1 |
I had a quick look at this a couple of months ago, however it's not an |
2 |
easy task. I think the simplest way to do it would be to take the conf.d/ |
3 |
approach many packages use. Multiple tripwire-<package> ebuilds could |
4 |
be created which could be emerged to populate this directory - or the |
5 |
<package> ebuild could place files in this directory. |
6 |
|
7 |
The tricky bit would be integrating this into tripwire. Either tripwire |
8 |
needs to be modified to understand a conf.d/ hierarchy, or, as you |
9 |
suggest, write a script that reads the contents of this directory and |
10 |
creates a policy file. I like the idea of being able to generate |
11 |
different policy files to run tripwire with different 'views' - system |
12 |
only, individual packages, etc. |
13 |
|
14 |
|
15 |
-Ronan |
16 |
(former gentoo-sec lurker ;) |
17 |
|
18 |
|
19 |
On Thu, 25 Mar 2004, Tom Hosiawa wrote: |
20 |
|
21 |
> I've used tripwire a little bit, and I'm starting to like it. |
22 |
> |
23 |
> The biggest problem I see with it, is the default policy is setup for |
24 |
> Red Hat, not for Gentoo. I know a Gentoo policy file exists in bugzilla, |
25 |
> but I'm thinking of creating a script to generate the policy file based |
26 |
> specifically on installed packages in portage. |
27 |
> |
28 |
> So before I go ahead with this plan, I thought I get some feedback on my |
29 |
> ideas. |
30 |
> |
31 |
> >From playing around with the policy file, I see it groups and |
32 |
> categorizes files into different security types and priorities such as |
33 |
> critical, suid, config , log, etc. |
34 |
> |
35 |
> So for every installed package, I would put it into its own group. Than |
36 |
> I would assign binary files (/bin, /usr/bin), superuser files (/sbin, |
37 |
> /usr/sbin), suid (search for them), config (/etc), log (/var/log) files |
38 |
> into their appropriate categories. |
39 |
> |
40 |
> Finally, providing options to generate it for only system packages with |
41 |
> no user input, and individual package selection should be an option. |
42 |
> |
43 |
> Tom |
44 |
> |
45 |
> |
46 |
> -- |
47 |
> gentoo-security@g.o mailing list |
48 |
> |
49 |
> |
50 |
|
51 |
______________________________________________________________________ |
52 |
This email has been scanned by the MessageLabs Email Security System. |
53 |
For more information please visit http://www.messagelabs.com/email |
54 |
______________________________________________________________________ |
55 |
|
56 |
-- |
57 |
gentoo-security@g.o mailing list |