At 03:51 PM 3/4/2010, Dag-Erling Smørgrav wrote:
Mike Tancsa <[email protected]> writes:
> While getting a box ready for deployment, I noticed on two occasions,
> I would get some exception reports flagging all files as the
> underlying device number through reboots had changed. Is this
> "normal" for Tripwire and FreeBSD ?
FreeBSD does not have fixed device numbers, they are allocated on the
fly as each device attaches. I don't know if there is a way around
this.
OK, I think there is a way around it in the config file.
I am thinking the FreeBSD default config could be changed to
@@section FS
-SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
-SEC_SUID = $(IgnoreNone)-SHa ; # Binaries
with the SUID or SGID flags set
-SEC_BIN = $(ReadOnly) ; # Binaries that should not change
-SEC_CONFIG = $(Dynamic) ; # Config
files that are changed infrequently but accessed often
-SEC_TTY = $(Dynamic)-ugp ; # Tty files
that change ownership at login
-SEC_LOG = $(Growing) ; # Files
that grow, but that should never change ownership
-SEC_INVARIANT = +tpug ; #
Directories that should never change permission or ownership
+SEC_CRIT = $(IgnoreNone)-SHad ; # Critical files that cannot change
+SEC_SUID = $(IgnoreNone)-SHad ; # Binaries
with the SUID or SGID flags set
+SEC_BIN = $(ReadOnly)-d ; # Binaries that should not change
+SEC_CONFIG = $(Dynamic)-d ; # Config
files that are changed infrequently but accessed often
+SEC_TTY = $(Dynamic)-ugpd ; # Tty
files that change ownership at login
+SEC_LOG = $(Growing)-d ; # Files
that grow, but that should never change ownership
+SEC_INVARIANT = +tpug-d ; #
Directories that should never change permission or ownership
SIG_LOW = 33 ; #
Non-critical files that are of minimal security impact
SIG_MED = 66 ; #
Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical
files that are significant points of vulnerability
Where
##############################################################################
# Predefined
Variables #
##############################################################################
#
# Property Masks
#
# - ignore the following properties
# + check the following properties
#
# a access timestamp (mutually exclusive with +CMSH)
# b number of blocks allocated
# c inode creation/modification timestamp
# d ID of device on which inode resides
# g group id of owner
# i inode number
# l growing files (logfiles for example)
# m modification timestamp
# n number of links
# p permission and file mode bits
# r ID of device pointed to by inode (valid only for device objects)
# s file size
# t file type
# u user id of owner
#
# C CRC-32 hash
# H HAVAL hash
# M MD5 hash
# S SHA hash
#
I have bcc'd the maintainer for input
Thanks,
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
