webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d520da17045d2b037ea79b83d71b513e3f48840d
bpfire/config/tripwire/twpol.txt
maniacikarus 1b73b07ee8 Guardian in Snort eingebaut 
QoS CGI wegen den Language Anpassungen korrigiert
Tripwire Policy soll Snortregeln ignorieren
Network Skript angepasst


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@726 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
2007-07-29 17:55:20 +00:00

76 lines
2.8 KiB
Plaintext
Raw Blame History

@@section GLOBAL
TWROOT=/usr/sbin;
TWBIN=/usr/sbin;
TWPOL="/var/ipfire/tripwire";
TWDB="/var/ipfire/tripwire";
TWSKEY="/var/ipfire/tripwire";
TWLKEY="/var/ipfire/tripwire";
TWREPORT="/var/ipfire/tripwire/report";
HOSTNAME=ipfire;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
# System Files
(
rulename = "System Files",
severity = $(SIG_HI)
)
{
$(TWDB) -> $(SEC_CRIT) ;
$(TWPOL)/tw.pol -> $(SEC_CRIT) -i ;
$(TWPOL)/tw.cfg -> $(SEC_CRIT) -i ;
$(TWLKEY)/local.key -> $(SEC_CRIT) ;
$(TWSKEY)/site.key -> $(SEC_CRIT) ;
/bin -> $(SEC_CRIT) ;
/boot -> $(SEC_CRIT) ;
/etc -> $(SEC_CRIT) ;
/etc/snort/rules/ -> $(Dynamic) ;
/lib -> $(SEC_CRIT) ;
/root -> $(SEC_CRIT) ;
/root/.bash_history -> $(Dynamic) ;
/sbin -> $(SEC_CRIT) ;
/usr -> $(SEC_CRIT) ;
/usr/share/clamav -> $(Dynamic) ;
/etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
#don't scan the individual reports
$(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
}
# Commonly accessed directories that should remain static with regards to owner and group
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = 0) ;
/home -> $(SEC_INVARIANT) (recurse = 0) ;
/tmp -> $(SEC_INVARIANT) ;
}
# Critical Devices
(
rulename = "Critical devices",
severity = $(SIG_HI),
recurse = false
)
{
/dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
/dev/initctl -> $(SEC_CONFIG) ; /dev/log -> $(SEC_CONFIG) ;
/proc/modules -> $(Device) ;
/proc/mounts -> $(Device) ;
/proc/filesystems -> $(Device) ;
/proc/misc -> $(Device) ;
/var/log -> $(SEC_LOG) ;
}
Reference in New Issue View Git Blame Copy Permalink