home *** CD-ROM | disk | FTP | other *** search
- #
- # tripwire.config
- # Generic version for IRIX 6.x
- # Will need editing...see comments below
- #
- # This file contains a list of files and directories that System
- # Preener will scan. Information collected from these files will be
- # stored in the tripwire.database file.
- #
- # Format: [!|=] entry [ignore-flags]
- #
- # where: '!' signifies the entry is to be pruned (inclusive) from
- # the list of files to be scanned.
- # '=' signifies the entry is to be added, but if it is
- # a directory, then all its contents are pruned
- # (useful for /tmp).
- #
- # where: entry is the absolute pathname of a file or a directory
- #
- # where ignore-flags are in the format:
- # [template][ [+|-][pinugsam12] ... ]
- #
- # - : ignore the following atributes
- # + : do not ignore the following attributes
- #
- # p : permission and file mode bits a: access timestamp
- # i : inode number m: modification timestamp
- # n : number of links (ref count) c: inode creation timestamp
- # u : user id of owner 1: signature 1
- # g : group id of owner 2: signature 2
- # s : size of file
- #
- #
- # Ex: The following entry will scan all the files in /etc, and report
- # any changes in mode bits, inode number, reference count, uid,
- # gid, modification and creation timestamp, and the signatures.
- # However, it will ignore any changes in the access timestamp.
- #
- # /etc +pinugsm12-a
- #
- # The following templates have been pre-defined to make these long ignore
- # mask descriptions unecessary.
- #
- # Templates: (default) R : [R]ead-only (+pinugsm12-a)
- # L : [L]og file (+pinug-sam12)
- # N : ignore [N]othing (+pinusgsamc12)
- # E : ignore [E]verything (-pinusgsamc12)
- #
- # By default, Tripwire uses the R template -- it ignores
- # only the access timestamp.
- #
- # You can use templates with modifiers, like:
- # Ex: /etc/lp E+ug
- #
- # Example configuration file:
- # /etc R # all system files
- # !/etc/lp R # ...but not those logs
- # =/tmp N # just the directory, not its files
- #
- # Note the difference between pruning (via "!") and ignoring everything
- # (via "E" template): Ignoring everything in a directory still monitors
- # for added and deleted files. Pruning a directory will prevent Tripwire
- # from even looking in the specified directory.
- #
- #
- # Tripwire running slowly? Modify your tripwire.config entries to
- # ignore the (signature 2) attribute when this computationally-exorbitant
- # protection is not needed. (See README and design document for further
- # details.)
- #
-
- # First, root's "home"
- =/ L
- /.rhosts R # may not exist
- /.profile R # may not exist
- /.cshrc R # may not exist
- /.login R # may not exist
- /.exrc R # may not exist
- /.logout R # may not exist
- /.forward R # may not exist
- /.netrc R # may not exist
-
- # Unix itself
- /unix R
-
- # Now, some critical directories and files
- # Some exceptions are noted further down
- /etc R
- /etc/rc0.d R
- /etc/rc2.d R
- /etc/rc3.d R
- /etc/init.d R
- /etc/config R
- /etc/mtab L
- /etc/motd L
- /etc/rmtab L
- /etc/utmp L
- /etc/wtmp L
- /etc/OLDwtmp L
- /etc/xutmp L
- /etc/group R # changes should be infrequent
- # The next line may need to be replaced with /etc/security
- # if C2 is enabled
- /etc/passwd L
-
- /dev L
-
- /usr/etc R
-
- # Checksumming the following is not so critical. However,
- # setuid/setgid files are special-cased further down.
-
- /lib R-2
-
- /bin R-2
-
- /usr/bin R-2
- /usr/sbin R-2
-
- /usr/bsd R-2
-
- /usr/lib R-2
-
- /usr/adm L
- /usr/admin R
- /usr/bin/X11 R-2
-
- =/usr L
- =/usr/spool L
- /usr/spool/cron L
- /usr/spool/mqueue L
- /usr/mail L
-
- # You may or may not have the following
- /usr/people/ftp L
- /usr/people/ftp/bin R
- /usr/people/ftp/etc R
-
- # put entries for uucp if you need them
-
- =/tmp
- =/usr/tmp
-
-
- # Here are entries for setuid/setgid files. On these, we use
- # both signatures just to be sure.
- #
- # You may want/need to edit this list. Batteries not inc.
-
- /bin/df R
- /bin/ipcs R
- /bin/login R
- /bin/mail R
- /bin/newgrp R
- /bin/passwd R
- /bin/ps R
- /bin/rmail R
- /bin/su R
- /etc/fuser R
- /etc/killall R
- /etc/lvinfo R
- /etc/savecore R
- /etc/suid_exec R
- /etc/whodo R
- /sbin/df R
- /sbin/disk_bandwidth R
- /sbin/fuser R
- /sbin/ioconfig R
- /sbin/ps R
- /sbin/pset R
- /sbin/su R
- /sbin/suid_exec R
- /sbin/who R
- /sbin/whodo R
- /usr/Cadmin/bin/cexport R
- /usr/Cadmin/bin/cformat R
- /usr/Cadmin/bin/chaltsys R
- /usr/Cadmin/bin/chost R
- /usr/Cadmin/bin/chostInfo R
- /usr/Cadmin/bin/cimport R
- /usr/Cadmin/bin/cmidi R
- /usr/Cadmin/bin/configClogin R
- /usr/Cadmin/bin/cpeople R
- /usr/Cadmin/bin/cports R
- /usr/Cadmin/bin/cpuView R
- /usr/Cadmin/bin/csetup R
- /usr/Cadmin/bin/cswap R
- /usr/Cadmin/bin/diskView R
- /usr/Cadmin/bin/tapeView R
- /usr/Cadmin/bin/videoView R
- /usr/adm/mkpts R
- /usr/bin/X11/MediaMail R
- /usr/bin/X11/Xsgi R
- /usr/bin/X11/cdheadphone R
- /usr/bin/X11/cdplayer R
- /usr/bin/X11/xconsole R
- /usr/bin/X11/xload R
- /usr/bin/X11/xlock R
- /usr/bin/X11/xterm R
- /usr/bin/at R
- /usr/bin/cancel R
- /usr/bin/crontab R
- /usr/bin/cu R
- /usr/bin/lp R
- /usr/bin/lpstat R
- /usr/bin/mail R
- /usr/bin/newgrp R
- /usr/bin/newproj R
- /usr/bin/newsess R
- /usr/bin/passwd R
- /usr/bin/rmail R
- /usr/bin/under R
- /usr/bin/uucp R
- /usr/bin/uuname R
- /usr/bin/uustat R
- /usr/bin/uux R
- /usr/bsd/lpq R
- /usr/bsd/lpr R
- /usr/bsd/lprm R
- /usr/bsd/ordist R
- /usr/bsd/rcp R
- /usr/bsd/rdist R
- /usr/bsd/rlogin R
- /usr/bsd/rsh R
- /usr/bsd/w R
- /usr/demos/bin/setup_dgl R
- /usr/etc/LicenseManager R
- /usr/etc/appletalk/atstat64 R
- /usr/etc/appletalk/psf R
- /usr/etc/appletalk/xkas R
- /usr/etc/appletalk/xkfs R
- /usr/etc/appletalk/xktalk R
- /usr/etc/arp R
- /usr/etc/fam R
- /usr/etc/lpc R
- /usr/etc/lpd R
- /usr/etc/ls_nl_lic_entry R
- /usr/etc/mediad R
- /usr/etc/netstat R
- /usr/etc/netware/ipxchk R
- /usr/etc/netware/ipxlink R
- /usr/etc/nfsstat R
- /usr/etc/nwrecover R
- /usr/etc/ping R
- /usr/etc/rdisc R
- /usr/etc/recover R
- /usr/etc/route R
- /usr/etc/save R
- /usr/etc/timedc R
- /usr/etc/traceroute R
- /usr/freeware/bin/amcheck R
- /usr/freeware/bin/cda R
- /usr/freeware/bin/elm R
- /usr/freeware/bin/exim R
- /usr/freeware/bin/filter R
- /usr/freeware/bin/gmake R
- /usr/freeware/bin/keyauth R
- /usr/freeware/bin/keyinit R
- /usr/freeware/bin/keylogin R
- /usr/freeware/bin/keysu R
- /usr/freeware/bin/mutt.real R
- /usr/freeware/bin/mutt_dotlock R
- /usr/freeware/bin/opieauth R
- /usr/freeware/bin/opiepasswd R
- /usr/freeware/bin/opiesu R
- /usr/freeware/bin/procmail R
- /usr/freeware/bin/screen R
- /usr/freeware/bin/seyon R
- /usr/freeware/bin/sudo R
- /usr/freeware/bin/xmcd R
- /usr/freeware/etc/nfswatch R
- /usr/freeware/libexec/calcsize R
- /usr/freeware/libexec/dumper R
- /usr/freeware/libexec/emacs/19.34/mips-sgi-irix6.x/movemail R
- /usr/freeware/libexec/killpgrp R
- /usr/freeware/libexec/planner R
- /usr/freeware/libexec/rundump R
- /usr/freeware/libexec/runtar R
- /usr/gfx/setmon R
- /usr/lib/InPerson/inpview R
- /usr/lib/SoftWindows/bin/SoftWindows95 R
- /usr/lib/SoftWindows/sys.swinconfig R
- /usr/lib/SoftWindows2/bin/SoftWindows2 R
- /usr/lib/SoftWindows2/sys.swin2config R
- /usr/lib/WorkShop/cvconnect R
- /usr/lib/Zmail/bin/reassembler R
- /usr/lib/acct/accton R
- /usr/lib/addnetpr R
- /usr/lib/desktop/permissions R
- /usr/lib/envm/longinfo R
- /usr/lib/expreserve R
- /usr/lib/iaf/scheme R
- /usr/lib/print/chkicons R
- /usr/lib/print/netprint R
- /usr/lib/print/tagprinter R
- /usr/lib/regview R
- /usr/lib/sa/sadc R
- /usr/lib/sendmail R
- /usr/lib/sendmail.old R
- /usr/lib/tour/bin/KillHigh R
- /usr/lib/tour/bin/PlayHigh R
- /usr/lib/tour/bin/RemoveSystemTour R
- /usr/lib/uucp/unknown R
- /usr/lib/uucp/uucico R
- /usr/lib/uucp/uusched R
- /usr/lib/uucp/uuxqt R
- /usr/pcp/bin/pmbrand R
- /usr/pcp/bin/pmpost R
- /usr/sbin/Confidence/cdrom R
- /usr/sbin/Mail R
- /usr/sbin/astat R
- /usr/sbin/bufview R
- /usr/sbin/cdinstmgr R
- /usr/sbin/cdplayer R
- /usr/sbin/cpr R
- /usr/sbin/cview R
- /usr/sbin/datman R
- /usr/sbin/dkstat R
- /usr/sbin/dmplay R
- /usr/sbin/dmrecord R
- /usr/sbin/eject R
- /usr/sbin/gmemusage R
- /usr/sbin/gr_osview R
- /usr/sbin/gr_top R
- /usr/sbin/ipcs R
- /usr/sbin/isdnsetup R
- /usr/sbin/iwsh R
- /usr/sbin/ksyncset R
- /usr/sbin/ksyncstat R
- /usr/sbin/mailx R
- /usr/sbin/midikeys R
- /usr/sbin/midisynth R
- /usr/sbin/mkpts R
- /usr/sbin/monpanel R
- /usr/sbin/movemail R
- /usr/sbin/osview R
- /usr/sbin/pandora R
- /usr/sbin/passmgmt R
- /usr/sbin/pmkstat R
- /usr/sbin/pppsetup R
- /usr/sbin/printers R
- /usr/sbin/scanners R
- /usr/sbin/soundscheme R
- /usr/sbin/soundtrack R
- /usr/sbin/ssplay R
- /usr/sbin/startmidi R
- /usr/sbin/systemdown R
- /usr/sbin/top R
- /usr/sbin/vadmin R
- /usr/sbin/xbstat R
- /usr/sbin/xwsh R
- /usr/sysadm/bin/adddefpriv R
- /usr/sysadm/bin/addpriv R
- /usr/sysadm/bin/addprivuser R
- /usr/sysadm/bin/checkpriv R
- /usr/sysadm/bin/ipld R
- /usr/sysadm/bin/rmdefpriv R
- /usr/sysadm/bin/rmpriv R
- /usr/sysadm/bin/rmprivuser R
- /usr/sysadm/bin/runpriv R
- /var/netscape/fasttrack/userdb/ldap/db R
- /var/sysadm/salog R
- /var/www/htdocs/WhatsNew/CustReg/day5datacopier R
- /var/www/htdocs/WhatsNew/CustReg/day5notifier R
- /var/www/htdocs/WhatsNew/CustReg/day5terminator R
-
-
