# tw.config for NeXTstep
########################################################################
# Generic version for NeXT	   	Eric Myers <myers@umich.edu> 
# @(#) $Id: tw.config.NeXT,v 1.6 2000/06/16 16:14:31 myers Exp myers $
#
# This file contains a list of files and directories that tripwire
# will scan.  Date, size,  and signature information for these files
# will be stored in the tripwire database file and used for later comparions.
#
# This version of the tw.config file was tuned for NeXTStep 3.0.
# You may need to adjust it if you are running something else, but
# hopefully not by much. 
#
# Much modified from an original from Lance R. Bailey <lrb@ctrg.rri.uwo.ca>
#	Id: tw.conf.next,v 1.3 1993/08/19 05:27:13 genek Exp 
#
# See the man page for tw.config(5) for more information about the
# format of this file, or look for a file called tw.config.format
########################################################################
# The usual definitions for different file etsts

@@define MODS  +pugmc-ansi12345678     # protection/date change
@@define LOG   +pinug-samc12345678     # log files (no signatures)
@@define STAT  +pug-cmansi12345678     # Just check protection bits
@@define MD5   +pugcmnsi1-a2345678     # Check signatures 1 only
@@define SIGS  +pugcmnsi12-a345678     # Check signatures 1&2

# Run tripwire with -DNODATES to ignore change/modificaiton dates
# and inode numbers - useful for after restoring from backup tapes

@@ifdef NODATES
@@define MODS  +pug-cmansi12345678
@@define LOG   +pung-cmasi12345678
@@define STAT  +pug-cmansi12345678
@@define MD5   +pung1-camis2345678
@@define SIGS  +pung12-camis345678
@@endif


# Unix itself
/sdmach		@@SIGS

#  Check root's "home"
=/		@@LOG
/.rhosts	@@SIGS	# may not exist
/.profile	@@SIGS	# may not exist
/.cshrc		@@SIGS	# may not exist
/.login		@@SIGS	# may not exist
/.exrc		@@SIGS	# may not exist
/.logout	@@SIGS	# may not exist
/.emacs		@@SIGS	# may not exist
/.forward	@@SIGS	# may not exist
/.netrc		@@SIGS	# may not exist

# Now, some critical directories and files
#  Some exceptions are noted further down
/etc			@@MODS
/etc/inetd.conf		@@SIGS
/etc/rc			@@SIGS
/etc/rc.boot		@@SIGS
/etc/rc.local		@@SIGS
/etc/rc.single		@@SIGS
/etc/ttytab		@@SIGS
/etc/exports		@@SIGS
/etc/group		@@SIGS	# changes should be infrequent
/etc/ttys		@@LOG
/etc/utmp		@@LOG
/etc/motd		@@LOG
/etc/mtab		@@STAT
/etc/rmtab		@@STAT

/etc/dumpdates   	@@LOG
/etc/sendmail.st        @@LOG
/etc/hosts.deny		@@LOG
/etc/hosts.allow	@@LOG

/etc/ssh_random_seed	@@MODS

#  The next line may need to be replaced with /etc/security
#   if C2 is enabled
/etc/passwd	@@STAT
=/dev		@@LOG
/usr/etc	@@MD5

# Checksumming the following is not so critical.  However,
#  setuid/setgid files are special-cased further down.

/lib		@@MD5
/bin		@@MD5
/usr/bin	@@MD5
/usr/ucb	@@MD5
/usr/lib	@@MD5

=/usr/lib/kern_loader 	@@STAT
=/usr/lib/emacs/lock	@@STAT

=/usr			@@STAT
=/usr/spool		@@STAT
=/usr/spool/cron	@@STAT
=/usr/spool/mqueue	@@STAT
=/usr/spool/mail 	@@STAT

# put entries in for /var/yp if you need it
# put entries for uucp if you need them
# put entries for /var/adm if you need it

=/tmp			@@STAT
=/private/tmp		@@STAT
=/var/adm		@@STAT

#####################
#  SUID files: use both signatures just to be sure.
#
#  Use  `find / -user root -perm -4000 -print >tw.config.suid` to list
#  all suid root files (See man find(1) for use on multiple filesystems.)
#  Or allow Ivan to create this list.
#
#@@include /var/adm/tw.config.suid

/usr/etc/rdump
/usr/etc/ping
/usr/etc/rrestore
/usr/etc/timedc
/usr/etc/autoNetWaremount
/usr/lib/NextStep/Workspace.app/Workspace
/usr/lib/lpd
/usr/lib/MusicKit/bin/fixedpolicy
/usr/lib/ex3.7recover
/usr/lib/sendmail
/usr/lib/fastps
/usr/lib/installKM
/usr/lib/NextPrinter/FaxDaemon
/usr/lib/NextPrinter/Faxxess
/usr/lib/NextPrinter/exec_faxes
/usr/lib/phone/PhoneServer
/usr/lib/Preferences/boot_cmd
/usr/lib/Preferences/check_ntpd
/usr/lib/Preferences/clock_chip
/usr/lib/Preferences/date
/usr/lib/Preferences/ntp
/usr/lib/Preferences/set_time_zone
/usr/ucb/rcp
/usr/ucb/rsh
/usr/ucb/traceroute
/usr/ucb/uptime
/usr/ucb/w
/usr/ucb/lpr
/usr/ucb/lpq
/usr/ucb/lprm
/usr/bin/newaliases
/usr/bin/mailq
/usr/bin/tip
/usr/bin/cu
/usr/filesystems/DOS.fs/DOS.util
/usr/filesystems/CDROM.fs/CDROM.util
/usr/filesystems/cdaudio.fs/cdaudio.util
/usr/filesystems/mac.fs/mac.util
/usr/netware/etc/nucmessaged
/bin/login
/bin/mail
/bin/passwd
/bin/ps
/bin/su.nowheel


##################################
### Local files:

#  /usr/local/ is mounted from williams, so only check it there

@@ifhost williams || yuling

 /usr/local/bin                 @@SIGS
 /usr/local/sbin                @@SIGS
 /usr/local/etc                 @@SIGS
=/usr/local/lib/                @@SIGS
=/usr/local/lib/perl5           @@SIGS
=/usr/local/share		@@SIGS
!/usr/local/share/texmf		@@LOG	# changes often due to fonts
 /usr/local/lib/ftpd            @@SIGS
 /usr/local/lib/libexec         @@SIGS

=/usr/local/etc/httpd/logs      @@LOG     # web server logs change constantly
=/usr/local/etc/httpd/icons     @@LOG     # so does icon collection

@@endif

##EOF tw.config