## tw.config.OpenBSD
## 
## Tripwire config for testing integrity for firewall machines
##

## =	Exclusive prune: Don't prune entry, but prune children
## !    Inclusive prune: prune subdirs & files also

## Directory only checking (don't check contents):
=/tmp           	+pnug-isamc123456789 
=/secure/tw		+pnug-isamc123456789
=/.ssh			+pnug-isamc123456789
=/etc/ssh_random_seed	+pnug-isamc123456789
=/var/tmp		+pnug-isamc123456789
=/var/spool/locks	+pnug-isamc123456789
=/var/spool/lpd		+pnug-isamc123456789
=/var/spool/mqueue	+pnug-isamc123456789

## Save speed and space:
!/var/www/htdocs/snort 
!/usr/include         
!/usr/share/info      
!/usr/share/man      
# the source tree is gigantic...
!/usr/src

# Files that can change size & date, but not permissions or ownership:
# [Does this work??]
/secure					+pnug-isamc123456789 
/dev					+pnug-isamc123456789 
/var/cron/log				+pnug-isamc123456789 
=/var/log				+pnug-isamc123456789
#/var/log/messages			+pnug-isamc123456789
#/var/log/maillog			+pnug-isamc123456789

## Check size & inode number also
/root/.[a-zA-Z]*			+pinus-gamc123456789

# Normal checking (size, date, permissions etc.): 
/etc			R
/sbin			R #  
# testing with coredumps:
!/usr			R #  
!/var			R # 
/home			R # 

################################################
# tripwire attributes:
#                      -   ignore the following attributes
#                      +   record and check the  following  attri-
#                          butes
#                      p   permission and file mode bits
#                      i   inode number
#                      n   number of links (i.e., inode  reference count)
#                      u   user id of owner
#                      g   group id of owner
#                      s   size of file
#                      a   access timestamp
#                      m   modification timestamp
#                      c   inode creation/modification timestamp
#                      0   signature 0 - null signature
#                      1   signature 1 - MD5, the RSA  Data  Secu-
#                          rity, Inc. Message Digesting Algorithm.
#                      2   signature 2 - Snefru, the Xerox  Secure
#                          Hash Function.
#                      3   signature 3 - CRC-32, POSIX 1003.2 com-
#                          pliant 32-bit Cyclic Redundancy Check.
#                      4   signature  4  -  CRC-16,  the  standard
#                          (non-CCITT)  16-bit  Cyclic  Redundancy
#                          Check.
#                      5   signature 5 - MD4, the RSA  Data  Secu-
#                          rity, Inc. Message Digesting Algorithm.
#                      6   signature 6 - MD2, the RSA  Data  Secu-
#                          rity, Inc. Message Digesting Algorithm.
#                      7   signature 7 - SHA, the NIST Secure Hash
#                          Algorithm (NIST FIPS 180)
#                      8   signature 8 - Haval, a  strong  128-bit
#                          signature algorithm
#
#     The following templates have been pre-defined to make  these
#     long select-masks descriptions unnecessary.
#          R    [R]ead-only (+pinugsm12-ac3456789) (default)
#          L    [L]og file (+pinug-sacm123456789)
#          N    ignore [N]othing (+pinusgsamc123456789)
#          E    ignore [E]verything (-pinusgsamc123456789)
#          >    monotonically growing file (+pinug>-samc1233456789)
# eof