From: maniacikarus <maniacikarus@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Date: Tue, 10 Apr 2007 18:39:44 +0000 (+0000)
Subject: Tripwire Gui integrierto>
X-Git-Tag: v2.3-beta1~770
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=92004c612683f0e5b75684a4d284ed6880a0f0f7

Tripwire Gui integrierto>
Tripwire Controll Datei geschrieben
Weitere Anpassungen am Sambapaket
Tripwire Sourcen ins LFS genommen


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@487 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
---

diff --git a/config/menu/60-ipfire.menu b/config/menu/60-ipfire.menu
index e0d1a8c4dc..673f1d845f 100644
--- a/config/menu/60-ipfire.menu
+++ b/config/menu/60-ipfire.menu
@@ -1,20 +1,25 @@
-    $subipfire->{'10.pakfire'} = {'caption' => 'Pakfire',
-				  'uri' => '/cgi-bin/pakfire.cgi',
-				  'title' => "Pakfire",
-				  'enabled' => 1,
-				  };
-    $subipfire->{'20.asterisk'} = {'caption' => 'Asterisk',
-				  'uri' => '/cgi-bin/asterisk.cgi',
-				  'title' => "Asterisk",
-				  'enabled' => 1,
-				  };
-    $subipfire->{'30.samba'} = {'caption' => 'Samba',
-				  'uri' => '/cgi-bin/samba.cgi',
-				  'title' => "Samba",
-				  'enabled' => 1,
-				  };
-    $subipfire->{'99.help'} = {'caption' => $Lang::tr{'help'},
-				  'uri' => '/cgi-bin/help.cgi',
-				  'title' => "$Lang::tr{'help'}",
-				  'enabled' => 1,
-				  };
+    $subipfire->{'10.pakfire'} = {'caption' => 'Pakfire',
+				  'uri' => '/cgi-bin/pakfire.cgi',
+				  'title' => "Pakfire",
+				  'enabled' => 1,
+				  };
+    $subipfire->{'20.asterisk'} = {'caption' => 'Asterisk',
+				  'uri' => '/cgi-bin/asterisk.cgi',
+				  'title' => "Asterisk",
+				  'enabled' => 1,
+				  };
+    $subipfire->{'30.samba'} = {'caption' => 'Samba',
+				  'uri' => '/cgi-bin/samba.cgi',
+				  'title' => "Samba",
+				  'enabled' => 1,
+				  };
+    $subipfire->{'40.tripwire'} = {'caption' => 'Tripwire',
+				  'uri' => '/cgi-bin/tripwire.cgi',
+				  'title' => "Tripwire",
+				  'enabled' => 1,
+				  };
+    $subipfire->{'99.help'} = {'caption' => $Lang::tr{'help'},
+				  'uri' => '/cgi-bin/help.cgi',
+				  'title' => "$Lang::tr{'help'}",
+				  'enabled' => 1,
+				  };
diff --git a/config/samba/default.pdc b/config/samba/default.pdc
index 1d1e893713..905930f0b4 100644
--- a/config/samba/default.pdc
+++ b/config/samba/default.pdc
@@ -1,20 +1,20 @@
-[homes]
-path = /home/%u
-comment = Benutzer-Verzeichnisse
-browseable = yes
-writeable = yes
-valid users = %S
-
-[netlogon]
-path = /var/samba/netlogon
-browseable = no
-writeable = no
-comment = NetLogON
-
-[profiles]
-path = /var/samba/profiles
-browseable = no
-writeable = yes
-comment = Benutzerprofile
-valid users = %S
-
+[homes]
+path = /home/%u
+comment = Benutzer-Verzeichnisse
+browseable = yes
+writeable = yes
+valid users = %S
+
+[netlogon]
+path = /var/ipfire/samba/netlogon
+browseable = no
+writeable = no
+comment = NetLogON
+
+[profiles]
+path = /var/ipfire/samba/profiles
+browseable = no
+writeable = yes
+comment = Benutzerprofile
+valid users = %S
+
diff --git a/config/samba/default.shares b/config/samba/default.shares
index 3c93e895f3..ccd94403f4 100644
--- a/config/samba/default.shares
+++ b/config/samba/default.shares
@@ -1,19 +1,19 @@
-[Temp]
-path = /tmp
-comment = Temp
-browseable = yes
-writeable = yes
-create mask = 0777
-directory mask = 0777
-guest ok = yes
-force user = samba
-
-[P2P]
-path = /var/samba/p2p
-comment = P2P
-browseable = yes
-writeable = yes
-create mask = 0777
-directory mask = 0777
-guest ok = yes
-force user = samba
+[Temp]
+path = /tmp
+comment = Temp
+browseable = yes
+writeable = yes
+create mask = 0777
+directory mask = 0777
+guest ok = yes
+force user = samba
+
+[P2P]
+path = /var/ipfire/samba/p2p
+comment = P2P
+browseable = yes
+writeable = yes
+create mask = 0777
+directory mask = 0777
+guest ok = yes
+force user = samba
diff --git a/config/tripwire/oldbin/siggen b/config/tripwire/oldbin/siggen
new file mode 100755
index 0000000000..d35a3e24ee
Binary files /dev/null and b/config/tripwire/oldbin/siggen differ
diff --git a/config/tripwire/oldbin/tripwire b/config/tripwire/oldbin/tripwire
new file mode 100755
index 0000000000..87c5dbeb0a
Binary files /dev/null and b/config/tripwire/oldbin/tripwire differ
diff --git a/config/tripwire/oldbin/twadmin b/config/tripwire/oldbin/twadmin
new file mode 100755
index 0000000000..1c3c27fd54
Binary files /dev/null and b/config/tripwire/oldbin/twadmin differ
diff --git a/config/tripwire/oldbin/twprint b/config/tripwire/oldbin/twprint
new file mode 100755
index 0000000000..11df259c08
Binary files /dev/null and b/config/tripwire/oldbin/twprint differ
diff --git a/config/tripwire/settings b/config/tripwire/settings
new file mode 100755
index 0000000000..e69de29bb2
diff --git a/config/tripwire/twcfg.txt b/config/tripwire/twcfg.txt
new file mode 100644
index 0000000000..9b02c84748
--- /dev/null
+++ b/config/tripwire/twcfg.txt
@@ -0,0 +1,18 @@
+ROOT                   =/usr/sbin
+POLFILE                =/var/ipfire/tripwire/tw.pol
+DBFILE                 =/var/ipfire/tripwire/$(HOSTNAME).twd
+REPORTFILE             =/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr
+SITEKEYFILE            =/var/ipfire/tripwire/site.key
+LOCALKEYFILE           =/var/ipfire/tripwire/$(HOSTNAME)-local.key
+EDITOR                 =/usr/bin/vi
+LATEPROMPTING          =false
+LOOSEDIRECTORYCHECKING =false
+MAILNOVIOLATIONS       =false
+EMAILREPORTLEVEL       =3
+REPORTLEVEL            =3
+#MAILMETHOD             =SENDMAIL
+#MAILMETHOD             =SMTP
+#SMTPHOST               =phoenix.e-vector.com
+#SMTPPORT	       =25
+SYSLOGREPORTING        =false
+#MAILPROGRAM            =/usr/sbin/sendmail -oi -t
diff --git a/config/tripwire/twpol.txt b/config/tripwire/twpol.txt
new file mode 100644
index 0000000000..deaa6633ce
--- /dev/null
+++ b/config/tripwire/twpol.txt
@@ -0,0 +1,1039 @@
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+#                    Policy file for Red Hat Linux                           # #
+#                               V1.2.0rh                                     # #
+#                            August 9, 2001                                  # #
+#                                                                            ##
+##############################################################################
+
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# This is the example Tripwire Policy file.  It is intended as a place to    # #
+# start creating your own custom Tripwire Policy file.  Referring to it as   # #
+# well as the Tripwire Policy Guide should give you enough information to    # #
+# make a good custom Tripwire Policy file that better covers your            # #
+# configuration and security needs.  A text version of this policy file is   # #
+# called twpol.txt.                                                          # #
+#                                                                            # #
+# Note that this file is tuned to an 'everything' install of Red Hat Linux.  # #
+# If run unmodified, this file should create no errors on database           # #
+# creation, or violations on a subsiquent integrity check.  However, it is   # #
+# impossible for there to be one policy file for all machines, so this       # #
+# existing one errs on the side of security.  Your Linux configuration will  # #
+# most likey differ from the one our policy file was tuned to, and will      # #
+# therefore require some editing of the default Tripwire Policy file.        # #
+#                                                                            # #
+# The example policy file is best run with 'Loose Directory Checking'        # #
+# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration     # #
+# file.                                                                      # #
+#                                                                            # #
+# Email support is not included and must be added to this file.              # #
+# Add the 'emailto=' to the rule directive section of each rule (add a comma # #
+# after the 'severity=' line and add an 'emailto=' and include the email     # #
+# addresses you want the violation reports to go to).  Addresses are         # #
+# semi-colon delimited.                                                      # #
+#                                                                            ##
+##############################################################################
+
+
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# Global Variable Definitions                                                # #
+#                                                                            # #
+# These are defined at install time by the installation script.  You may     # #
+# Manually edit these if you are using this file directly and not from the   # #
+# installation script itself.                                                # #
+#                                                                            ##
+##############################################################################
+
+@@section GLOBAL
+TWROOT=/usr/sbin;
+TWBIN=/usr/sbin;
+TWPOL="/var/ipfire/tripwire";
+TWDB="/var/ipfire/tripwire";
+TWSKEY="/var/ipfire/tripwire";
+TWLKEY="/var/ipfire/tripwire";
+TWREPORT="/var/ipfire/tripwire/report";
+HOSTNAME=ipfire-test.homeip.net;
+
+@@section FS
+SEC_CRIT      = $(IgnoreNone)-SHa ;  # Critical files that cannot change
+SEC_SUID      = $(IgnoreNone)-SHa ;  # Binaries with the SUID or SGID flags set
+SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
+SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed infrequently but accessed often
+SEC_LOG       = $(Growing) ;         # Files that grow, but that should never change ownership
+SEC_INVARIANT = +tpug ;              # Directories that should never change permission or ownership
+SIG_LOW       = 33 ;                 # Non-critical files that are of minimal security impact
+SIG_MED       = 66 ;                 # Non-critical files that are of significant security impact
+SIG_HI        = 100 ;                # Critical files that are significant points of vulnerability
+
+
+# Tripwire Binaries
+(
+  rulename = "Tripwire Binaries",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  $(TWBIN)/siggen                      -> $(SEC_BIN) ;
+  $(TWBIN)/tripwire                    -> $(SEC_BIN) ;
+  $(TWBIN)/twadmin                     -> $(SEC_BIN) ;
+  $(TWBIN)/twprint                     -> $(SEC_BIN) ;
+}
+
+# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
+(
+  rulename = "Tripwire Data Files",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
+  # it does so by renaming the old file and creating a new one (which will
+  # have a new inode number).  Inode is left turned on for keys, which shouldn't
+  # ever change.
+
+  # NOTE: The first integrity check triggers this rule and each integrity check
+  # afterward triggers this rule until a database update is run, since the
+  # database file does not exist before that point.
+
+  $(TWDB)                              -> $(SEC_CONFIG) -i ;
+  $(TWPOL)/tw.pol                      -> $(SEC_BIN) -i ;
+  $(TWPOL)/tw.cfg                      -> $(SEC_BIN) -i ;
+  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(SEC_BIN) ;
+  $(TWSKEY)/site.key                   -> $(SEC_BIN) ;
+
+  #don't scan the individual reports
+  $(TWREPORT)                          -> $(SEC_CONFIG) (recurse=0) ;
+}
+
+
+# Tripwire HQ Connector Binaries
+#(
+#  rulename = "Tripwire HQ Connector Binaries",
+#  emailto = <email addr>,
+#  severity = $(SIG_HI)
+#)
+#{
+#  $(TWBIN)/hqagent                     -> $(SEC_BIN) ;
+#}
+#
+# Tripwire HQ Connector - Configuration Files, Keys, and Logs
+
+  ##############################################################################
+ #                                                                            ##
+############################################################################## #
+#                                                                            # #
+# Note: File locations here are different than in a stock HQ Connector       # #
+# installation.  This is because Tripwire 2.3 uses a different path          # #
+# structure than Tripwire 2.2.1.                                             # #
+#                                                                            # #
+# You may need to update your HQ Agent configuation file (or this policy     # #
+# file) to correct the paths.  We have attempted to support the FHS standard # #
+# here by placing the HQ Agent files similarly to the way Tripwire 2.3       # #
+# places them.                                                               # #
+#                                                                            ##
+##############################################################################
+
+#(
+#  rulename = "Tripwire HQ Connector Data Files",
+#  emailto = <email addr>,
+#  severity = $(SIG_HI)
+#)
+#{
+#   #############################################################################
+#  ##############################################################################
+#  # NOTE: Removing the inode attribute because when Tripwire creates a backup ##
+#  # it does so by renaming the old file and creating a new one (which will    ##
+#  # have a new inode number).  Leaving inode turned on for keys, which        ##
+#  # shouldn't ever change.                                                    ##
+#  #############################################################################
+#
+#  $(TWBIN)/agent.cfg                   -> $(SEC_BIN) -i ;
+#  $(TWLKEY)/authentication.key         -> $(SEC_BIN) ;
+#  $(TWDB)/tasks.dat                    -> $(SEC_CONFIG) ;
+#  $(TWDB)/schedule.dat                 -> $(SEC_CONFIG) ;
+#
+#  # Uncomment if you have agent logging enabled.
+#  #/var/log/tripwire/agent.log      -> $(SEC_LOG) ;
+#}
+
+
+
+# Commonly accessed directories that should remain static with regards to owner and group
+(
+  rulename = "Invariant Directories",
+# emailto = <email addr>,
+  severity = $(SIG_MED)
+)
+{
+  /                                    -> $(SEC_INVARIANT) (recurse = 0) ;
+  /home                                -> $(SEC_INVARIANT) (recurse = 0) ;
+  /etc                                 -> $(SEC_INVARIANT) (recurse = 0) ;
+}
+  ################################################
+ #                                              ##
+################################################ #
+#                                              # #
+# File System and Disk Administration Programs # #
+#                                              ##
+################################################
+
+(
+  rulename = "File System and Disk Administraton Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/accton                         -> $(SEC_CRIT) ;
+  /sbin/badblocks                      -> $(SEC_CRIT) ;
+#  /sbin/busybox                        -> $(SEC_CRIT) ;
+#  /sbin/busybox.anaconda               -> $(SEC_CRIT) ;
+#  /sbin/convertquota                   -> $(SEC_CRIT) ;
+#  /sbin/dosfsck                        -> $(SEC_CRIT) ;
+  /sbin/debugfs                        -> $(SEC_CRIT) ;
+#  /sbin/debugreiserfs                  -> $(SEC_CRIT) ;
+  /sbin/dumpe2fs                       -> $(SEC_CRIT) ;
+#  /sbin/dump                           -> $(SEC_CRIT) ;
+#  /sbin/dump.static                    -> $(SEC_CRIT) ;
+  # /sbin/e2fsadm                        -> $(SEC_CRIT) ; tune2fs?
+  /sbin/e2fsck                         -> $(SEC_CRIT) ;
+  /sbin/e2label                        -> $(SEC_CRIT) ;
+  /sbin/fdisk                          -> $(SEC_CRIT) ;
+  /sbin/fsck                           -> $(SEC_CRIT) ;
+  /sbin/fsck.ext2                      -> $(SEC_CRIT) ;
+  /sbin/fsck.ext3                      -> $(SEC_CRIT) ;
+#  /sbin/fsck.minix                     -> $(SEC_CRIT) ;
+#  /sbin/fsck.msdos                     -> $(SEC_CRIT) ;
+#  /sbin/fsck.vfat                      -> $(SEC_CRIT) ;
+#  /sbin/ftl_check                      -> $(SEC_CRIT) ;
+#  /sbin/ftl_format                     -> $(SEC_CRIT) ;
+  /sbin/hdparm                         -> $(SEC_CRIT) ;
+  #/sbin/lvchange                       -> $(SEC_CRIT) ;
+  #/sbin/lvcreate                       -> $(SEC_CRIT) ;
+  #/sbin/lvdisplay                      -> $(SEC_CRIT) ;
+  #/sbin/lvextend                       -> $(SEC_CRIT) ;
+  #/sbin/lvmchange                      -> $(SEC_CRIT) ;
+  #/sbin/lvmcreate_initrd               -> $(SEC_CRIT) ;
+  #/sbin/lvmdiskscan                    -> $(SEC_CRIT) ;
+  #/sbin/lvmsadc                        -> $(SEC_CRIT) ;
+  #/sbin/lvmsar                         -> $(SEC_CRIT) ;
+  #/sbin/lvreduce                       -> $(SEC_CRIT) ;
+  #/sbin/lvremove                       -> $(SEC_CRIT) ;
+  #/sbin/lvrename                       -> $(SEC_CRIT) ;
+  #/sbin/lvscan                         -> $(SEC_CRIT) ;
+#  /sbin/mkbootdisk                     -> $(SEC_CRIT) ;
+#  /sbin/mkdosfs                        -> $(SEC_CRIT) ;
+  /sbin/mke2fs                         -> $(SEC_CRIT) ;
+  /sbin/mkfs                           -> $(SEC_CRIT) ;
+#  /sbin/mkfs.bfs                       -> $(SEC_CRIT) ;
+  /sbin/mkfs.ext2                      -> $(SEC_CRIT) ;
+#  /sbin/mkfs.minix                     -> $(SEC_CRIT) ;
+#  /sbin/mkfs.msdos                     -> $(SEC_CRIT) ;
+#  /sbin/mkfs.vfat                      -> $(SEC_CRIT) ;
+  /sbin/mkinitrd                       -> $(SEC_CRIT) ;
+  #/sbin/mkpv                         -> $(SEC_CRIT) ;
+#  /sbin/mkraid                         -> $(SEC_CRIT) ;
+#  /sbin/mkreiserfs                     -> $(SEC_CRIT) ;
+  /sbin/mkswap                         -> $(SEC_CRIT) ;
+  #/sbin/mtx                            -> $(SEC_CRIT) ;
+#  /sbin/pam_console_apply              -> $(SEC_CRIT) ;
+#  /sbin/parted                         -> $(SEC_CRIT) ;
+#  /sbin/pcinitrd                       -> $(SEC_CRIT) ;
+  #/sbin/pvchange                       -> $(SEC_CRIT) ;
+  #/sbin/pvcreate                       -> $(SEC_CRIT) ;
+  #/sbin/pvdata                         -> $(SEC_CRIT) ;
+  #/sbin/pvdisplay                      -> $(SEC_CRIT) ;
+  #/sbin/pvmove                         -> $(SEC_CRIT) ;
+  #/sbin/pvscan                         -> $(SEC_CRIT) ;
+#  /sbin/quotacheck                     -> $(SEC_CRIT) ;
+#  /sbin/quotaon                        -> $(SEC_CRIT) ;
+#  /sbin/raidstart                      -> $(SEC_CRIT) ;
+#  /sbin/reiserfsck                     -> $(SEC_CRIT) ;
+#  /sbin/resize2fs                      -> $(SEC_CRIT) ;
+#  /sbin/resize_reiserfs                -> $(SEC_CRIT) ;
+#  /sbin/restore                        -> $(SEC_CRIT) ;
+#  /sbin/restore.static                 -> $(SEC_CRIT) ;
+#  /sbin/scsi_info                      -> $(SEC_CRIT) ;
+  /sbin/sfdisk                         -> $(SEC_CRIT) ;
+#  /sbin/stinit                         -> $(SEC_CRIT) ;
+  #/sbin/tapeinfo                       -> $(SEC_CRIT) ;
+  /sbin/tune2fs                        -> $(SEC_CRIT) ;
+#  /sbin/unpack                         -> $(SEC_CRIT) ;
+#  /sbin/update                         -> $(SEC_CRIT) ;
+  #/sbin/vgcfgbackup                    -> $(SEC_CRIT) ;
+  #/sbin/vgcfgrestore                   -> $(SEC_CRIT) ;
+  #/sbin/vgchange                       -> $(SEC_CRIT) ;
+  #/sbin/vgck                           -> $(SEC_CRIT) ;
+  #/sbin/vgcreate                       -> $(SEC_CRIT) ;
+  #/sbin/vgdisplay                      -> $(SEC_CRIT) ;
+  #/sbin/vgexport                       -> $(SEC_CRIT) ;
+  #/sbin/vgextend                       -> $(SEC_CRIT) ;
+  #/sbin/vgimport                       -> $(SEC_CRIT) ;
+  #/sbin/vgmerge                        -> $(SEC_CRIT) ;
+  #/sbin/vgmknodes                      -> $(SEC_CRIT) ;
+  #/sbin/vgreduce                       -> $(SEC_CRIT) ;
+  #/sbin/vgremove                       -> $(SEC_CRIT) ;
+  #/sbin/vgrename                       -> $(SEC_CRIT) ;
+  #/sbin/vgscan                         -> $(SEC_CRIT) ;
+  #/sbin/vgsplit                        -> $(SEC_CRIT) ;
+  /bin/chgrp                           -> $(SEC_CRIT) ;
+  /bin/chmod                           -> $(SEC_CRIT) ;
+  /bin/chown                           -> $(SEC_CRIT) ;
+  /bin/cp                              -> $(SEC_CRIT) ;
+#  /bin/cpio                            -> $(SEC_CRIT) ;
+  /bin/mount                           -> $(SEC_CRIT) ;
+  /bin/umount                          -> $(SEC_CRIT) ;
+  /bin/mkdir                           -> $(SEC_CRIT) ;
+  /bin/mknod                           -> $(SEC_CRIT) ;
+#  /bin/mktemp                          -> $(SEC_CRIT) ;
+  /bin/rm                              -> $(SEC_CRIT) ;
+  /bin/rmdir                           -> $(SEC_CRIT) ;
+#  /bin/touch                           -> $(SEC_CRIT) ;
+}
+
+  ##################################
+ #                                ##
+################################## #
+#                                # #
+# Kernel Administration Programs # #
+#                                ##
+##################################
+
+(
+  rulename = "Kernel Administration Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/adjtimex                       -> $(SEC_CRIT) ;
+  /sbin/ctrlaltdel                     -> $(SEC_CRIT) ;
+  /sbin/depmod                         -> $(SEC_CRIT) ;
+#  /sbin/insmod                         -> $(SEC_CRIT) ;
+  /sbin/insmod.static                  -> $(SEC_CRIT) ;
+#  /sbin/insmod_ksymoops_clean          -> $(SEC_CRIT) ;
+#  /sbin/klogd                          -> $(SEC_CRIT) ;
+  /sbin/ldconfig                       -> $(SEC_CRIT) ;
+#  /sbin/minilogd                       -> $(SEC_CRIT) ;
+  /sbin/modinfo                        -> $(SEC_CRIT) ;
+  #/sbin/nuactlun                       -> $(SEC_CRIT) ;
+  #/sbin/nuscsitcpd                     -> $(SEC_CRIT) ;
+  /sbin/pivot_root                     -> $(SEC_CRIT) ;
+#  /sbin/sndconfig                      -> $(SEC_CRIT) ;
+  /sbin/sysctl                         -> $(SEC_CRIT) ;
+}
+
+  #######################
+ #                     ##
+####################### #
+#                     # #
+# Networking Programs # #
+#                     ##
+#######################
+
+(
+  rulename = "Networking Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /etc/sysconfig/network-scripts/ifdown                  -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-cipcb            -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-ippp             -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-ipv6             -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-isdn             -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-post             -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-ppp              -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-sit              -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifdown-sl               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup                    -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-aliases            -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-cipcb              -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-ippp               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-ipv6               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-isdn               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-plip               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-plusb              -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-post               -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-ppp                -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-routes             -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-sit                -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-sl                 -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/ifup-wireless           -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/network-functions       -> $(SEC_CRIT) ;
+#  /etc/sysconfig/network-scripts/network-functions-ipv6  -> $(SEC_CRIT) ;
+  /bin/ping                            -> $(SEC_CRIT) ;
+  /sbin/agetty                         -> $(SEC_CRIT) ;
+  /sbin/arp                            -> $(SEC_CRIT) ;
+#  /sbin/arping                         -> $(SEC_CRIT) ;
+  /sbin/dhcpcd                         -> $(SEC_CRIT) ;
+#  /sbin/ether-wake                     -> $(SEC_CRIT) ;
+  #/sbin/getty                          -> $(SEC_CRIT) ;
+#  /sbin/ifcfg                          -> $(SEC_CRIT) ;
+  /sbin/ifconfig                       -> $(SEC_CRIT) ;
+#  /sbin/ifdown                         -> $(SEC_CRIT) ;
+#  /sbin/ifenslave                      -> $(SEC_CRIT) ;
+#  /sbin/ifport                         -> $(SEC_CRIT) ;
+#  /sbin/ifup                           -> $(SEC_CRIT) ;
+#  /sbin/ifuser                         -> $(SEC_CRIT) ;
+  /sbin/ip                             -> $(SEC_CRIT) ;
+#  /sbin/ip6tables                      -> $(SEC_CRIT) ;
+#  /sbin/ipchains                       -> $(SEC_CRIT) ;
+#  /sbin/ipchains-restore               -> $(SEC_CRIT) ;
+#  /sbin/ipchains-save                  -> $(SEC_CRIT) ;
+#  /sbin/ipfwadm                        -> $(SEC_CRIT) ;
+  /sbin/ipmaddr                        -> $(SEC_CRIT) ;
+  /sbin/iptables                       -> $(SEC_CRIT) ;
+#  /sbin/iptables-restore               -> $(SEC_CRIT) ;
+#  /sbin/iptables-save                  -> $(SEC_CRIT) ;
+#  /sbin/iptunnel                       -> $(SEC_CRIT) ;
+#  /sbin/ipvsadm                        -> $(SEC_CRIT) ;
+#  /sbin/ipvsadm-restore                -> $(SEC_CRIT) ;
+#  /sbin/ipvsadm-save                   -> $(SEC_CRIT) ;
+#  /sbin/ipx_configure                  -> $(SEC_CRIT) ;
+#  /sbin/ipx_interface                  -> $(SEC_CRIT) ;
+#  /sbin/ipx_internal_net               -> $(SEC_CRIT) ;
+#  /sbin/iwconfig                       -> $(SEC_CRIT) ;
+#  /sbin/iwgetid                        -> $(SEC_CRIT) ;
+#  /sbin/iwlist                         -> $(SEC_CRIT) ;
+#  /sbin/iwpriv                         -> $(SEC_CRIT) ;
+#  /sbin/iwspy                          -> $(SEC_CRIT) ;
+#  /sbin/mgetty                         -> $(SEC_CRIT) ;
+#  /sbin/mingetty                       -> $(SEC_CRIT) ;
+  /sbin/nameif                         -> $(SEC_CRIT) ;
+#  /sbin/netreport                      -> $(SEC_CRIT) ;
+  /sbin/plipconfig                     -> $(SEC_CRIT) ;
+#  /sbin/portmap                        -> $(SEC_CRIT) ;
+#  /sbin/ppp-watch                      -> $(SEC_CRIT) ;
+  #/sbin/rarp                           -> $(SEC_CRIT) ;
+  /sbin/route                          -> $(SEC_CRIT) ;
+  /sbin/slattach                       -> $(SEC_CRIT) ;
+  /sbin/tc                             -> $(SEC_CRIT) ;
+  #/sbin/uugetty                        -> $(SEC_CRIT) ;
+#  /sbin/vgetty                         -> $(SEC_CRIT) ;
+#  /sbin/ypbind                         -> $(SEC_CRIT) ;
+}
+
+  ##################################
+ #                                ##
+################################## #
+#                                # #
+# System Administration Programs # #
+#                                ##
+##################################
+
+(
+  rulename = "System Administration Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/chkconfig                      -> $(SEC_CRIT) ;
+#  /sbin/fuser                          -> $(SEC_CRIT) ;
+  /sbin/halt                           -> $(SEC_CRIT) ;
+  /sbin/init                           -> $(SEC_CRIT) ;
+#  /sbin/initlog                        -> $(SEC_CRIT) ;
+#  /sbin/install-info                   -> $(SEC_CRIT) ;
+  /sbin/killall5                       -> $(SEC_CRIT) ;
+  #/sbin/linuxconf                      -> $(SEC_CRIT) ;
+  #/sbin/linuxconf-auth                 -> $(SEC_CRIT) ;
+  /sbin/pam_tally                      -> $(SEC_CRIT) ;
+#  /sbin/pwdb_chkpwd                    -> $(SEC_CRIT) ;
+  #/sbin/remadmin                       -> $(SEC_CRIT) ;
+#  /sbin/rescuept                       -> $(SEC_CRIT) ;
+#  /sbin/rmt                            -> $(SEC_CRIT) ;
+#  /sbin/rpc.lockd                      -> $(SEC_CRIT) ;
+#  /sbin/rpc.statd                      -> $(SEC_CRIT) ;
+#  /sbin/rpcdebug                       -> $(SEC_CRIT) ;
+#  /sbin/service                        -> $(SEC_CRIT) ;
+#  /sbin/setsysfont                     -> $(SEC_CRIT) ;
+  /sbin/shutdown                       -> $(SEC_CRIT) ;
+  /sbin/sulogin                        -> $(SEC_CRIT) ;
+  /sbin/swapon                         -> $(SEC_CRIT) ;
+#  /sbin/syslogd                        -> $(SEC_CRIT) ;
+#  /sbin/unix_chkpwd                    -> $(SEC_CRIT) ;
+  /bin/pwd                             -> $(SEC_CRIT) ;
+  /bin/uname                           -> $(SEC_CRIT) ;
+}
+
+  ########################################
+ #                                      ##
+######################################## #
+#                                      # #
+# Hardware and Device Control Programs # #
+#                                      ##
+########################################
+(
+  rulename = "Hardware and Device Control Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  /bin/setserial                       -> $(SEC_CRIT) ;
+#  /bin/sfxload                         -> $(SEC_CRIT) ;
+  /sbin/blockdev                       -> $(SEC_CRIT) ;
+#  /sbin/cardctl                        -> $(SEC_CRIT) ;
+#  /sbin/cardmgr                        -> $(SEC_CRIT) ;
+#  /sbin/cbq                            -> $(SEC_CRIT) ;
+#  /sbin/dump_cis                       -> $(SEC_CRIT) ;
+  /sbin/elvtune                        -> $(SEC_CRIT) ;
+#  /sbin/hotplug                        -> $(SEC_CRIT) ;
+  /sbin/hwclock                        -> $(SEC_CRIT) ;
+#  /sbin/ide_info                       -> $(SEC_CRIT) ;
+  #/sbin/isapnp                         -> $(SEC_CRIT) ;
+  #/sbin/kbdrate                        -> $(SEC_CRIT) ;
+  /sbin/losetup                        -> $(SEC_CRIT) ;
+#  /sbin/lspci                          -> $(SEC_CRIT) ;
+#  /sbin/lspnp                          -> $(SEC_CRIT) ;
+  /sbin/mii-tool                       -> $(SEC_CRIT) ;
+#  /sbin/pack_cis                       -> $(SEC_CRIT) ;
+  #/sbin/pnpdump                        -> $(SEC_CRIT) ;
+#  /sbin/probe                          -> $(SEC_CRIT) ;
+  #/sbin/pump                           -> $(SEC_CRIT) ;
+#  /sbin/setpci                         -> $(SEC_CRIT) ;
+#  /sbin/shapecfg                       -> $(SEC_CRIT) ;
+}
+
+  ###############################
+ #                             ##
+############################### #
+#                             # #
+# System Information Programs # #
+#                             ##
+###############################
+(
+  rulename = "System Information Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/consoletype                    -> $(SEC_CRIT) ;
+#  /sbin/kernelversion                  -> $(SEC_CRIT) ;
+  /sbin/runlevel                       -> $(SEC_CRIT) ;
+}
+
+  ####################################
+ #                                  ##
+#################################### #
+#                                  # #
+# Application Information Programs # #
+#                                  ##
+####################################
+
+(
+  rulename = "Application Information Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/genksyms                       -> $(SEC_CRIT) ;
+  #/sbin/genksyms.old                   -> $(SEC_CRIT) ;
+  /sbin/rtmon                          -> $(SEC_CRIT) ;
+}
+
+  ##########################
+ #                        ##
+########################## #
+#                        # #
+# Shell Related Programs # #
+#                        ##
+##########################
+(
+  rulename = "Shell Related Programs",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+#  /sbin/getkey                         -> $(SEC_CRIT) ;
+  /sbin/nash                           -> $(SEC_CRIT) ;
+#  /sbin/sash                           -> $(SEC_CRIT) ;
+}
+
+
+  ################
+ #              ##
+################ #
+#              # #
+# OS Utilities # #
+#              ##
+################
+(
+  rulename = "Operating System Utilities",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  /bin/arch                            -> $(SEC_CRIT) ;
+#  /bin/ash                             -> $(SEC_CRIT) ;
+#  /bin/ash.static                      -> $(SEC_CRIT) ;
+#  /bin/aumix-minimal                   -> $(SEC_CRIT) ;
+#  /bin/basename                        -> $(SEC_CRIT) ;
+  /bin/cat                             -> $(SEC_CRIT) ;
+  #/bin/consolechars                    -> $(SEC_CRIT) ;
+#  /bin/cut                             -> $(SEC_CRIT) ;
+  /bin/date                            -> $(SEC_CRIT) ;
+  /bin/dd                              -> $(SEC_CRIT) ;
+  /bin/df                              -> $(SEC_CRIT) ;
+  /bin/dmesg                           -> $(SEC_CRIT) ;
+#  /bin/doexec                          -> $(SEC_CRIT) ;
+  /bin/echo                            -> $(SEC_CRIT) ;
+#  /bin/ed                              -> $(SEC_CRIT) ;
+  /bin/egrep                           -> $(SEC_CRIT) ;
+  /bin/false                           -> $(SEC_CRIT) ;
+  /bin/fgrep                           -> $(SEC_CRIT) ;
+#  /bin/gawk                            -> $(SEC_CRIT) ;
+#  /bin/gawk-3.1.0                      -> $(SEC_CRIT) ;
+#  /bin/gettext                         -> $(SEC_CRIT) ;
+  /bin/grep                            -> $(SEC_CRIT) ;
+  /bin/gunzip                          -> $(SEC_CRIT) ;
+  /bin/gzip                            -> $(SEC_CRIT) ;
+  /bin/hostname                        -> $(SEC_CRIT) ;
+#  /bin/igawk                           -> $(SEC_CRIT) ;
+#  /bin/ipcalc                          -> $(SEC_CRIT) ;
+  /bin/kill                            -> $(SEC_CRIT) ;
+  /bin/ln                              -> $(SEC_CRIT) ;
+  /bin/loadkeys                        -> $(SEC_CRIT) ;
+  /bin/login                           -> $(SEC_CRIT) ;
+  /bin/ls                              -> $(SEC_CRIT) ;
+  /bin/mail                            -> $(SEC_CRIT) ;
+  /bin/more                            -> $(SEC_CRIT) ;
+#  /bin/mt                              -> $(SEC_CRIT) ;
+  /bin/mv                              -> $(SEC_CRIT) ;
+  /bin/netstat                         -> $(SEC_CRIT) ;
+  /bin/nice                            -> $(SEC_CRIT) ;
+#  /bin/pgawk                           -> $(SEC_CRIT) ;
+  /bin/ps                              -> $(SEC_CRIT) ;
+#  /bin/rpm                             -> $(SEC_CRIT) ;
+  /bin/sed                             -> $(SEC_CRIT) ;
+  /bin/sleep                           -> $(SEC_CRIT) ;
+#  /bin/sort                            -> $(SEC_CRIT) ;
+  /bin/stty                            -> $(SEC_CRIT) ;
+  /bin/su                              -> $(SEC_CRIT) ;
+  /bin/sync                            -> $(SEC_CRIT) ;
+  /bin/tar                             -> $(SEC_CRIT) ;
+  /bin/true                            -> $(SEC_CRIT) ;
+#  /bin/usleep                          -> $(SEC_CRIT) ;
+#  /bin/vi                              -> $(SEC_CRIT) ;
+  /bin/zcat                            -> $(SEC_CRIT) ;
+#  /bin/zsh                             -> $(SEC_CRIT) ;
+#  /bin/zsh-4.0.2                       -> $(SEC_CRIT) ;
+#  /sbin/sln                            -> $(SEC_CRIT) ;
+#  /usr/bin/vimtutor                    -> $(SEC_CRIT) ;
+}
+
+  ##############################
+ #                            ##
+############################## #
+#                            # #
+# Critical Utility Sym-Links # #
+#                            ##
+##############################
+(
+  rulename = "Critical Utility Sym-Links",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  #/sbin/askrunlevel                    -> $(SEC_CRIT) ;
+#  /sbin/clock                          -> $(SEC_CRIT) ;
+  #/sbin/fixperm                        -> $(SEC_CRIT) ;
+#  /sbin/fsck.reiserfs                  -> $(SEC_CRIT) ;
+  #/sbin/fsconf                         -> $(SEC_CRIT) ;
+#  /sbin/ipfwadm-wrapper                -> $(SEC_CRIT) ;
+#  /sbin/kallsyms                       -> $(SEC_CRIT) ;
+#  /sbin/ksyms                          -> $(SEC_CRIT) ;
+#  /sbin/lsmod                          -> $(SEC_CRIT) ;
+  #/sbin/mailconf                       -> $(SEC_CRIT) ;
+#  /sbin/mkfs.reiserfs                  -> $(SEC_CRIT) ;
+  #/sbin/modemconf                      -> $(SEC_CRIT) ;
+  /sbin/modprobe                       -> $(SEC_CRIT) ;
+#  /sbin/mount.ncp                      -> $(SEC_CRIT) ;
+#  /sbin/mount.ncpfs                    -> $(SEC_CRIT) ;
+#  /sbin/mount.smb                      -> $(SEC_CRIT) ;
+#  /sbin/mount.smbfs                    -> $(SEC_CRIT) ;
+  #/sbin/netconf                        -> $(SEC_CRIT) ;
+#  /sbin/pidof                          -> $(SEC_CRIT) ;
+  /sbin/poweroff                       -> $(SEC_CRIT) ;
+#  /sbin/quotaoff                       -> $(SEC_CRIT) ;
+#  /sbin/raid0run                       -> $(SEC_CRIT) ;
+#  /sbin/raidhotadd                     -> $(SEC_CRIT) ;
+#  /sbin/raidhotgenerateerror           -> $(SEC_CRIT) ;
+#  /sbin/raidhotremove                  -> $(SEC_CRIT) ;
+#  /sbin/raidstop                       -> $(SEC_CRIT) ;
+#  /sbin/rdump                          -> $(SEC_CRIT) ;
+#  /sbin/rdump.static                   -> $(SEC_CRIT) ;
+  /sbin/reboot                         -> $(SEC_CRIT) ;
+  /sbin/rmmod                          -> $(SEC_CRIT) ;
+#  /sbin/rrestore                       -> $(SEC_CRIT) ;
+#  /sbin/rrestore.static                -> $(SEC_CRIT) ;
+  /sbin/swapoff                        -> $(SEC_CRIT) ;
+  /sbin/telinit                        -> $(SEC_CRIT) ;
+  #/sbin/userconf                       -> $(SEC_CRIT) ;
+  #/sbin/uucpconf                       -> $(SEC_CRIT) ;
+  #/sbin/vregistry                      -> $(SEC_CRIT) ;
+#  /bin/awk                             -> $(SEC_CRIT) ;
+#  /bin/bash2                           -> $(SEC_CRIT) ;
+#  /bin/bsh                             -> $(SEC_CRIT) ;
+#  /bin/csh                             -> $(SEC_CRIT) ;
+  /bin/dnsdomainname                   -> $(SEC_CRIT) ;
+  /bin/domainname                      -> $(SEC_CRIT) ;
+#  /bin/ex                              -> $(SEC_CRIT) ;
+#  /bin/gtar                            -> $(SEC_CRIT) ;
+  /bin/nisdomainname                   -> $(SEC_CRIT) ;
+#  /bin/red                             -> $(SEC_CRIT) ;
+#  /bin/rvi                             -> $(SEC_CRIT) ;
+#  /bin/rview                           -> $(SEC_CRIT) ;
+#  /bin/view                            -> $(SEC_CRIT) ;
+#  /bin/ypdomainname                    -> $(SEC_CRIT) ;
+}
+
+
+  #########################
+ #                       ##
+######################### #
+#                       # #
+# Temporary directories # #
+#                       ##
+#########################
+(
+  rulename = "Temporary directories",
+# emailto = <email addr>,
+  recurse = false,
+  severity = $(SIG_LOW)
+)
+{
+  /var/tmp                             -> $(SEC_INVARIANT) ;
+  /tmp                                 -> $(SEC_INVARIANT) ;
+}
+
+  ###############
+ #             ##
+############### #
+#             # #
+# Local files # #
+#             ##
+###############
+(
+  rulename = "User binaries",
+# emailto = <email addr>,
+  severity = $(SIG_MED)
+)
+{
+  /sbin                                -> $(SEC_BIN) (recurse = 1) ;
+  /usr/bin                             -> $(SEC_BIN) (recurse = 1) ;
+  /usr/sbin                            -> $(SEC_BIN) (recurse = 1) ;
+  /usr/local/bin                       -> $(SEC_BIN) (recurse = 1) ;
+}
+
+(
+  rulename = "Shell Binaries",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  /bin/bash                            -> $(SEC_BIN) ;
+  /bin/sh                              -> $(SEC_BIN) ;
+#  /sbin/nologin                        -> $(SEC_BIN) ;
+}
+
+(
+  rulename = "Security Control",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  /etc/group                           -> $(SEC_CRIT) ;
+  /etc/security                        -> $(SEC_CRIT) ;
+  #/var/spool/cron/crontabs             -> $(SEC_CRIT) ; # Uncomment when this file exists
+}
+
+#(
+#  rulename = "Boot Scripts",
+# emailto = <email addr>,
+#  severity = $(SIG_HI)
+#)
+#{
+#  /etc/rc                              -> $(SEC_CONFIG) ;
+#  /etc/rc.bsdnet                       -> $(SEC_CONFIG) ;
+#  /etc/rc.dt                           -> $(SEC_CONFIG) ;
+#  /etc/rc.net                          -> $(SEC_CONFIG) ;
+#  /etc/rc.net.serial                   -> $(SEC_CONFIG) ;
+#  /etc/rc.nfs                          -> $(SEC_CONFIG) ;
+#  /etc/rc.powerfail                    -> $(SEC_CONFIG) ;
+#  /etc/rc.tcpip                        -> $(SEC_CONFIG) ;
+#  /etc/trcfmt.Z                        -> $(SEC_CONFIG) ;
+#}
+
+(
+  rulename = "Login Scripts",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+  /etc/bashrc                          -> $(SEC_CONFIG) ;
+#  /etc/csh.cshrc                       -> $(SEC_CONFIG) ;
+#  /etc/csh.login                       -> $(SEC_CONFIG) ;
+  /etc/inputrc                         -> $(SEC_CONFIG) ;
+  # /etc/tsh_profile                     -> $(SEC_CONFIG) ; #Uncomment when this file exists
+  /etc/profile                         -> $(SEC_CONFIG) ;
+}
+
+# Libraries
+(
+  rulename = "Libraries",
+# emailto = <email addr>,
+  severity = $(SIG_MED)
+)
+{
+  /usr/lib                             -> $(SEC_BIN) ;
+  /usr/local/lib                       -> $(SEC_BIN) ;
+}
+
+
+  ######################################################
+ #                                                    ##
+###################################################### #
+#                                                    # #
+# Critical System Boot Files                         # #
+# These files are critical to a correct system boot. # #
+#                                                    ##
+######################################################
+
+(
+  rulename = "Critical system boot files",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+     /boot                             -> $(SEC_CRIT) ;
+     #/sbin/devfsd                      -> $(SEC_CRIT) ;
+#     /sbin/grub                        -> $(SEC_CRIT) ;
+#     /sbin/grub-install                -> $(SEC_CRIT) ;
+#     /sbin/grub-md5-crypt              -> $(SEC_CRIT) ;
+#     /sbin/installkernel               -> $(SEC_CRIT) ;
+#     /sbin/lilo                        -> $(SEC_CRIT) ;
+#     /sbin/mkkerneldoth                -> $(SEC_CRIT) ;
+     !/boot/System.map ;
+     !/boot/module-info ;
+     # other boot files may exist.  Look for:
+     #/ufsboot                          -> $(SEC_CRIT) ;
+}
+   ##################################################
+  ###################################################
+  # These files change every time the system boots ##
+  ##################################################
+(
+  rulename = "System boot changes",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+     !/var/run/ftp.pids-all ; # Comes and goes on reboot.
+     !/root/.enlightenment ;
+     /dev/log                          -> $(SEC_CONFIG) ;
+#     /dev/cua0                         -> $(SEC_CONFIG) ;
+     # /dev/printer                      -> $(SEC_CONFIG) ; # Uncomment if you have a printer device
+     /dev/console                      -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
+     /dev/tty1                         -> $(SEC_CONFIG) ; # tty devices
+     /dev/tty2                         -> $(SEC_CONFIG) ; # tty devices
+     /dev/tty3                         -> $(SEC_CONFIG) ; # are extremely
+     /dev/tty4                         -> $(SEC_CONFIG) ; # variable
+     /dev/tty5                         -> $(SEC_CONFIG) ;
+     /dev/tty6                         -> $(SEC_CONFIG) ;
+     /dev/urandom                      -> $(SEC_CONFIG) ;
+     /dev/initctl                      -> $(SEC_CONFIG) ;
+#     /var/lock/subsys                  -> $(SEC_CONFIG) ;
+     /var/run                          -> $(SEC_CONFIG) ;
+     /var/log                          -> $(SEC_CONFIG) ;
+	! /var/log/mrtg/red.log ;
+	! /var/log/mrtg/red.old ;
+	! /var/log/mrtg/green.log ;
+	! /var/log/mrtg/green.old ;
+#     /etc/ioctl.save                   -> $(SEC_CONFIG) ;
+#     /etc/issue.net                    -> $(SEC_CONFIG) -i ; # Inode number changes
+     /etc/issue                        -> $(SEC_CONFIG) ;
+     /etc/mtab                         -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
+     /lib/modules                      -> $(SEC_CONFIG) ;
+     /etc/.pwd.lock                    -> $(SEC_CONFIG) ;
+     # /lib/modules/preferred            -> $(SEC_CONFIG) ; #Uncomment when this file exists
+}
+
+# These files change the behavior of the root account
+(
+  rulename = "Root config files",
+# emailto = <email addr>,
+  severity = 100
+)
+{
+     /root                             -> $(SEC_CRIT) ; # Catch all additions to /root
+#     /root/.Xresources                 -> $(SEC_CONFIG) ;
+#     /root/.bashrc                     -> $(SEC_CONFIG) ;
+#     /root/.bash_profile               -> $(SEC_CONFIG) ;
+#     /root/.bash_logout                -> $(SEC_CONFIG) ;
+#     /root/.cshrc                      -> $(SEC_CONFIG) ;
+#     /root/.tcshrc                     -> $(SEC_CONFIG) ;
+     #/root/Mail                        -> $(SEC_CONFIG) ;
+     #/root/mail                        -> $(SEC_CONFIG) ;
+     #/root/.amandahosts                -> $(SEC_CONFIG) ;
+     #/root/.addressbook.lu             -> $(SEC_CONFIG) ;
+     #/root/.addressbook                -> $(SEC_CONFIG) ;
+#     /root/.bash_history               -> $(SEC_CONFIG) ;
+     #/root/.elm                        -> $(SEC_CONFIG) ;
+#     /root/.esd_auth                   -> $(SEC_CONFIG) ;
+#     /root/.gnome_private              -> $(SEC_CONFIG) ;
+#     /root/.gnome-desktop              -> $(SEC_CONFIG) ;
+#     /root/.gnome                      -> $(SEC_CONFIG) ;
+#     /root/.ICEauthority               -> $(SEC_CONFIG) ;
+     #/root/.mc                         -> $(SEC_CONFIG) ;
+     #/root/.pinerc                     -> $(SEC_CONFIG) ;
+     #/root/.sawfish                    -> $(SEC_CONFIG) ;
+#     /root/.Xauthority                 -> $(SEC_CONFIG) -i ; # Changes Inode number on login
+     #/root/.xauth                      -> $(SEC_CONFIG) ;
+     #/root/.xsession-errors            -> $(SEC_CONFIG) ;
+}
+
+  ################################
+ #                              ##
+################################ #
+#                              # #
+# Critical configuration files # #
+#                              ##
+################################
+(
+  rulename = "Critical configuration files",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+     #/etc/conf.linuxconf               -> $(SEC_BIN) ;
+#     /etc/crontab                      -> $(SEC_BIN) ;
+#     /etc/cron.hourly                  -> $(SEC_BIN) ;
+#     /etc/cron.daily                   -> $(SEC_BIN) ;
+#     /etc/cron.weekly                  -> $(SEC_BIN) ;
+#     /etc/cron.monthly                 -> $(SEC_BIN) ;
+     /etc/default                      -> $(SEC_BIN) ;
+     /etc/fstab                        -> $(SEC_BIN) ;
+#     /etc/exports                      -> $(SEC_BIN) ;
+     /etc/group-                       -> $(SEC_BIN) ;  # changes should be infrequent
+     /etc/host.conf                    -> $(SEC_BIN) ;
+     /etc/hosts.allow                  -> $(SEC_BIN) ;
+     /etc/hosts.deny                   -> $(SEC_BIN) ;
+     /etc/httpd/conf                   -> $(SEC_BIN) ;  # changes should be infrequent
+     /etc/protocols                    -> $(SEC_BIN) ;
+     /etc/services                     -> $(SEC_BIN) ;
+     /etc/rc.d/init.d                  -> $(SEC_BIN) ;
+     /etc/rc.d                         -> $(SEC_BIN) ;
+#     /etc/mail.rc                      -> $(SEC_BIN) ;
+     /etc/modules.conf                 -> $(SEC_BIN) ;
+#     /etc/motd                         -> $(SEC_BIN) ;
+#     /etc/named.conf                   -> $(SEC_BIN) ;
+     /etc/passwd                       -> $(SEC_CONFIG) ;
+     /etc/passwd-                      -> $(SEC_CONFIG) ;
+     /etc/profile.d                    -> $(SEC_BIN) ;
+#     /var/lib/nfs/rmtab                -> $(SEC_BIN) ;
+#     /usr/sbin/fixrmtab                -> $(SEC_BIN) ;
+#     /etc/rpc                          -> $(SEC_BIN) ;
+#     /etc/sysconfig                    -> $(SEC_BIN) ;
+     /var/ipfire/samba/smb.conf               -> $(SEC_CONFIG) ;
+     #/etc/gettydefs                    -> $(SEC_BIN) ;
+     /etc/nsswitch.conf                -> $(SEC_BIN) ;
+#     /etc/yp.conf                      -> $(SEC_BIN) ;
+     /etc/hosts                        -> $(SEC_CONFIG) ;
+#     /etc/xinetd.conf                  -> $(SEC_CONFIG) ;
+     /etc/inittab                      -> $(SEC_CONFIG) ;
+     /etc/resolv.conf                  -> $(SEC_CONFIG) ;
+     /etc/syslog.conf                  -> $(SEC_CONFIG) ;
+}
+
+  ####################
+ #                  ##
+#################### #
+#                  # #
+# Critical devices # #
+#                  ##
+####################
+(
+  rulename = "Critical devices",
+# emailto = <email addr>,
+  severity = $(SIG_HI),
+  recurse = false
+)
+{
+     /dev/kmem                         -> $(Device) ;
+     /dev/mem                          -> $(Device) ;
+     /dev/null                         -> $(Device) ;
+     /dev/zero                         -> $(Device) ;
+     /proc/devices                     -> $(Device) ;
+     /proc/net                         -> $(Device) ;
+#     /proc/sys                         -> $(Device) ;
+     /proc/cpuinfo                     -> $(Device) ;
+     /proc/modules                     -> $(Device) ;
+     /proc/mounts                      -> $(Device) ;
+     /proc/dma                         -> $(Device) ;
+     /proc/filesystems                 -> $(Device) ;
+     /proc/pci                         -> $(Device) ;
+     /proc/interrupts                  -> $(Device) ;
+#     /proc/driver/rtc                  -> $(Device) ;
+     /proc/ioports                     -> $(Device) ;
+#     /proc/scsi                        -> $(Device) ;
+#     /proc/kcore                       -> $(Device) ;
+     /proc/self                        -> $(Device) ;
+     /proc/kmsg                        -> $(Device) ;
+     /proc/stat                        -> $(Device) ;
+#     /proc/ksyms                       -> $(Device) ;
+     /proc/loadavg                     -> $(Device) ;
+     /proc/uptime                      -> $(Device) ;
+     /proc/locks                       -> $(Device) ;
+     /proc/version                     -> $(Device) ;
+#     /proc/mdstat                      -> $(Device) ;
+     /proc/meminfo                     -> $(Device) ;
+     /proc/cmdline                     -> $(Device) ;
+     /proc/misc                        -> $(Device) ;
+}
+
+# Rest of critical system binaries
+(
+  rulename = "OS executables and libraries",
+# emailto = <email addr>,
+  severity = $(SIG_HI)
+)
+{
+     /bin                              -> $(SEC_BIN) ;
+     /lib                              -> $(SEC_BIN) ;
+}
+
+
+#=============================================================================
+#
+# Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
+# Inc. in the United States and other countries. All rights reserved.
+#
+# Linux is a registered trademark of Linus Torvalds.
+#
+# UNIX is a registered trademark of The Open Group.
+#
+#=============================================================================
+#
+# Permission is granted to make and distribute verbatim copies of this document
+# provided the copyright notice and this permission notice are preserved on all
+# copies.
+#
+# Permission is granted to copy and distribute modified versions of this
+# document under the conditions for verbatim copying, provided that the entire
+# resulting derived work is distributed under the terms of a permission notice
+# identical to this one.
+#
+# Permission is granted to copy and distribute translations of this document
+# into another language, under the above conditions for modified versions,
+# except that this permission notice may be stated in a translation approved by
+# Tripwire, Inc.
+#
+# DCM
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 3fd850fc06..6c9b757f5d 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -79,6 +79,7 @@ WARNING: translation string unused: current media
 WARNING: translation string unused: current ovpn
 WARNING: translation string unused: current profile
 WARNING: translation string unused: dat without key
+WARNING: translation string unused: dbfile
 WARNING: translation string unused: ddns help dnsmadeeasy
 WARNING: translation string unused: ddns help freedns
 WARNING: translation string unused: ddns help plus
@@ -95,6 +96,7 @@ WARNING: translation string unused: dns server
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: download
 WARNING: translation string unused: dynamic dns client
+WARNING: translation string unused: editor
 WARNING: translation string unused: enable javascript
 WARNING: translation string unused: enabled on
 WARNING: translation string unused: enabledtitle
@@ -155,11 +157,14 @@ WARNING: translation string unused: javascript menu error1
 WARNING: translation string unused: javascript menu error2
 WARNING: translation string unused: kernel version
 WARNING: translation string unused: key stuff
+WARNING: translation string unused: lateprompting
 WARNING: translation string unused: line
 WARNING: translation string unused: linkq
 WARNING: translation string unused: local hard disk
+WARNING: translation string unused: localkeyfile
 WARNING: translation string unused: log enabled
 WARNING: translation string unused: log viewer
+WARNING: translation string unused: loosedirectorychecking
 WARNING: translation string unused: ls_dhcpd
 WARNING: translation string unused: ls_disk space
 WARNING: translation string unused: ls_free/swan
@@ -215,6 +220,7 @@ WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
 WARNING: translation string unused: password crypting key
 WARNING: translation string unused: pc
+WARNING: translation string unused: polfile
 WARNING: translation string unused: pots
 WARNING: translation string unused: profiles
 WARNING: translation string unused: proxy no proxy extend
@@ -225,8 +231,10 @@ WARNING: translation string unused: reboot schedule
 WARNING: translation string unused: refresh update list
 WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
+WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
 WARNING: translation string unused: restore hardware settings
+WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: safe removal of umounted device
@@ -235,6 +243,7 @@ WARNING: translation string unused: sectors read from disk per second
 WARNING: translation string unused: sectors written to disk per second
 WARNING: translation string unused: select media
 WARNING: translation string unused: shared memory
+WARNING: translation string unused: sitekeyfile
 WARNING: translation string unused: smbreload
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -295,7 +304,6 @@ WARNING: translation string unused: week
 WARNING: translation string unused: written sectors
 WARNING: translation string unused: xtaccess bad transfert
 WARNING: translation string unused: year
-WARNING: translation string unused: yes
 WARNING: untranslated string: IPFires hostname
 WARNING: untranslated string: Number of IPs for the pie chart
 WARNING: untranslated string: Number of Ports for the pie chart
diff --git a/doc/language_issues.en b/doc/language_issues.en
index aeec2e896f..fa1a931af7 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -96,6 +96,7 @@ WARNING: translation string unused: current ovpn
 WARNING: translation string unused: current profile
 WARNING: translation string unused: daily firewallhits
 WARNING: translation string unused: dat without key
+WARNING: translation string unused: dbfile
 WARNING: translation string unused: debugme
 WARNING: translation string unused: description
 WARNING: translation string unused: dhcp server disabled on blue interface
@@ -106,6 +107,7 @@ WARNING: translation string unused: disk access per
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: done
 WARNING: translation string unused: dynamic dns client
+WARNING: translation string unused: editor
 WARNING: translation string unused: enable javascript
 WARNING: translation string unused: enabled on
 WARNING: translation string unused: enabledtitle
@@ -168,11 +170,14 @@ WARNING: translation string unused: javascript menu error1
 WARNING: translation string unused: javascript menu error2
 WARNING: translation string unused: kernel version
 WARNING: translation string unused: key stuff
+WARNING: translation string unused: lateprompting
 WARNING: translation string unused: line
 WARNING: translation string unused: linkq
 WARNING: translation string unused: local hard disk
+WARNING: translation string unused: localkeyfile
 WARNING: translation string unused: log enabled
 WARNING: translation string unused: log viewer
+WARNING: translation string unused: loosedirectorychecking
 WARNING: translation string unused: ls_dhcpd
 WARNING: translation string unused: ls_disk space
 WARNING: translation string unused: ls_free/swan
@@ -228,6 +233,7 @@ WARNING: translation string unused: ovpnstatus log
 WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
 WARNING: translation string unused: pc
+WARNING: translation string unused: polfile
 WARNING: translation string unused: pots
 WARNING: translation string unused: profiles
 WARNING: translation string unused: psk
@@ -236,14 +242,17 @@ WARNING: translation string unused: read sectors
 WARNING: translation string unused: reboot schedule
 WARNING: translation string unused: refresh update list
 WARNING: translation string unused: released
+WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
 WARNING: translation string unused: restore hardware settings
+WARNING: translation string unused: root
 WARNING: translation string unused: root user password
 WARNING: translation string unused: save error
 WARNING: translation string unused: sectors read from disk per second
 WARNING: translation string unused: sectors written to disk per second
 WARNING: translation string unused: shaping add options
 WARNING: translation string unused: shared memory
+WARNING: translation string unused: sitekeyfile
 WARNING: translation string unused: smbreload
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -299,7 +308,6 @@ WARNING: translation string unused: weekly firewallhits
 WARNING: translation string unused: written sectors
 WARNING: translation string unused: year
 WARNING: translation string unused: yearly firewallhits
-WARNING: translation string unused: yes
 WARNING: untranslated string: IPFires hostname
 WARNING: untranslated string: Number of IPs for the pie chart
 WARNING: untranslated string: Number of Ports for the pie chart
diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 0b29bbca64..375a736412 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -24,7 +24,7 @@ my $message = "";
 my $errormessage = "";
 my @Logs = qx(ls /var/log/samba/);
 my $Log =$Lang::tr{'no log selected'};
-my $defaultoption= "[Share]\npath = /var/samba/share1\ncomment = Share - Public Access\nbrowseable = yes\nwriteable = yes\ncreate mask = 0777\ndirectory mask = 0777\nguest ok = yes\npublic = yes\nforce user = samba";
+my $defaultoption= "[Share]\npath = /var/ipfire/samba/share1\ncomment = Share - Public Access\nbrowseable = yes\nwriteable = yes\ncreate mask = 0777\ndirectory mask = 0777\npublic = yes\nforce user = samba";
 my $userentry = "";
 my @user = ();
 my @userline = ();
@@ -174,14 +174,14 @@ system('/usr/local/bin/sambactrl smbsharesreset');
 if ($sambasettings{'ACTION'} eq 'globalreset')
 	{
 	print <<END
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='2'><br /></td></tr>
-	<tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>Globals zurück setzen?</b>
+	<tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>$Lang::tr{'resetglobals'}</b>
 	<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-					 Yes <input type='image' alt='Yes' src='/images/edit-redo.png' />
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
 					<input type='hidden' name='ACTION' value='globalresetyes' /></form></td>
 			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-					<input type='image' alt='No' src='/images/dialog-error.png' /> No 
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
 					<input type='hidden' name='ACTION' value='cancel' /></form></td>
 	</tr>
 	</table>
@@ -192,14 +192,14 @@ END
 if ($sambasettings{'ACTION'} eq 'sharesreset')
 	{
 	print <<END
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='2'><br /></td></tr>
-	<tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>Shares zurück setzen?</b>
+	<tr><td bgcolor='${Header::table1colour}' colspan='3' align='center'><b>$Lang::tr{'resetshares'}</b>
 	<tr><td align='right'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-					 Yes <input type='image' alt='Yes' src='/images/edit-redo.png' />
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
 					<input type='hidden' name='ACTION' value='sharesresetyes' /></form></td>
 			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-					<input type='image' alt='No' src='/images/dialog-error.png' /> No 
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
 					<input type='hidden' name='ACTION' value='cancel' /></form></td>
 	</tr>
 	</table>
@@ -510,6 +510,7 @@ $selected{'SECURITY'}{$sambasettings{'SECURITY'}} = "selected='selected'";
 &Header::openbox('100%', 'center', $Lang::tr{'samba'});
 print <<END
         <hr />
+        <br />
         <table width='95%' cellspacing='0'>
 END
 ;
@@ -519,7 +520,6 @@ if ( $message ne "" )
 	}
 
 print <<END
-<tr><td colspan='3'><br /></td></tr>
 <tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'all services'}</b></td></tr>
 </table><table width='95%' cellspacing='0'>
 END
@@ -536,17 +536,16 @@ foreach $key (sort keys %servicenames)
 
 print <<END
 </table>
+<br />
 <table width='95%' cellspacing='0'>
-<tr><td colspan='4'><br /></td></tr>
 <tr><td align='left' width='40%' />
 <td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbstart' /><input type='image' alt='$Lang::tr{'smbstart'}' src='/images/go-up.png' /></form></td>
 <td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbstop' /><input type='image' alt='$Lang::tr{'smbstop'}' src='/images/go-down.png' /></form></td>
 <td align='center' ><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='smbrestart' /><input type='image' alt='$Lang::tr{'smbrestart'}' src='/images/view-refresh.png' /></form></td></tr>
 </table>
-
+<br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table width='95%' cellspacing='0'>
-<tr><td colspan='2'><br /></td></tr>
 <tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'workgroup'}</td><td align='left'><input type='text' name='WORKGRP' value='$sambasettings{'WORKGRP'}' size="30" /></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'netbios name'}</td><td align='left'><input type='text' name='NETBIOSNAME' value='$sambasettings{'NETBIOSNAME'}' size="30" /></td></tr>
@@ -638,8 +637,8 @@ END
 
 print <<END
 </table>
+<br />
 <table width='10%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
 <tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
 												<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
 												<input type='image' alt='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td>
@@ -656,8 +655,8 @@ END
 if ($sambasettings{'ACTION'} eq 'globalcaption')
 	{
 	print <<END
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='2'><br /></td></tr>
 	<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
 	<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save settings'}</td></tr>
 	<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'restore settings'}</td></tr>
@@ -683,8 +682,8 @@ if ($sambasettings{'SECURITY'} eq 'user')
 		}
 	print <<END
 	<hr />
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='6'><br /></td></tr>
 	<tr><td colspan='6' align='left'></td></tr>
 	<tr><td bgcolor='${Header::table1colour}' colspan='7' align='left'><b>$Lang::tr{'accounting'}</b></td></tr>
 	<tr><td align='left'><u>$Lang::tr{'username'}</u></td><td align='left'><u>$Lang::tr{'password'}</u></td>
@@ -697,10 +696,10 @@ END
 		}
 	else
 		{
-		print "<td align='left'><u>Typ</u></td>";
+		print "<td align='left'><u>$Lang::tr{'type'}</u></td>";
 		}
 
-	print "<td align='left'><u>$Lang::tr{'interfaces'}</u></td><td colspan='3' width='5%' align='center'><u>$Lang::tr{'options'}</u></td></tr>";
+	print "<td align='left'><u>$Lang::tr{'status'}</u></td><td colspan='3' width='5%' align='center'><u>$Lang::tr{'options'}</u></td></tr>";
 	system('/usr/local/bin/sambactrl readsmbpasswd');
 	open(FILE, "</var/ipfire/samba/private/smbpasswd") or die "Can't read user file: $!";
 	@user = <FILE>;
@@ -738,7 +737,7 @@ END
 		if ($userline[4] =~ /D/)
 			{
 			print <<END
-			inaktiv</td>
+			$Lang::tr{'inactive'}</td>
 			<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
 					<input type='hidden' name='NAME' value='$userline[0]' />
 					<input type='hidden' name='ACTION' value='smbuserenable' />
@@ -750,7 +749,7 @@ END
 		else
 			{
 			print <<END
-			aktiv</td>
+			$Lang::tr{'active'}</td>
 			<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
 					<input type='hidden' name='NAME' value='$userline[0]' />
 					<input type='hidden' name='ACTION' value='smbuserdisable' />
@@ -801,8 +800,8 @@ END
 		}
 	print <<END
 	</table>
+	<br />
 	<table width='10%' cellspacing='0'>
-	<tr><td colspan='3'><br /></td></tr>
 	<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
 													<input type='hidden' name='ACTION' value='useradd' />
 													<input type='image' alt='$Lang::tr{'add user'}' src='/images/user-option-add.png' /></form></td>
@@ -830,8 +829,8 @@ END
 	if ($sambasettings{'ACTION'} eq 'usercaption')
 		{
 		print <<END
+		<br />
 		<table width='95%' cellspacing='0'>
-		<tr><td align='center' colspan='2'><br /></td></tr>
 		<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
 		<tr><td align='right' width='33%'><img src='/images/user-option-add.png' /></td><td align='left'>$Lang::tr{'add user'}</td></tr>
 		<tr><td align='right' width='33%'><img src='/images/network.png' /></td><td align='left'>$Lang::tr{'add pc'}</td></tr>
@@ -852,9 +851,9 @@ END
 		my $password = 'samba';
 		print <<END
 		<hr />
+		<br />
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<table width='95%' cellspacing='0'>
-		<tr><td colspan='2'><br /></td></tr>
 		<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'change passwords'}</b></td></tr>
 		<tr><td align='left'>$Lang::tr{'username'}</td><td><input type='text' name='USERNAME' value='$username' size='30' /></td></tr>
 		<tr><td align='left'>$Lang::tr{'password'}</td><td><input type='password' name='PASSWORD' value='$password' size='30' /></td></tr>
@@ -876,9 +875,9 @@ END
 		$password=~s/\s//g;
 		print <<END
 		<hr />
+		<br />
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<table width='95%' cellspacing='0'>
-		<tr><td colspan='2'><br /></td></tr>
 		<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'add user'}</b></td></tr>
 		<tr><td align='left'>$Lang::tr{'username'}</td><td><input type='text' name='USERNAME' value='$username' size='30' /></td></tr>
 		<tr><td align='left'>$Lang::tr{'password'}</td><td><input type='password' name='PASSWORD' value='$password' size='30' /></td></tr>
@@ -899,9 +898,9 @@ END
 		$pcname=~s/\s//g;
 		print <<END
 		<hr />
+		<br />
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<table width='95%' cellspacing='0'>
-		<tr><td colspan='2'><br /></td></tr>
 		<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'pc add'}</b></td></tr>
 		<tr><td align='left'>$Lang::tr{'client'}</td><td><input type='text' name='PCNAME' value='$pcname' size='30' /></td></tr>
 		<tr><td align='left'>$Lang::tr{'unix group'}</td><td><input type='text' name='GROUP' value='sambawks' size='30' /></td></tr>
@@ -924,8 +923,8 @@ END
 
 print <<END
 <hr />
+<br />
 <table width='95%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
 <tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'manage shares'}</b>
 <tr><td align='left'><u>$Lang::tr{'sharename'}</u></td><td colspan='2' width="5%" align='center'><u>$Lang::tr{'options'}</u></td></tr>
 END
@@ -951,8 +950,8 @@ END
 
 print <<END
 </table>
+<br />
 <table width='10%' cellspacing='0'>
-<tr><td colspan='3'><br /></td></tr>
 <tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
 												<input type='hidden' name='ACTION' value='shareadd' />
 												<input type='image' alt='$Lang::tr{'add share'}' src='/images/list-add.png' />
@@ -972,9 +971,9 @@ END
 if ($sambasettings{'ACTION'} eq 'sharecaption')
 	{
 	print <<END
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td align='center' colspan='2'><br /></td></tr>
-	<tr><td align='center' colspan='2'><b>Legende:</b></td></tr>
+	<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
 	<tr><td align='right' width='33%'><img src='/images/list-add.png' /></td><td align='left'>$Lang::tr{'add share'}</td></tr>
 	<tr><td align='right' width='33%'><img src='/images/edit.gif' /></td><td align='left'>$Lang::tr{'edit share'}</td></tr>
 	<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save config'}</td></tr>
@@ -989,8 +988,8 @@ if ($sambasettings{'ACTION'} eq 'shareadd' || $sambasettings{'ACTION'} eq 'optio
 	{
 	print <<END
 	<hr />
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='2'><br /></td></tr>
 	<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'add share'}</b></td></tr>
 	<tr><td colspan='2' align='center'></td></tr>
 	<tr><td colspan='2' align='center'>$Lang::tr{'show share options'}<form method='post' action='$ENV{'SCRIPT_NAME'}'>
@@ -999,8 +998,8 @@ if ($sambasettings{'ACTION'} eq 'shareadd' || $sambasettings{'ACTION'} eq 'optio
 																																			</form></td></tr>
 	<form method='post' action='$ENV{'SCRIPT_NAME'}'><tr><td colspan='2' align='center'><textarea name="SHAREOPTION" cols="50" rows="15" Wrap="off">$defaultoption</textarea></td></tr>
 	</table>
+	<br />
 	<table width='10%' cellspacing='0'>
-	<tr><td><br /></td></tr>
 	<tr><td align='center'><input type='hidden' name='ACTION' value='smbshareadd' />
 													<input type='image' alt='$Lang::tr{'add share'}' src='/images/media-floppy.png' /></td></tr></form>
 	</table>
@@ -1030,8 +1029,8 @@ if ($sambasettings{'ACTION'} eq 'sharechange' || $sambasettings{'ACTION'} eq 'op
 		}
 	print <<END
 	<hr />
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td colspan='2'><br /></td></tr>
 	<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'edit share'}</b></td></tr>
 	<tr><td colspan='2' align='center'></td></tr>
 	<tr><td colspan='2' align='center'>$Lang::tr{'show share options'}<form method='post' action='$ENV{'SCRIPT_NAME'}'>
@@ -1039,8 +1038,8 @@ if ($sambasettings{'ACTION'} eq 'sharechange' || $sambasettings{'ACTION'} eq 'op
 																																			<input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
 	<tr><td colspan='2' align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'><textarea name="SHAREOPTION" cols="50" rows="15" Wrap="off">$shareoption</textarea></td></tr>
 	</table>
+	<br />
 	<table width='10%' cellspacing='0'>
-	<tr><td><br /></td></tr>
 	<tr><td align='center'><input type='hidden' name='NAME' value='$sambasettings{'NAME'}' />
 													<input type='image' alt='$Lang::tr{'change share'}' src='/images/media-floppy.png' />
 													<input type='hidden' name='ACTION' value='smbsharechange' /></form></td></tr>
@@ -1052,8 +1051,8 @@ END
 if ($sambasettings{'ACTION'} eq 'optioncaption' || $sambasettings{'ACTION'} eq 'optioncaption2')
 	{
 	print <<END
+	<br />
 	<table width='95%' cellspacing='0'>
-	<tr><td><br /></td></tr>
 	<tr><td><b>$Lang::tr{'caption'}</b></td></tr>
 	<tr><td><u>$Lang::tr{'options'}</u></td><td><u>$Lang::tr{'meaning'}</u> / <u>$Lang::tr{'exampel'}</u></td></tr>
 	<tr><td>comment</td><td>$Lang::tr{'comment'}</td></tr>
@@ -1117,8 +1116,8 @@ END
 
 print <<END
 <hr />
+<br />
 <table width='95%' cellspacing='0'>
-<tr><td colspan='4'  align='left'><br /></td></tr>
 <tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'samba status'}</b></td></tr>
 <tr><td  align='left'>$Status</td></tr>
 </table>
@@ -1140,9 +1139,9 @@ $Log=~s/\n/<br \/>/g;
 
 print <<END
 <hr />
+<br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table width='95%' cellspacing='0'>
-<tr><td colspan='3'  align='left'><br /></td></tr>
 <tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'log view'}</b></td></tr>
 <tr><td colspan='3'  align='left'><br /></td></tr>
 <tr><td  align='left'><select name='LOG' style="width: 200px">
diff --git a/html/cgi-bin/status.cgi b/html/cgi-bin/status.cgi
index 4aa226334d..5eb08fd3eb 100644
--- a/html/cgi-bin/status.cgi
+++ b/html/cgi-bin/status.cgi
@@ -107,7 +107,7 @@ print "</table></div>\n";
 &Header::closebox();
 
 &Header::openbox('100%', 'center', $Lang::tr{'memory'});
-print "<table><tr><td><table>";
+print "<table width='95%' cellspacing='5'>";
 my $ram=0;
 my $size=0;
 my $used=0;
@@ -123,7 +123,7 @@ while(<FREE>)
         {
     print <<END
 <tr>
-<td>&nbsp;</td>
+<td align='center'>&nbsp;</td>
 <td align='center' class='boldbase'><b>$Lang::tr{'size'}</b></td>
 <td align='center' class='boldbase'><b>$Lang::tr{'used'}</b></td>
 <td align='center' class='boldbase'><b>$Lang::tr{'free'}</b></td>
@@ -177,19 +177,17 @@ END
 }
 close FREE;
 print <<END
-</table></td><td>
-<table>
+<tr><td class='boldbase' colspan='2'><br /></td></tr>
 <tr><td class='boldbase'><b>$Lang::tr{'shared'}</b></td><td align='right'>$shared</td></tr>
 <tr><td class='boldbase'><b>$Lang::tr{'buffers'}</b></td><td align='right'>$buffers</td></tr>
 <tr><td class='boldbase'><b>$Lang::tr{'cached'}</b></td><td align='right'>$cached</td></tr>
 </table>
-</td></tr></table>
 END
 ;
 &Header::closebox();
 
 &Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
-print "<table width=66%>\n";
+print "<table width='95%' cellspacing='5'>\n";
 open(DF,'/bin/df -B M -x rootfs|');
 while(<DF>)
 {
@@ -230,7 +228,7 @@ END
         }
 }
 close DF;
-print "<tr><td colspan='6'>&nbsp;\n<tr><td colspan='6'><h2>Inodes</h2>\n";
+print "<tr><td colspan='6'>&nbsp;\n<tr><td colspan='6'><h3>Inodes</h3>\n";
 
 open(DF,'/bin/df -i -x rootfs|');
 while(<DF>)
diff --git a/html/cgi-bin/tripwire.cgi b/html/cgi-bin/tripwire.cgi
new file mode 100755
index 0000000000..fcae3d98c5
--- /dev/null
+++ b/html/cgi-bin/tripwire.cgi
@@ -0,0 +1,404 @@
+#!/usr/bin/perl
+#
+# IPFire CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# (c) The IPFire Team
+
+use strict;
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %tripwiresettings = ();
+my %checked = ();
+my %netsettings = ();
+my $message = "";
+my $errormessage = "";
+my @Logs = qx(ls /var/ipfire/tripwire/report/);
+my $Log =$Lang::tr{'no log selected'};
+
+############################################################################################################################
+################################################# Tripwire Default Variablen ################################################
+
+$tripwiresettings{'ROOT'} = '/usr/sbin';
+$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
+$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
+$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(HOSTNAME)-$(DATE).twr';
+$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
+$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/$(HOSTNAME)-local.key';
+$tripwiresettings{'EDITOR'} = '/usr/bin/vi';
+$tripwiresettings{'LATEPROMPTING'} = 'false';
+$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
+$tripwiresettings{'MAILNOVIOLATIONS'} = 'false';
+$tripwiresettings{'EMAILREPORTLEVEL'} = '3';
+$tripwiresettings{'REPORTLEVEL'} = '3';
+$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL';
+$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
+$tripwiresettings{'SMTPPORT'} = '25';
+$tripwiresettings{'SYSLOGREPORTING'} = 'false';
+$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
+$tripwiresettings{'SITEKEY'} = 'IPFire';
+$tripwiresettings{'LOCALKEY'} = 'IPFire';
+$tripwiresettings{'ACTION'} = '';
+
+############################################################################################################################
+######################################################### Tripwire HTML Part ###############################################
+
+&Header::showhttpheaders();
+&Header::getcgihash(\%tripwiresettings);
+&Header::openpage('Tripwire', 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+############################################################################################################################
+############################################### Tripwire Config Datei erstellen ############################################
+
+if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'})
+{
+system("/usr/local/bin/tripwirectrl readconfig");
+open (FILE, ">${General::swroot}/tripwire/tw.cfg") or die "Can't save tripwire config: $!";
+flock (FILE, 2);
+
+print FILE <<END
+
+ROOT                   =$tripwiresettings{'ROOT'}
+POLFILE                =$tripwiresettings{'POLFILE'}
+DBFILE                 =$tripwiresettings{'DBFILE'}
+REPORTFILE             =$tripwiresettings{'REPORTFILE'}
+SITEKEYFILE            =$tripwiresettings{'SITEKEYFILE'}
+LOCALKEYFILE           =$tripwiresettings{'LOCALKEYFILE'}
+EDITOR                 =$tripwiresettings{'EDITOR'}
+LATEPROMPTING          =$tripwiresettings{'LATEPROMPTING'}
+LOOSEDIRECTORYCHECKING =$tripwiresettings{'LOOSEDIRECTORYCHECKING'}
+MAILNOVIOLATIONS       =$tripwiresettings{'MAILNOVIOLATIONS'}
+EMAILREPORTLEVEL       =$tripwiresettings{'EMAILREPORTLEVEL'}
+REPORTLEVEL            =$tripwiresettings{'REPORTLEVEL'}
+MAILMETHOD             =$tripwiresettings{'MAILMETHOD'}
+SMTPHOST               =$tripwiresettings{'SMTPHOST'}
+SMTPPORT               =$tripwiresettings{'SMTPPORT'}
+SYSLOGREPORTING        =$tripwiresettings{'SYSLOGREPORTING'}
+MAILPROGRAM            =$tripwiresettings{'MAILPROGRAM'}
+
+END
+;
+close FILE;
+
+&General::writehash("${General::swroot}/tripwire/settings", \%tripwiresettings);
+system("/usr/local/bin/tripwirectrl lockconfig");
+}
+
+############################################################################################################################
+################################################## Sicherheitsabfrage für CGI ##############################################
+
+if ($tripwiresettings{'ACTION'} eq 'globalreset')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'resetglobals'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'defaultwarning'}<br /><br /></font></td></tr>
+	<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='globalresetyes' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'generatepolicypw')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'generatepolicy'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
+	<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+	<tr><td align='right' width='50%'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='generatepolicy' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'policyresetpw')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'resetpolicy'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
+	<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+	<tr><td align='right' width='50%'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='resetpolicyyes' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'updatedatabasepw')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'updatedatabase'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningdatabase'}<br /><br /></font></td></tr>
+	<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
+	<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='updatedatabaseyes' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+if ($tripwiresettings{'ACTION'} eq 'keyreset')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'keyreset'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
+	<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='keyresetyes' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+
+if ($tripwiresettings{'ACTION'} eq 'generatekeys')
+	{
+	print <<END
+	<br />
+	<table width='95%' cellspacing='0'>
+	<tr><td bgcolor='${Header::table1colour}' colspan='2' align='center'><b>$Lang::tr{'generatekeys'}</b>
+	<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
+	<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					 $Lang::tr{'yes'} <input type='image' alt='$Lang::tr{'yes'}' src='/images/edit-redo.png' />
+					<input type='hidden' name='ACTION' value='generatekeysyes' /></form></td>
+			<td align='left'  width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					<input type='image' alt='$Lang::tr{'no'}' src='/images/dialog-error.png' /> $Lang::tr{'no'} 
+					<input type='hidden' name='ACTION' value='cancel' /></form></td>
+	</tr>
+	</table>
+END
+;
+}
+
+############################################################################################################################
+######################################################## Tripwire Funktionen ###############################################
+
+if ($tripwiresettings{'ACTION'} eq 'globalresetyes'){system("/usr/local/bin/tripwirectrl globalreset");}
+if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){system("/usr/local/bin/tripwirectrl keys IPFire IPFire");$tripwiresettings{'SITEKEY'} = 'IPFire';$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'}");$tripwiresettings{'SITEKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'}");$tripwiresettings{'LOCALKEY'} = 'IPFire';}
+if ($tripwiresettings{'ACTION'} eq 'generatereport'){system("/usr/local/bin/tripwirectrl generatereport");}
+
+############################################################################################################################
+##################################################### Tripwire globale Optionen ############################################
+
+&Header::openbox('100%', 'center', 'Tripwire');
+print <<END
+<hr />
+<br />
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'emailreportlevel'}</td><td align='left'><input type='text' name='EMAILREPORTLEVEL' value='$tripwiresettings{'EMAILREPORTLEVEL'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'reportlevel'}</td><td align='left'><input type='text' name='REPORTLEVEL' value='$tripwiresettings{'REPORTLEVEL'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'mailmethod'}</td><td align='left'><input type='text' name='MAILMETHOD' value='$tripwiresettings{'MAILMETHOD'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'smtphost'}</td><td align='left'><input type='text' name='SMTPHOST' value='$tripwiresettings{'SMTPHOST'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'smtpport'}</td><td align='left'><input type='text' name='SMTPPORT' value='$tripwiresettings{'SMTPPORT'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'mailprogramm'}</td><td align='left'><input type='text' name='MAILPROGRAM' value='$tripwiresettings{'MAILPROGRAM'}' size="30" /></td></tr>
+</table>
+<br />
+<table width='10%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+												<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
+												<input type='image' alt='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='globalreset' />
+										<input type='image' alt='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='globalcaption' />
+										<input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+</from>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'globalcaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/media-floppy.png' /></td><td align='left'>$Lang::tr{'save settings'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'restore settings'}</td></tr>
+</table>
+END
+;
+
+}
+
+&Header::closebox();
+
+############################################################################################################################
+################################################### Tripwire Init Policy and keygen ########################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'generate tripwire keys and init'});
+print <<END
+<hr />
+<br />
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='${Header::table1colour}'><td colspan='2' align='left'><b>$Lang::tr{'keys'}</b></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
+</table>
+<br />
+<table width='10%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+												<input type='hidden' name='ACTION' value='generatekeys'/>
+												<input type='image' alt='$Lang::tr{'generatekeys'}' src='/images/system-lock-screen.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='keyreset' />
+										<input type='image' alt='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='keycaption' />
+										<input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+</from>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'keycaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/system-lock-screen.png' /></td><td align='left'>$Lang::tr{'generatekeys'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'keyreset'}</td></tr>
+</table>
+END
+;
+
+}
+&Header::closebox();
+
+############################################################################################################################
+################################################# Tripwire general functions ###############################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'tripwire functions'});
+print <<END
+<hr />
+<br />
+
+<table width='95%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+												<input type='hidden' name='ACTION' value='generatepolicypw'/>
+												<input type='image' alt='$Lang::tr{'generatepolicy'}' src='/images/document-new.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='policyresetpw' />
+										<input type='image' alt='$Lang::tr{'resetpolicy'}' src='/images/reload.gif' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='generatereport' />
+										<input type='image' alt='$Lang::tr{'generatereport'}' src='/images/document-properties.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='updatedatabasepw' />
+										<input type='image' alt='$Lang::tr{'updatedatabase'}' src='/images/network-server.png' /></form></td>
+<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+										<input type='hidden' name='ACTION' value='policycaption' />
+										<input type='image' alt='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
+</table>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'policycaption')
+{
+print <<END
+<br />
+<table width='95%' cellspacing='0'>
+<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
+<tr><td align='right' width='33%'><img src='/images/document-new.png' /></td><td align='left'>$Lang::tr{'generatepolicy'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/reload.gif' /></td><td align='left'>$Lang::tr{'resetpolicy'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/document-properties.png' /></td><td align='left'>$Lang::tr{'generatereport'}</td></tr>
+<tr><td align='right' width='33%'><img src='/images/network-server.png' /></td><td align='left'>$Lang::tr{'updatedatabase'}</td></tr>
+</table>
+END
+;
+
+}
+&Header::closebox();
+
+############################################################################################################################
+####################################################### Tripwire Init Policy ###############################################
+
+&Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'});
+print <<END
+<hr />
+<br />
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr><td bgcolor='${Header::table1colour}' colspan='3' align='left'><b>$Lang::tr{'log view'}</b></td></tr>
+<tr><td colspan='3'  align='left'><br /></td></tr>
+<tr><td  align='left'><select name='LOG' style="width: 500px">
+END
+;
+foreach my $log (@Logs) {chomp $log;print"<option value='$log'>$log</option>";}
+print <<END
+
+</select></td><td  align='left'><input type='hidden' name='ACTION' value='showlog' /><input type='image' alt='view Log' src='/images/format-justify-fill.png' /></td></tr>
+</table>
+</form>
+END
+;
+if ($tripwiresettings{'ACTION'} eq 'showlog')
+{
+$Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'});
+#$Log=~s/\n/<br \/>/g;
+#$Log=~s/\t/....             /g;
+print <<END
+<table width='95%' cellspacing='0'>
+<tr><td><br /></td></tr>
+<tr><td><pre>LOG - $Log </pre></td></tr>
+<tr><td><br /></td></tr>
+<tr><td align=center>$tripwiresettings{'LOG'}</td></tr>
+</table>
+END
+;
+
+}
+
+&Header::closebox();
+
+&Header::closebigbox();
+&Header::closepage();
\ No newline at end of file
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f1688e6320..1909f387ee 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -38,6 +38,7 @@
 'action' => 'Aktion',
 'activate' => 'aktivieren',
 'activate user' => 'Benutzer aktivieren',
+'active' => 'aktiv',
 'add' => 'Hinzufügen',
 'add a host' => 'Host hinzufügen:',
 'add a new rule' => 'Neue Regel hinzufügen:',
@@ -442,6 +443,7 @@
 'day after' => 'Tag danach',
 'day before' => 'Tag davor',
 'days' => 'Tage',
+'dbfile' => 'Dbfile',
 'ddns help dnsmadeeasy' => 'Tragen Sie Ihre ID (oder ID Liste durch ; getrennt) in das Feld "Hostname" ein',
 'ddns help freedns' => 'Tragen Sie den Connect String im Feld "Benutzername" ein',
 'ddns help plus' => '<b>+</b> kennzeichnet ein Pflichtfeld',
@@ -459,6 +461,7 @@
 'default networks' => 'Standard Netzwerke',
 'default renewal time' => 'Standard-Aktualisierungszeit',
 'default services' => 'Standard Dienste',
+'defaultwarning' => 'ACHTUNG - Ihre Einstellungen gehen hiermit verloren und werden durch die Standarteinstellungen ersetzt.',
 'delete' => 'Löschen',
 'delete pc' => 'PC löschen',
 'delete share' => 'Freigabe löschen',
@@ -572,7 +575,9 @@
 'edit network' => 'Netzwerk bearbeiten',
 'edit service' => 'Dienst bearbeiten',
 'edit share' => 'Freigabe bearbeiten',
+'editor' => 'Editor',
 'eg' => 'z.B.:',
+'emailreportlevel' => 'Email Reportlevel',
 'empty' => 'Dieses Feld kann leer bleiben',
 'empty profile' => 'Unbenannt',
 'enable ignore filter' => '&quot;Ignorieren&quot;-Filter ein',
@@ -649,6 +654,10 @@
 'generate' => 'Root/Host Zertifikate generieren',
 'generate a certificate' => 'Erzeuge ein Zertifikat:',
 'generate root/host certificates' => 'Erzeuge Root/Host Zertifikate',
+'generate tripwire keys and init' => 'Tripwire Initalisierung',
+'generatekeys' => 'Neue Schlüssel erzeugen',
+'generatepolicy' => 'Neue Policy erstellen',
+'generatereport' => 'Neuen Report erstellen',
 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Die Erzeugung der Root und Host Zertifikate kann lange Zeit dauern.  Auf älterer Hardware kann es mehrere Minuten lang dauern. Bitte haben Sie etwas Geduld.',
 'genkey' => 'PSK erzeugen',
 'global settings' => 'Globale Einstellungen',
@@ -709,6 +718,7 @@
 'import' => 'Import',
 'importkey' => 'PSK importieren',
 'in' => 'Ein',
+'inactive' => 'inaktiv',
 'incoming traffic in bytes per second' => 'Eingehender Verkehr in Bytes pro Sekunde',
 'incorrect password' => 'Fehlerhaftes Passwort',
 'info' => 'Info',
@@ -816,9 +826,12 @@
 'kernel logging server' => 'Kernel-Protokollierungs-Server',
 'kernel version' => 'Kernel-Version:',
 'key stuff' => '2. Keys und Zertifikate',
+'keyreset' => 'Schlüssel zurück setzen',
+'keys' => 'Schlüssel',
 'lan' => 'LAN',
 'languagepurpose' => 'Wählen Sie eine Sprache, in der IPFire angezeigt werden soll:',
 'last activity' => 'Letzte Aktivitaet',
+'lateprompting' => 'Late prompting',
 'lease expires' => 'Zuordnung verfällt',
 'legend' => 'Legende',
 'line' => 'Leitung',
@@ -830,6 +843,8 @@
 'local subnet' => 'Lokales Subnetz:',
 'local subnet is invalid' => 'Lokales Subnet ist ungültig.',
 'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP',
+'localkey' => 'Localkey',
+'localkeyfile' => 'Localkeyfile',
 'log' => 'Protokoll:',
 'log enabled' => 'Log aktiviert',
 'log level' => 'Log Level',
@@ -846,6 +861,7 @@
 'logging server' => 'Protokollierungs-Server',
 'loginlogout' => 'Login/Logout',
 'lookup failed' => 'Reverse Lookup gescheitert',
+'loosedirectorychecking' => 'Loose directorychecking',
 'low' => 'Niedrig',
 'ls_dhcpd' => 'DHCP-Server:',
 'ls_disk space' => 'Plattenplatz:',
@@ -860,6 +876,8 @@
 'mac address' => 'MAC-Adresse',
 'mac address in use' => 'MAC-Adresse bereits vergeben',
 'magic packet send to:' => 'Sende WOL-Paket an',
+'mailmethod' => 'Mail Methode',
+'mailprogramm' => 'Mail Programm',
 'main page' => 'Startseite',
 'manage ovpn' => '5. Tunnel Management',
 'manage shares' => 'Freigaben verwalten',
@@ -1048,6 +1066,7 @@
 'phonebook entry' => 'Telefonbuch-Eintrag:',
 'ping disabled' => 'Ping Antwort deaktivieren',
 'pkcs12 file password' => 'PKCS12 Datei-Passwort',
+'polfile' => 'Polfile',
 'port' => 'Port',
 'port forwarding configuration' => 'Konfiguration der Port-Weiterleitung',
 'ports' => 'Ports',
@@ -1110,11 +1129,16 @@
 'remove' => 'Löschen',
 'remove ca certificate' => 'CA-Zertifikat entfernen',
 'remove x509' => 'Entferne alle CA und Zertifizikate',
+'reportfile' => 'Reportfile',
+'reportlevel' => 'Report Level',
 'requested data' => '1. Verbindungs Einstellungen',
 'reserved dst port' => 'Dieser Zielport ist für die ausschließliche Benutzung durch IPFire reserviert:',
 'reserved src port' => 'Dieser Quellport ist für die ausschließliche Benutzung durch IPFire reserviert:',
 'reset' => 'Zurück setzen',
 'reset shares' => 'Freigaben zurücksetzen',
+'resetglobals' => 'Globale Einstellungen zurücksetzen',
+'resetpolicy' => 'Policy zurück setzen',
+'resetshares' => 'Shares zurücksetzen?',
 'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Zurücksetzen der VPN-Konfiguration wird die Root-CA, die Host-Zertifikate und alle weiteren Zertifikate und alle zertifikatsbasierten Verbindungen entfernen',
 'restart' => 'Neustart',
 'restart ovpn server' => 'OpenVPN Server neu starten',
@@ -1123,6 +1147,7 @@
 'restore hardware settings' => 'Hardware-Einstellungen wiederherstellen',
 'restore settings' => 'Einstellungen wiederherstellen',
 'reverse sort' => 'In umgekehrter chronologischer Reihenfolge sortieren',
+'root' => 'Root',
 'root certificate' => 'Root-Zertifikat',
 'root path' => 'Root-Pfad',
 'root user password' => 'Root Passwort',
@@ -1191,10 +1216,14 @@
 'shutdown2' => 'Herunterfahren:',
 'shutting down' => 'Fahre herunter',
 'shutting down ipfire' => 'Fahre IPFire herunter',
+'sitekey' => 'Sitekey',
+'sitekeyfile' => 'Sitekeyfile',
 'size' => 'Größe',
 'smbreload' => 'Samba Dienste durchstarten',
 'smbstart' => 'Samba Dienste starten',
 'smbstop' => 'Samba Dienste beenden',
+'smtphost' => 'Smtp Host',
+'smtpport' => 'Smtp Port',
 'snort hits' => 'Gesamtanzahl der aktivierten Intrusion-Regeln für',
 'sort ascending' => 'Sortiere aufsteigend',
 'sort descending' => 'Sortiere absteigend',
@@ -1297,6 +1326,11 @@
 'traffic shaping settings' => 'Einstellungen der Datenflußkontrolle',
 'transfer limits' => 'Transferbeschränkungen',
 'transparent on' => 'Transparent auf',
+'tripwire functions' => 'Tripwire Funktionen',
+'tripwire reports' => 'Tripwire Reports',
+'tripwirewarningdatabase' => 'ACHTUNG - Ihre Datenbank wird auf den Stand des letzten Reports gesetzt, bitte versichern sie sich, dass keine unautorisiertend Änderungen vorgenommen wurden. Hierfür wird der Local-Key benötigt.',
+'tripwirewarningkeys' => 'ACHTUNG - Sie löschen hiermit ihre bestehenden Schlüssel, ihre Konfiguration und Datenbank und legen Alles neu an.',
+'tripwirewarningpolicy' => 'ACHTUNG - Ihr Policy wird neu erzeugt, anschließen wird die Datenbank neu initialisiert. Hierfür wird der Site-Key benötigt.',
 'tuesday' => 'Dienstag',
 'type' => 'Typ',
 'umount' => 'Abmelden',
@@ -1312,6 +1346,7 @@
 'update' => 'Aktualisieren',
 'update time' => 'Aktualisiere die Uhrzeit:',
 'update transcript' => 'Aktualisieren',
+'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen',
 'updates' => 'Updates',
 'updates installed' => 'Updates wurden installiert',
 'updates is old1' => 'Ihre Update-Datei ist ',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 6dbd276e17..e403569b02 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -38,6 +38,7 @@
 'action' => 'Action',
 'activate' => 'activate',
 'activate user' => 'activate user',
+'active' => 'active',
 'add' => 'Add',
 'add a host' => 'Add a host:',
 'add a new rule' => 'Add a new rule:',
@@ -460,6 +461,7 @@
 'day after' => 'Day after',
 'day before' => 'Day before',
 'days' => 'days',
+'dbfile' => 'Dbfile',
 'ddns hostname added' => 'Dynamic DNS hostname added',
 'ddns hostname modified' => 'Dynamic DNS hostname modified',
 'ddns hostname removed' => 'Dynamic DNS hostname removed',
@@ -474,6 +476,7 @@
 'default networks' => 'Default networks',
 'default renewal time' => 'Default Renewal Time',
 'default services' => 'Default services',
+'defaultwarning' => 'WARNING - Your settings will be lost and replaced by the default ones.',
 'delete' => 'Delete',
 'delete pc' => 'delete workstation',
 'delete share' => 'delete share',
@@ -585,7 +588,9 @@
 'edit network' => 'Edit network',
 'edit service' => 'Edit service',
 'edit share' => 'edit share',
+'editor' => 'Editor',
 'eg' => 'e.g:',
+'emailreportlevel' => 'Emailreportlevel',
 'empty' => 'This field may be left blank',
 'empty profile' => 'empty',
 'enable ignore filter' => 'Enable ignore filter',
@@ -662,6 +667,10 @@
 'generate' => 'Generate Root/Host Zertifikate',
 'generate a certificate' => 'Generate a certificate:',
 'generate root/host certificates' => 'Generate Root/Host Certificates',
+'generate tripwire keys and init' => 'generate tripwire keys and init',
+'generatekeys' => 'Generate Keys',
+'generatepolicy' => 'Generate new Policy',
+'generatereport' => 'Generate new Report',
 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generating the root and host certificates may take a long time.  It can take up to several minutes on older hardware. Please be patient.',
 'genkey' => 'Generate PSK',
 'global settings' => 'Global settings',
@@ -722,6 +731,7 @@
 'import' => 'Import',
 'importkey' => 'Import PSK',
 'in' => 'In',
+'inactive' => 'inactive',
 'incoming traffic in bytes per second' => 'Incoming Traffic in Bytes per Second',
 'incorrect password' => 'Incorrect password',
 'info' => 'Info',
@@ -831,9 +841,12 @@
 'kernel logging server' => 'Kernel logging server',
 'kernel version' => 'Kernel version:',
 'key stuff' => '2. Keys and Certificates',
+'keyreset' => 'Reset Keys',
+'keys' => 'keys',
 'lan' => 'LAN',
 'languagepurpose' => 'Select the language you wish IPFire to display in:',
 'last activity' => 'Last Activity',
+'lateprompting' => 'Lateprompting',
 'lease expires' => 'Lease expires',
 'legend' => 'Legend',
 'line' => 'Line',
@@ -845,6 +858,8 @@
 'local subnet' => 'Local Subnet:',
 'local subnet is invalid' => 'Local subnet is invalid.',
 'local vpn hostname/ip' => 'Local VPN Hostname/IP',
+'localkey' => 'Localkey',
+'localkeyfile' => 'Localkeyfile',
 'log' => 'Log:',
 'log enabled' => 'Log Enabled',
 'log level' => 'Log Level',
@@ -853,7 +868,7 @@
 'log settings' => 'Log Settings',
 'log summaries' => 'Log summaries',
 'log summary' => 'Log Summary',
-'log view' => 'log view',
+'log view' => 'Log View',
 'log viewer' => 'Log viewer',
 'log viewing options' => 'Log viewing options',
 'log-options' => 'Logfile options',
@@ -861,6 +876,7 @@
 'logging server' => 'Logging server',
 'loginlogout' => 'Login/Logout',
 'lookup failed' => 'Reverse lookup failed',
+'loosedirectorychecking' => 'Loosedirectorychecking',
 'low' => 'Low',
 'ls_dhcpd' => 'DHCP Server:',
 'ls_disk space' => 'Disk space:',
@@ -875,9 +891,11 @@
 'mac address' => 'MAC Address',
 'mac address in use' => 'MAC address already in use',
 'magic packet send to:' => 'Magic packet send to:',
+'mailmethod' => 'Mailmethod',
+'mailprogramm' => 'Mailprogramm',
 'main page' => 'Main page',
 'manage ovpn' => '5. Tunnel Management:',
-'manage shares' => 'manage shares',
+'manage shares' => 'Manage Shares',
 'manual' => 'Manual',
 'manual control and status' => 'Manual control and status:',
 'manually' => 'Manually',
@@ -1063,6 +1081,7 @@
 'phonebook entry' => 'Phonebook entry:',
 'ping disabled' => 'Disable ping response',
 'pkcs12 file password' => 'PKCS12 File Password',
+'polfile' => 'Polfile',
 'port' => 'Port',
 'port forwarding configuration' => 'Port forwarding configuration',
 'ports' => 'Ports',
@@ -1122,11 +1141,16 @@
 'remote subnet is invalid' => 'Remote subnet is invalid.',
 'remove' => 'Remove',
 'remove ca certificate' => 'Remove CA Certificate',
+'reportfile' => 'Reportfile',
+'reportlevel' => 'Reportlevel',
 'requested data' => '1. Connection Settings:',
 'reserved dst port' => 'Destination port is reserved for IPFire use only:',
 'reserved src port' => 'Source port is reserved for IPFire use only:',
 'reset' => 'Reset',
 'reset shares' => 'reset share',
+'resetglobals' => 'reset global settings',
+'resetpolicy' => 'Reset policy to default',
+'resetshares' => 'reset shares?',
 'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Resetting the VPN configuration will remove the root CA, the host certificate and all certificate based connections',
 'restart' => 'Restart',
 'restart ovpn server' => 'Restart OpenVPN Server',
@@ -1135,6 +1159,7 @@
 'restore hardware settings' => 'Restore hardware settings',
 'restore settings' => 'Reset Settings',
 'reverse sort' => 'Sort in reverse chronological order',
+'root' => 'Root',
 'root certificate' => 'Root Certificate',
 'root user password' => 'root password',
 'route subnet is invalid' => 'Additional push route subnet is invalid',
@@ -1204,10 +1229,14 @@
 'shutdown2' => 'Shutdown:',
 'shutting down' => 'Shutting down',
 'shutting down ipfire' => 'Shutting down IPFire',
+'sitekey' => 'Sitekey',
+'sitekeyfile' => 'Sitekeyfile',
 'size' => 'Size',
 'smbreload' => 'Samba Dienste durchstarten',
 'smbstart' => 'Samba Dienste starten',
 'smbstop' => 'Samba Dienste beenden',
+'smtphost' => 'Smtp Host',
+'smtpport' => 'Smtp Port',
 'snort hits' => 'Total of number of Intrusion rules activated for',
 'sort ascending' => 'Sort Ascending',
 'sort descending' => 'Sort Descending',
@@ -1319,8 +1348,13 @@
 'trafficto' => 'To',
 'transfer limits' => 'Transfer limits',
 'transparent on' => 'Transparent on',
+'tripwire functions' => 'tripwire functions',
+'tripwire reports' => 'tripwire reports',
+'tripwirewarningdatabase' => 'WARNING - Your Database will be updated with the data of the last report. Please ensure that no unauthorized changes are reported. Therefor the Local-Key is needed.',
+'tripwirewarningkeys' => 'WARNING - This will erase your current keys, config, and database and generate them new.',
+'tripwirewarningpolicy' => 'WARNING - Your policy will be rebuild, after that your database will be reinitalised. Therefor the Site-Key ist neeeded.',
 'tuesday' => 'Tuesday',
-'type' => 'Type',
+'type' => 'type',
 'unable to alter profiles while red is active' => 'Unable to alter profiles while RED is active.',
 'unable to contact' => 'Unable to contact',
 'unencrypted' => 'Unencrypted',
@@ -1332,6 +1366,7 @@
 'update' => 'Update',
 'update time' => 'Update the time:',
 'update transcript' => 'Update transcript',
+'updatedatabase' => 'Update Database with last Report',
 'updates' => 'Updates',
 'updates installed' => 'Updates Installed',
 'updates is old1' => 'Your update file is ',
diff --git a/lfs/tripwire b/lfs/tripwire
index 5949fb00ae..859ba5808b 100644
--- a/lfs/tripwire
+++ b/lfs/tripwire
@@ -91,4 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 											cp -vf $(DIR_APP)/bin/$$i /usr/sbin; \
 										done 
 	@rm -rf $(DIR_APP)
+	cp -vrf $(DIR_SRC)/config/tripwire/* /var/ipfire/tripwire/
+	cp -vfp /var/ipfire/tripwire/twcfg.txt /var/ipfire/tripwire/twcfg.default
+	cp -vfp /var/ipfire/tripwire/twpol.txt /var/ipfire/tripwire/twpol.default
 	@$(POSTBUILD)
diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c
index 6dd65bc9c2..7405848b1c 100644
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -77,24 +77,28 @@ int main(int argc, char *argv[])
         if (strcmp(argv[1], "smbstop")==0)
         {
             safe_system("/etc/rc.d/init.d/samba stop");
+            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbstart")==0)
         {
             safe_system("/etc/rc.d/init.d/samba start");
+            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbrestart")==0)
         {
             safe_system("/etc/rc.d/init.d/samba restart");
+            printf(command);
             return 0;
         }
 
         if (strcmp(argv[1], "smbreload")==0)
         {
             safe_system("/etc/rc.d/init.d/samba reload");
+            printf(command);
             return 0;
         }
 
diff --git a/src/misc-progs/tripwirectrl.c b/src/misc-progs/tripwirectrl.c
new file mode 100644
index 0000000000..f35ef77f85
--- /dev/null
+++ b/src/misc-progs/tripwirectrl.c
@@ -0,0 +1,107 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+#define BUFFER_SIZE 1024
+
+char command[BUFFER_SIZE]; 
+
+int main(int argc, char *argv[])
+{
+
+        if (!(initsetuid()))
+                exit(1);
+
+        // Check what command is asked
+        if (argc==1)
+        {
+            fprintf (stderr, "Missing tripwirectrl command!\n");
+            return 1;
+        }
+
+        if (strcmp(argv[1], "tripwirelog")==0)
+        {
+        char log; 
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
+            log=safe_system(command);
+            printf(command);
+            return(log);
+        }
+
+        if (strcmp(argv[1], "generatereport")==0)
+        {
+            safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg");
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "updatedatabase")==0)
+        {
+        char file; 
+            file=safe_system("ls -S | tail -1");
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s --twrfile %s", argv[2], file);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "keys")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/$(HOSTNAME)-local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/$(HOSTNAME)-local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/$(HOSTNAME)-local.key", argv[3]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "generatepolicy")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "resetpolicy")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "readconfig")==0)
+        {
+            safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "lockconfig")==0)
+        {
+            safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
+            printf(command);
+            return 0;
+        }
+}
\ No newline at end of file