Configurations
$(TWPOL)/tw.pol -> $(SEC_BIN) -i;
$(TWBIN)/tw.cfg -> $(SEC_BIN) -i;
$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN);
$(TWSKEY)/site.key -> $(SEC_BIN);
#don’t scan the individual reports
$(TWREPORT) -> $(Dynamic) (recurse=0);
# These files are critical to a correct system boot.
(emailto = admin@openna.com, rulename = “Critical system boot files”, severity = 100)
{
/boot -> $(SEC_CRIT) ;
!/boot/System.map ;
!/boot/module-info ;
# These files change the behavior of the root account
(emailto = admin@openna.com, rulename = “Root config files”, severity = 100)
{
/root -> $(SEC_CRIT) ;
/root/.bashjiistory -> $(SEC_LOG) ;
# Commonly accessed directories that should remain static with regards to owner and group (emailto = admin@openna.com, rulename = “Invariant Directories”, severity = $(SIG_MED))
{
/ -> $(SEC_INVARIANT) (recurse = 0);
/home -> $(SEC_INVARIANT) (recurse = 0);
/etc -> $(SEC_INVARIANT) (recurse = 0);
/chroot -> $(SEC_INVARIANT) (recurse = 0);
/cache -> $(SEC_INVARIANT) (recurse = 0);
(emailto = admin@openna.com, rulename = “Shell Binaries”)
{
/bin/bsh -> $(SEC_BIN);
/bin/csh -> $(SEC_BIN);
/bin/sh -> $(SEC_BIN);
# Rest of critical system binaries
(emailto = admin@openna.com, rulename = “OS executables and libraries”, severity = $(SIG_HI))
{
/bin -> $(ReadOnly) ;
/lib -> $(ReadOnly) ;
# Local files
(emailto = admin@openna.com, rulename = “User binaries”, severity = $(SIG_MED))
{
/sbin -> $(SEC_BIN) (recurse = 1);
/usr/sbin -> $(SEC_BIN) (recurse = 1);
/usr/bin -> $(SEC_BIN) (recurse = 1);
# Temporary directories
(emailto = admin@openna.com, rulename = “Temporary directories”, recurse = false, severity
$(SIG_L0W))