LJ Archive

Listing 1. Sample Policy File

WEBROOT=/home/mick/www;
CGIBINS=/home/mick/www/cgi-bin;
TWPOL="/etc/tripwire";
TWDB="/var/lib/tripwire";
BINS  = $(ReadOnly) ;    # Binaries that should not
                           change
SEC_INVARIANT = +tpug ;  # Dir.s that shouldn't
                           change perms/ownership
SIG_MED       = 66 ;     # Important but not
                           system-critical files
# Mick's Web Junk
(
  rulename = "MickWeb",
  severity = $(SIG_MED),
  emailto = mick@uselesswebjunk.com
)
{
  $(TWPOL)               -> $(Readonly) ;
  $(WEBROOT)             -> $(ReadOnly) (recurse=1) ;
  !$(WEBROOT)/guestbook.html ;
  $(CGIBINS)             -> $(BINS)     ;
  /var/log/httpd         -> $(Growing)  ;
}
LJ Archive