tripwire exclusions to avoid triggering on routine updates

2017-08-05 14:10:44 +01:00 · 2017-08-05 14:10:44 +01:00 · 8f1df8243d
parent 61d555737e
commit 8f1df8243d
1 changed files with 43 additions and 0 deletions
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@ -105,6 +105,11 @@ function install_tripwire {
    if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/tripwire ;' /etc/tripwire/twpol.txt
    fi
+    # Ignore /etc/freedombone
+    if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
+        sed -i '\|/etc\t\t->.*|a\    !/etc/freedombone ;' /etc/tripwire/twpol.txt
+    fi
+    # Ignore /etc/pihole
    if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/pihole ;' /etc/tripwire/twpol.txt
    fi
@ -115,6 +120,44 @@ function install_tripwire {
    if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
    fi
+    # Ignore additional install files
+    if ! grep -q '!/usr/local/bin/freedombone' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/freedombone*    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!=/usr/local/bin' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !=/usr/local/bin    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/addremove' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/addremove    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/backup' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/backup2friends' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup2friends    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/batman' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/batman    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/control' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/control    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/controluser' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/controluser    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/cronic' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/cronic    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/meshavahi' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/meshavahi    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/restore' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restore    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/restorefromfriend' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restorefromfriend    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+
    # Avoid logging the changed database
    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
    # site key name