# $Id$ # # tw.config # # This file contains a list of files and directories that System # Preener will scan. Information collected from these files will be # stored in the tw.database file. # # Format: [!|=] entry [ignore-flags] # # where: '!' signifies the entry is to be pruned (inclusive) from # the list of files to be scanned. # '=' signifies the entry is to be added, but if it is # a directory, then all its contents are pruned # (useful for /tmp). # # where: entry is the absolute pathname of a file or a directory # # where ignore-flags are in the format: # [template][ [+|-][pinugsam12] ... ] # # - : ignore the following atributes # + : do not ignore the following attributes # # p : permission and file mode bits a: access timestamp # i : inode number m: modification timestamp # n : number of links (ref count) c: inode creation timestamp # u : user id of owner 1: signature 1 # g : group id of owner 2: signature 2 # s : size of file # # # Ex: The following entry will scan all the files in /etc, and report # any changes in mode bits, inode number, reference count, uid, # gid, modification and creation timestamp, and the signatures. # However, it will ignore any changes in the access timestamp. # # /etc +pinugsm12-a # # The following templates have been pre-defined to make these long ignore # mask descriptions unecessary. # # Templates: (default) R : [R]ead-only (+pinugsm12-a) # L : [L]og file (+pinug-sam12) # N : ignore [N]othing (+pinusgsamc12) # E : ignore [E]verything (-pinusgsamc12) # > : like [L], but ignore growing files # # By default, Tripwire uses the R template -- it ignores # only the access timestamp. # # You can use templates with modifiers, like: # Ex: /etc/lp E+ug # # Example configuration file: # /etc R # all system files # !/etc/lp R # ...but not those logs # =/tmp N # just the directory, not its files # # ==== # # Preprocessor directives: # # The following directives provide C-preprocessor and m4-like # functionality: # # @@ifhost hostname : included if (hostname) matches # @@ifhost hostname : included if (hostname) doesn't # match. # (both need matching @@endif) # # @@define x : defines (x) # @@undef x : undefines (x) # # @@ifdef x : included if (x) is defined. # @@ifndef x : included if (x) is not defined. # (both need matching @@endif) # # @@endif : closes up @@ifhost, @@ifdef, # and @@ifndef. # # Example: # A host-dependent inclusion can be specified many ways so tw.config # files can be shared among multiple machines. So, if the machine # "mentor.cc.purdue.edu" is the only machine that has a certain file, # you could use: # # @@ifhost mentor.cc.purdue.edu # /etc/tw.log.mentor R # @@endif # /tmp/genek/tripwire-1.0 R+0123456789-ugpmci /tmp/genek/tripwire-1.0/tests E /tmp/genek/tripwire-1.0/tw.config E /tmp/genek/tripwire-1.0/databases E /tmp/genek/tripwire-1.0/src/config.parse.o /tmp/genek/tripwire-1.0/src/main.o /tmp/genek/tripwire-1.0/src/list.o /tmp/genek/tripwire-1.0/src/ignorevec.o /tmp/genek/tripwire-1.0/src/dbase.build.o /tmp/genek/tripwire-1.0/src/utils.o /tmp/genek/tripwire-1.0/src/preen.o /tmp/genek/tripwire-1.0/src/preen.interp.o /tmp/genek/tripwire-1.0/src/preen.report.o /tmp/genek/tripwire-1.0/src/nullsig.o /tmp/genek/tripwire-1.0/src/config.prim.o /tmp/genek/tripwire-1.0/src/dbase.update.o /tmp/genek/tripwire-1.0/src/sigfetch.o /tmp/genek/tripwire-1.0/src/config.pre.o /tmp/genek/tripwire-1.0/sigs/crc/crc.o /tmp/genek/tripwire-1.0/sigs/crc32/crc32.o /tmp/genek/tripwire-1.0/sigs/md2/md2wrapper.o /tmp/genek/tripwire-1.0/sigs/md2/md2.o /tmp/genek/tripwire-1.0/sigs/md4/md4.o /tmp/genek/tripwire-1.0/sigs/md4/md4wrapper.o /tmp/genek/tripwire-1.0/sigs/md5/md5.o /tmp/genek/tripwire-1.0/sigs/md5/md5wrapper.o /tmp/genek/tripwire-1.0/sigs/snefru/snefru.o !/tmp/genek/tripwire-1.0/aux/types !/tmp/genek/tripwire-1.0/aux/byteorder !/tmp/genek/tripwire-1.0/src/config.lex.c !/tmp/genek/tripwire-1.0/src/config.pre.c !/tmp/genek/tripwire-1.0/Makefile !/tmp/genek/tripwire-1.0/include/config.h !/tmp/genek/tripwire-1.0/include/byteorder.h !/tmp/genek/tripwire-1.0/include/inode.h