#! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh 'tripwire-1.0/configs/tw.conf.sun' <<'END_OF_FILE' X# X# tripwire.config X# Generic version for SunOS 4.x X# Will need editing...see comments below X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tripwire.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam12] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner 1: signature 1 X# g : group id of owner 2: signature 2 X# s : size of file X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +pinugsm12-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: (default) R : [R]ead-only (+pinugsm12-a) X# L : [L]og file (+pinug-sam12) X# N : ignore [N]othing (+pinusgsamc12) X# E : ignore [E]verything (-pinusgsamc12) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+ug X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbitant X# protection is not needed. (See README and design document for further X# details.) X# X X# First, root's "home" X=/ L X/.rhosts R # may not exist X/.profile R # may not exist X/.cshrc R # may not exist X/.login R # may not exist X/.exrc R # may not exist X/.logout R # may not exist X/.emacs R # may not exist X/.forward R # may not exist X/.netrc R # may not exist X X# Unix itself X/vmunix R X X# Now, some critical directories and files X# Some exceptions are noted further down X/etc R X/etc/inetd.conf R X/etc/rc R X/etc/rc.boot R X/etc/rc.local R X/etc/rc.single R X/etc/rc.ip R X/etc/ttytab R X/etc/exports R X/etc/ttys L X/etc/dumpdates L X/etc/mtab L X/etc/motd L X/etc/rmtab L X/etc/utmp L X/etc/group R # changes should be infrequent X# The next line may need to be replaced with /etc/security X# if C2 is enabled X/etc/passwd L X X/var L X X/dev L X X/usr/etc R X X# Checksumming the following is not so critical. However, X# setuid/setgid files are special-cased further down. X X/lib R-2 X X/bin R-2 X X/usr/bin R-2 X X/usr/ucb R-2 X X/usr/lib R-2 X X=/usr L X=/usr/spool L X/usr/spool/cron L X/usr/spool/mqueue L X/usr/spool/mail L X X# You may or may not have the following X#/usr/ftp L X#/usr/ftp/bin R X#/usr/ftp/etc R X X# put entries in for /var/yp if you need it X# put entries for uucp if you need them X# put entries for /var/adm if you need it X X=/tmp X=/var/tmp X X# Here are entries for setuid/setgid files. On these, we use X# both signatures just to be sure. X# X# You may want/need to edit this list. Batteries not inc. X X/bin/at R X/bin/atq R X/bin/atrm R X/bin/cancel R X/bin/chfn R X/bin/chsh R X/bin/crontab R X/bin/cu R X/bin/df R X/bin/iostat R X/bin/ipcs R X/bin/login R X/bin/lpstat R X/bin/mail R X/bin/newgrp R X/bin/passwd R X/bin/su R X/bin/sunview1/sv_acquire R X/bin/sunview1/sv_release R X/bin/sunview1/toolplaces R X/bin/tip R X/bin/uucp R X/bin/uuname R X/bin/uustat R X/bin/uux R X/bin/wall R X/bin/write R X/bin/ypchfn R X/bin/ypchsh R X/bin/yppasswd R X/usr/bin/at R X/usr/bin/atq R X/usr/bin/atrm R X/usr/bin/cancel R X/usr/bin/chfn R X/usr/bin/chsh R X/usr/bin/crontab R X/usr/bin/cu R X/usr/bin/df R X/usr/bin/iostat R X/usr/bin/ipcs R X/usr/bin/login R X/usr/bin/lpstat R X/usr/bin/mail R X/usr/bin/newgrp R X/usr/bin/passwd R X/usr/bin/su R X/usr/bin/sunview1/sv_acquire R X/usr/bin/sunview1/sv_release R X/usr/bin/sunview1/toolplaces R X/usr/bin/tip R X/usr/bin/uucp R X/usr/bin/uuname R X/usr/bin/uustat R X/usr/bin/uux R X/usr/bin/wall R X/usr/bin/write R X/usr/bin/ypchfn R X/usr/bin/ypchsh R X/usr/bin/yppasswd R X/usr/etc/arp R X/usr/etc/chill R X/usr/etc/devinfo R X/usr/etc/dkinfo R X/usr/etc/dmesg R X/usr/etc/dump R X/usr/etc/dumpfs R X/usr/etc/keyenvoy R X/usr/etc/kgmon R X/usr/etc/lpc R X/usr/etc/nfsstat R X/usr/etc/ping R X/usr/etc/rpc.rwalld R X/usr/etc/trpt R X/usr/ucb/lpq R X/usr/ucb/lpr R X/usr/ucb/netstat R X/usr/ucb/rcp R X/usr/ucb/rdist R X/usr/ucb/rlogin R X/usr/ucb/rsh R X/usr/ucb/talk R X/usr/ucb/vmstat R X END_OF_FILE if test 5298 -ne `wc -c <'tripwire-1.0/configs/tw.conf.sun'`; then echo shar: \"'tripwire-1.0/configs/tw.conf.sun'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/tw.conf.sun' fi if test -f 'tripwire-1.0/configs/Makefile.xenix' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/configs/Makefile.xenix'\" else echo shar: Extracting \"'tripwire-1.0/configs/Makefile.xenix'\" \(5278 characters\) sed "s/^X//" >'tripwire-1.0/configs/Makefile.xenix' <<'END_OF_FILE' X# $Id: Makefile.xenix,v 1.1.1.3 92/11/03 15:37:13 genek Exp $ X# X# Tripwire build X# X# Gene Kim X# Purdue University X# X X# XENIX Makefile X X# support for parallel compiles (ala Dynix) X# comment the following line out if your Make doesn't support this syntax. X#P = & X X# you can use ANSI C if you like, but K&R is equally fine. XCC = cc XCFLAGS = -O X X#CC = gcc X#CFLAGS = -O -ansi X X# make sure libraries are not linked dynamically (as a security measure) X#LDFLAGS= -Bstatic XLDFLAGS= -s -lx X X# NOTICE/TNL -lx required for dir type functions in LDFLAGS X X# If you don't have the install command, you need to replace X# the use of it later in the makefile with a cp and chmod XINSTALL= /etc/install X X# where you want to install the Tripwire binary XTARGET = /usr/tmp/ch.Z.1123 X# NOTICE/TNL above is a sneaky dir stored UNDER mounted /usr/tmp filesystem X# to be exposed only during tripwire runs. A daemon (that does other things) X# has a chdir("/usr/tmp"); that keeps the filesystem busy to confuse bad guys. X# tripwire will kill -17 $TRIPWIREPID to tell the daemon to chdir away X# from /usr/tmp so root can umount it for the tripwire run. Then another X# SIGUSR2 to tell daemon to reoccupy /usr/tmp after the run. X X# how you get hostname information (BSD vs. SYSV style) XHOSTNAME = uname -n X#HOSTNAME = hostname X XOFILES = config.parse.o main.o list.o ignorevec.o databs.build.o \ X utils.o preen.o diff.sorted.o diff.parse.o preen.interp.o \ X preen.report.o nullsig.o \ X $(SIG1) $(SIG2) X XSIG1DIR = ./md5 XSIG2DIR = ./snefru X XSIG1 = $(SIG1DIR)/md5wrapper.o $(SIG1DIR)/md5.o XSIG2 = $(SIG2DIR)/snefru.o X X# for generating shar distribution package X XDIST = tripwire-0.9 XDISTPKG = Makefile README README.FIRST README.coast TODO Announce \ X tripwire.config *.[ch] tripwire.8 tripwire.design.ms Changelog X X### X Xall: tripwire X Xtripwire: $(P) $(OFILES) X $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OFILES) X X$(SIG1): X (cd $(SIG1DIR); make CC="$(CC)" CFLAGS="$(CFLAGS)") X$(SIG2): X (cd $(SIG2DIR); make CC="$(CC)" CFLAGS="$(CFLAGS)") X X.c.o: X $(CC) $(CFLAGS) -c $< X Xinstall: tripwire X $(INSTALL) tripwire $(TARGET) X Xtest: tripwire X @HOST=`$(HOSTNAME)`; \ X CURRPATH=`pwd`; \ X sed s,/tmp/genek/tripwire-0.9,$$CURRPATH, \ X < ./Tests/tripwire.database_TEST \ X > ./Databases/tripwire.database_$$HOST; \ X cp tripwire.config tripwire.config.orig; \ X sed s,/tmp/genek/tripwire-0.9,$$CURRPATH, \ X < ./tripwire.config.orig \ X > ./tripwire.config; X @echo ======= test begin ======= ; X ./tripwire; X @echo ======= test end ======= ; X @echo ''; X mv tripwire.config.orig tripwire.config; X @CURRPATH=`pwd`; \ X echo ''; \ X echo Tripwire should have only reported: ; \ X echo " added: $$CURRPATH/tripwire.config.orig" ; \ X echo " $$CURRPATH/Databases/... " ; \ X echo " changed: $$CURRPATH (your current directory) " ; \ X echo " ...and any other files you may have changed!" X X# X# only for building distribution X# Xmaketest: X HOST=`$(HOSTNAME)`; \ X CURRPATH=`pwd`; \ X ./tripwire -initialize; \ X cp ./Databases/tripwire.database_$$HOST ./Tests/tripwire.database_TEST;\ X cp ./Tests/tripwire.database_TEST /tmp/genek/tripwire-0.9/Tests X X Xtags: force X ctags *.[ch] X Xshar: X -mkdir $(DIST) X -mkdir $(DIST)/Databases X -cp $(DISTPKG) $(DIST) X -cp -r $(SIG1DIR) $(SIG2DIR) ./$(DIST) X -cp -r configs Tests $(DIST) X -rm -fr ./$(DIST)/$(SIG1DIR)/RCS X -rm -fr ./$(DIST)/$(SIG1DIR)/CVS.adm X -rm -fr ./$(DIST)/$(SIG2DIR)/RCS X -rm -fr ./$(DIST)/$(SIG2DIR)/CVS.adm X -rm -fr ./$(DIST)/Tests/CVS.adm X -rm -fr $(DIST)/./configs/CVS.adm X -rm -f ./$(DIST)/$(SIG1DIR)/*.o X -rm -f ./$(DIST)/$(SIG2DIR)/*.o X shar -a $(DIST) > Tripwire.Dist.shar X -rm -rf ./$(DIST) X Xtar: X -mkdir $(DIST) X -mkdir $(DIST)/Databases X -cp $(DISTPKG) $(DIST) X -cp -r $(SIG1DIR) $(SIG2DIR) ./$(DIST) X -cp -r configs Tests $(DIST) X -rm -fr ./$(DIST)/$(SIG1DIR)/RCS X -rm -fr ./$(DIST)/$(SIG1DIR)/CVS.adm X -rm -fr ./$(DIST)/$(SIG2DIR)/RCS X -rm -fr ./$(DIST)/$(SIG2DIR)/CVS.adm X -rm -fr $(DIST)/./Tests/CVS.adm X -rm -fr $(DIST)/./configs/CVS.adm X -rm -f ./$(DIST)/$(SIG1DIR)/*.o X -rm -f ./$(DIST)/$(SIG2DIR)/*.o X tar cf Tripwire.Dist.tar $(DIST) X -rm -rf ./$(DIST) X Xdepend: force X makedep X mv Makefile Makefile.old X mv Makefile.new Makefile X Xproto: force X makeproto tripwire.h *.c X Xclean: X rm -f $(OFILES) X Xclobber: clean X Xforce: X X# include dependencies X X#### Do not remove this line. Makedep depends on it! #### Xconfig.parse.o: ./config.h Xconfig.parse.o: ./list.h Xconfig.parse.o: ./tripwire.h Xdatabs.build.o: ./config.h Xdatabs.build.o: ./list.h Xdatabs.build.o: ./tripwire.h Xdiff.parse.o: ./config.h Xdiff.parse.o: ./list.h Xdiff.parse.o: ./tripwire.h Xdiff.sorted.o: ./config.h Xdiff.sorted.o: ./list.h Xdiff.sorted.o: ./tripwire.h Xdiff.sorted.o: ./utils.c Xignorevec.o: ./config.h Xignorevec.o: ./list.h Xignorevec.o: ./tripwire.h Xlist.o: ./config.h Xlist.o: ./list.h Xmain.o: ./config.h Xmain.o: ./list.h Xmain.o: ./tripwire.h Xmain.o: ./snefru/snefru.h Xmain.o: ./md5/md5.h Xmain.o: ./nullsig.h Xnullsig.o: ./config.h Xpreen.o: ./config.h Xpreen.o: ./list.h Xpreen.o: ./tripwire.h Xpreen.interp.o: ./config.h Xpreen.interp.o: ./list.h Xpreen.interp.o: ./utils.h Xpreen.interp.o: ./tripwire.h Xpreen.report.o: ./config.h Xpreen.report.o: ./list.h Xpreen.report.o: ./tripwire.h Xutils.o: ./config.h Xutils.o: ./list.h Xutils.o: ./tripwire.h END_OF_FILE if test 5278 -ne `wc -c <'tripwire-1.0/configs/Makefile.xenix'`; then echo shar: \"'tripwire-1.0/configs/Makefile.xenix'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/Makefile.xenix' fi if test -f 'tripwire-1.0/src/preen.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/preen.c'\" else echo shar: Extracting \"'tripwire-1.0/src/preen.c'\" \(4868 characters\) sed "s/^X//" >'tripwire-1.0/src/preen.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: preen.c,v 1.2 92/11/03 02:43:57 genek Exp $"; X#endif X X/* X * preen.c X * X * preen the filesystems in preen.config against the data stored in X * in preen.database. X * X * Gene Kim X * Purdue University X */ X X#include "../include/config.h" X#include X#ifdef STDLIBH X#include X#include X#endif X#include X#ifdef STRINGH X#include X#else X#include X#endif X#ifdef __STDC__ X# include X# include X#endif X#if (defined(SYSV) && (SYSV < 3)) X# include X#endif /* SVR2 */ X#include "../include/list.h" X#include "../include/tripwire.h" X Xstatic struct list *preenlist = NULL; X X/* prototypes */ Xchar *mktemp(); Xstatic void preen_database_load(); X X/* X * preen_gather() X * X * routine that calls all the other functions for preening. X */ X Xvoid Xpreen_gather() X{ X FILE *fp_in; X struct list *entry_list = (struct list *) NULL; X X /* build the filelist from the preen.config file X * it will create the linked list of files X */ X configfile_read(&preenlist, &entry_list); X X /* read in the old database */ X preen_database_load(); X X /* preen ourselves: X * build a temporary database, then check for diffs X */ X database_build(&preenlist, DBASE_TEMPORARY, &entry_list); X X /* open it, and begin interp */ X if ((fp_in = fopen(tempdatabase_file, "r")) == NULL) X die_with_err("preen_gather: fopen(%s)", tempdatabase_file); X X /* build the diff_xxx_lists of ADDED, CHANGED, DELETED */ X preen_interp(fp_in); X X /* now build the report */ X preen_report(); X (void) fclose(fp_in); X X /* remove the temporary database file */ X (void) unlink(tempdatabase_file); X X return; X} X X/* X * preen_update(char *entry) X * X * build the filelist from tw.config file. X * check if (updateentry) is an entry X * if it is, update all entries with the same entrynum X * else if (updateentry) exists X * if so, update, w/same entrynum X * else append to database, w/entrynum = -1 X */ X Xvoid Xpreen_update(entry) X char *entry; X{ X struct list *entry_list = (struct list *) NULL; X X /* build the filelist from the preen.config file X * it will create the linked list of files X */ X configfile_read(&preenlist, &entry_list); X X /* read in the old database */ X preen_database_load(); X X /* is (updateentry) an entry */ X if (list_isthere(entry, &entry_list)) { X char s[MAXPATHLEN]; X int entrynum; X X /* get entry number */ X (void) strcpy(s, list_lookup(entry, &entry_list)); X if (sscanf(s, "%d", &entrynum) != 1) { X fprintf(stderr, "preen_update: sscanf() parse error!\n"); X exit(1); X } X X /* mark all files with this entry number as FLAG_UPDATE */ X database_update_markentries(&filelist, entrynum); X X } X /* is there even such a file? */ X else if (list_isthere(entry, &preenlist) == 0) { X fprintf(stderr, "tripwire: update couldn't find entry '%s'! Aborting...\n", entry); X exit(1); X } X /* entry is just a regular file */ X else { X /* make sure it's in our database */ X if (list_isthere(entry, &filelist) < 0) { X fprintf(stderr, "preen_update: entry `%s' not found!\n", X entry); X exit(1); X } X list_setflag(entry, FLAG_UPDATE, &filelist); X } X X /* preen ourselves: X * build a temporary database, then check for diffs X */ X database_build(&filelist, DBASE_UPDATE, &entry_list); X X /* print banner */ X fputs("###\n", stderr); X fprintf(stderr, X"### Warning: Old database file moved to `%s'\n", backupfile); X fputs("### in ./Databases.\n", stderr); X exit(0); X X return; X} X X/* X * void X * preen_database_load() X * X * load in the old database file. X */ X Xstatic void Xpreen_database_load() X{ X char filename[MAXPATHLEN]; X FILE *fp; X char s[MAXPATHLEN]; X char key[MAXPATHLEN], value[512]; X X if (specified_dbasefile == NULL) X sprintf(filename, "%s/%s", database_path, database_file); X else X (void) strcpy(filename, specified_dbasefile); X X /* check if we are to read from stdin */ X if (strcmp(filename, "-") == 0) { X fp = stdin; X } X /* else open the file */ X else { X if ((fp = fopen(filename, "r")) == NULL) X die_with_err("%s: Couldn't open database file '%s'", X filename); X } X X /* read in entire file */ X while (fgets(s, sizeof(s), fp) != NULL) { X X /* skip comments */ X if (s[0] == '#') X continue; X X string_split_space(s, key, value); X X /* build table of contents */ X if (strcmp(key, "@@contents") == 0) { X continue; X } X /* skip database version */ X else if (strcmp(key, "@@dbaseversion") == 0) { X continue; X } X /* else it's a file */ X else { X /* expand any escaped characters */ X filename_escape_expand(key); X X list_set(key, value, 0, &filelist); X } X } X X /* close the file descriptor */ X if (fp != stdin) { X (void) fclose(fp); X } X X return; X} X END_OF_FILE if test 4868 -ne `wc -c <'tripwire-1.0/src/preen.c'`; then echo shar: \"'tripwire-1.0/src/preen.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/preen.c' fi if test -f 'tripwire-1.0/configs/tw.conf.s5' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/configs/tw.conf.s5'\" else echo shar: Extracting \"'tripwire-1.0/configs/tw.conf.s5'\" \(4729 characters\) sed "s/^X//" >'tripwire-1.0/configs/tw.conf.s5' <<'END_OF_FILE' X# X# tripwire.config X# Generic version for: X# X# SystemV/386 R3.2 configuration by W. Purvis X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tripwire.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam12] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner 1: signature 1 X# g : group id of owner 2: signature 2 X# s : size of file X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +pinugsm12-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: (default) R : [R]ead-only (+pinugsm12-a) X# L : [L]og file (+pinug-sam12) X# N : ignore [N]othing (+pinusgsamc12) X# E : ignore [E]verything (-pinusgsamc12) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+ug X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbitant X# protection is not needed. (See README and design document for further X# details.) X# X X# First, root's "home" X=/ L X/.rhosts R # may not exist X/.profile R # may not exist X/.cshrc R # may not exist X/.login R # may not exist X#/.exrc R # may not exist X X# Unix itself X/unix R X X# Now, some critical directories and files X# Some exceptions are noted further down X/etc R X/etc/inetd.conf R X/etc/rc R X/etc/rc.boot R X/etc/rc.local R X/etc/rc.single R X/etc/rc.ip R X/etc/ttytab R X/etc/exports R X/etc/ttys L X/etc/dumpdates L X/etc/mtab L X/etc/motd L X/etc/rmtab L X/etc/utmp L X/etc/group R # changes should be infrequent X# The next line may need to be replaced with /etc/security X# if C2 is enabled X/etc/passwd L X X!/dev X X/usr/etc R X/usr/local R X/usr/local/log L X X# Checksumming the following is not so critical. However, X# setuid/setgid files are special-cased further down. X X/lib R-2 X X/bin R-2 X X/usr/bin R-2 X X/usr/ucb R-2 X X/usr/lib R-2 X X/usr/local/lib/nqs/logfile L X=/usr L X=/usr/spool L X/usr/spool/cron L X/usr/spool/mqueue L X/usr/spool/mail L X=/usr/spool/nqs/private X=/usr/spool/nqs/times X X# You may or may not have the following X#/usr/ftp L X#/usr/ftp/bin R X#/usr/ftp/etc R X X# put entries in for /var/yp if you need it X# put entries for uucp if you need them X# put entries for /var/adm if you need it X X=/tmp X X# Here are entries for setuid/setgid files. On these, we use X# both signatures just to be sure. X# X# You may want/need to edit this list. Batteries not inc. X X/bin/at R X/bin/atq R X/bin/atrm R X/bin/cancel R X/bin/chfn R X/bin/chsh R X/bin/crontab R X/bin/cu R X/bin/df R X/bin/iostat R X/bin/ipcs R X/bin/login R X/bin/lpstat R X/bin/mail R X/bin/newgrp R X/bin/passwd R X/bin/su R X/bin/tip R X#/bin/uucp R X#/bin/uuname R X#/bin/uustat R X#/bin/uux R X/bin/wall R X/bin/write R X/bin/ypchfn R X/bin/ypchsh R X/bin/yppasswd R X/usr/bin/at R X/usr/bin/atq R X/usr/bin/atrm R X/usr/bin/cancel R X/usr/bin/chfn R X/usr/bin/chsh R X/usr/bin/crontab R X/usr/bin/cu R X/usr/bin/df R X/usr/bin/iostat R X/usr/bin/ipcs R X/usr/bin/login R X/usr/bin/lpstat R X/usr/bin/mail R X/usr/bin/newgrp R X/usr/bin/passwd R X/usr/bin/su R X/usr/bin/tip R X#/usr/bin/uucp R X#/usr/bin/uuname R X#/usr/bin/uustat R X#/usr/bin/uux R X/usr/bin/wall R X/usr/bin/write R X/usr/bin/ypchfn R X/usr/bin/ypchsh R X/usr/bin/yppasswd R END_OF_FILE if test 4729 -ne `wc -c <'tripwire-1.0/configs/tw.conf.s5'`; then echo shar: \"'tripwire-1.0/configs/tw.conf.s5'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/tw.conf.s5' fi if test -f 'tripwire-1.0/tests/tw.conf.test' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/tests/tw.conf.test'\" else echo shar: Extracting \"'tripwire-1.0/tests/tw.conf.test'\" \(4659 characters\) sed "s/^X//" >'tripwire-1.0/tests/tw.conf.test' <<'END_OF_FILE' X# X# tw.config X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tw.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam12] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner 1: signature 1 X# g : group id of owner 2: signature 2 X# s : size of file X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +pinugsm12-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: (default) R : [R]ead-only (+pinugsm12-a) X# L : [L]og file (+pinug-sam12) X# N : ignore [N]othing (+pinusgsamc12) X# E : ignore [E]verything (-pinusgsamc12) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+ug X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Hint: Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbitant X# protection is not needed. (See README and design document for further X# details.) X# X# ==== X# X# Preprocessor directives: X# X# The following directives provide C-preprocessor and m4-like X# functionality: X# X# @@ifhost hostname : included if (hostname) matches X# @@ifhost hostname : included if (hostname) doesn't X# match. X# (both need matching @@endif) X# X# @@define x : defines (x) X# @@undef x : undefines (x) X# X# @@ifdef x : included if (x) is defined. X# @@ifndef x : included if (x) is not defined. X# (both need matching @@endif) X# X# @@endif : closes up @@ifhost, @@ifdef, X# and @@ifndef. X# X# Example: X# A host-dependent inclusion can be specified many ways so tw.config X# files can be shared among multiple machines. So, if the machine X# "mentor.cc.purdue.edu" is the only machine that has a certain file, X# you could use: X# X# @@ifhost mentor.cc.purdue.edu X# /etc/tw.log.mentor R X# @@endif X# X X/tmp/genek/tripwire-1.0 R+0123456789-ugpmci X/tmp/genek/tripwire-1.0/tests E X/tmp/genek/tripwire-1.0/databases E X X!/tmp/genek/tripwire-1.0/src/config.parse.o X!/tmp/genek/tripwire-1.0/src/main.o X!/tmp/genek/tripwire-1.0/src/list.o X!/tmp/genek/tripwire-1.0/src/ignorevec.o X!/tmp/genek/tripwire-1.0/src/dbase.build.o X!/tmp/genek/tripwire-1.0/src/utils.o X!/tmp/genek/tripwire-1.0/src/preen.o X!/tmp/genek/tripwire-1.0/src/preen.interp.o X!/tmp/genek/tripwire-1.0/src/preen.report.o X!/tmp/genek/tripwire-1.0/src/nullsig.o X!/tmp/genek/tripwire-1.0/src/config.prim.o X!/tmp/genek/tripwire-1.0/src/dbase.update.o X!/tmp/genek/tripwire-1.0/src/sigfetch X!/tmp/genek/tripwire-1.0/src/tripwire X!/tmp/genek/tripwire-1.0/src/config.pre.o X!/tmp/genek/tripwire-1.0/sigs/crc/crc.o X!/tmp/genek/tripwire-1.0/sigs/crc32/crc32.o X!/tmp/genek/tripwire-1.0/sigs/md2/md2wrapper.o X!/tmp/genek/tripwire-1.0/sigs/md2/md2.o X!/tmp/genek/tripwire-1.0/sigs/md4/md4.o X!/tmp/genek/tripwire-1.0/sigs/md4/md4wrapper.o X!/tmp/genek/tripwire-1.0/sigs/md5/md5.o X!/tmp/genek/tripwire-1.0/sigs/md5/md5wrapper.o X!/tmp/genek/tripwire-1.0/sigs/snefru/snefru.o X X!/tmp/genek/tripwire-1.0/aux/types X!/tmp/genek/tripwire-1.0/aux/byteorder X X!/tmp/genek/tripwire-1.0/src/config.lex.c X!/tmp/genek/tripwire-1.0/src/config.pre.c X!/tmp/genek/tripwire-1.0/Makefile X!/tmp/genek/tripwire-1.0/include/config.h X!/tmp/genek/tripwire-1.0/include/byteorder.h X!/tmp/genek/tripwire-1.0/include/inode.h END_OF_FILE if test 4659 -ne `wc -c <'tripwire-1.0/tests/tw.conf.test'`; then echo shar: \"'tripwire-1.0/tests/tw.conf.test'\" unpacked with wrong size! fi # end of 'tripwire-1.0/tests/tw.conf.test' fi if test -f 'tripwire-1.0/lib/tw.config' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/lib/tw.config'\" else echo shar: Extracting \"'tripwire-1.0/lib/tw.config'\" \(4132 characters\) sed "s/^X//" >'tripwire-1.0/lib/tw.config' <<'END_OF_FILE' X# X# tw.config X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tw.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam12] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner 1: signature 1 X# g : group id of owner 2: signature 2 X# s : size of file X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +pinugsm12-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: (default) R : [R]ead-only (+pinugsm12-a) X# L : [L]og file (+pinug-sam12) X# N : ignore [N]othing (+pinusgsamc12) X# E : ignore [E]verything (-pinusgsamc12) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+ug X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# ==== X# X# Preprocessor directives: X# X# The following directives provide C-preprocessor and m4-like X# functionality: X# X# @@ifhost hostname : included if (hostname) matches X# @@ifhost hostname : included if (hostname) doesn't X# match. X# (both need matching @@endif) X# X# @@define x : defines (x) X# @@undef x : undefines (x) X# X# @@ifdef x : included if (x) is defined. X# @@ifndef x : included if (x) is not defined. X# (both need matching @@endif) X# X# @@endif : closes up @@ifhost, @@ifdef, X# and @@ifndef. X# X# Example: X# A host-dependent inclusion can be specified many ways so tw.config X# files can be shared among multiple machines. So, if the machine X# "mentor.cc.purdue.edu" is the only machine that has a certain file, X# you could use: X# X# @@ifhost mentor.cc.purdue.edu X# /etc/tw.log.mentor R X# @@endif X# X X/tmp/genek/tripwire-1.0 R+0123456789-ugpmci X/tmp/genek/tripwire-1.0/tests E X/tmp/genek/tripwire-1.0/tw.config E X/tmp/genek/tripwire-1.0/databases E X X/tmp/genek/tripwire-1.0/src/config.parse.o X/tmp/genek/tripwire-1.0/src/main.o X/tmp/genek/tripwire-1.0/src/list.o X/tmp/genek/tripwire-1.0/src/ignorevec.o X/tmp/genek/tripwire-1.0/src/dbase.build.o X/tmp/genek/tripwire-1.0/src/utils.o X/tmp/genek/tripwire-1.0/src/preen.o X/tmp/genek/tripwire-1.0/src/preen.interp.o X/tmp/genek/tripwire-1.0/src/preen.report.o X/tmp/genek/tripwire-1.0/src/nullsig.o X/tmp/genek/tripwire-1.0/src/config.prim.o X/tmp/genek/tripwire-1.0/src/dbase.update.o X/tmp/genek/tripwire-1.0/src/sigfetch.o X/tmp/genek/tripwire-1.0/src/config.pre.o X/tmp/genek/tripwire-1.0/sigs/crc/crc.o X/tmp/genek/tripwire-1.0/sigs/crc32/crc32.o X/tmp/genek/tripwire-1.0/sigs/md2/md2wrapper.o X/tmp/genek/tripwire-1.0/sigs/md2/md2.o X/tmp/genek/tripwire-1.0/sigs/md4/md4.o X/tmp/genek/tripwire-1.0/sigs/md4/md4wrapper.o X/tmp/genek/tripwire-1.0/sigs/md5/md5.o X/tmp/genek/tripwire-1.0/sigs/md5/md5wrapper.o X/tmp/genek/tripwire-1.0/sigs/snefru/snefru.o X X!/tmp/genek/tripwire-1.0/aux/types X!/tmp/genek/tripwire-1.0/aux/byteorder X X!/tmp/genek/tripwire-1.0/src/config.lex.c X!/tmp/genek/tripwire-1.0/src/config.pre.c X!/tmp/genek/tripwire-1.0/Makefile X!/tmp/genek/tripwire-1.0/include/config.h X!/tmp/genek/tripwire-1.0/include/byteorder.h X!/tmp/genek/tripwire-1.0/include/inode.h END_OF_FILE if test 4132 -ne `wc -c <'tripwire-1.0/lib/tw.config'`; then echo shar: \"'tripwire-1.0/lib/tw.config'\" unpacked with wrong size! fi # end of 'tripwire-1.0/lib/tw.config' fi if test -f 'tripwire-1.0/contrib/README.TRIPWIRE' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/contrib/README.TRIPWIRE'\" else echo shar: Extracting \"'tripwire-1.0/contrib/README.TRIPWIRE'\" \(3136 characters\) sed "s/^X//" >'tripwire-1.0/contrib/README.TRIPWIRE' <<'END_OF_FILE' X# Lance Bailey X# X XTRIPWIRE X-------- X XTRIPWIRE is a script designed to make easier the running of tripwire on Xmultiple machines, but with only one floppy drive available. X X XA safe, and recommended by gene, manner of running tripwire is to keep Xthe databases and the config files on a read only floppy. A safer still Xapproach is to also store the binaries on the floppy. Unfortunately, if Xyou only have one floppy, you can run out of space while trying to support Xa number of machines/platforms on one floppy. The obvious solution is Xcompression of some sort. X X XTRIPWIRE is designed to take compressed binaries and databases, decompress Xthem into a clean working area and run the [newly uncompressed] binary Xaccording to the appropriate config file. X X XTo use TRIPWIRE, X X1) Xset up your config.h as follows (*before* compiling :) X X#define CONFIG_PATH "/usr/local/adm/tcheck/tripwire.configs" X#define DATABASE_PATH "./Databases" X X#define CONFIG_FILE "tripwire.config_@" X#define DATABASE_FILE "tripwire.database_@" X X X X2) set up a floppy as follows X X/floppy/Databases X -- directory, contains compressed Databases of the X form: tripwire.database_XXX.sub.do.main X tripwire.database_YYY.sub.do.main X X where XXX.sub.do.main and YYY.sub.do.main are X hostnames (as returned by the hostname(1) command) X of machines you are monitoring. X X There will be a unique database for each machine. X X X/floppy/tripwire.configs X -- directory containing compressed binaries for each of X your systems. These are named for the hostname of X the system. Continuing the above example, we would X have X X /floppy/tripwire.configs/XXX.sub.do.main X /floppy/tripwire.configs/YYY.sub.do.main X X if XXX and YYY were the same platform, then a single X file with two links to the inode could be used. X X X X/floppy/tripwire.configs X X -- directory containing the *uncompressed* X configuration files each of your systems. These are X named tripwire.config_XXX.sub.dom.ain and X tripwire.config_YYY.sub.dom.ain X X It is expected that each host will have a unique X config file, although it is possible that disk-sparse X clients might share configs. In this case, use multiple X links to the same config file. X X X3) for each needed platform: X -build the binary X -run the binary tripwire to create the database X -compress the binary and the database and store them onto the floppy X X X4) Mark the floppy readonly, re-mount and export to needed machines. NFS-mount X the floppy as /usr/local/adm/tcheck (or edit the TRIPWIRE script to reflect X your preference). Use a symlink on the floppy's local host to point X /usr/local/adm/tcheck to the floppy if you can't control a floppy's X mount point (stupid NeXT). X X5) TRIPWIRE operates as follows: X X cd the the /tmp area X forcably remove any hierarchy called tcheck.run X create the directory tcheck.run, move to it and create a Databases X directory X uncompress the needed binary and database and store them in . and X Databases X run tripwire, mailing the output to root X move back to the /tmp area and remove the tcheck.run hierarchy X X END_OF_FILE if test 3136 -ne `wc -c <'tripwire-1.0/contrib/README.TRIPWIRE'`; then echo shar: \"'tripwire-1.0/contrib/README.TRIPWIRE'\" unpacked with wrong size! fi # end of 'tripwire-1.0/contrib/README.TRIPWIRE' fi if test -f 'tripwire-1.0/configs/tw.conf.next' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/configs/tw.conf.next'\" else echo shar: Extracting \"'tripwire-1.0/configs/tw.conf.next'\" \(2892 characters\) sed "s/^X//" >'tripwire-1.0/configs/tw.conf.next' <<'END_OF_FILE' X# Lance R. Bailey X# X X# First, root's "home" X=/ L X/.rhosts R # may not exist X/.profile R # may not exist X/.cshrc R # may not exist X/.login R # may not exist X/.exrc R # may not exist X/.logout R # may not exist X/.emacs R # may not exist X/.forward R # may not exist X/.netrc R # may not exist X X# Unix itself X/sdmach R X X# Now, some critical directories and files X# Some exceptions are noted further down X/etc R X/etc/inetd.conf R X/etc/rc R X/etc/rc.boot R X/etc/rc.local R X/etc/rc.single R X/etc/rc.ip R X/etc/ttytab R X/etc/exports R X/etc/ttys L X/etc/dumpdates L X/etc/mtab L X/etc/motd L X/etc/rmtab L X/etc/utmp L X/etc/group R # changes should be infrequent X# The next line may need to be replaced with /etc/security X# if C2 is enabled X/etc/passwd L X X/var L X X/dev L X X/usr/etc R X X# Checksumming the following is not so critical. However, X# setuid/setgid files are special-cased further down. X X/lib R-2 X X/bin R-2 X X/usr/bin R-2 X X/usr/ucb R-2 X X/usr/lib R-2 X X=/usr L X=/usr/spool L X/usr/spool/cron L X/usr/spool/mqueue L X/usr/spool/mail L X X# You may or may not have the following X#/usr/ftp L X#/usr/ftp/bin R X#/usr/ftp/etc R X X# put entries in for /var/yp if you need it X# put entries for uucp if you need them X# put entries for /var/adm if you need it X X=/tmp X=/var/tmp X X# Here are entries for setuid/setgid files. On these, we use X# both signatures just to be sure. X# X# You may want/need to edit this list. Batteries not inc. X X/bin/at R X/bin/atq R X/bin/atrm R X/bin/cancel R X/bin/chfn R X/bin/chsh R X/bin/crontab R X/bin/cu R X/bin/df R X/bin/iostat R X/bin/ipcs R X/bin/login R X/bin/lpstat R X/bin/mail R X/bin/newgrp R X/bin/passwd R X/bin/su R X/bin/sunview1/sv_acquire R X/bin/sunview1/sv_release R X/bin/sunview1/toolplaces R X/bin/tip R X/bin/uucp R X/bin/uuname R X/bin/uustat R X/bin/uux R X/bin/wall R X/bin/write R X/bin/ypchfn R X/bin/ypchsh R X/bin/yppasswd R X/usr/bin/at R X/usr/bin/atq R X/usr/bin/atrm R X/usr/bin/cancel R X/usr/bin/chfn R X/usr/bin/chsh R X/usr/bin/crontab R X/usr/bin/cu R X/usr/bin/df R X/usr/bin/iostat R X/usr/bin/ipcs R X/usr/bin/login R X/usr/bin/lpstat R X/usr/bin/mail R X/usr/bin/newgrp R X/usr/bin/passwd R X/usr/bin/su R X/usr/bin/sunview1/sv_acquire R X/usr/bin/sunview1/sv_release R X/usr/bin/sunview1/toolplaces R X/usr/bin/tip R X/usr/bin/uucp R X/usr/bin/uuname R X/usr/bin/uustat R X/usr/bin/uux R X/usr/bin/wall R X/usr/bin/write R X/usr/bin/ypchfn R X/usr/bin/ypchsh R X/usr/bin/yppasswd R X/usr/etc/arp R X/usr/etc/chill R X/usr/etc/devinfo R X/usr/etc/dkinfo R X/usr/etc/dmesg R X/usr/etc/dump R X/usr/etc/dumpfs R X/usr/etc/keyenvoy R X/usr/etc/kgmon R X/usr/etc/lpc R X/usr/etc/nfsstat R X/usr/etc/ping R X/usr/etc/rpc.rwalld R X/usr/etc/trpt R X/usr/ucb/lpq R X/usr/ucb/lpr R X/usr/ucb/netstat R X/usr/ucb/rcp R X/usr/ucb/rdist R X/usr/ucb/rlogin R X/usr/ucb/rsh R X/usr/ucb/talk R X/usr/ucb/vmstat R X END_OF_FILE if test 2892 -ne `wc -c <'tripwire-1.0/configs/tw.conf.next'`; then echo shar: \"'tripwire-1.0/configs/tw.conf.next'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/tw.conf.next' fi if test -f 'tripwire-1.0/Makefile' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/Makefile'\" else echo shar: Extracting \"'tripwire-1.0/Makefile'\" \(2888 characters\) sed "s/^X//" >'tripwire-1.0/Makefile' <<'END_OF_FILE' X# $Id: Makefile,v 1.3 92/11/03 13:34:46 genek Exp $ X# X# Tripwire build X# X# See the README file before running this! X# X X### X### Start of user-modified settings X### Examine these and change the ones that need to be X### Altered on your system X### X X# destination directory for final executables XDESTDIR = /secureplace/bin X X# destination for man pages XMANDIR = /usr/man X X# system utilities XLEX = lex X#LEX = flex # For the GNU crowd X XYACC = yacc X#YACC = bison # For the GNU crowd X X# for SVR4 make (must be a Bourne-type shell) XSHELL = /bin/sh X#SHELL = /bin/ksh # Another common shell X#SHELL = /bin/bash # For the GNU fanatics X X# you can use ANSI C if you like, but K&R is equally fine. XCC = cc # common X#CC = gcc # also common X#CC = /usr/ccs/bin/cc # Pyramid DC/OSx (SVR4) X XCFLAGS = -O # common X#CFLAGS = -g # debugging X#CFLAGS = -O -cckr # SGI X#CFLAGS = -O -Aa -N # HP/UX ansi X#CFLAGS = -O -Ac -N # HP/UX K&R X#CFLAGS = -O -Ac -N -Wl,-a,archive # HP/UX K&R, insure archived, static link X#CFLAGS = -systype bsd43 # ETA/10 (SVR3) X#CFLAGS = -O -ansi # gnu CC X#CFLAGS = -O -ansi -W -Wreturn-type -Wswitch -Wshadow # gnu CC w/all warnings X#CFLAGS = -OG # Pyramid OSx X#CFLAGS = -O -Kold # Pyramid DC/OSx (SVR4) X X# a C preprocessor (to build inode.h) XCPP = cc -E # common X#CPP = /usr/lib/cpp # on older systems X#CPP = /lib/cpp # on older systems X X# make sure libraries are not linked dynamically (as a security measure) XLDFLAGS= # common X#LDFLAGS= -non_shared # OSF/1 X#LDFLAGS= -Bstatic # SunOS X#LDFLAGS= -dn # Pyramid DC/OSx (SVR4) X X# libraries XLIBS = # common X#LIBS = -lmalloc -lsun -lc_s # IRIX 4.0 X#LIBS = -lx # Xenix X#LIBS = -lbsd # MIPS RISC/OS X X# If you don't have the install command, you need to replace X# the use of it later in the makefile with a cp and chmod XINSTALL= /usr/bin/install # common X#INSTALL= /usr/ucb/install # Pyramid DC/OSx (SVR4) X#INSTALL= /etc/install # Pyramid OSx X#INSTALL= /bin/cp # no install X X# how you get hostname information (BSD vs. SYSV style) XHOSTNAME = hostname # BSD X#HOSTNAME = uname -n # System V X X X### X### End of user-modified settings X### You should not need to change anything after this X### X XDIST = tripwire-1.0 X Xall: X (cd aux; make CC=$(CC) CFLAGS="$(CFLAGS)" \ X LDFLAGS="$(LDFLAGS)" CPP="$(CPP)" SHELL=$(SHELL) all) X (cd src; make CC=$(CC) CFLAGS="$(CFLAGS)" LIBS="$(LIBS)" \ X LDFLAGS="$(LDFLAGS)" CPP="$(CPP)" SHELL=$(SHELL) all) X Xinstall: all X (cd src; make INSTALL=$(INSTALL) DESTDIR=$(DESTDIR) install) X (cd man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install) X Xtest: all X (cd tests; make HOSTNAME=$(HOSTNAME) DIST=$(DIST) SHELL=$(SHELL)) X Xclean: X (cd src; make clean) X (cd man; make clean) X (cd aux; make clean) X (cd tests; make clean) X rm -f core X Xclobber: clean X (cd src; make clobber) X (cd man; make clean) X (cd aux; make clean) X (cd tests; make clean) X rm -f core END_OF_FILE if test 2888 -ne `wc -c <'tripwire-1.0/Makefile'`; then echo shar: \"'tripwire-1.0/Makefile'\" unpacked with wrong size! fi # end of 'tripwire-1.0/Makefile' fi if test -f 'tripwire-1.0/src/config.prim.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/config.prim.c'\" else echo shar: Extracting \"'tripwire-1.0/src/config.prim.c'\" \(2728 characters\) sed "s/^X//" >'tripwire-1.0/src/config.prim.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: config.prim.c,v 1.2 92/11/03 02:43:37 genek Exp $"; X#endif X X/* X * config.prim.c X * X * process configuration file directive primitives (ala m4 or cpp). X * X * ifhost X * define X * undef X * ifdef X * ifndef X * X * Gene Kim X * Purdue University X * September 28, 1992 X */ X X#include "../include/config.h" X#include X#ifdef __STDC__ X# include X# include X#endif X#ifdef STRINGH X#include X#else X#include X#endif X#include "../include/tripwire.h" X#include "../include/list.h" X#include X#include X#ifndef GETHOSTNAME X#include X#endif X#ifndef MAXHOSTNAMELEN X#define MAXHOSTNAMELEN 64 X#endif X#ifndef GETHOSTNAME X#include X#endif X Xstatic struct list *defines_table = (struct list *) NULL; X X/* X * void X * tw_mac_define(char *varname, char *varvalue) X * X * set (varname) to (varvalue) in the defines table X */ X Xvoid Xtw_mac_define(varname, varvalue) X char *varname, *varvalue; X{ X list_set(varname, varvalue, 0, &defines_table); X} X X/* char * X * tw_mac_dereference(char *varname) X * X * returns the (varvalue) in the defines table. X */ X Xchar * Xtw_mac_dereference(varname) X char *varname; X{ X return list_lookup(varname, &defines_table); X} X X/* X * void X * tw_mac_undef(char *varname) X * X * removes (varname) from the defines table. X */ X Xvoid Xtw_mac_undef(varname) X char *varname; X{ X list_unset(varname, &defines_table); X} X X/* X * int X * tw_mac_ifdef(char *varname) X * X * returns 1 if (varname) is in defines table, else 0. X */ X Xint Xtw_mac_ifdef(varname) X char *varname; X{ X return list_isthere(varname, &defines_table); X} X X/* X * int X * tw_mac_ifhost(char *hostname) X * X * returns 1 if (hostname) matches our hostname X */ X Xint Xtw_mac_ifhost(hostname) X char *hostname; X{ X char realhostname[MAXHOSTNAMELEN]; X register char *tc, *sc; X X X#ifndef GETHOSTNAME X struct utsname sysinfo; X X if (uname(&sysinfo) < 0) X die_with_err("filename_hostname_expand: uname()", (char *) NULL); X X (void) strncpy(realhostname, sysinfo.nodename, MAXHOSTNAMELEN); X X#else /* GETHOSTNAME */ X X /* get the hostname */ X if (gethostname(realhostname, MAXHOSTNAMELEN) < 0) X die_with_err("filename_hostname_expand: gethostname()", (char *) NULL); X X X#endif /* GETHOSTNAME */ X X /* check for a match between the hostnames (case insensitive) */ X X for (sc = realhostname, tc = hostname; *sc && *tc ; sc++, tc++) { X if (*tc == *sc) X continue; X else if (isupper(*tc) && islower(*sc)) { X if (tolower(*tc) != *sc) X return 0; X} X else if (islower(*tc) && isupper(*sc)) { X if (*tc != tolower(*sc)) X return 0; X } X else X return 0; X } X return (!(*tc || *sc)); X} X END_OF_FILE if test 2728 -ne `wc -c <'tripwire-1.0/src/config.prim.c'`; then echo shar: \"'tripwire-1.0/src/config.prim.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/config.prim.c' fi if test -f 'tripwire-1.0/src/preen.interp.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/preen.interp.c'\" else echo shar: Extracting \"'tripwire-1.0/src/preen.interp.c'\" \(2618 characters\) sed "s/^X//" >'tripwire-1.0/src/preen.interp.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: preen.interp.c,v 1.2 92/11/03 02:44:00 genek Exp $"; X#endif X X/* X * preen.interp.c X * X * interpret the diffs between the database files X * X * Gene Kim X * Purdue University X */ X X#include "../include/config.h" X#include X#ifdef STDLIBH X#include X#endif X#ifdef STRINGH X#include X#else X#include X#endif X#include X#ifdef __STDC__ X# include X# include X#endif X#include "../include/list.h" X#include "../include/tripwire.h" X X /* the diff lists */ Xstruct list *diff_added_list = NULL, X *diff_deleted_list = NULL, X *diff_changed_list = NULL; X X /* how many in each list */ Xint diff_added_num = 0, X diff_changed_num = 0, X diff_deleted_num = 0; X X/* X * preen_interp(FILE *fpin) X * X * do the actual interpreation of the diff output, generated by X * diffing the two database files. X */ X Xvoid Xpreen_interp (fpin) X FILE *fpin; X{ X char s[1024]; X char key[MAXPATHLEN], value[512]; X struct list_elem *plist; X X fprintf(stderr, "### Phase 4: Searching for inconsistencies\n"); X X /* start reading in lines from the new database */ X while (fgets(s, sizeof(s), fpin) != NULL) { X char *oldvalue; X X /* is it a comment? */ X if (s[0] == '#') X continue; X if (s[0] == '@' && s[1] == '@') X continue; X X /* X * if it's in the list: X * flag as SEEN X * a) if it's the same, next; X * b) if it's different, it's CHANGED; X * otherwise, X * it's ADDED X * X * scan entire list, find all !SEEN X * they're DELETED X */ X X string_split_space(s, key, value); X X /* expand any escaped characters */ X filename_escape_expand(key); X X /* if file is in saved database */ X if ((oldvalue = list_lookup(key, &filelist)) != NULL) { X list_setflag(key, FLAG_SEEN, &filelist); X X /* was it CHANGED? */ X if (strcmp(value, oldvalue) != 0) { X list_set(key, value, 0, &diff_changed_list); X diff_changed_num++; X } X /* else skip it */ X else X continue; X } X /* else it's been ADDED */ X else { X list_set(key, value, 0, &diff_added_list); X diff_added_num++; X } X } X X /* look for DELETED entries */ X if (list_open(&filelist) < 0) { X fprintf(stderr, "preen_interp: list_open() failed!\n"); X exit(1); X } X X while ((plist = list_get(&filelist)) != NULL) { X /* skip entries that have already been seen */ X if (plist->flag & FLAG_SEEN) X continue; X X list_set(plist->varname, plist->varvalue, 0, &diff_deleted_list); X diff_deleted_num++; X } X X if (list_close(&filelist) < 0) { X fprintf(stderr, "preen_interp: list_open() failed!\n"); X exit(1); X } X X return; X} END_OF_FILE if test 2618 -ne `wc -c <'tripwire-1.0/src/preen.interp.c'`; then echo shar: \"'tripwire-1.0/src/preen.interp.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/preen.interp.c' fi if test -f 'tripwire-1.0/sigs/md5/README.md5' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md5/README.md5'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md5/README.md5'\" \(2577 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md5/README.md5' <<'END_OF_FILE' X# $Id: README.md5,v 1.1.1.2 92/11/02 18:22:03 genek Exp $ X X/*********************************************************************** X ** md5.c -- the source code for MD5 routines ** X ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** X ** Created: 2/17/90 RLR ** X ** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version ** X ** Revised (for MD5): RLR 4/27/91 ** X *********************************************************************** X ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** X ** License to copy and use this software is granted provided that ** X ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** X ** Digest Algorithm" in all material mentioning or referencing this ** X ** software or this function. ** X ** License is also granted to make and use derivative works ** X ** provided that such works are identified as "derived from the RSA ** X ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** X ** material mentioning or referencing the derived work. ** X ** RSA Data Security, Inc. makes no representations concerning ** X ** either the merchantability of this software or the suitability ** X ** of this software for any particular purpose. It is provided "as ** X ** is" without express or implied warranty of any kind. ** X ** These notices must be retained in any copies of any part of this ** X ***********************************************************************/ X X The MD5 message-digesting package is copyrighted by RSA Data XSecurity, Inc. The disclaimer from the C code has been retained, Xand is shown above. X X All big-endian/little-endian specific code in md5.c has been Xreplaced by code that can resolve this automatically at Xcompile-time. Tripwire specific code is in md5wrapper.c, which Xcontains the routine 'sig_md5_get' to minimize the amount of Xoverhead in collecting signatures from within Tripwire. (We Xcertainly don't want to fork() for every file we need to scan!) X X Because of this, these files is no longer identical to the XMD5 virgin distribution. I have sent my changes to the MD5 Xauthor, but I am not aware of any buybacks at this time. X X The original MD5 code can be found in the Internet Working XDraft RFC 1321. This can be obtained via anonymous FTP (user = Xanonymous, password = guest) from NIC.DDN.MIL. X X XGene Kim XSeptember 7, 1992 END_OF_FILE if test 2577 -ne `wc -c <'tripwire-1.0/sigs/md5/README.md5'`; then echo shar: \"'tripwire-1.0/sigs/md5/README.md5'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md5/README.md5' fi if test -f 'tripwire-1.0/sigs/md2/md2wrapper.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md2/md2wrapper.c'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md2/md2wrapper.c'\" \(2177 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md2/md2wrapper.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: md2wrapper.c,v 1.1.1.1 92/11/02 17:51:57 genek Exp $"; X#endif X X/* X * md2wrapper.c X * X * signature function hook for MD2 (the RSA Data Security, Inc. MD2 X * Message Digesting Algorithm) for Tripwire. X * X * The original MD2 code is contained in md2.c in its entirety. X * X * Gene Kim X * Purdue University X * September 27, 1992 X */ X X#include "../../include/config.h" X#include X#include X#ifdef STDLIBH X#include X#include X#endif X#ifdef STRINGH X#include X#else X#include X#endif X#include "global.h" X#include "md2.h" X#include "../../include/sigs.h" X#define BUFSIZE 4096 X Xstatic MD2_CTX mdbucket; /* MD2 data structure */ X Xchar *ltob64(); X X/* X * int X * pf_signature(int fd_in, char *ps_signature, int siglen) X * X * fd_in: pointer to input file descriptor X * ps_signature: pointer to array where signature will be stored X * siglen: length of the signature array (for overflow checking) X */ X Xint Xsig_md2_get (fd_in, ps_signature, siglen) X int fd_in; X char *ps_signature; X int siglen; X{ X unsigned char buffer[BUFSIZE]; X int readin = -1; X unsigned long int words; X int i; X MD2_CTX *mdbuf; X char s[128]; X char sword[128]; X unsigned char digest[16]; X X mdbuf = &mdbucket; X X ps_signature[0] = '\0'; X X /* rewind the file descriptor */ X if (lseek(fd_in, 0, SEEK_SET) < 0) { X perror("sig_md2_get: lseek()"); X exit(1); X } X X MD2Init (mdbuf); X X while ((readin = read(fd_in, (char *)buffer, (off_t) BUFSIZE)) == BUFSIZE) { X MD2Update(mdbuf, buffer, BUFSIZE); X } X if (readin < 0) { X perror("sig_md2_get: read()"); X exit(1); X } X if (readin > 0) { X MD2Update(mdbuf, buffer, (unsigned)readin); X } X MD2Final (digest, mdbuf); X X words = 0L; X for (i = 0; i < 16; i++) { X words = (words << 8) | digest[i]; X if ((i+1) % 4 == 0 && i != 0 && i != 15) { X /* printf("%08lx", words); */ X sprintf(s, "%6s", ltob64(words, sword)); X strcat(ps_signature, s); X words = 0L; X } X } X /* printf("%04lx", words); */ X sprintf(s, "%6s", ltob64(words, sword)); X strcat(ps_signature, s); X return 0; X} END_OF_FILE if test 2177 -ne `wc -c <'tripwire-1.0/sigs/md2/md2wrapper.c'`; then echo shar: \"'tripwire-1.0/sigs/md2/md2wrapper.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md2/md2wrapper.c' fi if test -f 'tripwire-1.0/FAQ' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/FAQ'\" else echo shar: Extracting \"'tripwire-1.0/FAQ'\" \(2127 characters\) sed "s/^X//" >'tripwire-1.0/FAQ' <<'END_OF_FILE' X# $Id: FAQ,v 1.2 92/11/03 13:34:43 genek Exp $ X X# X# FAQ for Tripwire X# X X This file answers frequently asked questions about Tripwire. XThe first section of the file covers Tripwire concepts and design, Xwhile the second section addresses troubleshooting. X XConcepts: X========= X XQ: Why doesn't Tripwire ever traverse filesystems? X XA: This is a feature. This behavior makes it possible to put a X directory (e.g., '/') in your tw.config file, and you won't X have to worry whether it will traverse all the locally-mounted X filesystems. X X XQ: What is the difference between pruining an entry in your X tw.config file (via "!") and ignoring everything (via the "E" X template)? X XA: Ignoring everything in a directory still monitors for added X and deleted files. Pruning a directory will prevent Tripwire X from even looking in the specified directory. X X XQ: Tripwire runs very slowly. What can I do to make it run X faster? X XA: You can modify your tw.config entries to skip the Snefru X signatures by appending a "-2" to the ignore flags. Or you can X run tell Tripwire at run-time to skip Snefru by: X X tripwire -i 2 X X This computationally expensive operation may not be needed for X many applications. (See README section on security vs. X performance trade-offs for further details.) X XTroubleshooting: X================ X XQ: When running Tripwire in Integrity Checking mode, Tripwire X fails when it tries to find a file with a name consisting of X thousands of '/'s. What went wrong? X XA: Your setting for the #define DIRENT value in your conf-.h X file is probably set wrong. Trying switching the setting and X see if the problem goes away. (i.e., switch #define to X #undef, or vice versa.) X X XQ: I have /tmp in my tw.config file, but none of the files in X the directory are being read by Tripwire. What's going on? X XA: Check to see that your /tmp directory isn't a symbolic link X to another filesystem. When recursing down into directories, X Tripwire never traverses symbolic links or enters another X filesystem. X X XGene & Gene XKim & Spafford X XNovember 2, 1992 X(genek@mentor.cc.purdue.edu) X(spaf@cs.purdue.edu) X END_OF_FILE if test 2127 -ne `wc -c <'tripwire-1.0/FAQ'`; then echo shar: \"'tripwire-1.0/FAQ'\" unpacked with wrong size! fi # end of 'tripwire-1.0/FAQ' fi if test -f 'tripwire-1.0/sigs/md5/md5wrapper.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md5/md5wrapper.c'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md5/md5wrapper.c'\" \(2121 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md5/md5wrapper.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: md5wrapper.c,v 1.1.1.1 92/11/02 17:53:07 genek Exp $"; X#endif X X/* X * md5wrapper.c X * X * signature function hook for MD5 (the RSA Data Security, Inc. MD5 X * Message Digesting Algorithm) for Tripwire. X * X * The original MD5 code is contained in md5.c in its entirety. X * X * Gene Kim X * Purdue University X * September 27, 1992 X */ X X#include "../../include/config.h" X#include X#include X#ifdef STDLIBH X#include X#include X#endif X#ifdef STRINGH X#include X#else X#include X#endif X#include "../../include/sigs.h" X#include "md5.h" X#define BUFSIZE 4096 X Xstatic MD5_CTX mdbucket; /* MD5 data structure */ X Xchar *ltob64(); X X/* X * int X * pf_signature(int fd_in, char *ps_signature, int siglen) X * X * fd_in: pointer to input file descriptor X * ps_signature: pointer to array where signature will be stored X * siglen: length of the signature array (for overflow checking) X */ X Xint Xsig_md5_get (fd_in, ps_signature, siglen) X int fd_in; X char *ps_signature; X int siglen; X{ X unsigned char buffer[BUFSIZE]; X int readin; X unsigned long int words; X int i; X MD5_CTX *mdbuf; X char s[128]; X char sword[128]; X X mdbuf = &mdbucket; X X ps_signature[0] = '\0'; X X /* rewind the file descriptor */ X if (lseek(fd_in, 0, SEEK_SET) < 0) { X perror("sig_md5_get: lseek()"); X exit(1); X } X X MD5Init (mdbuf); X X while ((readin = read(fd_in, (char *)buffer, (off_t) BUFSIZE)) == BUFSIZE) { X MD5Update(mdbuf, buffer, BUFSIZE); X } X if (readin < 0) { X perror("sig_md5_get: read()"); X exit(1); X } X if (readin > 0) { X MD5Update(mdbuf, buffer, (unsigned)readin); X } X MD5Final (mdbuf); X X words = 0L; X for (i = 0; i < 16; i++) { X words = (words << 8) | mdbuf->digest[i]; X if ((i+1) % 4 == 0 && i != 0 && i != 15) { X /* printf("%08lx", words); */ X sprintf(s, "%6s", ltob64(words, sword)); X strcat(ps_signature, s); X words = 0L; X } X } X /* printf("%04lx", words); */ X sprintf(s, "%6s", ltob64(words, sword)); X strcat(ps_signature, s); X return 0; X} END_OF_FILE if test 2121 -ne `wc -c <'tripwire-1.0/sigs/md5/md5wrapper.c'`; then echo shar: \"'tripwire-1.0/sigs/md5/md5wrapper.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md5/md5wrapper.c' fi if test -f 'tripwire-1.0/sigs/md4/md4.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md4/md4.h'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md4/md4.h'\" \(1922 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md4/md4.h' <<'END_OF_FILE' X/* $Id: md4.h,v 1.1.1.2 92/11/02 18:21:46 genek Exp $ */ X X/* X** ************************************************************************** X** md4.h -- Header file for implementation of MD4 Message Digest Algorithm ** X** Updated: 2/13/90 by Ronald L. Rivest ** X** (C) 1990 RSA Data Security, Inc. ** X** ************************************************************************** X*/ X X/* MDstruct is the data structure for a message digest computation. X*/ Xtypedef struct { X unsigned int buffer[4]; /* Holds 4-word result of MD computation */ X unsigned char count[8]; /* Number of bits processed so far */ X unsigned int done; /* Nonzero means MD computation finished */ X} MDstruct, *MDptr; X X/* MDbegin(MD) X** Input: MD -- an MDptr X** Initialize the MDstruct prepatory to doing a message digest computation. X*/ Xextern void MDbegin(); X X/* MDupdate(MD,X,count) X** Input: MD -- an MDptr X** X -- a pointer to an array of unsigned characters. X** count -- the number of bits of X to use (an unsigned int). X** Updates MD using the first ``count'' bits of X. X** The array pointed to by X is not modified. X** If count is not a multiple of 8, MDupdate uses high bits of last byte. X** This is the basic input routine for a user. X** The routine terminates the MD computation when count < 512, so X** every MD computation should end with one call to MDupdate with a X** count less than 512. Zero is OK for a count. X*/ Xextern void MDupdate(); X X/* MDprint(MD) X** Input: MD -- an MDptr X** Prints message digest buffer MD as 32 hexadecimal digits. X** Order is from low-order byte of buffer[0] to high-order byte of buffer[3]. X** Each byte is printed with high-order hexadecimal digit first. X*/ Xextern void MDprint(); X X/* X** End of md4.h X****************************(cut)*****************************************/ X Xint sig_md4_get(); END_OF_FILE if test 1922 -ne `wc -c <'tripwire-1.0/sigs/md4/md4.h'`; then echo shar: \"'tripwire-1.0/sigs/md4/md4.h'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md4/md4.h' fi if test -f 'tripwire-1.0/sigs/md4/md4wrapper.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md4/md4wrapper.c'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md4/md4wrapper.c'\" \(1915 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md4/md4wrapper.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: md4wrapper.c,v 1.1.1.1 92/11/02 17:52:24 genek Exp $"; X#endif X X/* X * md4wrapper.c X * X * signature function hook for MD4 (the RSA Data Security, Inc. MD4 X * Message Digesting Algorithm) for Tripwire. X * X * The original MD4 code is contained in md4.c in its entirety. X * X * Gene Kim X * Purdue University X * October 14, 1992 X */ X X#include "../../include/config.h" X#include X#include X#ifdef STDLIBH X#include X#include X#endif X#ifdef STRINGH X#include X#else X#include X#endif X#include "../../include/sigs.h" X#include "md4.h" X#define BUFSIZE 512 X Xstatic MDstruct mdbucket; /* MD4 data structure */ X Xchar *ltob64(); X X/* X * int X * pf_signature(int fd_in, char *ps_signature, int siglen) X * X * fd_in: pointer to input file descriptor X * ps_signature: pointer to array where signature will be stored X * siglen: length of the signature array (for overflow checking) X */ X Xint Xsig_md4_get (fd_in, ps_signature, siglen) X int fd_in; X char *ps_signature; X int siglen; X{ X unsigned char buffer[BUFSIZE]; X int readin = -1; X unsigned long int words; X int i; X MDstruct *mdbuf; X char s[128]; X char sword[128]; X X mdbuf = &mdbucket; X X ps_signature[0] = '\0'; X X /* rewind the file descriptor */ X if (lseek(fd_in, 0, SEEK_SET) < 0) { X perror("sig_md4_get: lseek()"); X exit(1); X } X X MDbegin (mdbuf); X X while ((readin = read(fd_in, (char *)buffer, (off_t) BUFSIZE)) == BUFSIZE) { X MDupdate(mdbuf, buffer, BUFSIZE); X } X if (readin < 0) { X perror("sig_md4_get: read()"); X exit(1); X } X if (readin > 0) { X MDupdate(mdbuf, buffer, (unsigned)readin); X } X X words = 0L; X for (i = 0; i < 4; i++) { X words = mdbuf->buffer[i]; X /* printf("%08lx", words); */ X sprintf(s, "%6s", ltob64(words, sword)); X strcat(ps_signature, s); X words = 0L; X } X return 0; X} END_OF_FILE if test 1915 -ne `wc -c <'tripwire-1.0/sigs/md4/md4wrapper.c'`; then echo shar: \"'tripwire-1.0/sigs/md4/md4wrapper.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md4/md4wrapper.c' fi if test -f 'tripwire-1.0/configs/tw.conf.hpux' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/configs/tw.conf.hpux'\" else echo shar: Extracting \"'tripwire-1.0/configs/tw.conf.hpux'\" \(1776 characters\) sed "s/^X//" >'tripwire-1.0/configs/tw.conf.hpux' <<'END_OF_FILE' X# Lance R. Bailey X# X X# First, root's "home" X=/ L X/.rhosts R # may not exist X/.profile R # may not exist X/.cshrc R # may not exist X/.login R # may not exist X/.exrc R # may not exist X/.logout R # may not exist X/.emacs R # may not exist X/.forward R # may not exist X/.netrc R # may not exist X X# Unix itself X/hp-ux R X/SYSBCKUP R X X# Now, some critical directories and files X# Some exceptions are noted further down X/etc R X=/etc/conf X=/etc/filesets X=/etc/interface.lib X=/etc/newconfig X=/etc/oldconfig X=/etc/update.lib X=/etc/sm X=/etc/sm.bak X=/etc/rmfn.lib X X/etc/inetd.conf R X/etc/rc R X/etc/gettydefs R X/etc/exports R X/etc/motd L X/etc/rmtab L X/etc/utmp L X/etc/group R # changes should be infrequent X/etc/passwd L X X/dev L X X/usr/etc R X X# Checksumming the following is not so critical. However, X# setuid/setgid files are special-cased further down. X X/lib R-2 X X/bin R-2 X X/usr/bin R-2 X X/usr/lib R-2 X=/usr/lib/nls X X=/usr L X=/usr/spool L X/usr/spool/cron L X/usr/spool/mqueue L X/usr/mail L X X=/tmp X=/usr/tmp X X# Here are entries for setuid/setgid files. On these, we use X# both signatures just to be sure. X# X# You may want/need to edit this list. Batteries not inc. X X/bin/df R X/bin/ipcs R X/bin/login R X/bin/mail R X/bin/passwd R X/bin/rmail R X/bin/su R X/bin/write R X/etc/diskinfo R X/etc/dmesg R X/etc/dump R X/etc/ping R X/etc/wall R X/usr/bin/at R X/usr/bin/bdf R X/usr/bin/cancel R X/usr/bin/chfn R X/usr/bin/chsh R X/usr/bin/crontab R X/usr/bin/cu R X/usr/bin/iostat R X/usr/bin/lpr R X/usr/bin/lpstat R X/usr/bin/mailx R X/usr/bin/netstat R X/usr/bin/rcp R X/usr/bin/rlogin R X/usr/bin/remsh R X/usr/bin/uucp R X/usr/bin/uuname R X/usr/bin/uustat R X/usr/bin/uux R X/usr/bin/vmstat R X/etc/arp R X/usr/etc/nfsstat R X/usr/etc/rpc.rwalld R END_OF_FILE if test 1776 -ne `wc -c <'tripwire-1.0/configs/tw.conf.hpux'`; then echo shar: \"'tripwire-1.0/configs/tw.conf.hpux'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/tw.conf.hpux' fi if test -f 'tripwire-1.0/src/config.pre.l' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/config.pre.l'\" else echo shar: Extracting \"'tripwire-1.0/src/config.pre.l'\" \(1728 characters\) sed "s/^X//" >'tripwire-1.0/src/config.pre.l' <<'END_OF_FILE' X%{ X/* $Id: config.pre.l,v 1.1.1.1 92/11/02 17:54:21 genek Exp $ */ X X/* X * config.pre.l X * X * lexical analyzer for preprocessing tw.config files. X * X * note that escaped sequences in the token must be X * expanded manually. X * X * Gene Kim X * Purdue University X * October 4, 1992 X */ X X /* X * note that strings can contain '@'s, but they X * cannot start with them! X * X * similarly, we can have #'s in strings, but they X * cannot be the first character! X */ X X%} X XWS [ \t] XCOMMENT [#] XEOL [\n] XDIRECTIVE @{2,2} XSTRING ([^ \t\n\#\@\(\)]|\\.)+([^ \t\n\(\)]|\\.)* XLPAREN [\(] XRPAREN [\)] XANDAND \&{2,2} XOROR \|{2,2} XBSLASH [\\] X X%% X X{WS}+ { /* eat spaces */ } X{BSLASH}{EOL} { X /* eat line continuations */ X linenumber++; X } X{COMMENT}[^\n]* { /* eat comments */ } X X^{DIRECTIVE}{WS}*include { return INCLUDE; } X^{DIRECTIVE}{WS}*define { return DEFINE; } X^{DIRECTIVE}{WS}*undef { return UNDEF; } X^{DIRECTIVE}{WS}*ifdef { return IFDEF; } X^{DIRECTIVE}{WS}*ifndef { return IFNDEF; } X^{DIRECTIVE}{WS}*ifhost { return IFHOST; } X^{DIRECTIVE}{WS}*ifnhost { return IFNHOST; } X^{DIRECTIVE}{WS}*contents { return CONTENTS; } X^{DIRECTIVE}{WS}*dbaseversion { return DBASEVERSION; } X^{DIRECTIVE}{WS}*else { return ELSE; } X^{DIRECTIVE}{WS}*endif { return ENDIF; } X^{DIRECTIVE}{WS}*echo { return ECHOTHIS; } X{DIRECTIVE} { return DIRECTIVE; } X X{EOL} { linenumber++; return EOL; } X{ANDAND} { return ANDAND; } X{OROR} { return OROR; } X{LPAREN} { return LPAREN; } X{RPAREN} { return RPAREN; } X{STRING} { X yytext[yyleng] = '\0'; X yylval.string = yytext; X if (yaccdebuglevel > 10) X printf("--(STRING)--> %s\n", yytext); X return STRING; X } X END_OF_FILE if test 1728 -ne `wc -c <'tripwire-1.0/src/config.pre.l'`; then echo shar: \"'tripwire-1.0/src/config.pre.l'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/config.pre.l' fi if test -f 'tripwire-1.0/sigs/md2/Makefile' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md2/Makefile'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md2/Makefile'\" \(289 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md2/Makefile' <<'END_OF_FILE' X# $Id: Makefile,v 1.1.1.2 92/11/02 18:21:15 genek Exp $ X# X# Makefile for MD2 wrapper X# X# Gene Kim X# Purdue University X# October 18, 1992 X# X Xall: md2wrapper.o md2.o X X.c.o: X $(CC) $(CFLAGS) -c $< X Xclean: X -rm -rf *.o X Xmd2.o: ../../include/byteorder.h Xmd2wrapper.o: ../../include/byteorder.h END_OF_FILE if test 289 -ne `wc -c <'tripwire-1.0/sigs/md2/Makefile'`; then echo shar: \"'tripwire-1.0/sigs/md2/Makefile'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md2/Makefile' fi echo shar: End of archive 7 \(of 8\). cp /dev/null ark7isdone MISSING="" for I in 1 2 3 4 5 6 7 8 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 8 archives. echo "Now read the README file" rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0