Shadow-Here
Server : Apache
System : Linux methusalix2 3.16.0-11-amd64 #1 SMP Debian 3.16.84-1 (2020-06-09) x86_64
User : hios ( 1437)
PHP Version : 5.6.40-0+deb8u12
Disable Function : proc_close,proc_open,dl,shell_exec,passthru
Directory :  /etc/tripwire/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :
Current File : //etc/tripwire/twpol.txt
#
# Standard Debian Tripwire configuration
#
#
# This configuration covers the contents of all 'Essential: yes'
# packages along with any packages necessary for access to an internet
# or system availability, e.g. name services, mail services, PCMCIA
# support, RAID support, and backup/restore support.
#

#
# Global Variable Definitions
#
# These definitions override those in to configuration file.  Do not         
# change them unless you understand what you're doing.
#

@@section GLOBAL
TWBIN = /usr/sbin;
TWETC = /etc/tripwire;
TWVAR = /var/lib/tripwire;

#
# File System Definitions
#
@@section FS

#
# First, some variables to make configuration easier
#
SEC_CRIT      = $(IgnoreNone)-SHa ; # Critical files that cannot change

SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change

SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed
		        # infrequently but accessed
		        # often

SEC_LOG       = $(Growing) ;         # Files that grow, but that
			             # should never change ownership

SEC_INVARIANT = +tpug ;              # Directories that should never
		        # change permission or ownership

SIG_LOW       = 33 ;                 # Non-critical files that are of
				     # minimal security impact

SIG_MED       = 66 ;                 # Non-critical files that are of
				     # significant security impact

SIG_HI        = 100 ;                # Critical files that are
				     # significant points of
				     # vulnerability

#
# Tripwire Binaries
#
(
  rulename = "Tripwire Binaries",
  severity = $(SIG_HI)
)
{
	$(TWBIN)/siggen			-> $(SEC_BIN) ;
	$(TWBIN)/tripwire		-> $(SEC_BIN) ;
	$(TWBIN)/twadmin		-> $(SEC_BIN) ;
	$(TWBIN)/twprint		-> $(SEC_BIN) ;
}

#
# Tripwire Data Files - Configuration Files, Policy Files, Keys,
# Reports, Databases
#

# NOTE: We remove the inode attribute because when Tripwire creates a
# backup, it does so by renaming the old file and creating a new one
# (which will have a new inode number).  Inode is left turned on for
# keys, which shouldn't ever change.

# NOTE: The first integrity check triggers this rule and each
# integrity check afterward triggers this rule until a database update
# is run, since the database file does not exist before that point.
(
  rulename = "Tripwire Data Files",
  severity = $(SIG_HI)
)
{
	$(TWVAR)/$(HOSTNAME).twd	-> $(SEC_CONFIG) -i ;
	$(TWETC)/tw.pol			-> $(SEC_BIN) -i ;
	$(TWETC)/tw.cfg			-> $(SEC_BIN) -i ;
	$(TWETC)/$(HOSTNAME)-local.key	-> $(SEC_BIN) ;
	$(TWETC)/site.key		-> $(SEC_BIN) ;

	#don't scan the individual reports
	$(TWVAR)/report			-> $(SEC_CONFIG) (recurse=0) ;
}

#
# Critical System Boot Files
# These files are critical to a correct system boot.
#
(
  rulename = "Critical system boot files",
  severity = $(SIG_HI)
)
{
	/boot			-> $(SEC_CRIT) ;
	/lib/modules		-> $(SEC_CRIT) ;
}

# Exclude this file if it doesn't exist
# /etc/rc.boot            -> $(SEC_BIN) ;
(
  rulename = "Boot Scripts",
  severity = $(SIG_HI)
)
{
        /etc/init.d             -> $(SEC_BIN) ;
        !/etc/rc.boot;
        /etc/rcS.d              -> $(SEC_BIN) ;
        /etc/rc0.d              -> $(SEC_BIN) ;
        /etc/rc1.d              -> $(SEC_BIN) ;
        /etc/rc2.d              -> $(SEC_BIN) ;
        /etc/rc3.d              -> $(SEC_BIN) ;
        /etc/rc4.d              -> $(SEC_BIN) ;
        /etc/rc5.d              -> $(SEC_BIN) ;
        /etc/rc6.d              -> $(SEC_BIN) ;
}

#
# Critical executables
#
(
  rulename = "Root file-system executables",
  severity = $(SIG_HI)
)
{
	/bin			-> $(SEC_BIN) ;
	/sbin			-> $(SEC_BIN) ;
}

#
# Critical Libraries
#
(
  rulename = "Root file-system libraries",
  severity = $(SIG_HI)
)
{
	/lib			-> $(SEC_BIN) ;
}


#
# Login and Privilege Raising Programs
#
(
  rulename = "Security Control",
  severity = $(SIG_MED)
)
{
	/etc/passwd		-> $(SEC_CONFIG) ;
	/etc/shadow		-> $(SEC_CONFIG) ;
}

#
# These files change every time the system boots
#
# Chagnes at runtime (like PIDs and sockets)
# /var/run                -> $(SEC_CONFIG) ; # daemon PIDs
# Produces a lot of noise
# /var/log                -> $(SEC_CONFIG) ;
(
  rulename = "System boot changes",
  severity = $(SIG_HI)
)
{
        /var/lock               -> $(SEC_CONFIG) ;
        !/var/run;
        !/var/log;
}

# These files change the behavior of the root account
# Exclude this files if they don't exist
# /root/mail                      -> $(SEC_CONFIG) ;
# /root/Mail                      -> $(SEC_CONFIG) ;
# /root/.xsession-errors          -> $(SEC_CONFIG) ;
# /root/.xauth                    -> $(SEC_CONFIG) ;
# /root/.tcshrc                   -> $(SEC_CONFIG) ;
# /root/.sawfish                  -> $(SEC_CONFIG) ;
# /root/.mc                       -> $(SEC_CONFIG) ;
# /root/.gnome_private            -> $(SEC_CONFIG) ;
# /root/.gnome-desktop            -> $(SEC_CONFIG) ;
# /root/.gnome                    -> $(SEC_CONFIG) ;
# /root/.esd_auth                 -> $(SEC_CONFIG) ;
# /root/.elm                      -> $(SEC_CONFIG) ;
# /root/.cshrc                    -> $(SEC_CONFIG) ;
# /root/.bash_profile             -> $(SEC_CONFIG) ;
# /root/.bash_logout              -> $(SEC_CONFIG) ;
# /root/.amandahosts              -> $(SEC_CONFIG) ;
# /root/.addressbook.lu           -> $(SEC_CONFIG) ;
# /root/.addressbook              -> $(SEC_CONFIG) ;
# /root/.Xresources               -> $(SEC_CONFIG) ;
# /root/.Xauthority               -> $(SEC_CONFIG) -i ; # Changes Inode number on login
# /root/.ICEauthority                 -> $(SEC_CONFIG) ;
(
  rulename = "Root config files",
  severity = 100
)
{
        /root                           -> $(SEC_CRIT) ; # Catch all additions to /root
        !/root/mail;
        !/root/Mail;
        !/root/.xsession-errors;
        !/root/.xauth;
        !/root/.tcshrc;
        !/root/.sawfish;
        !/root/.mc;
        !/root/.gnome_private;
        !/root/.gnome-desktop;
        !/root/.gnome;
        !/root/.esd_auth;
        !/root/.elm;
        !/root/.cshrc;
        /root/.bashrc                   -> $(SEC_CONFIG) ;
        !/root/.bash_profile;
        !/root/.bash_logout;
        !/root/.bash_history;
        !/root/.amandahosts;
        !/root/.addressbook.lu;
        !/root/.addressbook;
        !/root/.Xresources;
        !/root/.Xauthority;
        !/root/.ICEauthority;
        !/root/.vim;
        !/root/.vimrc;
        !/root/.viminfo;
}

#
# Critical devices
#
# The /proc directory will produce a lot of irrelevant report entries
# /proc         -> $(Device) ;
(
  rulename = "Devices & Kernel information",
  severity = $(SIG_HI),
)
{
        /dev            -> $(Device) ;
        !/proc;
}

#
# Other configuration files
#
(
  rulename = "Other configuration files",
  severity = $(SIG_MED)
)
{
	/etc		-> $(SEC_BIN) ;
}

# Caches in the /etc directory
(
  rulename = "Caches in the /etc directory",
  severity = $(SIG_MED)
)
{
        !/etc/check_mk/cache;
        !/etc/check_mk/logwatch.state;
}

#
# Binaries
#
(
  rulename = "Other binaries",
  severity = $(SIG_MED)
)
{
	/usr/local/sbin	-> $(SEC_BIN) ;
	/usr/local/bin	-> $(SEC_BIN) ;
	/usr/sbin	-> $(SEC_BIN) ;
	/usr/bin	-> $(SEC_BIN) ;
}

#
# Libraries
#
(
  rulename = "Other libraries",
  severity = $(SIG_MED)
)
{
	/usr/local/lib	-> $(SEC_BIN) ;
	/usr/lib	-> $(SEC_BIN) ;
}

#
# Commonly accessed directories that should remain static with regards
# to owner and group
#
(
  rulename = "Invariant Directories",
  severity = $(SIG_MED)
)
{
	/		-> $(SEC_INVARIANT) (recurse = 0) ;
	/home		-> $(SEC_INVARIANT) (recurse = 0) ;
	/tmp		-> $(SEC_INVARIANT) (recurse = 0) ;
	/usr		-> $(SEC_INVARIANT) (recurse = 0) ;
	/var		-> $(SEC_INVARIANT) (recurse = 0) ;
	/var/tmp	-> $(SEC_INVARIANT) (recurse = 0) ;
}

Samx