From 4efb04dce5ae3f1ab8724d25bcc09b9b21df05d6 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 8 Aug 2017 13:26:39 +0100
Subject: [PATCH] Additional tripwire rules

---
 src/freedombone-base-tripwire | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/freedombone-base-tripwire b/src/freedombone-base-tripwire
index 11159fd3..af2cd6d6 100755
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -124,6 +124,13 @@ function install_tripwire {
     if ! grep -q '!/usr/local/lib/node_modules' /etc/tripwire/twpol.txt; then
         sed -i '\|/etc\t\t->.*|a\    !/usr/local/lib/node_modules ;' /etc/tripwire/twpol.txt
     fi
+    # Events here are likely due to USB HRNG activity
+    if ! grep -q '!/dev/char' /etc/tripwire/twpol.txt; then
+        sed -i '\|/dev\t\t->.*|a\    !/dev/char ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/dev/bus/usb' /etc/tripwire/twpol.txt; then
+        sed -i '\|/dev\t\t->.*|a\    !/dev/bus/usb ;' /etc/tripwire/twpol.txt
+    fi
 
     # Not much is in /usr/local/bin other than project commands and avoiding it removes
     # problems with updates. This is a tradeoff, but not by much.