Tripwire root config files

beaglebone.txt

@@ -7158,33 +7158,19 @@ Set *SYSLOGREPORTING* to false and comment out the line, then save and exit.
 editor /etc/tripwire/twpol.txt
 #+END_SRC
 
-Comment out the lines:
-
-#+BEGIN_SRC: bash
-	/var/log		-> $(SEC_CONFIG) ;
-	/proc		-> $(Device) ;
-	/root/.xsession-errors		-> $(SEC_CONFIG) ;
-	/root/.xauth			-> $(SEC_CONFIG) ;
-	/root/.gnome_private		-> $(SEC_CONFIG) ;
-	/root/.gnome-desktop		-> $(SEC_CONFIG) ;
-	/root/.gnome			-> $(SEC_CONFIG) ;
-	/root/.Xresources		-> $(SEC_CONFIG) ;
-	/root/.Xauthority		-> $(SEC_CONFIG) -i ;
-	/root/mail			-> $(SEC_CONFIG) ;
-	/root/Mail			-> $(SEC_CONFIG) ;
-	/root/.ICEauthority		    -> $(SEC_CONFIG) ;
-	/etc/rc.boot		-> $(SEC_BIN) ;
-	/root/.tcshrc			-> $(SEC_CONFIG) ;
-	/root/.sawfish			-> $(SEC_CONFIG) ;
-	/root/.pinerc			-> $(SEC_CONFIG) ;
-	/root/.mc			-> $(SEC_CONFIG) ;
-	/root/.elm			-> $(SEC_CONFIG) ;
-	/root/.cshrc		        -> $(SEC_CONFIG) ;
-	/root/.bash_logout		-> $(SEC_CONFIG) ;
-	/root/.bash_profile		-> $(SEC_CONFIG) ;
-	/root/.amandahosts		-> $(SEC_CONFIG) ;
-	/root/.addressbook.lu		-> $(SEC_CONFIG) ;
-	/root/.addressbook		-> $(SEC_CONFIG) ;
+Edit the "Root config files" section so that it looks like this:
+
+#+BEGIN_SRC: bash
+# These files change the behavior of the root account
+(
+  rulename = "Root config files",
+  severity = 100
+)
+{
+	/root				-> $(SEC_CRIT) ; # Catch all additions to /root
+	/root/.bashrc			-> $(SEC_CONFIG) ;
+	/root/.bash_history		-> $(SEC_CONFIG) ;
+}
 #+END_SRC
 
 Then save and exit.