
955
956 ####################
957 # ##
958 #################### #
959 # # #
960 # Critical devices # #
961 # ##
962 ####################
963 (
964 rulename = "Critical devices",
965 # emailto = <email addr>,
966 severity = $(SIG_HI),
967 recurse = false
968 )
969 {
970 /dev/kmem -> $(Device) ;
971 /dev/mem -> $(Device) ;
972 /dev/null -> $(Device) ;
973 /dev/zero -> $(Device) ;
974 /proc/devices -> $(Device) ;
975 /proc/net -> $(Device) ;
976 # /proc/sys -> $(Device) ;
977 /proc/cpuinfo -> $(Device) ;
978 /proc/modules -> $(Device) ;
979 /proc/mounts -> $(Device) ;
980 /proc/dma -> $(Device) ;
981 /proc/filesystems -> $(Device) ;
982 /proc/pci -> $(Device) ;
983 /proc/interrupts -> $(Device) ;
984 # /proc/driver/rtc -> $(Device) ;
985 /proc/ioports -> $(Device) ;
986 # /proc/scsi -> $(Device) ;
987 # /proc/kcore -> $(Device) ;
988 /proc/self -> $(Device) ;
989 /proc/kmsg -> $(Device) ;
990 /proc/stat -> $(Device) ;
991 # /proc/ksyms -> $(Device) ;
992 /proc/loadavg -> $(Device) ;
993 /proc/uptime -> $(Device) ;
994 /proc/locks -> $(Device) ;
995 /proc/version -> $(Device) ;
996 # /proc/mdstat -> $(Device) ;
997 /proc/meminfo -> $(Device) ;
998 /proc/cmdline -> $(Device) ;
999 /proc/misc -> $(Device) ;
1000 }
1001
1002 # Rest of critical system binaries
1003 (
1004 rulename = "OS executables and libraries",
1005 # emailto = <email addr>,
1006 severity = $(SIG_HI)
1007 )
1008 {
1009 /bin -> $(SEC_BIN) ;
1010 /lib -> $(SEC_BIN) ;
1011 }
1012
1013
1014 #=============================================================================
1015 #
1016 # Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
1017 # Inc. in the United States and other countries. All rights reserved.
1018 #
1019 # Linux is a registered trademark of Linus Torvalds.
1020 #
1021 # UNIX is a registered trademark of The Open Group.
1022 #
1023 #=============================================================================
1024 #
1025 # Permission is granted to make and distribute verbatim copies of this document
1026 # provided the copyright notice and this permission notice are preserved on all
1027 # copies.
1028 #
1029 # Permission is granted to copy and distribute modified versions of this
1030 # document under the conditions for verbatim copying, provided that the entire
1031 # resulting derived work is distributed under the terms of a permission notice
1032 # identical to this one.
1033 #
1034 # Permission is granted to copy and distribute translations of this document
1035 # into another language, under the above conditions for modified versions,
1036 # except that this permission notice may be stated in a translation approved by
1037 # Tripwire, Inc.
1038 #
1039 # DCM
Peter's tree of IPFire 2.x