| 1 |
I had a quick look at this a couple of months ago, however it's not an |
| 2 |
easy task. I think the simplest way to do it would be to take the conf.d/ |
| 3 |
approach many packages use. Multiple tripwire-<package> ebuilds could |
| 4 |
be created which could be emerged to populate this directory - or the |
| 5 |
<package> ebuild could place files in this directory. |
| 6 |
|
| 7 |
The tricky bit would be integrating this into tripwire. Either tripwire |
| 8 |
needs to be modified to understand a conf.d/ hierarchy, or, as you |
| 9 |
suggest, write a script that reads the contents of this directory and |
| 10 |
creates a policy file. I like the idea of being able to generate |
| 11 |
different policy files to run tripwire with different 'views' - system |
| 12 |
only, individual packages, etc. |
| 13 |
|
| 14 |
|
| 15 |
-Ronan |
| 16 |
(former gentoo-sec lurker ;) |
| 17 |
|
| 18 |
|
| 19 |
On Thu, 25 Mar 2004, Tom Hosiawa wrote: |
| 20 |
|
| 21 |
> I've used tripwire a little bit, and I'm starting to like it. |
| 22 |
> |
| 23 |
> The biggest problem I see with it, is the default policy is setup for |
| 24 |
> Red Hat, not for Gentoo. I know a Gentoo policy file exists in bugzilla, |
| 25 |
> but I'm thinking of creating a script to generate the policy file based |
| 26 |
> specifically on installed packages in portage. |
| 27 |
> |
| 28 |
> So before I go ahead with this plan, I thought I get some feedback on my |
| 29 |
> ideas. |
| 30 |
> |
| 31 |
> >From playing around with the policy file, I see it groups and |
| 32 |
> categorizes files into different security types and priorities such as |
| 33 |
> critical, suid, config , log, etc. |
| 34 |
> |
| 35 |
> So for every installed package, I would put it into its own group. Than |
| 36 |
> I would assign binary files (/bin, /usr/bin), superuser files (/sbin, |
| 37 |
> /usr/sbin), suid (search for them), config (/etc), log (/var/log) files |
| 38 |
> into their appropriate categories. |
| 39 |
> |
| 40 |
> Finally, providing options to generate it for only system packages with |
| 41 |
> no user input, and individual package selection should be an option. |
| 42 |
> |
| 43 |
> Tom |
| 44 |
> |
| 45 |
> |
| 46 |
> -- |
| 47 |
> gentoo-security@g.o mailing list |
| 48 |
> |
| 49 |
> |
| 50 |
|
| 51 |
______________________________________________________________________ |
| 52 |
This email has been scanned by the MessageLabs Email Security System. |
| 53 |
For more information please visit http://www.messagelabs.com/email |
| 54 |
______________________________________________________________________ |
| 55 |
|
| 56 |
-- |
| 57 |
gentoo-security@g.o mailing list |
Archives