SHARE
TWEET

Untitled

a guest Aug 21st, 2017 124 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. #
  3. # Standard Debian Tripwire configuration
  4. #
  5. #
  6. # This configuration covers the contents of all 'Essential: yes'
  7. # packages along with any packages necessary for access to an internet
  8. # or system availability, e.g. name services, mail services, PCMCIA
  9. # support, RAID support, and backup/restore support.
  10. #
  11.  
  12. #
  13. # Global Variable Definitions
  14. #
  15. # These definitions override those in to configuration file.  Do not        
  16. # change them unless you understand what you're doing.
  17. #
  18.  
  19. @@section GLOBAL
  20. TWBIN = /usr/sbin;
  21. TWETC = /etc/tripwire;
  22. TWVAR = /var/lib/tripwire;
  23.  
  24. #
  25. # File System Definitions
  26. #
  27. @@section FS
  28.  
  29. #
  30. # First, some variables to make configuration easier
  31. #
  32. SEC_CRIT      = $(IgnoreNone)-SHa ; # Critical files that cannot change
  33.  
  34. SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
  35.  
  36. SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed
  37.                 # infrequently but accessed
  38.                 # often
  39.  
  40. SEC_LOG       = $(Growing) ;         # Files that grow, but that
  41.                          # should never change ownership
  42.  
  43. SEC_INVARIANT = +tpug ;              # Directories that should never
  44.                 # change permission or ownership
  45.  
  46. SIG_LOW       = 33 ;                 # Non-critical files that are of
  47.                      # minimal security impact
  48.  
  49. SIG_MED       = 66 ;                 # Non-critical files that are of
  50.                      # significant security impact
  51.  
  52. SIG_HI        = 100 ;                # Critical files that are
  53.                      # significant points of
  54.                      # vulnerability
  55.  
  56. #
  57. # Tripwire Binaries
  58. #
  59. (
  60.   rulename = "Tripwire Binaries",
  61.   severity = $(SIG_HI)
  62. )
  63. {
  64.     $(TWBIN)/siggen         -> $(SEC_BIN) ;
  65.     $(TWBIN)/tripwire       -> $(SEC_BIN) ;
  66.     $(TWBIN)/twadmin        -> $(SEC_BIN) ;
  67.     $(TWBIN)/twprint        -> $(SEC_BIN) ;
  68. }
  69.  
  70. #
  71. # Tripwire Data Files - Configuration Files, Policy Files, Keys,
  72. # Reports, Databases
  73. #
  74.  
  75. # NOTE: We remove the inode attribute because when Tripwire creates a
  76. # backup, it does so by renaming the old file and creating a new one
  77. # (which will have a new inode number).  Inode is left turned on for
  78. # keys, which shouldn't ever change.
  79.  
  80. # NOTE: The first integrity check triggers this rule and each
  81. # integrity check afterward triggers this rule until a database update
  82. # is run, since the database file does not exist before that point.
  83. (
  84.   rulename = "Tripwire Data Files",
  85.   severity = $(SIG_HI)
  86. )
  87. {
  88.     $(TWVAR)/$(HOSTNAME).twd    -> $(SEC_CONFIG) -i ;
  89.     $(TWETC)/tw.pol         -> $(SEC_BIN) -i ;
  90.     $(TWETC)/tw.cfg         -> $(SEC_BIN) -i ;
  91.     $(TWETC)/$(HOSTNAME)-local.key  -> $(SEC_BIN) ;
  92.     $(TWETC)/site.key       -> $(SEC_BIN) ;
  93.  
  94.     #don't scan the individual reports
  95.     $(TWVAR)/report         -> $(SEC_CONFIG) (recurse=0) ;
  96. }
  97.  
  98. #
  99. # Critical System Boot Files
  100. # These files are critical to a correct system boot.
  101. #
  102. (
  103.   rulename = "Critical system boot files",
  104.   severity = $(SIG_HI)
  105. )
  106. {
  107.     /boot           -> $(SEC_CRIT) ;
  108.     /lib/modules        -> $(SEC_CRIT) ;
  109. }
  110.  
  111. (
  112.   rulename = "Boot Scripts",
  113.   severity = $(SIG_HI)
  114. )
  115. {
  116.     /etc/init.d     -> $(SEC_BIN) ;
  117.     /etc/rc.boot        -> $(SEC_BIN) ;
  118.     /etc/rcS.d      -> $(SEC_BIN) ;
  119.     /etc/rc0.d      -> $(SEC_BIN) ;
  120.     /etc/rc1.d      -> $(SEC_BIN) ;
  121.     /etc/rc2.d      -> $(SEC_BIN) ;
  122.     /etc/rc3.d      -> $(SEC_BIN) ;
  123.     /etc/rc4.d      -> $(SEC_BIN) ;
  124.     /etc/rc5.d      -> $(SEC_BIN) ;
  125.     /etc/rc6.d      -> $(SEC_BIN) ;
  126. }
  127.  
  128.  
  129. #
  130. # Critical executables
  131. #
  132. (
  133.   rulename = "Root file-system executables",
  134.   severity = $(SIG_HI)
  135. )
  136. {
  137.     /bin            -> $(SEC_BIN) ;
  138.     /sbin           -> $(SEC_BIN) ;
  139. }
  140.  
  141. #
  142. # Critical Libraries
  143. #
  144. (
  145.   rulename = "Root file-system libraries",
  146.   severity = $(SIG_HI)
  147. )
  148. {
  149.     /lib            -> $(SEC_BIN) ;
  150. }
  151.  
  152.  
  153. #
  154. # Login and Privilege Raising Programs
  155. #
  156. (
  157.   rulename = "Security Control",
  158.   severity = $(SIG_MED)
  159. )
  160. {
  161.     /etc/passwd     -> $(SEC_CONFIG) ;
  162.     /etc/shadow     -> $(SEC_CONFIG) ;
  163. }
  164.  
  165.  
  166.  
  167.  
  168. #
  169. # These files change every time the system boots
  170. #
  171. (
  172.   rulename = "System boot changes",
  173.   severity = $(SIG_HI)
  174. )
  175. {
  176.     /var/lock       -> $(SEC_CONFIG) ;
  177.     /var/run        -> $(SEC_CONFIG) ; # daemon PIDs
  178.     /var/log        -> $(SEC_CONFIG) ;
  179. }
  180.  
  181. # These files change the behavior of the root account
  182. (
  183.   rulename = "Root config files",
  184.   severity = 100
  185. )
  186. {
  187.     /root               -> $(SEC_CRIT) ; # Catch all additions to /root
  188.     /root/mail          -> $(SEC_CONFIG) ;
  189.     /root/Mail          -> $(SEC_CONFIG) ;
  190.     /root/.xsession-errors      -> $(SEC_CONFIG) ;
  191.     /root/.xauth            -> $(SEC_CONFIG) ;
  192.     /root/.tcshrc           -> $(SEC_CONFIG) ;
  193.     /root/.sawfish          -> $(SEC_CONFIG) ;
  194.     /root/.pinerc           -> $(SEC_CONFIG) ;
  195.     /root/.mc           -> $(SEC_CONFIG) ;
  196.     /root/.gnome_private        -> $(SEC_CONFIG) ;
  197.     /root/.gnome-desktop        -> $(SEC_CONFIG) ;
  198.     /root/.gnome            -> $(SEC_CONFIG) ;
  199.     /root/.esd_auth         -> $(SEC_CONFIG) ;
  200.     /root/.elm          -> $(SEC_CONFIG) ;
  201.     /root/.cshrc                -> $(SEC_CONFIG) ;
  202.     /root/.bashrc           -> $(SEC_CONFIG) ;
  203.     /root/.bash_profile     -> $(SEC_CONFIG) ;
  204.     /root/.bash_logout      -> $(SEC_CONFIG) ;
  205.     /root/.bash_history     -> $(SEC_CONFIG) ;
  206.     /root/.amandahosts      -> $(SEC_CONFIG) ;
  207.     /root/.addressbook.lu       -> $(SEC_CONFIG) ;
  208.     /root/.addressbook      -> $(SEC_CONFIG) ;
  209.     /root/.Xresources       -> $(SEC_CONFIG) ;
  210.     /root/.Xauthority       -> $(SEC_CONFIG) -i ; # Changes Inode number on login
  211.     /root/.ICEauthority         -> $(SEC_CONFIG) ;
  212. }
  213.  
  214. #
  215. # Critical devices
  216. #
  217. (
  218.   rulename = "Devices & Kernel information",
  219.   severity = $(SIG_HI),
  220. )
  221. {
  222.     /dev        -> $(Device) ;
  223.     /proc       -> $(Device) ;
  224. }
  225.  
  226. #
  227. # Other configuration files
  228. #
  229. (
  230.   rulename = "Other configuration files",
  231.   severity = $(SIG_MED)
  232. )
  233. {
  234.     /etc        -> $(SEC_BIN) ;
  235. }
  236.  
  237. #
  238. # Binaries
  239. #
  240. (
  241.   rulename = "Other binaries",
  242.   severity = $(SIG_MED)
  243. )
  244. {
  245.     /usr/local/sbin -> $(SEC_BIN) ;
  246.     /usr/local/bin  -> $(SEC_BIN) ;
  247.     /usr/sbin   -> $(SEC_BIN) ;
  248.     /usr/bin    -> $(SEC_BIN) ;
  249. }
  250.  
  251. #
  252. # Libraries
  253. #
  254. (
  255.   rulename = "Other libraries",
  256.   severity = $(SIG_MED)
  257. )
  258. {
  259.     /usr/local/lib  -> $(SEC_BIN) ;
  260.     /usr/lib    -> $(SEC_BIN) ;
  261. }
  262.  
  263. #
  264. # Commonly accessed directories that should remain static with regards
  265. # to owner and group
  266. #
  267. (
  268.   rulename = "Invariant Directories",
  269.   severity = $(SIG_MED)
  270. )
  271. {
  272.     /       -> $(SEC_INVARIANT) (recurse = 0) ;
  273.     /home       -> $(SEC_INVARIANT) (recurse = 0) ;
  274.     /tmp        -> $(SEC_INVARIANT) (recurse = 0) ;
  275.     /usr        -> $(SEC_INVARIANT) (recurse = 0) ;
  276.     /var        -> $(SEC_INVARIANT) (recurse = 0) ;
  277.     /var/tmp    -> $(SEC_INVARIANT) (recurse = 0) ;
  278. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top