Tripwire root config files

This commit is contained in:
Bob Mottram 2014-08-07 07:55:51 +01:00
parent 79651b82d9
commit 552fda2e66
1 changed files with 11 additions and 25 deletions

View File

@ -7158,33 +7158,19 @@ Set *SYSLOGREPORTING* to false and comment out the line, then save and exit.
editor /etc/tripwire/twpol.txt
#+END_SRC
Comment out the lines:
Edit the "Root config files" section so that it looks like this:
#+BEGIN_SRC: bash
/var/log -> $(SEC_CONFIG) ;
/proc -> $(Device) ;
/root/.xsession-errors -> $(SEC_CONFIG) ;
/root/.xauth -> $(SEC_CONFIG) ;
/root/.gnome_private -> $(SEC_CONFIG) ;
/root/.gnome-desktop -> $(SEC_CONFIG) ;
/root/.gnome -> $(SEC_CONFIG) ;
/root/.Xresources -> $(SEC_CONFIG) ;
/root/.Xauthority -> $(SEC_CONFIG) -i ;
/root/mail -> $(SEC_CONFIG) ;
/root/Mail -> $(SEC_CONFIG) ;
/root/.ICEauthority -> $(SEC_CONFIG) ;
/etc/rc.boot -> $(SEC_BIN) ;
/root/.tcshrc -> $(SEC_CONFIG) ;
/root/.sawfish -> $(SEC_CONFIG) ;
/root/.pinerc -> $(SEC_CONFIG) ;
/root/.mc -> $(SEC_CONFIG) ;
/root/.elm -> $(SEC_CONFIG) ;
/root/.cshrc -> $(SEC_CONFIG) ;
/root/.bash_logout -> $(SEC_CONFIG) ;
/root/.bash_profile -> $(SEC_CONFIG) ;
/root/.amandahosts -> $(SEC_CONFIG) ;
/root/.addressbook.lu -> $(SEC_CONFIG) ;
/root/.addressbook -> $(SEC_CONFIG) ;
# These files change the behavior of the root account
(
rulename = "Root config files",
severity = 100
)
{
/root -> $(SEC_CRIT) ; # Catch all additions to /root
/root/.bashrc -> $(SEC_CONFIG) ;
/root/.bash_history -> $(SEC_CONFIG) ;
}
#+END_SRC
Then save and exit.