# $NetBSD: tw.conf.netbsd,v 1.2 2000/03/02 18:38:24 wiz Exp $ # Original Id: tw.conf.386bsd,v 1.1 1993/11/22 06:38:01 genek Exp # # tripwire.config # Generic version for NetBSD # Will need editing...see comments below # # This file contains a list of files and directories that System # Preener will scan. Information collected from these files will be # stored in the tripwire.database file. # # Format: [!|=] entry [ignore-flags] # # where: '!' signifies the entry is to be pruned (inclusive) from # the list of files to be scanned. # '=' signifies the entry is to be added, but if it is # a directory, then all its contents are pruned # (useful for /tmp). # # where: entry is the absolute pathname of a file or a directory # # where ignore-flags are in the format: # [template][ [+|-][pinugsam12] ... ] # # - : ignore the following atributes # + : do not ignore the following attributes # # p : permission and file mode bits a: access timestamp # i : inode number m: modification timestamp # n : number of links (ref count) c: inode creation timestamp # u : user id of owner 1: signature 1 # g : group id of owner 2: signature 2 # s : size of file # # # Ex: The following entry will scan all the files in /etc, and report # any changes in mode bits, inode number, reference count, uid, # gid, modification and creation timestamp, and the signatures. # However, it will ignore any changes in the access timestamp. # # /etc +pinugsm12-a # # The following templates have been pre-defined to make these long ignore # mask descriptions unecessary. # # Templates: (default) R : [R]ead-only (+pinugsm12-a) # L : [L]og file (+pinug-sam12) # N : ignore [N]othing (+pinusgsamc12) # E : ignore [E]verything (-pinusgsamc12) # # By default, Tripwire uses the R template -- it ignores # only the access timestamp. # # You can use templates with modifiers, like: # Ex: /etc/lp E+ug # # Example configuration file: # /etc R # all system files # !/etc/lp R # ...but not those logs # =/tmp N # just the directory, not its files # # Note the difference between pruning (via "!") and ignoring everything # (via "E" template): Ignoring everything in a directory still monitors # for added and deleted files. Pruning a directory will prevent Tripwire # from even looking in the specified directory. # # # Tripwire running slowly? Modify your tripwire.config entries to # ignore the (signature 2) attribute when this computationally-exorbitant # protection is not needed. (See README and design document for further # details.) # # First, root's "home" =/ L /root/.rhosts R # may not exist /root/.profile R # may not exist /root/.cshrc R # may not exist /root/.login R # may not exist /root/.exrc R # may not exist /root/.logout R # may not exist /root/.emacs R # may not exist /root/.forward R # may not exist /root/.netrc R # may not exist # Unix itself /netbsd R # /bin and exceptions /bin R-2 /bin/rcp R # /dev /dev L # you need this if you have /dev/fd mounted as a fdesc filesystem =/dev/fd R # /etc and exceptions /etc R-2 /etc/aliases L /etc/daily L /etc/disktab L /etc/dumpdates L /etc/master.passwd L /etc/monthly L /etc/motd L /etc/passwd L /etc/pwd.db L /etc/spwd.db L /etc/uucp L /etc/weekly L # /home =/home # /root /root R-2 /root/.history L # /sbin /sbin R-2 # /usr/bin /usr/bin R-2 /usr/include R-12 /usr/lib R-2 /usr/libexec R-2 /usr/local/bin R-2 /usr/local/etc L /usr/sbin R-2 /usr/src/bin R-2 /usr/src/lib R-2 /usr/src/libexec R-2 /usr/src/sbin R-2 /usr/src/usr.bin R-2 /usr/src/usr.sbin R-2 /usr/src/sys R-2 !/usr/src/sys/arch/i386/compile !/usr/src/sys/arch/i386/conf # packages... =@localbase@ =@x11base@ ###########################################