diff options
Diffstat (limited to 'app-admin/tripwire')
| -rw-r--r-- | app-admin/tripwire/Manifest | 6 | ||||
| -rw-r--r-- | app-admin/tripwire/files/tripwire | 10 | ||||
| -rw-r--r-- | app-admin/tripwire/files/tripwire.txt | 272 | ||||
| -rw-r--r-- | app-admin/tripwire/files/twcfg.txt | 15 | ||||
| -rw-r--r-- | app-admin/tripwire/metadata.xml | 35 | ||||
| -rw-r--r-- | app-admin/tripwire/tripwire-2.4.3.7.ebuild | 79 |
6 files changed, 0 insertions, 417 deletions
diff --git a/app-admin/tripwire/Manifest b/app-admin/tripwire/Manifest deleted file mode 100644 index 6f8826913fb4..000000000000 --- a/app-admin/tripwire/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -AUX tripwire 466 BLAKE2B 1fca6945b6b8ce959b7c617eef9454690662676020ce7451396f8cd365d093fa687896c3f22ac2e3df3d370cb42aa55967198de573172b79d023711b59951404 SHA512 1df37364a84ab26ca0a3f2637e9f4938333c394979c2ccadb69401b7e6a93d03911ce737b25bb6e76c1963e4b7eaffd35b3551aa141b51bc9b3a8a00d9c828cf -AUX tripwire.txt 11492 BLAKE2B f157c47e1461095a51e9868127d25df6769c3ea6441fe34925c29ef3e93541e66516ba59b1c04120979a4edc1f31bf166ac72998f2adba571d64ffa7c7008fd3 SHA512 ec53b2f71fb33f227628e1160a72fecf4a1aca7ee58b750945e7c0d0ce756a37666a02fe9e8ec235055fe6d28e1d20e77a449ae229f5d5d2349eaffe07827d47 -AUX twcfg.txt 604 BLAKE2B 78c0e1457e5ea37031c8f9cf5a340ee600775973ea2475daadb07f3cb59f117667506438628ced1b4b1fa738855748df7d4b2e6695d65de9ed832f335943797a SHA512 c8a568638d5a18bb9508ee6f70aea815b8bfdb9efbf7823cdad59890a617bbe941454f6f4622e38e4ac4622e1d611c9fc085d73aec5a23b5c13ae7f1d783b388 -DIST tripwire-2.4.3.7.tar.gz 1002257 BLAKE2B fb0c847087e8b27d2a111b4a4122b3c4d5b187efe6f80995c6d06c7592a22fec2c537bbebba9c21a7761a8047535de4a96a6b94246da586faad4e9fc92137196 SHA512 541138f4a4c3a4227f31de6607503d305f0d893bdd5d24928d619d3a25bb8fe7061a45c041992ace957b976b834b5f4212b5c727eee1cbc76ddb2e2c52aeafbd -EBUILD tripwire-2.4.3.7.ebuild 2411 BLAKE2B 9646cb96ee17a4e2a31d7c4ac065a72b363aa89c809a41ac94bc2d414b4679053378c6697a758e515691eaebb094ee2bdc65c38240f0a18c903f3c4e061e3b0d SHA512 09e8911547b7a629e5bc546005b9a17aae84057d93dd956a6fe687819f1fe5e09720d48caa72844a8736e2cfa23bb6b4387a19e31e1b8e587e6da792836a5838 -MISC metadata.xml 1616 BLAKE2B bd19945c4dfb57c6e1102e5d2460f5784fbc4eb54c53a04052a08f45c4131edf8117e834d1b964a350512618e875aab3323f986ea71a893fee19ec08b54a0da2 SHA512 ae04a581b34beb18adb7aea67d9ec17dc5cd897d3e974515c5c59e2e5e8391f86238bcaa59967aa7413c99ce56ae670a7badf8008ed8b6926f7f0a4eab0b83a2 diff --git a/app-admin/tripwire/files/tripwire b/app-admin/tripwire/files/tripwire deleted file mode 100644 index 8f0f23f3e2d5..000000000000 --- a/app-admin/tripwire/files/tripwire +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -HOST_NAME=`uname -n` -if [ ! -e /var/lib/tripwire/${HOST_NAME}.twd ] ; then - echo "**** Error: Tripwire database for ${HOST_NAME} not found. ****" - echo "**** Check tripwire.txt file for instructions or install ****" - echo "**** app-admin/mktwpol package (if you used the \"tools\" ****" - echo "**** USE flag, this has been done for you already. ****" -else - test -f /etc/tripwire/tw.cfg && /usr/sbin/tripwire --check --quiet -fi diff --git a/app-admin/tripwire/files/tripwire.txt b/app-admin/tripwire/files/tripwire.txt deleted file mode 100644 index 4f47f8bd8196..000000000000 --- a/app-admin/tripwire/files/tripwire.txt +++ /dev/null @@ -1,272 +0,0 @@ -tripwire.txt v. 11 Sept 2013 - -Introduction to Tripwire, with Gentoo-specific installation information - -Tripwire software can monitor the integrity of critical system files and -directories by identifying specified changes made to selected system -files and directories. Configure Tripwire software to monitor your -system in the way that is best for you. - -Tripwire software works by comparing files and directories against a -defined baseline, stored in a tripwire-created database. Tripwire -generates the baseline by taking a "snapshot" of specified files and -directories. Tripwire software then compares the current system against -the baseline and reports modifications, additions, or deletions. Use -Tripwire software for system security, intrusion detection, damage -assessment, and recovery forensics. - - -To set-up Tripwire Configuration - -The Tripwire tarball installs the basic program files needed to run the -software. However, this installation does not prepare the configuration -files that Tripwire needs to perform correctly. After you install the -tripwire executable files and example configuration, you must: - -1. Review and perhaps edit the plain-text tripwire configuration file - (/etc/tripwire/twcfg.txt) with a text editor, if desired. - -2. Either run a configuration script (twsetup.sh from Gentoo's mktwpol - package, or tripwire-setup-keyfiles from Red Hat, or deprecated - twinstall.sh, also from Red Hat), or run the program `twadmin` with - the correct command line switches to make key files and encrypt/sign - the tripwire configuration file. - - Make site key file - ------------------ - `twadmin --generate-keys -S /etc/tripwire/site.key` - - Make local key file - ------------------- - `twadmin --generate-keys -L /etc/tripwire/$HOSTNAME-local.key` - - Make mandatory signed tripwire configuration file (tw.cfg) - ---------------------------------------------------------- - `twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt` - -Note: Once encrypted/signed, the configuration file, tw.cfg, must not be -renamed or moved. The plain-text tripwire configuration file (twcfg.txt) -should be deleted. It can be recreated with `twadmin --print-cfgfile` - -3. Make a plain-text policy file. The use of the name twpol.txt is - common, but the name of this file is not defined or used by Tripwire, - other than preparation of the encrypted/signed policy file. - - To make the plain-text policy file, either run a policy file generator - (for example, mktwpol.sh from Gentoo's mktwpol package), or edit the - plain-text policy file (twpol-GENERIC.txt, or twpol.txt, or similar) - with a text editor. The plain-text policy file should not refer to - any non-existent file or directory. - - If you edit twpol-GENERIC.txt to act as your plain-text policy file, - provide your system's HOSTNAME at line 61. If you don't provide - the correct HOSTNAME, a tripwire inspection of the target computer's - filesystem will fail to check the tripwire database file for changes. - - TWDB=/var/lib/tripwire/YOUR_HOSTNAME.twd; - -4. Convert the plain-text policy file into the encrypted/signed form - that tripwire will refer to as it examines the files on the target - computer's filesystem. The default filename for the encrypted/signed - policy file is defined in the tripwire configuration file (tw.cfg) - and is usually tw.pol. The encryption/signing of plain-text twpol.txt - is done with yet another `twadmin` command line. - - Make mandatory encrypted/signed system inspection policy file - -------------------------------------------------------------- - `twadmin -m P -c /etc/tripwire/tw.cfg /etc/tripwire/twpol.txt` - -Note: If you modify the plain-text policy file after running the -configuration script, you must re-sign the plain-text policy file before -initializing the database file. Tripwire baseline database creation and -inspections refer to the encrypted/signed policy file, not to the -plain-text policy file. - -Note: The plain-text tripwire policy file (twpol.txt) should be deleted. -It can be recreated with `twadmin --print-polfile` - -5. Initialize the Tripwire database file. - - Record current file attributes in the tripwire database - ------------------------------------------------------- - `tripwire --init -c /etc/tripwire/tw.cfg` - -Note: Tripwire might issue some "Warning: File system error" errors, -and appear to hang. But as long as it follows with "### Continuing...", -it is still working. - -6. Run the first integrity check. - - `tripwire --check -c /etc/tripwire/tw.cfg` - -Note: The use of "-c /etc/tripwire/tw.cfg" is not required if Tripwire -uses the default tripwire configuration directory and file names. If -you defer to tripwire default filenames, then updating a text policy -file into a tripwire database, and running an integrity check, can be -done with these commands: - - `twadmin --create-polfile /etc/tripwire/twpol.txt` - `tripwire --init` - `tripwire --check` - -Modifying the Policy File - -How Tripwire software checks your system is specified in the Tripwire -plain-text policy file (twpol.txt). A default policy file is included in -the Tripwire software installation. This policy file should be tailored -to fit your particular system. Tailoring the policy file is necessary -to take advantage of Tripwire software's ability to monitor changes on -your system. - -The plain-text policy file is usually located at /etc/tripwire/twpol.txt. -An example policy file (located at /etc/tripwire/twpol-GENERIC.txt, or -at /usr/share/doc/tripwire-VER#-REL#/policyguide.txt) is included to -help you learn the policy language. Read the sample policy files and -the comments in the sample policy file to learn the policy language. - -After you modify the plain-text policy file, don't forget! - - encrypt/sign using `twadmin --create-polfile /etc/tripwire/twpol.txt` - - -Selecting Passphrases - -Tripwire files are encrypted/signed using site or local keys. These keys -are protected by passphrases. When selecting passphrases, the following -recommendations apply: - -Use at least eight alphanumeric and symbolic characters for each -passphrase. The maximum length of a passphrase is 1023 characters. -Quotes should not be used as passphrase characters. - -Assign a unique passphrase for the site key. The site key passphrase -protects the site key, which is used to sign Tripwire software -configuration and policy files. Assign a unique passphrase for the local -key. The local key signs the Tripwire baseline database file. The local -key may sign the Tripwire report files also. - -Store the passphrases in a secure location. There is no way to remove -encryption from a signed file if you forget your passphrase and lost the -key files. If you forget the passphrases, the files are unusable. In -that case you must create new key files and the baseline database. - - -Initializing the Database - -In Database Initialization mode, Tripwire software builds a database of -filesystem objects based on the rules in the policy file. This database -serves as the baseline for integrity checks. The syntax for Database -Initialization mode is: - - `tripwire --init -c /etc/tripwire/tw.cfg` - - -Running an Integrity Check - -The Integrity Check mode compares the current file system objects with -their properties recorded in the Tripwire database. Violations are -printed to stdout. The report file is saved and can later be accessed by -twprint. An email option enables you to send email. The syntax for -Integrity Check mode is: - - `tripwire --check -c /etc/tripwire/tw.cfg` - - -Printing Reports - twprint Print Report Mode - -The twprint --print-report mode prints the contents of a Tripwire -report. If you do not specify a report with the --twrfile or -r -command-line argument, the default report file specified by the -configuration file REPORTFILE variable is used. - -Example: On a machine named LIGHTHOUSE, the command could be: - - `twprint -m r --twrfile LIGHTHOUSE-19990622-021212.twr` - - -Updating the Database after an Integrity Check - -Database Update mode enables you to update the Tripwire database after -an integrity check if you determine that the violations discovered are -valid. This update process saves time by enabling you to update the -database without having to re-initialize it. It also enables selective -updating, which cannot be done through re-initialization. The syntax for -Database Update mode is: - - `tripwire --update` - - -Updating the Policy File - -Change the way that Tripwire software scans the system by changing the -rules in the policy file. You can then update the database without a -complete re-initialization. This saves a significant amount of time and -preserves security by keeping the policy file synchronized with the -database it uses. The syntax for Policy Update mode is: - - `tripwire --update-policy` - - -Testing email functions - -Test mode tests the software's email notification system, using the -settings currently specified in the configuration file. The syntax for -Email Test Reporting mode is: - - `tripwire --test` - - -Tripwire Components - -The policy file begins as a text file containing comments, rules, -directives, and variables. These dictate the way Tripwire software -checks your system. Each rule in the policy file specifies a system -object to be monitored. Rules also describe which changes to the object -to report, and which to ignore. - -System objects are the files and directories you wish to monitor. Each -object is identified by an object name. A property refers to a single -characteristic of an object that Tripwire software can monitor. -Directives control conditional processing of sets of rules in a policy -file. During installation, the text policy file is encrypted/signed and -renamed, and becomes the active policy file. - -The database file is an important component of Tripwire software. When -first installed, Tripwire software uses the policy file rules to create -the database file. The database file is a baseline "snapshot" of the -system in a known secure state. Tripwire software compares this baseline -against the current system to determine what changes have occurred. This -is an integrity check. - -When you perform an integrity check, Tripwire software produces report -files. Report files summarize any changes that violated the policy file -rules during the integrity check. You can view the report file in a -variety of formats, at varying levels of detail. - -The Tripwire configuration file stores system-specific information, such -as the location of Tripwire data files. Tripwire software generates some -of the configuration file information during installation. The system -administrator can change parameters in the configuration file at any -time. The configuration file variables POLFILE, DBFILE, REPORTFILE, -SITEKEYFILE, and LOCALKEYFILE specify where the policy file, database -file, report files, and site and local key files reside. These variables -must be defined or the configuration file is invalid. If any of these -variables are undefined, an error occurs on execution of Tripwire -software and the program exits. - - -Tripwire Help - -All Tripwire commands support the help arguments. - -Example: To get help with Create Configuration File mode, type: - - `twadmin --help --create-cfgfile` - - -? Display usage and version information - --help Display all command modes - --help all Display help for all command modes - --help [mode] Display help for current command mode - --version Display version information - -We recommend you read the Tripwire Release Notes and README file. diff --git a/app-admin/tripwire/files/twcfg.txt b/app-admin/tripwire/files/twcfg.txt deleted file mode 100644 index 9cf39bcc01e4..000000000000 --- a/app-admin/tripwire/files/twcfg.txt +++ /dev/null @@ -1,15 +0,0 @@ -ROOT =/usr/sbin -POLFILE =/etc/tripwire/tw.pol -DBFILE =/var/lib/tripwire/$(HOSTNAME).twd -REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr -SITEKEYFILE =/etc/tripwire/site.key -LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key -EDITOR =/bin/nano -LATEPROMPTING =false -LOOSEDIRECTORYCHECKING =false -MAILNOVIOLATIONS =true -EMAILREPORTLEVEL =3 -REPORTLEVEL =3 -MAILMETHOD =SENDMAIL -SYSLOGREPORTING =false -MAILPROGRAM =/usr/lib/sendmail -oi -t diff --git a/app-admin/tripwire/metadata.xml b/app-admin/tripwire/metadata.xml deleted file mode 100644 index 9cf612218444..000000000000 --- a/app-admin/tripwire/metadata.xml +++ /dev/null @@ -1,35 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>nimiux@gentoo.org</email> - <name>Chema Alonso</name> - </maintainer> - <longdescription lang="en"> - Tripwire is a tool that aids system administrators and users in - monitoring a designated set of files for any changes. Used with system - files on a regular (e.g., daily) basis, Tripwire can notify system - administrators of corrupted or tampered files, so damage control - measures can be taken in a timely manner. - </longdescription> - <longdescription lang="es"> - Tripwire es una herramienta que ayuda a los administradores y - usuarios en la monitorizaciĆ³n de los cambios en un conjunto de - ficheros. Se utiliza particularmente en los ficheros de sistema - de un modo regular (por ejemplo diariamente). Tripwire puede - notificar a los administradores de sistema sobre ficheros que - se han corrompido o han sido modificados maliciosamente, por lo - que se pueden adoptar medidas de control de forma periĆ³dica. - </longdescription> - <use> - <flag name="tools">Installs app-admin/mktwpol, providing scripts - for the installation/setup of tripwire, including generating the - tripwire policy file and maintenance of the tripwire database</flag> - <flag name="ssl">Adds support for Secure Socket Layer connections</flag> - <flag name="static">Builds the package statically</flag> - </use> - <upstream> - <remote-id type="sourceforge">tripwire</remote-id> - <remote-id type="github">Tripwire/tripwire-open-source</remote-id> - </upstream> -</pkgmetadata> diff --git a/app-admin/tripwire/tripwire-2.4.3.7.ebuild b/app-admin/tripwire/tripwire-2.4.3.7.ebuild deleted file mode 100644 index 4339d2ac489c..000000000000 --- a/app-admin/tripwire/tripwire-2.4.3.7.ebuild +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools eutils flag-o-matic - -DESCRIPTION="Open Source File Integrity Checker and IDS" -HOMEPAGE="http://www.tripwire.org/" -SRC_URI="https://github.com/Tripwire/tripwire-open-source/archive/${PV}.tar.gz -> ${PF}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ppc x86 ~x86-fbsd" -IUSE="libressl selinux ssl static +tools" - -DEPEND="sys-devel/automake - sys-devel/autoconf - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - )" -RDEPEND="virtual/cron - virtual/mta - selinux? ( sec-policy/selinux-tripwire ) - ssl? ( dev-libs/openssl )" -PDEPEND="tools? ( app-admin/mktwpol )" - -S="${WORKDIR}/tripwire-open-source-${PV}" - -src_prepare() { - eautoreconf - eapply_user -} - -src_configure() { - # tripwire can be sensitive to compiler optimisation. - # see #32613, #45823, and others. - # -taviso@gentoo.org - strip-flags - append-cppflags -DCONFIG_DIR='"\"/etc/tripwire\""' -fno-strict-aliasing - econf $(use_enable ssl openssl) $(use_enable static) -} - -src_install() { - dosbin "${S}"/bin/{siggen,tripwire,twadmin,twprint} - doman "${S}"/man/man{4/*.4,5/*.5,8/*.8} - dodir /etc/tripwire /var/lib/tripwire{,/report} - keepdir /var/lib/tripwire{,/report} - - exeinto /etc/cron.daily - doexe "${FILESDIR}"/tripwire - - dodoc ChangeLog policy/policyguide.txt TRADEMARK \ - "${FILESDIR}"/tripwire.txt - - insinto /etc/tripwire - doins "${FILESDIR}"/twcfg.txt policy/twpol-GENERIC.txt - - fperms 750 /etc/cron.daily/tripwire -} - -pkg_postinst() { - if [[ -z ${REPLACING_VERSIONS} ]] ; then - elog "Tripwire needs to be configured before its first run. You can" - elog "do this by manually editing the twpol-GENERIC.txt file shipped with" - elog "the package to suit your needs. A quickstart guide is provided" - elog "in tripwire.txt file to help you with this." - elog "To configure tripwire automatically, you can use the twsetup.sh" - elog "script provided by the app-admin/mktwpol package. This package is" - elog "installed for you by the \"tools\" USE flag (which is enabled by" - elog "default." -else - elog "Maintenance of tripwire policy files as packages are added" - elog "and deleted from your system can be automated by the mktwpol.sh" - elog "script provided by the app-admin/mktwpol package. This package" - elog "is installed for you if you append \"tools\" to your USE flags" - fi -} |