|
@@ -7158,33 +7158,19 @@ Set *SYSLOGREPORTING* to false and comment out the line, then save and exit.
|
7158
|
7158
|
editor /etc/tripwire/twpol.txt
|
7159
|
7159
|
#+END_SRC
|
7160
|
7160
|
|
7161
|
|
-Comment out the lines:
|
7162
|
|
-
|
7163
|
|
-#+BEGIN_SRC: bash
|
7164
|
|
- /var/log -> $(SEC_CONFIG) ;
|
7165
|
|
- /proc -> $(Device) ;
|
7166
|
|
- /root/.xsession-errors -> $(SEC_CONFIG) ;
|
7167
|
|
- /root/.xauth -> $(SEC_CONFIG) ;
|
7168
|
|
- /root/.gnome_private -> $(SEC_CONFIG) ;
|
7169
|
|
- /root/.gnome-desktop -> $(SEC_CONFIG) ;
|
7170
|
|
- /root/.gnome -> $(SEC_CONFIG) ;
|
7171
|
|
- /root/.Xresources -> $(SEC_CONFIG) ;
|
7172
|
|
- /root/.Xauthority -> $(SEC_CONFIG) -i ;
|
7173
|
|
- /root/mail -> $(SEC_CONFIG) ;
|
7174
|
|
- /root/Mail -> $(SEC_CONFIG) ;
|
7175
|
|
- /root/.ICEauthority -> $(SEC_CONFIG) ;
|
7176
|
|
- /etc/rc.boot -> $(SEC_BIN) ;
|
7177
|
|
- /root/.tcshrc -> $(SEC_CONFIG) ;
|
7178
|
|
- /root/.sawfish -> $(SEC_CONFIG) ;
|
7179
|
|
- /root/.pinerc -> $(SEC_CONFIG) ;
|
7180
|
|
- /root/.mc -> $(SEC_CONFIG) ;
|
7181
|
|
- /root/.elm -> $(SEC_CONFIG) ;
|
7182
|
|
- /root/.cshrc -> $(SEC_CONFIG) ;
|
7183
|
|
- /root/.bash_logout -> $(SEC_CONFIG) ;
|
7184
|
|
- /root/.bash_profile -> $(SEC_CONFIG) ;
|
7185
|
|
- /root/.amandahosts -> $(SEC_CONFIG) ;
|
7186
|
|
- /root/.addressbook.lu -> $(SEC_CONFIG) ;
|
7187
|
|
- /root/.addressbook -> $(SEC_CONFIG) ;
|
|
7161
|
+Edit the "Root config files" section so that it looks like this:
|
|
7162
|
+
|
|
7163
|
+#+BEGIN_SRC: bash
|
|
7164
|
+# These files change the behavior of the root account
|
|
7165
|
+(
|
|
7166
|
+ rulename = "Root config files",
|
|
7167
|
+ severity = 100
|
|
7168
|
+)
|
|
7169
|
+{
|
|
7170
|
+ /root -> $(SEC_CRIT) ; # Catch all additions to /root
|
|
7171
|
+ /root/.bashrc -> $(SEC_CONFIG) ;
|
|
7172
|
+ /root/.bash_history -> $(SEC_CONFIG) ;
|
|
7173
|
+}
|
7188
|
7174
|
#+END_SRC
|
7189
|
7175
|
|
7190
|
7176
|
Then save and exit.
|