reinit the tree, so we can have metadata

3 files changed, 297 insertions, 0 deletions

diff --git a/app-admin/tripwire/files/tripwire b/app-admin/tripwire/files/tripwire
new file mode 100644
index 000000000000..8f0f23f3e2d5
--- /dev/null
+++ b/app-admin/tripwire/files/tripwire
@@ -0,0 +1,10 @@
+#!/bin/sh
+HOST_NAME=`uname -n`
+if [ ! -e /var/lib/tripwire/${HOST_NAME}.twd ] ; then
+	echo "****    Error: Tripwire database for ${HOST_NAME} not found.  ****"
+	echo "**** Check tripwire.txt file for instructions or install      ****"
+	echo "**** app-admin/mktwpol package (if you used the \"tools\"  ****"
+	echo "**** USE flag, this has been done for you already.            ****"
+else
+        test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check --quiet
+fi
diff --git a/app-admin/tripwire/files/tripwire.txt b/app-admin/tripwire/files/tripwire.txt
new file mode 100644
index 000000000000..4f47f8bd8196
--- /dev/null
+++ b/app-admin/tripwire/files/tripwire.txt
@@ -0,0 +1,272 @@
+tripwire.txt					v. 11 Sept 2013
+
+Introduction to Tripwire, with Gentoo-specific installation information
+
+Tripwire software can monitor the integrity of critical system files and
+directories by identifying specified changes made to selected system
+files and directories. Configure Tripwire software to monitor your
+system in the way that is best for you.
+
+Tripwire software works by comparing files and directories against a
+defined baseline, stored in a tripwire-created database. Tripwire
+generates the baseline by taking a "snapshot" of specified files and
+directories. Tripwire software then compares the current system against
+the baseline and reports modifications, additions, or deletions. Use
+Tripwire software for system security, intrusion detection, damage
+assessment, and recovery forensics.
+
+
+To set-up Tripwire Configuration
+
+The Tripwire tarball installs the basic program files needed to run the
+software.  However, this installation does not prepare the configuration
+files that Tripwire needs to perform correctly. After you install the
+tripwire executable files and example configuration, you must:
+
+1. Review and perhaps edit the plain-text tripwire configuration file
+   (/etc/tripwire/twcfg.txt) with a text editor, if desired.
+
+2. Either run a configuration script (twsetup.sh from Gentoo's mktwpol
+   package, or tripwire-setup-keyfiles from Red Hat, or deprecated
+   twinstall.sh, also from Red Hat), or run the program `twadmin` with
+   the correct command line switches to make key files and encrypt/sign
+   the tripwire configuration file.
+
+   Make site key file
+   ------------------
+   `twadmin --generate-keys -S /etc/tripwire/site.key`
+
+   Make local key file
+   -------------------
+   `twadmin --generate-keys -L /etc/tripwire/$HOSTNAME-local.key`
+
+   Make mandatory signed tripwire configuration file (tw.cfg)
+   ----------------------------------------------------------
+   `twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt`
+
+Note: Once encrypted/signed, the configuration file, tw.cfg, must not be
+renamed or moved.  The plain-text tripwire configuration file (twcfg.txt)
+should be deleted.  It can be recreated with `twadmin --print-cfgfile`
+
+3. Make a plain-text policy file.  The use of the name twpol.txt is
+   common, but the name of this file is not defined or used by Tripwire,
+   other than preparation of the encrypted/signed policy file.
+
+   To make the plain-text policy file, either run a policy file generator
+   (for example, mktwpol.sh from Gentoo's mktwpol package), or edit the
+   plain-text policy file (twpol-GENERIC.txt, or twpol.txt, or similar)
+   with a text editor.  The plain-text policy file should not refer to
+   any non-existent file or directory.
+
+   If you edit twpol-GENERIC.txt to act as your plain-text policy file,
+   provide your system's HOSTNAME at line 61.  If you don't provide
+   the correct HOSTNAME, a tripwire inspection of the target computer's
+   filesystem will fail to check the tripwire database file for changes.
+
+	TWDB=/var/lib/tripwire/YOUR_HOSTNAME.twd;
+
+4. Convert the plain-text policy file into the encrypted/signed form
+   that tripwire will refer to as it examines the files on the target
+   computer's filesystem.  The default filename for the encrypted/signed
+   policy file is defined in the tripwire configuration file (tw.cfg)
+   and is usually tw.pol.  The encryption/signing of plain-text twpol.txt
+   is done with yet another `twadmin` command line.
+
+   Make mandatory encrypted/signed system inspection policy file
+   --------------------------------------------------------------
+   `twadmin -m P -c /etc/tripwire/tw.cfg /etc/tripwire/twpol.txt`
+
+Note: If you modify the plain-text policy file after running the
+configuration script, you must re-sign the plain-text policy file before
+initializing the database file.  Tripwire baseline database creation and
+inspections refer to the encrypted/signed policy file, not to the
+plain-text policy file.
+
+Note: The plain-text tripwire policy file (twpol.txt) should be deleted.
+It can be recreated with `twadmin --print-polfile`
+
+5. Initialize the Tripwire database file.
+
+   Record current file attributes in the tripwire database
+   -------------------------------------------------------
+   `tripwire --init -c /etc/tripwire/tw.cfg`
+
+Note: Tripwire might issue some "Warning: File system error" errors,
+and appear to hang.  But as long as it follows with "### Continuing...",
+it is still working.
+
+6. Run the first integrity check.
+
+   `tripwire --check -c /etc/tripwire/tw.cfg`
+
+Note: The use of "-c /etc/tripwire/tw.cfg" is not required if Tripwire
+uses the default tripwire configuration directory and file names.  If
+you defer to tripwire default filenames, then updating a text policy
+file into a tripwire database, and running an integrity check, can be
+done with these commands:
+
+   `twadmin --create-polfile /etc/tripwire/twpol.txt`
+   `tripwire --init`
+   `tripwire --check`
+
+Modifying the Policy File
+
+How Tripwire software checks your system is specified in the Tripwire
+plain-text policy file (twpol.txt).  A default policy file is included in
+the Tripwire software installation.  This policy file should be tailored
+to fit your particular system.  Tailoring the policy file is necessary
+to take advantage of Tripwire software's ability to monitor changes on
+your system.
+
+The plain-text policy file is usually located at /etc/tripwire/twpol.txt.
+An example policy file (located at /etc/tripwire/twpol-GENERIC.txt, or
+at /usr/share/doc/tripwire-VER#-REL#/policyguide.txt) is included to
+help you learn the policy language.  Read the sample policy files and
+the comments in the sample policy file to learn the policy language.
+
+After you modify the plain-text policy file, don't forget!
+
+ encrypt/sign using `twadmin --create-polfile /etc/tripwire/twpol.txt`
+
+
+Selecting Passphrases
+
+Tripwire files are encrypted/signed using site or local keys. These keys
+are protected by passphrases. When selecting passphrases, the following
+recommendations apply:
+
+Use at least eight alphanumeric and symbolic characters for each
+passphrase. The maximum length of a passphrase is 1023 characters.
+Quotes should not be used as passphrase characters.
+
+Assign a unique passphrase for the site key. The site key passphrase
+protects the site key, which is used to sign Tripwire software
+configuration and policy files. Assign a unique passphrase for the local
+key. The local key signs the Tripwire baseline database file. The local
+key may sign the Tripwire report files also.
+
+Store the passphrases in a secure location. There is no way to remove
+encryption from a signed file if you forget your passphrase and lost the
+key files.  If you forget the passphrases, the files are unusable. In
+that case you must create new key files and the baseline database.
+
+
+Initializing the Database
+
+In Database Initialization mode, Tripwire software builds a database of
+filesystem objects based on the rules in the policy file. This database
+serves as the baseline for integrity checks. The syntax for Database
+Initialization mode is:
+
+  `tripwire --init -c /etc/tripwire/tw.cfg`
+
+
+Running an Integrity Check
+
+The Integrity Check mode compares the current file system objects with
+their properties recorded in the Tripwire database. Violations are
+printed to stdout. The report file is saved and can later be accessed by
+twprint. An email option enables you to send email. The syntax for
+Integrity Check mode is:
+
+  `tripwire --check -c /etc/tripwire/tw.cfg`
+
+
+Printing Reports - twprint Print Report Mode
+
+The twprint --print-report mode prints the contents of a Tripwire
+report. If you do not specify a report with the --twrfile or -r
+command-line argument, the default report file specified by the
+configuration file REPORTFILE variable is used.
+
+Example: On a machine named LIGHTHOUSE, the command could be:
+
+  `twprint -m r --twrfile LIGHTHOUSE-19990622-021212.twr`
+
+
+Updating the Database after an Integrity Check
+
+Database Update mode enables you to update the Tripwire database after
+an integrity check if you determine that the violations discovered are
+valid. This update process saves time by enabling you to update the
+database without having to re-initialize it. It also enables selective
+updating, which cannot be done through re-initialization. The syntax for
+Database Update mode is:
+
+  `tripwire --update`
+
+
+Updating the Policy File
+
+Change the way that Tripwire software scans the system by changing the
+rules in the policy file.  You can then update the database without a
+complete re-initialization. This saves a significant amount of time and
+preserves security by keeping the policy file synchronized with the
+database it uses.  The syntax for Policy Update mode is:
+
+  `tripwire  --update-policy`
+
+
+Testing email functions
+
+Test mode tests the software's email notification system, using the
+settings currently specified in the configuration file. The syntax for
+Email Test Reporting mode is:
+
+  `tripwire  --test`
+
+
+Tripwire Components
+
+The policy file begins as a text file containing comments, rules,
+directives, and variables. These dictate the way Tripwire software
+checks your system. Each rule in the policy file specifies a system
+object to be monitored. Rules also describe which changes to the object
+to report, and which to ignore.
+
+System objects are the files and directories you wish to monitor. Each
+object is identified by an object name. A property refers to a single
+characteristic of an object that Tripwire software can monitor.
+Directives control conditional processing of sets of rules in a policy
+file. During installation, the text policy file is encrypted/signed and
+renamed, and becomes the active policy file.
+
+The database file is an important component of Tripwire software. When
+first installed, Tripwire software uses the policy file rules to create
+the database file. The database file is a baseline "snapshot" of the
+system in a known secure state. Tripwire software compares this baseline
+against the current system to determine what changes have occurred. This
+is an integrity check.
+
+When you perform an integrity check, Tripwire software produces report
+files. Report files summarize any changes that violated the policy file
+rules during the integrity check. You can view the report file in a
+variety of formats, at varying levels of detail.
+
+The Tripwire configuration file stores system-specific information, such
+as the location of Tripwire data files. Tripwire software generates some
+of the configuration file information during installation. The system
+administrator can change parameters in the configuration file at any
+time. The configuration file variables POLFILE, DBFILE, REPORTFILE,
+SITEKEYFILE, and LOCALKEYFILE specify where the policy file, database
+file, report files, and site and local key files reside. These variables
+must be defined or the configuration file is invalid. If any of these
+variables are undefined, an error occurs on execution of Tripwire
+software and the program exits.
+
+
+Tripwire Help
+
+All Tripwire commands support the help arguments.
+
+Example: To get help with Create Configuration File mode, type:
+
+  `twadmin --help --create-cfgfile`
+
+  -?			Display usage and version information
+  --help		Display all command modes
+  --help all		Display help for all command modes
+  --help [mode]		Display help for current command mode
+  --version		Display version information
+
+We recommend you read the Tripwire Release Notes and README file.
diff --git a/app-admin/tripwire/files/twcfg.txt b/app-admin/tripwire/files/twcfg.txt
new file mode 100644
index 000000000000..9cf39bcc01e4
--- /dev/null
+++ b/app-admin/tripwire/files/twcfg.txt
@@ -0,0 +1,15 @@
+ROOT                   =/usr/sbin
+POLFILE                =/etc/tripwire/tw.pol
+DBFILE                 =/var/lib/tripwire/$(HOSTNAME).twd
+REPORTFILE             =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
+SITEKEYFILE            =/etc/tripwire/site.key
+LOCALKEYFILE           =/etc/tripwire/$(HOSTNAME)-local.key
+EDITOR                 =/bin/nano
+LATEPROMPTING          =false
+LOOSEDIRECTORYCHECKING =false
+MAILNOVIOLATIONS       =true
+EMAILREPORTLEVEL       =3
+REPORTLEVEL            =3
+MAILMETHOD             =SENDMAIL
+SYSLOGREPORTING        =false
+MAILPROGRAM            =/usr/lib/sendmail -oi -t