Source Code 1994 March

home *** CD-ROM | disk | FTP | other *** search

/ Source Code 1994 March / Source_Code_CD-ROM_Walnut_Creek_March_1994.iso / compsrcs / unix / volume26 / tripwire / part02 < prev next >

Wrap

Text File | 1993-04-19 | 65.0 KB | 1,722 lines

Newsgroups: comp.sources.unix From: spaf@cs.purdue.edu (Gene Spafford) Subject: v26i174: tripwire - security integrity monitor, Part02/08 Sender: unix-sources-moderator@vix.com Approved: paul@vix.com Submitted-By: spaf@cs.purdue.edu (Gene Spafford) Posting-Number: Volume 26, Issue 174 Archive-Name: tripwire/part02 #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh <file", e.g.. If this archive is complete, you # will see the following message at the end: # "End of archive 2 (of 8)." # Contents: tripwire-1.0 tripwire-1.0/contrib tripwire-1.0/include # tripwire-1.0/sigs tripwire-1.0/sigs/snefru tripwire-1.0/src # tripwire-1.0/README tripwire-1.0/contrib/README.ASET # tripwire-1.0/src/sigfetch.c tripwire-1.0/include/patchlevel.h # tripwire-1.0/sigs/snefru/snefru.h # Wrapped by spaf@uther.cs.purdue.edu on Tue Nov 3 16:31:55 1992 PATH=/bin:/usr/bin:/usr/ucb ; export PATH if test ! -d 'tripwire-1.0' ; then echo shar: Creating directory \"'tripwire-1.0'\" mkdir 'tripwire-1.0' fi if test ! -d 'tripwire-1.0/contrib' ; then echo shar: Creating directory \"'tripwire-1.0/contrib'\" mkdir 'tripwire-1.0/contrib' fi if test ! -d 'tripwire-1.0/include' ; then echo shar: Creating directory \"'tripwire-1.0/include'\" mkdir 'tripwire-1.0/include' fi if test ! -d 'tripwire-1.0/sigs' ; then echo shar: Creating directory \"'tripwire-1.0/sigs'\" mkdir 'tripwire-1.0/sigs' fi if test ! -d 'tripwire-1.0/sigs/snefru' ; then echo shar: Creating directory \"'tripwire-1.0/sigs/snefru'\" mkdir 'tripwire-1.0/sigs/snefru' fi if test ! -d 'tripwire-1.0/src' ; then echo shar: Creating directory \"'tripwire-1.0/src'\" mkdir 'tripwire-1.0/src' fi if test -f 'tripwire-1.0/README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/README'\" else echo shar: Extracting \"'tripwire-1.0/README'\" $29570 characters$ sed "s/^X//" >'tripwire-1.0/README' <<'END_OF_FILE' X## $Id: README,v 1.8 92/11/03 13:34:49 genek Exp $ X## X## README for Tripwire X## X## Gene Kim & Gene Spafford X## The COAST Project X## Department of Computer Sciences X## Purdue University X## X X## All files in the distribution of Tripwire are Copyright 1992 by the X## Purdue Research Foundation of Purdue University. All rights X## reserved. Some individual files in this distribution may be covered X## by other copyrights, as noted in their embedded comments. X## X## Redistribution and use in source and binary forms are permitted X## provided that this entire copyright notice is duplicated in all such X## copies, and that any documentation, announcements, and other X## materials related to such distribution and use acknowledge that the X## software was developed at Purdue University, W. Lafayette, IN by X## Gene Kim and Eugene Spafford. No charge, other than an "at-cost" X## distribution fee, may be charged for copies, derivations, or X## distributions of this material without the express written consent X## of the copyright holder. Neither the name of the University nor the X## names of the authors may be used to endorse or promote products X## derived from this material without specific prior written X## permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY X## EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE X## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR X## PURPOSE. X X This README file serves as a quick-and-dirty primer on Tripwire. XA paper that fully describes the design and rationale was not Xcompleted in time to be included in this first Tripwire release. The Xdesign document will be released later as a technical report, and Xpossibly as a conference or journal paper. It will also be included Xin later releases of Tripwire. This document will be referenced Xthroughout the Tripwire distribution as the Tripwire design document Xor the comprehensive Tripwire paper. X X This README file contains information needed to build, test, Xand run Tripwire. A table of contents follow: X X X 1.0. Background X 1.1. Goals of Tripwire X 2.0. How to build Tripwire X 2.1. Common Tripwire compilation problems X 2.2. The sigfetch utility X 3.0. Getting Tripwire up and running X 3.1. Creating your tw.config file X 3.2. A caveat about your Tripwire database X 3.2. Running Tripwire as an integrity checker X 3.3. Keeping your database up-to-date X 3.4. A quick-checking mode X 4.0. Some Tripwire scaling hints for using Tripwire X in large sites X 4.1. The tw.config grammar X 4.2. How you might use these directives X 5.0. Notes on signature routines X 5.1. Performance vs. security X 6.0. Signature routines X 6.1. MD5 X 6.2. Snefru X 6.3. CRC-32 X 6.4. CRC-16 X 6.5. MD4 X 6.6. MD2 X 6.7. null signature X 7.0. Feedback and bug-reports X 8.0. User contributions X 9.0. Acknowledgements X X X1.0. Background X================ X X With the advent of increasingly sophisticated and subtle Xaccount break-ins on Unix systems, the need for tools to aid in Xthe detection of unauthorized modification of files becomes Xclear. Tripwire is a tool that aids system administrators and Xusers in monitoring a designated set of files for any changes. XUsed with system files on a regular (e.g., daily) basis, Tripwire Xcan notify system administrators of corrupted or tampered files, Xso damage control measures can be taken in a timely manner. X X1.1. Goals of Tripwire X======================= X X Tripwire is a file integrity checker, a utility that compares Xa designated set of files against information stored in a Xpreviously generated database. Any differences are flagged and Xlogged, and optionally, a user is notified through mail. When Xrun against system files on a regular basis, any changes in Xcritical system files will be spotted -- and appropriate damage Xcontrol measures can be taken immediately. With Tripwire, system Xadministrators can conclude with a high degree of certainty that Xa given set of files remain free of unauthorized Xmodifications if Tripwire reports no changes. X X X2.0. How to build Tripwire X=========================== X X As of this writing, Tripwire has run successfully on (at least) XBSD, OSF/1, Mach, and late System V variants of Unix. Tripwire was Xbuilt and tested on a wide variety of Unix variants. X X The file 'Ported' contains a list of platforms and operating Xsystems where Tripwire has already been successfully ported during Xthe six-week beta test period. If you find your system in the Xlist, note the system settings that were used to build Tripwire. X X Second, look through the Makefile and make sure that the C Xcompiler and all flag settings are reasonable for your Xconfiguration. Most of the potentially tricky system settings Xshould be listed in the X'Ported' file. X X Next, look in the './configs' directory to find a predefined X'conf-<os>.h' file that matches closest to your operating system. XNote this file, because you will be inserting this filename in Xthe './include/config.h' file. If no such file exists, pick one X"near" your system type and modify appropriately (then mail it back to Xus for a future release). X X Now that you have chosen your operating system header file, edit Xthe './include/config.h' file to tailor Tripwire to your system. XInclude the name of the predefined header file closest to your system Xat the appropriate line in config.h X X Paths and names of Tripwire configuration files are also set Xin the config.h file. Make sure you note the locations that XTripwire looks for its configuration and database files; change them Xfor your system, as appropriate. X X NOTE: We *strongly* urge you to locate the Tripwire Xconfiguration files on a disk that can be made read-only with a Xhardware setting. This will prevent the files from being altered Xby an attacker. The run-time version of Tripwire should be Xlocated in the same place. If you are unable to mark a disk (or Xdiskette) as read-only, you might also consider putting it on a Xremote partition of a more secure machine, and import it Xread-only. See the design document for the rationale behind this Xnote if the concept is not obvious. X X Last, look in the './configs' directory again to find a tw.config Xfile that matches your operating system. These files were Xcustom-tailored to match the file layouts of various vendor supplied Xoperating system. If no file in this subdirectory matches your Xsystem, choose the one that is closest in nature (e.g., BSD4.3 or XSysV.4). Edit this file to include additional files you want to Xmonitor (e.g., local bins and critical databases), to correct paths if Xyou have moved things or if they are mounted from a remote location X(check them only on the server!), and to exclude locally-active files Xfrom the check. You should probably add the Tripwire binary itself to Xthis file. See the next section for further details. X X After you have customized your tw.config file, copy it to the Xlocation that you specified in your config.h file. X X Next, simply type 'make' at the top level. Note that all XMakefiles in the subdirectories are driven by the top-level Makefile. X(i.e., typing 'make' in the ./src directory will probably not work.) X X2.1. Common Tripwire compilation problems X========================================== X X If no file in this subdirectory matches your system, choose Xthe one that is closest in nature (e.g., BSD4.3 or SysV.4). Edit Xthis file to include additional files you want to monitor (e.g., Xlocal bins and critical databases), to correct paths if you have Xmoved things or if they are mounted from a remote location (check Xthem only on the server!), and to exclude locally-active files Xfrom the check. You should probably add the Tripwire binary Xitself to this file. See the next section for further details. X X After you have customized your tw.config file, copy it to the Xlocation that you specified in your config.h file. X X Next, simply type 'make' at the top level. Note that all XMakefiles in the subdirectories are driven by the top-level XMakefile. (i.e., typing 'make' in the ./src directory will not Xwork.) X X2.1. Common Tripwire compilation problems X========================================== X X Tripwire was originally written using ANSI C. However, XTripwire now compiles with K&R, too. All of the prototypes Xremain embedded between "#ifdef __STDC__" directives. Sadly, Xcompiling under ANSI is sometimes noisier than with K&R. XTherefore, go ahead and compile with K&R unless religion dictates XANSI. (The code lints completely clean, excepting the malloc() Xand exit() return values.) X X Common compilation trouble-spots are the dirent(S5)/direct(BSD) Xfunkiness and #defines that changed for POSIX compliance. X X2.2. The sigfetch utility X========================== X X The sigfetch utility is provided so users can get signatures Xof files without having to run Tripwire. The syntax of sigfetch Xis simple. X X sigfetch [-0123456789aqv] [ file ... ] X X By default, sigfetch prints out all ten signatures. However, Xthe signatures can be printed selectively by specifying the Xsignature number on the command line. X X3.0. Getting Tripwire up and running X===================================== X X Tripwire runs in either of two modes: Database Generation Xmode or Integrity Checking mode. In order to run Integrity XChecking, Tripwire must have a database to compare against. To Xdo that, you must first specify the set of files for Tripwire to Xmonitor. This list is stored in 'tw.config'. X X3.1. Creating your tw.config file X================================== X X Edit your 'tw.config' file, or whatever filename you defined for Xthe Tripwire config file, and add all the directories that contain Xfiles that you want monitored. The format of the config file is Xdescribed in its header and in the man page. Pay especially close Xattention to the ignore-flags and omit-lists, which can significantly Xreduce the amount of uninteresting output generated by Tripwire. For Xexample, you will probably want to omit files like mount tables that Xare constantly changed by the operating system. X X Next, run Tripwire with 'tripwire -initialize'. This will create Xa file called 'tw.db_[hostname]' in the directory you specified to Xhold your databases (where [hostname] will be replaced with your Xmachine hostname). X X3.2. A caveat about your Tripwire database X=========================================== X X NOTE: Tripwire will detect changes made to files from this Xpoint on. You *must* be certain that the system on which you Xgenerate the initial database is clean, however --- Tripwire Xcannot detect unauthorized modifications that have already been Xmade. One way to do this would be to take the machine to Xsingle-user mode, reinstall all system binaries, and run Tripwire Xin initialization mode before returning to multi-user operation. X X This database must be moved someplace where it cannot be Xmodified. Because data from Tripwire is only as trustworthy as Xits database, choose this with care. We recommend placing all Xthe system databases on a read-only disk, or exporting it Xvia read-only NFS from a "secure-server." (This pathname is Xhardcoded into Tripwire. Any time you change the pathname to the Xdatabase repository, you must recompile Tripwire. This prevents Xa malicious intruder from spoofing Tripwire into giving a false X"okay" message.) X X We also recommend that you make a hardcopy printout of the Xdatabase contents right away. In the event that you become Xsuspicious of the integrity of the database, you will be able to Xmanually compare information against this hardcopy. We have yet Xto hear of a way for "crackers" to alter an old piece of Xprintout made before they penetrated the system! X X3.3. Testing Tripwire X====================== X X Tripwire includes a script-driven test suite that checks the Xtop-level build directory against the distribution package. X X In the ./tests directory, there is a Tripwire database of the Xentire Tripwire source distribution and a tw.config file. The Xtest script automatically converts the pathnames in these XTripwire files to match those of your system. After converting Xthe files, it then runs Tripwire in Integrity Checking mode. X X To run the test, simply type 'make test' at the top level. XThis will invoke the script, and if all goes well, the output of XTripwire matches the expected values that the script provides. X X X3.4. Running Tripwire as an integrity checker X============================================== X X Once you have your database set up, you can run Tripwire Xin Integrity Checking mode by 'tripwire'. X X3.5. Keeping your database up-to-date X====================================== X X A common setup for running Tripwire would mail the system Xadministrator any output that it generates. However, some files on Xyour system may change during normal operation, and this necessitates Xupdate of the Tripwire database. X X Tripwire supports incremental updates of its database on a Xper-file/directory or tw.config entry basis. Tripwire stores Xinformation in the database so it can associate any file in the Xdatabase with the tw.config entry that generated it when the Xdatabase was created. X X Therefore, if a single file has changed, you can: X X tripwire -update /etc/newly.installed.file X X Or, if an entire set of files that made up an entry in Xthe tw.config file changed, you can: X X tripwire -update /usr/local/bin/Local_Package_Dir X X In either case, Tripwire regenerates the database entries Xfor every specified file. A backup of the old database is Xcreated in the ./databases directory. X X3.6. A quick-checking mode X=========================== X X Tripwire allows you to selectively skip certain signatures at Xrun-time through a command-line option. For example, if you wish Xto run Tripwire on an hourly basis, even performing only MD5 Xchecks might be computationally prohibitive. For this Xapplication, checking only the CRC32 signature might be Xdesirable. To do this, assuming that only MD5, Snefru, and CRC32 Xwere used when the database was initialized, you would type: X X tripwire -i 1 -i 2 X X This tells tripwire to ignore signature 1 and signature 2. XFurthermore, for daily Tripwire runs, you could specify using Xonly MD5 and CRC32. Finally, for weekly runs, you could run XTripwire with all three signatures. X X X4.0. Some Tripwire scaling hints for using Tripwire in large sites X=================================================================== X X The tw.config.5 manual page describes in detail the syntax Xsupported by the tw.config file. Tripwire includes features that Xoffer similar functionality to the C-preprocessor, and offer other Xdirectives that assist in the use of Tripwire at sites consisting of Xhundreds of workstations with local disk. X X4.1. The tw.config grammar X=========================== X X These commands are briefly described below: X X @@define VAR VALUE X @@undef VAR X X @@ifhost HOSTNAME X @@ifnhost HOSTNAME X @@ifdef VAR X @@ifndef VAR X @@else X @@endif X X @@include FILENAME X X Furthermore, the tw.config grammar also supports logical Xexpressions. For example, you could have something like this Xin your tw.config file: X X @@ifhost spam.cc.purdue.edu || weiner.cc.purdue.edu X ...entries... X @@endif X X Besides the obvious cpp-like functionality, you can use X@@define to create strings that are interpreted at run-time. XFor example: X X @@ifhost mentor.cc.purdue.edu X @@ define TEMPLATE_S +pinug-cas0123456789 X @@else X @@ define TEMPLATE_S +pinug012-cas3456789 X @@endif X X /etc/tw.loginfo @@TEMPLATE_S X X4.2. How you might use these directives X======================================== X X Because Tripwire allows run-time interpretation of the Xtw.config file, it becomes possible for many different hosts to Xshare the same tw.config file. This allows the maintenance of XTripwire configuration files to still be manageable in a large, Xheterogeneous environment. Although each host must still have Xdifferent database file, this has few consequences except for Xdisk space. X X5.0. Notes on signature routines X================================= X X The RSA Data Security, Inc. MD5, MD4, and MD2 Message XDigesting Algorithm, and Snefru, the Xerox Secure Hash Function, Xcode have been changed to eliminate big-endian and little-endian Xspecific routines. These changes have been sent back to the Xauthors, but we are not aware of any buy-backs yet. Until then, Xthere will remain some differences between the code in this Xpackage and their respective virgin distributions. X X5.1. Performance vs. security X============================== X X Normally, only one checksum per file would be enough to Xdetect changes. For purposes of speed, an easy to calculate Xchecksum would be preferred. However, most easy-to-calculate Xsignatures are also easy to defeat if a determined attacker Xwished to do so (see the chart in the design document to see how Xeasy this is to do with random comparisons). X X Tripwire includes four very difficult-to-forge signature Xalgorithms, as well as two more conventional CRC routines. Using Xthe default setup of recording two signatures (MD5 and Snefru) Xfor each database entry gives very, very strong assurance that a Xfile has not been tampered with. For tampering to have Xsucceeded, the attacker would have had to have changed the file Xand added appropriate padding characters to recreate *both* Xchecksums without also altering the size of the file. To do this Xat random might not even be possible with the MD5 and Snefru Xchecksums used. Those two algorithms have not been exhaustively Xanalyzed, but both are known to be fairly strong. It is possible Xthat there exists no pair of inputs that give the same output for Xboth algorithms at once. X X This added assurance is at a heavy price, however. The two Xalgorithms, and snefru in particular, are expensive to Xcalculate. To run the MD5 and Snefru algorithms against every Xfile is likely to be overkill for almost all systems (unless you Xhave cpu cycles to spare!). Both checksums should be run over Xonly the most critical files...like the Tripwire database and Xprogram, and perhaps each setuid and setgid file on your system. XAll other files can be checked with MD5 alone for much faster Xoperation and a high level of assurance. The task of altering a Xfile and recreating the original MD5 checksum is also very Xdifficult, and it is unlikely that any but the most determined, Xsophisticated, and well-equipped attacker would be able to do it Xin finite time. X X To decrease the execution run-times of Tripwire, consider Xmodifying your tripwire.config entries to ignore the Snefru X(signature 2) attribute on files that do not need such stringent Xmonitoring. This will skip the computationally-expensive Snefru Xsignature collection entirely. Balancing this equation of Xsecurity vs. speed is a decision best made by the administrator, Xmost closely tailored to his/her site needs. X X For the extremely paranoid, Tripwire includes the MD2 and MD4 Xsignature algorithms, as well as the 16 and 32-bit CRC algorithms Xin its arsenal. Be forewarned, however, that MD2 is an order Xof magnitude slower than even Snefru, and probably guarantees no Xgreater integrity checking. We include all these routines, however, Xso you can pick what you feel to be most appropriate for your site. X X You may wish to add other routines as checksum/signature Xgenerators. For instance, if you have a fast DES implementation X(including chip-based generation), you might wish to encrypt the file Xusing CBC mode and some fixed key, saving the final 128 bits of output Xas the signature. The configuration file routines have several Xsignature flags that are currently bound to a null function, so there Xis room for this expansion if you wish. X X Clearly, with six different signature algorithms at your Xdisposal, Tripwire offers considerable flexibility in ensuring Xdata security. Tripwire makes maintaining a trivial CRC Xdatabase equally easy to administer and check as a full (but Xperhaps less practical) six-signature database. X X The following section describes each of the six signature Xalgorithms. X X6.0. Signature routines X======================== X X Tripwire ships with seven signature routines. This section Xbriefly describes each signature routine. This is by no means an Xauthoratative list, but it does attempt to give some background Xon each of the signature routines provided: X X MD5, Snefru, MD4, and MD2 are all examples of cryptographic Xchecksum algorithms (also known as message digesting algorithms, Xone-way hash functions, fingerprinting routines, or manipulation Xdetection codes). They employ cryptographic techniques to ensure Xthat any small change in the input stream results in immediate Xand widely diverging output. This way, even a small change in Xthe input results in large change in the output. Therefore, any Xunauthorized, malicious, or accidental change will be evident. XFurthermore, because these algorithms use a 128-bit signature, Xusing a brute-force attack to introduce a deliberate change in Xthe file while trying to keep the same signature becomes a Xcomputationally infeasible task. X X The CRC algorithms, on the other hand, use simple polynomial Xdivision to generate the checksums. While this technique is very Xfast, the mathematics of this technique is well-understood. XAdditionally, since the signature space is so small (usually 16 Xor 32 bits), a brute-force search for a CRC collision is well Xwithin the capabilities of most workstations. There are Xcurrently several programs in the public domain that can, for any Xgiven input file, provide a different output file with the same XCRC signature in 30 seconds or less. X X All observed timing measures provided for the signature Xroutines were performed on a Sequent Symmetry with ten 16 Mhz X80386 processors. The numbers provided are simply an informal Xgauge of throughput, rather than any authoratative metric. X X6.1. MD5 X========= X X MD5 is the RSA Data Security Inc. Message-Digest Algorithm, a Xproposed data authentication standard. The Internet Draft Xsubmission can be found as Internet Working Draft RFC 1321, Xavailable via anonymous FTP from NIC.DDN.MIL or from RSA.COM as X~/pub/md5.doc. X X MD5 attempts to address potential security risks found in the Xspeedier, but less secure MD4, also by RSA Data Security Inc. XMD5 was designed as a more conservative algorithm that backs X"away from the edge" in terms of risks from successful Xcryptanalytic attack. X X MD5 generates a 128-bit signature, and uses four rounds to Xensure pseudo-random output. Observed throughput is about 70 XKbytes/second. X X Currently, MD5 is considered by many to be the Xstate-of-the-art signature algorithm. X X6.2. Snefru X============ X X Snefru, the Xerox Secure Hash Function, was developed by XRalph Merkle at Xerox PARC. As an incentive to find a Snefru Xcrack, there is a $1000 cash prize promised to anyone who can Xfind two sets of input that map to the same signature. X X This reward has remained unclaimed since April 1990, when the X2-pass version of Snefru was broken by Eli Biham, a Ph.D. student Xof Adi Shamir. Currently, Ralph Merkle recommends using only the X4-pass version of Snefru, if not the 8-pass version. The Snefru XREADME states, "Further study of the security of Snefru is Xrequired before production use is advisable." X X As shipped with Tripwire, Snefru is configured to run in X4-passes. Version 2.5 is the latest version available, and is Xthe version included with Tripwire. X X Snefru is slower than MD5, but is recommended as a backup for XMD5 as a primary signature. As configured, Snefru runs at about X31 Kbytes/second. X X Snefru can be obtained via anonymous FTP from arisia.xerox.com Xin directory /pub/hash. X X6.3. CRC-32 X============ X X Cyclic Redundancy Checks have been the long been the de facto Xerror detection algorithm standard. These algorithms are fast, Xrobust, and provides reliable detection of errors associated with Xdata transmission. It has been shown that CRC-32 has a minimum Xdistance of 5 for block lengths of less than 4K. However, this Xdecreases as the size of the blocks increases. X X Therefore, using CRC-32 on long files is certainly a Xmisapplication of this signature algorithm. However, CRC-32 is Xprovided as a fast and speedy alternative to the slower Xcryptographic checksumming algorithms. X X The version of CRC-32 included with Tripwire was written by XGary S. Brown XXX X This CRC-32 implementation runs at about 111 Kbytes/second. X X6.4. CRC-16 X============ X X CRC-16 is the predecessor to CRC-32, using only 16 bits to Xstore to the remainder of the data and the generator polynomial. XCRC-16 is typically at the link level, usually done in hardware Xto detect transmission errors. X X This CRC-16 implementation runs at abut 131 Kbytes/second. X X X6.5. MD4 X========= X X MD4, the RSA Data Security Inc. Message-Digest Algorithm, is Xthe predecessor to MD5 described above. It was also sumbitted as Xa standard data authentication algorithm, and is described in the XInternet Working Draft 1320. X X The MD4 algorithm was designed to exploit 32-bit RISC Xarchitectures to maximize throughput. On a Sun SparcStation, Xthroughput rates of over 1.4 Mbytes/second are achieved. X X MD4 can be obtained via anonymous FTP from RSA.COM in ~/pub. X X On a Sequent, MD4 throughput is about 332 Kbytes/second. X X X6.6. MD2 X========== X X The RSA Data Security, Inc. MD2 Message-Digest Algorithm was Xcreated as part of the Privacy Enhanced Mail package -- a package Xdesigned to authenticate and increase the security of electronic Xmail. Like the other algorithms by RSA Data Security, Inc Xpresented here, MD2 generates a 128-bit signature. X X The MD2 algorithm is quite slow. On a 16 Mhz 80386, expect Xonly 3 Kbytes/second. It is not clear that using this slower Xalgorithm instead of MD5 brings any comparative advantage. X X6.7. (null) X============ X X Well, sig_null_get() is not really a signature algorithm. XInstead, it is a place holder for unused slots in the signature Xarray. It will always return a single character, ``0''. X X X7.0. Feedback and bug-reports X============================== X X Please send any bug-reports, questions, feedback, or any comments Xto both genek@mentor.cc.purdue.edu and spaf@cs.purdue.edu. One or Xboth Genes will try to answer questions as expeditiously as possible. X X X8.0. User contributions X======================== X X The ./contrib directory contains several programs contributed Xby users during the beta-test period. Each program is accompanied Xby a README file written by the program author. X X Both Genes are willing to serve as clearinghouses for Xutilities that augment the Tripwire package. If you have a Xsomething that you would like included in the Tripwire package, Xplease contact either Gene Kim or Gene Spafford at the email Xaddresses listed in the previous section. X X X9.0 Acknowledgements X===================== X X Dan Farmer of Sun Microsystems, Inc. for providing answers to Xquestions of taste, and providing some impetus to finish this Xproject during the summer of 1992. (dfarmer@corp.sun.com). X X Shabbir Safdar for actually running early versions of XTripwire that popped up on an hourly basis. We also thank him Xfor trying this on a few of the more exotic architectures around XPurdue. (shabby@mentor.cc.purdue.edu) X X Steve Weeber of Lawrence Livermore National Laboratory for Xinsight into what sort of tools the Dept. of Energy has developed Xfor in-house use, and comparisons of their functionality with XTripwire. (weeber@llnl.gov). X X Ralph Merkle of Xerox PARC for information on the Snefru Xone-way hash function. (merkle@parc.xerox.com). X X One of the directory printing routine in utils.c comes from Xthe COPS package. It was from crc_check.c by Jon Zeeff X(zeeff@b-tech.ann-arbor.mi.us). X X The 125 helpful beta testers that stuck with us during the Xsix-week testing period. They put up with bugs, ever-changing Xinterfaces and database file formats, and in one case, a flurry Xof conflicting patches in a thirty-minute period while GeneK and XSpaf took turns saying, "Uh, oh." X X We appreciate the heroic effort of the Tripwire beta testers who Xsuggested functional additions to Tripwire, found and hunted down Xbugs, and refined Tripwire beyond the authors' expectations. Special Xthanks go to: X X Walker Aumann, Lance R. Bailey, David Barr, Greg Black, Adrian P. X van Bloois, J. Dean Brock, Kurt Cockrum, John Cristy, Jim Duncan, X David S. Goldberg, Johannes Gronvall, Tom Gutnick, Michaela X Harlander, Andreas Haug, Bill Henderson, Jim Hendrick, Norman X Hill, Paul Joslin, Poul-Henning Kamp, Leslie Kordas, Simon Leinen, X Philip Yzarn de Louraille, Stephen Mahler, Fletcher Mattox, Ken X McDonell, Wes Morgan, Phil Moyer, Dan O'Neill, Joe Polcari, X Phillip Porch, Brad Powell, W. Purvis, Daniel Ray, Dean Rich, X Bill Romine, John P. Rouillard, Rich Salz, Christopher Samuel, X Pete Shipley., David W. Smith, Harlan Stenn, Margarita Suarez, X John G. Sutton, Tim Tessin, John Wagner, David Wiseman, Irving X Wolfe, Stephen M. Youndt X X GeneK and Spaf want to apologize in advance to anyone who sent us Xpatches, comments or configuration info and whose name doesn't appear X(but should). Please write to us and so we can correct the situation! X X X XGene & Gene XKim & Spafford X XNovember 2, 1992 X(genek@mentor.cc.purdue.edu) X(spaf@cs.purdue.edu) X END_OF_FILE if test 29570 -ne `wc -c <'tripwire-1.0/README'`; then echo shar: \"'tripwire-1.0/README'\" unpacked with wrong size! fi # end of 'tripwire-1.0/README' fi if test -f 'tripwire-1.0/contrib/README.ASET' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/contrib/README.ASET'\" else echo shar: Extracting \"'tripwire-1.0/contrib/README.ASET'\" $27138 characters$ sed "s/^X//" >'tripwire-1.0/contrib/README.ASET' <<'END_OF_FILE' X The ARM/ASET package by Sun Microsystems, Inc. includes a Xprogram that chown()s and chmod()s files to their proper owners Xand permissions. X X This poses a problem for people who run Tripwire, since each Xtime ASET runs, the inode timestamp will be modified. X X Brad Powell supplied the following information to tailor your Xtw.config file to make Tripwire ignore the constantly changing Xtimestamps on these files. X X Brad says: X X There are three levels: tune.low, tune.med, and tune.high. They X each touch different files. I have attached them below. Note: X there is a bug report against a couple of the file ownership X modes (/etc and /home owned by "bin" sheesh) so some of these are X (imho) wrong, but what I included below is the FCS versions, your X best bet to include until patches come out. No big deal to X change. X X X What follows is the list of files which are affected by ASET. X X==== X X# X# Copyright 1990, 1991 Sun Microsystems, Inc. All Rights Reserved. X# X# X# sccsid = @(#) tune.high 1.4 3/21/91 09:32:04 X# X# Tune list for level high X# Format: X# pathname mode owner group type X X X# The following section is from tune.low (which = Brad's tune list). X/ 02755 root staff directory X/bin 00777 root staff symlink X/etc 02755 bin staff directory X#/etc/adm 00777 root staff symlink X#/etc/arp 00777 root staff symlink X#/etc/chown 00777 root staff symlink X/etc/chroot 00777 root staff symlink X/etc/clri 00777 root staff symlink X#/etc/config 00777 root staff symlink X#/etc/crash 00777 root staff symlink X/etc/cron 00777 root staff symlink X#/etc/dkinfo 00777 root staff symlink X#/etc/dmesg 00777 root staff symlink X#/etc/dump 00777 root staff symlink X#/etc/fastboot 00777 root staff symlink X#/etc/fasthalt 00777 root staff symlink X/etc/fsck 00777 root staff symlink X/etc/fuser 00777 root staff symlink X#/etc/halt 00777 root staff symlink X#/etc/ifconfig 00777 root staff symlink X#/etc/install/EXCLUDELIST 00644 root staff file X#/etc/install/category.standalone 00644 root staff file X#/etc/install/default_client_info 00644 root staff file X#/etc/install/default_sys_info 00644 root staff file X/etc/link 00777 root staff symlink X/etc/mkfs 00777 root staff symlink X/etc/mknod 00777 root staff symlink X/etc/mount 00777 root staff symlink X#/etc/mount_rfs 00777 root staff symlink X#/etc/mtab 00644 root staff file X/etc/ncheck 00777 root staff symlink X#/etc/newfs 00777 root staff symlink X#/etc/pstat 00777 root staff symlink X#/etc/rdump 00777 root staff symlink X#/etc/reboot 00777 root staff symlink X#/etc/renice 00777 root staff symlink X#/etc/restore 00777 root staff symlink X#/usr/etc/restore 00750 root staff file X#/etc/rmt 00777 root staff symlink X#/etc/rrestore 00777 root staff symlink X/etc/shutdown 00777 root staff symlink X#/etc/spool 00777 root staff symlink X/etc/termcap 00777 root staff symlink X#/etc/tmp 00777 root staff symlink X/etc/umount 00777 root staff symlink X/etc/unlink 00777 root staff symlink X#/etc/update 00777 root staff symlink X#/etc/vipw 00777 root staff symlink X/home 02755 bin staff directory X/lib 00777 root staff symlink X#/sys 00777 root staff symlink X/usr 02755 root ? directory X#/usr/5lib 02755 bin staff symlink X/usr/adm 00777 root staff symlink X/usr/bin 02755 root ? directory X#/usr/bin/sunview1 02755 bin staff directory X#/usr/boot 00777 root staff symlink X#/usr/demo 02755 bin staff directory X#/usr/diag 02755 bin staff directory X#/usr/diag/sundiag 02755 root staff directory X#/usr/etc 02755 root ? directory X#/usr/games 02755 bin staff directory X#/usr/games/chesstool 00750 bin staff symlink X/usr/include 02755 bin staff directory X#/usr/include/images 02755 bin staff directory X#/usr/include/suntool 02755 bin staff directory X#/usr/include/sunwindow 02755 bin staff directory X/usr/kvm 02755 bin staff directory X/usr/kvm/i386 00777 root staff symlink X/usr/kvm/iAPX286 00777 root staff symlink X/usr/kvm/m68k 00777 root staff symlink X#/usr/kvm/machine 00777 root staff symlink X/usr/kvm/mc68010 00777 root staff symlink X/usr/kvm/mc68020 00777 root staff symlink X/usr/kvm/pdp11 00777 root staff symlink X/usr/kvm/sparc 00777 root staff symlink X/usr/kvm/sun 00777 root staff symlink X/usr/kvm/sun2 00777 root staff symlink X/usr/kvm/sun4 00777 root staff symlink X/usr/kvm/sun4c 00777 root staff symlink X#/usr/kvm/crash 02750 root staff file X#/usr/kvm/sys 02755 root staff directory X#/usr/kvm/sys/conf.common 02755 root staff directory X#/usr/kvm/sys/debug 02755 root staff directory X#/usr/kvm/sys/krpc 02755 root staff directory X#/usr/kvm/sys/lofs 02755 root staff directory X#/usr/kvm/sys/m68k 02755 root staff directory X#/usr/kvm/sys/mon 02755 root staff directory X#/usr/kvm/sys/net 02755 root staff directory X#/usr/kvm/sys/netinet 02755 root staff directory X#/usr/kvm/sys/nfs 02755 root staff directory X#/usr/kvm/sys/os 02755 root staff directory X#/usr/kvm/sys/rpc 02755 root staff directory X#/usr/kvm/sys/sparc 02755 root staff directory X#/usr/kvm/sys/specfs 02755 root staff directory X#/usr/kvm/sys/sun 02755 root staff directory X#/usr/kvm/sys/sun3 02755 root staff directory X#/usr/kvm/sys/sun3/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3/conf 02755 root staff directory X#/usr/kvm/sys/sun3x 02755 root staff directory X#/usr/kvm/sys/sun3x/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3x/conf 02755 root staff directory X#/usr/kvm/sys/sun4 02755 root staff directory X#/usr/kvm/sys/sun4/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4/conf 02755 root staff directory X#/usr/kvm/sys/sun4c 02755 root staff directory X#/usr/kvm/sys/sun4c/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4c/conf 02755 root staff directory X#/usr/kvm/sys/sundev 02755 root staff directory X#/usr/kvm/sys/sunif 02755 root staff directory X#/usr/kvm/sys/sunwindow 02755 root staff directory X#/usr/kvm/sys/sunwindowdev 02755 root staff directory X#/usr/kvm/sys/sys 02755 root staff directory X#/usr/kvm/sys/ufs 02755 root staff directory X#/usr/kvm/sys/vm 02755 root staff directory X/usr/kvm/u370 00777 root staff symlink X/usr/kvm/u3b 00777 root staff symlink X/usr/kvm/u3b15 00777 root staff symlink X/usr/kvm/u3b2 00777 root staff symlink X/usr/kvm/u3b5 00777 root staff symlink X/usr/kvm/vax 00777 root staff symlink X/usr/lib 02755 bin bin directory X#/usr/lib/.sunview 00777 root bin symlink X#/usr/lib/defaults 02755 root bin directory X#/usr/lib/fonts 02755 bin staff directory X#/usr/lib/fonts/fixedwidthfonts 02755 bin staff directory X#/usr/lib/fonts/tekfonts 02755 bin staff directory X/usr/lib/lex 00777 root bin directory X#/usr/lib/lint/llib-lsuntool 00644 root staff file X#/usr/lib/lint/llib-lsuntool.ln 00644 root staff file X#/usr/lib/lint/llib-lsunwindow 00644 root staff file X#/usr/lib/lint/llib-lsunwindow.ln 00644 root staff file X/usr/lib/refer 02755 bin bin directory X#/usr/lib/rootmenu 00777 root bin symlink X#/usr/lib/rootmenu.old 00777 root bin symlink X/usr/lib/shlib.etc 02755 root staff directory X#/usr/lib/suntools 00777 root bin symlink X/usr/lib/tabset 00777 root bin symlink X#/usr/lib/text_extras_menu 00777 root bin symlink X#/usr/lib/textswrc 00777 root bin symlink X/usr/lib/zoneinfo 00777 root bin symlink X/usr/local 02755 bin staff directory X#/usr/man 00777 root staff symlink X#/usr/mdec 00777 root staff symlink X/usr/net 00777 root staff directory X/usr/nserve 00777 root staff directory X#/usr/old 02755 bin staff directory X/usr/pub 00777 root staff symlink X/usr/share/lib 02755 root staff directory X#/usr/share/lib/me 02755 root staff directory X#/usr/share/lib/ms 02755 bin staff directory X/usr/share/lib/tmac 02755 root staff directory X/usr/share/src 02755 bin staff directory X#/usr/share/src/sun 02755 bin staff directory X#/usr/share/src/sun/sunview1 02755 bin staff directory X#/usr/share/src/sun/sunview1/examples 02755 root staff directory X#/usr/share/src/sun/sunview1/iconedit 02755 root staff directory X/usr/spool 00777 root staff symlink X/usr/src 00777 root staff symlink X#/usr/stand 00777 root staff symlink X#/usr/sys 00777 root staff symlink X/usr/tmp 00777 root staff symlink X/usr/ucb 02755 bin staff directory X/usr/ucbinclude 00777 root staff directory X/usr/ucblib 00777 root staff directory X/var 02755 bin staff directory X X# The following section is from Beverly's list (hml.settings) X# with modifications. X X/.cshrc 00600 root ? file X/.login 00600 root ? file X/.profile 00600 root ? file X/etc/motd 00640 root staff file X#/etc/mtab 00640 root staff file X#/etc/rmtab 00640 root ? file X/etc/syslog.pid 00640 root staff file X/etc/aliases 00640 root staff file X#/etc/remote 00640 root staff file X#/etc/utmp 00664 root staff file X#/etc/rc 00640 root staff file X#/etc/fstab 00640 root staff file X/etc/passwd 00640 root staff file X/etc/group 00640 root staff file X/etc/sm 00755 root staff directory X/etc/sm.bak 00755 root staff directory X/etc/state 00640 root staff file X/unix 00754 root ? file X#/tmp/.getwd 00664 ? ? file X/tmp 02777 bin staff directory X/dev/*mem 00640 root ? file X#/var/spool/secretmail 02775 bin bin directory X#/var/spool/rwho 02755 root staff directory X X/usr/bin/* 00755 ? ? ? X/usr/ucb/* 00755 ? ? ? X/usr/local/* 00755 ? ? ? X/usr/tmp 00777 root ? symlink X/var/tmp 02777 bin staff directory X/usr/share 02755 bin staff directory X#/usr/diag/sysdiag/* 00755 ? ? ? X/usr/include/* 00755 ? ? ? X#/usr/include/sun4/* 00755 ? ? ? X#/usr/lib/adb/* 00755 ? ? ? X#/usr/lib/debug 02755 root staff directory X#/usr/lib/defaults 02755 root staff directory X#/usr/share/lib/me 02755 root staff directory X/usr/share/lib/termcap 00664 root staff file X/usr/share/lib/terminfo 02755 root staff directory X/usr/share/lib/tmac 02775 root staff directory X/usr/share/src/* 00755 ? ? ? X#/usr/share/sys/* 00755 ? ? ? X#/usr/etc/install/files 00755 ? ? ? X#/usr/etc/install/proto 00755 ? ? ? X#/usr/etc/install/save 00755 ? ? ? X#/usr/etc/install/script 00755 ? ? ? X#/usr/etc/yp/ypset 00750 root staff file X X#/export/exec/sun2/etc/install/files 00755 ? ? ? X#/export/exec/sun3/etc/install/proto 00755 ? ? ? X#/export/exec/sun4/etc/install/script 00755 ? ? ? X X/dev/dump 00660 root kmem file X#/dev/klog 00600 root staff file X/dev/kmem 00640 root kmem file X/dev/mbio 00600 root staff file X/dev/mbmem 00600 root staff file X/dev/mem 00640 root kmem file X#/dev/nit 00600 root staff file X/dev/rsd* 00640 root operator file X#/dev/rxy* 00640 root operator file X/dev/sd* 00640 root operator file X#/dev/vme* 00600 root staff file X#/dev/xy* 00640 root operator file X/dev 02755 bin staff directory X X# for C2 X#/etc/security 02755 root ? directory X---------- XX-Sun-Data-Type: default XX-Sun-Data-Description: default XX-Sun-Data-Name: tune.med XX-Sun-Content-Lines: 249 X X# X# Copyright 1990, 1991 Sun Microsystems, Inc. All Rights Reserved. X# X# X# sccsid = @(#) tune.med 1.2 2/8/91 13:02:25 X# X# Tune list for level med X# Format: X# pathname mode owner group type X X# The following section is from tune.low (which = Brad's tune list). X/ 02755 root staff directory X/bin 00777 root staff symlink X/etc 02755 bin staff directory X#/etc/adm 00777 root staff symlink X#/etc/arp 00777 root staff symlink X#/etc/chown 00777 root staff symlink X/etc/chroot 00777 root staff symlink X/etc/clri 00777 root staff symlink X#/etc/config 00777 root staff symlink X#/etc/crash 00777 root staff symlink X/etc/cron 00777 root staff symlink X#/etc/dkinfo 00777 root staff symlink X#/etc/dmesg 00777 root staff symlink X#/etc/dump 00777 root staff symlink X#/etc/fastboot 00777 root staff symlink X#/etc/fasthalt 00777 root staff symlink X/etc/fsck 00777 root staff symlink X/etc/fuser 00777 root staff symlink X#/etc/halt 00777 root staff symlink X#/etc/ifconfig 00777 root staff symlink X#/etc/install/EXCLUDELIST 00644 root staff file X#/etc/install/category.standalone 00644 root staff file X#/etc/install/default_client_info 00644 root staff file X#/etc/install/default_sys_info 00644 root staff file X/etc/link 00777 root staff symlink X/etc/mkfs 00777 root staff symlink X/etc/mknod 00777 root staff symlink X/etc/mount 00777 root staff symlink X#/etc/mount_rfs 00777 root staff symlink X#/etc/mtab 00644 root staff file X/etc/ncheck 00777 root staff symlink X#/etc/newfs 00777 root staff symlink X#/etc/pstat 00777 root staff symlink X#/etc/rdump 00777 root staff symlink X#/etc/reboot 00777 root staff symlink X#/etc/renice 00777 root staff symlink X#/etc/restore 00777 root staff symlink X#/usr/etc/restore 00750 root staff file X#/etc/rmt 00777 root staff symlink X#/etc/rrestore 00777 root staff symlink X/etc/shutdown 00777 root staff symlink X#/etc/spool 00777 root staff symlink X/etc/termcap 00777 root staff symlink X#/etc/tmp 00777 root staff symlink X/etc/umount 00777 root staff symlink X/etc/unlink 00777 root staff symlink X#/etc/update 00777 root staff symlink X#/etc/vipw 00777 root staff symlink X/home 02755 bin staff directory X/lib 00777 root staff symlink X#/sys 00777 root staff symlink X/usr 02755 root ? directory X#/usr/5lib 02755 bin staff directory X/usr/adm 00777 root staff symlink X/usr/bin 02755 root ? directory X#/usr/bin/sunview1 02755 bin staff directory X#/usr/boot 00777 root staff symlink X#/usr/demo 02755 bin staff directory X#/usr/diag 02755 bin staff directory X#/usr/diag/sundiag 02755 root staff directory X#/usr/etc 02755 root ? directory X#/usr/games 02755 bin staff directory X#/usr/games/chesstool 00750 bin staff symlink X/usr/include 02755 bin staff directory X#/usr/include/images 02755 bin staff directory X#/usr/include/suntool 02755 bin staff directory X#/usr/include/sunwindow 02755 bin staff directory X/usr/kvm 02755 bin staff directory X/usr/kvm/i386 00777 root staff symlink X/usr/kvm/iAPX286 00777 root staff symlink X/usr/kvm/m68k 00777 root staff symlink X#/usr/kvm/machine 00777 root staff symlink X/usr/kvm/mc68010 00777 root staff symlink X/usr/kvm/mc68020 00777 root staff symlink X/usr/kvm/pdp11 00777 root staff symlink X/usr/kvm/sparc 00777 root staff symlink X/usr/kvm/sun 00777 root staff symlink X/usr/kvm/sun2 00777 root staff symlink X/usr/kvm/sun4 00777 root staff symlink X/usr/kvm/sun4c 00777 root staff symlink X#/usr/kvm/crash 02750 root staff file X#/usr/kvm/sys 02755 root staff directory X#/usr/kvm/sys/conf.common 02755 root staff directory X#/usr/kvm/sys/debug 02755 root staff directory X#/usr/kvm/sys/krpc 02755 root staff directory X#/usr/kvm/sys/lofs 02755 root staff directory X#/usr/kvm/sys/m68k 02755 root staff directory X#/usr/kvm/sys/mon 02755 root staff directory X#/usr/kvm/sys/net 02755 root staff directory X#/usr/kvm/sys/netinet 02755 root staff directory X#/usr/kvm/sys/nfs 02755 root staff directory X#/usr/kvm/sys/os 02755 root staff directory X#/usr/kvm/sys/rpc 02755 root staff directory X#/usr/kvm/sys/sparc 02755 root staff directory X#/usr/kvm/sys/specfs 02755 root staff directory X#/usr/kvm/sys/sun 02755 root staff directory X#/usr/kvm/sys/sun3 02755 root staff directory X#/usr/kvm/sys/sun3/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3/conf 02755 root staff directory X#/usr/kvm/sys/sun3x 02755 root staff directory X#/usr/kvm/sys/sun3x/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3x/conf 02755 root staff directory X#/usr/kvm/sys/sun4 02755 root staff directory X#/usr/kvm/sys/sun4/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4/conf 02755 root staff directory X#/usr/kvm/sys/sun4c 02755 root staff directory X#/usr/kvm/sys/sun4c/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4c/conf 02755 root staff directory X#/usr/kvm/sys/sundev 02755 root staff directory X#/usr/kvm/sys/sunif 02755 root staff directory X#/usr/kvm/sys/sunwindow 02755 root staff directory X#/usr/kvm/sys/sunwindowdev 02755 root staff directory X#/usr/kvm/sys/sys 02755 root staff directory X#/usr/kvm/sys/ufs 02755 root staff directory X#/usr/kvm/sys/vm 02755 root staff directory X/usr/kvm/u370 00777 root staff symlink X/usr/kvm/u3b 00777 root staff symlink X/usr/kvm/u3b15 00777 root staff symlink X/usr/kvm/u3b2 00777 root staff symlink X/usr/kvm/u3b5 00777 root staff symlink X/usr/kvm/vax 00777 root staff symlink X/usr/lib 02755 bin bin directory X#/usr/lib/.sunview 00777 root bin symlink X#/usr/lib/defaults 02755 root bin directory X#/usr/lib/fonts 02755 bin staff directory X#/usr/lib/fonts/fixedwidthfonts 02755 bin staff directory X#/usr/lib/fonts/tekfonts 02755 bin staff directory X/usr/lib/lex 00777 root bin symlink X#/usr/lib/lint/llib-lsuntool 00644 root staff file X#/usr/lib/lint/llib-lsuntool.ln 00644 root staff file X#/usr/lib/lint/llib-lsunwindow 00644 root staff file X#/usr/lib/lint/llib-lsunwindow.ln 00644 root staff file X/usr/lib/refer 02755 bin bin directory X#/usr/lib/rootmenu 00777 root bin symlink X#/usr/lib/rootmenu.old 00777 root bin symlink X/usr/lib/shlib.etc 02755 root staff directory X#/usr/lib/suntools 00777 root bin symlink X/usr/lib/tabset 00777 root bin symlink X#/usr/lib/text_extras_menu 00777 root bin symlink X#/usr/lib/textswrc 00777 root bin symlink X/usr/lib/zoneinfo 00777 root bin symlink X/usr/local 02755 bin staff directory X#/usr/man 00777 root staff symlink X#/usr/mdec 00777 root staff symlink X/usr/net 00777 root staff directory X/usr/nserve 00777 root staff directory X#/usr/old 02755 bin staff directory X/usr/pub 00777 root staff symlink X/usr/share/lib 02755 root staff directory X#/usr/share/lib/me 02755 root staff directory X#/usr/share/lib/ms 02755 bin staff directory X/usr/share/lib/tmac 02755 root staff directory X/usr/share/src 02755 bin staff directory X#/usr/share/src/sun 02755 bin staff directory X#/usr/share/src/sun/sunview1 02755 bin staff directory X#/usr/share/src/sun/sunview1/examples 02755 root staff directory X#/usr/share/src/sun/sunview1/iconedit 02755 root staff directory X/usr/spool 00777 root staff symlink X/usr/src 00777 root staff symlink X#/usr/stand 00777 root staff symlink X#/usr/sys 00777 root staff symlink X/usr/tmp 00777 root staff symlink X/usr/ucb 02755 bin staff directory X/usr/ucbinclude 00777 root staff directory X/usr/ucblib 00777 root staff directory X/var 02755 bin staff directory X X# The following section is from Beverly's list (hml.settings) X# with modifications. X X/.cshrc 00640 root ? file X/.login 00640 root ? file X/.profile 00640 root ? file X/etc/motd 00644 root staff file X#/etc/mtab 00644 root staff file X#/etc/rmtab 00644 root ? file X/etc/syslog.pid 00644 root staff file X/etc/aliases 00644 root staff file X#/etc/remote 00644 root staff file X#/etc/utmp 00666 root staff file X#/etc/rc 00644 root staff file X#/etc/fstab 00644 root staff file X/etc/passwd 00644 root staff file X/etc/group 00644 root staff file X/etc/sm 00775 root staff directory X/etc/sm.bak 00775 root staff directory X/etc/state 00644 root staff file X/unix 00755 root ? file X#/tmp/.getwd 00666 ? ? file X/tmp 02777 bin staff directory X/dev/*mem 00640 root ? file X#/var/spool/secretmail 02777 bin bin directory X#/var/spool/rwho 02755 root staff directory X X/usr/bin/* 00755 ? ? ? X/usr/ucb/* 00755 ? ? ? X/usr/local/* 00755 ? ? ? X/usr/tmp 00777 root ? symlink X/var/tmp 02777 bin staff directory X/usr/share 02755 bin staff directory X#/usr/diag/sysdiag/* 00755 ? ? ? X/usr/include/* 00755 ? ? ? X#/usr/include/sun4/* 00755 ? ? ? X#/usr/lib/adb/* 00755 ? ? ? X#/usr/lib/debug 02755 root staff directory X#/usr/lib/defaults 02755 root staff directory X#/usr/share/lib/me 02755 root staff directory X/usr/share/lib/termcap 00664 root staff file X/usr/share/lib/terminfo 02755 root staff directory X/usr/share/lib/tmac 02775 root staff directory X/usr/share/src/* 00755 ? ? ? X#/usr/share/sys/* 00755 ? ? ? X#/usr/etc/install/files 00755 ? ? ? X#/usr/etc/install/proto 00755 ? ? ? X#/usr/etc/install/save 00755 ? ? ? X#/usr/etc/install/script 00755 ? ? ? X#/usr/etc/yp/ypset 00750 root staff file X X#/export/exec/sun2/etc/install/files 00755 ? ? ? X#/export/exec/sun3/etc/install/proto 00755 ? ? ? X#/export/exec/sun4/etc/install/script 00755 ? ? ? X X/dev/dump 00660 root kmem file X#/dev/klog 00600 root staff file X/dev/kmem 00640 root kmem file X/dev/mbio 00600 root staff file X/dev/mbmem 00600 root staff file X/dev/mem 00640 root kmem file X#/dev/nit 00600 root staff file X/dev/rsd* 00640 root operator file X#/dev/rxy* 00640 root operator file X/dev/sd* 00640 root operator file X#/dev/vme* 00600 root staff file X#/dev/xy* 00640 root operator file X/dev 02755 bin staff directory X X# for C2 X#/etc/security 02755 root ? directory X---------- XX-Sun-Data-Type: default XX-Sun-Data-Description: default XX-Sun-Data-Name: tune.low XX-Sun-Content-Lines: 176 X X# X# Copyright 1990, 1991 Sun Microsystems, Inc. All Rights Reserved. X# X# X# sccsid = @(#) tune.low 1.1 1/2/91 14:39:44 X# X# Tune list for level low X# Format: X# pathname mode owner group type X X/ 02755 root staff directory X/bin 00777 root staff symlink X/etc 02755 root staff directory X#/etc/adm 00777 root staff symlink X#/etc/arp 00777 root staff symlink X#/etc/chown 00777 root staff symlink X/etc/chroot 00777 root staff symlink X/etc/clri 00777 root staff symlink X#/etc/config 00777 root staff symlink X#/etc/crash 00777 root staff symlink X/etc/cron 00777 root staff symlink X#/etc/dkinfo 00777 root staff symlink X#/etc/dmesg 00777 root staff symlink X#/etc/dump 00777 root staff symlink X#/etc/fastboot 00777 root staff symlink X#/etc/fasthalt 00777 root staff symlink X/etc/fsck 00777 root staff symlink X/etc/fuser 00777 root staff symlink X#/etc/halt 00777 root staff symlink X#/etc/ifconfig 00777 root staff symlink X#/etc/install/EXCLUDELIST 00644 root staff file X#/etc/install/category.standalone 00644 root staff file X#/etc/install/default_client_info 00644 root staff file X#/etc/install/default_sys_info 00644 root staff file X/etc/link 00777 root staff symlink X/etc/mkfs 00777 root staff symlink X/etc/mknod 00777 root staff symlink X/etc/mount 00777 root staff symlink X#/etc/mount_rfs 00777 root staff symlink X#/etc/mtab 00644 root staff file X/etc/ncheck 00777 root staff symlink X#/etc/newfs 00777 root staff symlink X#/etc/pstat 00777 root staff symlink X#/etc/rdump 00777 root staff symlink X#/etc/reboot 00777 root staff symlink X#/etc/renice 00777 root staff symlink X#/etc/restore 00777 root staff symlink X#/usr/etc/restore 00750 root staff file X#/etc/rmt 00777 root staff symlink X#/etc/rrestore 00777 root staff symlink X/etc/shutdown 00777 root staff symlink X#/etc/spool 00777 root staff symlink X/etc/termcap 00777 root staff symlink X#/etc/tmp 00777 root staff symlink X/etc/umount 00777 root staff symlink X/etc/unlink 00777 root staff symlink X#/etc/update 00777 root staff symlink X#/etc/vipw 00777 root staff symlink X/home 02755 root staff directory X/lib 00777 root staff symlink X#/sys 00777 root staff symlink X/usr 02755 bin staff directory X#/usr/5lib 02755 bin staff directory X/usr/adm 00777 root staff symlink X/usr/bin 02755 bin staff directory X#/usr/bin/sunview1 02755 bin staff directory X#/usr/boot 00777 root staff symlink X#/usr/demo 02755 bin staff directory X#/usr/diag 02755 bin staff directory X#/usr/diag/sundiag 02755 root staff directory X#/usr/etc 02755 bin staff directory X#/usr/games 02755 bin staff directory X#/usr/games/chesstool 00750 bin staff symlink X/usr/include 02755 bin staff directory X#/usr/include/images 02755 bin staff directory X#/usr/include/suntool 02755 bin staff directory X#/usr/include/sunwindow 02755 bin staff directory X/usr/kvm 02755 bin staff directory X/usr/kvm/i386 00777 root staff symlink X/usr/kvm/iAPX286 00777 root staff symlink X/usr/kvm/m68k 00777 root staff symlink X#/usr/kvm/machine 00777 root staff symlink X/usr/kvm/mc68010 00777 root staff symlink X/usr/kvm/mc68020 00777 root staff symlink X/usr/kvm/pdp11 00777 root staff symlink X/usr/kvm/sparc 00777 root staff symlink X/usr/kvm/sun 00777 root staff symlink X/usr/kvm/sun2 00777 root staff symlink X/usr/kvm/sun4 00777 root staff symlink X/usr/kvm/sun4c 00777 root staff symlink X#/usr/kvm/crash 02750 root staff file X#/usr/kvm/sys 02755 root staff directory X#/usr/kvm/sys/conf.common 02755 root staff directory X#/usr/kvm/sys/debug 02755 root staff directory X#/usr/kvm/sys/krpc 02755 root staff directory X#/usr/kvm/sys/lofs 02755 root staff directory X#/usr/kvm/sys/m68k 02755 root staff directory X#/usr/kvm/sys/mon 02755 root staff directory X#/usr/kvm/sys/net 02755 root staff directory X#/usr/kvm/sys/netinet 02755 root staff directory X#/usr/kvm/sys/nfs 02755 root staff directory X#/usr/kvm/sys/os 02755 root staff directory X#/usr/kvm/sys/rpc 02755 root staff directory X#/usr/kvm/sys/sparc 02755 root staff directory X#/usr/kvm/sys/specfs 02755 root staff directory X#/usr/kvm/sys/sun 02755 root staff directory X#/usr/kvm/sys/sun3 02755 root staff directory X#/usr/kvm/sys/sun3/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3/conf 02755 root staff directory X#/usr/kvm/sys/sun3x 02755 root staff directory X#/usr/kvm/sys/sun3x/OBJ 02755 root staff directory X#/usr/kvm/sys/sun3x/conf 02755 root staff directory X#/usr/kvm/sys/sun4 02755 root staff directory X#/usr/kvm/sys/sun4/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4/conf 02755 root staff directory X#/usr/kvm/sys/sun4c 02755 root staff directory X#/usr/kvm/sys/sun4c/OBJ 02755 root staff directory X#/usr/kvm/sys/sun4c/conf 02755 root staff directory X#/usr/kvm/sys/sundev 02755 root staff directory X#/usr/kvm/sys/sunif 02755 root staff directory X#/usr/kvm/sys/sunwindow 02755 root staff directory X#/usr/kvm/sys/sunwindowdev 02755 root staff directory X#/usr/kvm/sys/sys 02755 root staff directory X#/usr/kvm/sys/ufs 02755 root staff directory X#/usr/kvm/sys/vm 02755 root staff directory X/usr/kvm/u370 00777 root staff symlink X/usr/kvm/u3b 00777 root staff symlink X/usr/kvm/u3b15 00777 root staff symlink X/usr/kvm/u3b2 00777 root staff symlink X/usr/kvm/u3b5 00777 root staff symlink X/usr/kvm/vax 00777 root staff symlink X/usr/lib 02755 bin bin directory X#/usr/lib/.sunview 00777 root bin symlink X#/usr/lib/defaults 02755 root bin directory X#/usr/lib/fonts 02755 bin staff directory X#/usr/lib/fonts/fixedwidthfonts 02755 bin staff directory X#/usr/lib/fonts/tekfonts 02755 bin staff directory X/usr/lib/lex 00777 root bin symlink X#/usr/lib/lint/llib-lsuntool 00644 root staff file X#/usr/lib/lint/llib-lsuntool.ln 00644 root staff file X#/usr/lib/lint/llib-lsunwindow 00644 root staff file X#/usr/lib/lint/llib-lsunwindow.ln 00644 root staff file X/usr/lib/refer 02755 bin bin directory X#/usr/lib/rootmenu 00777 root bin symlink X#/usr/lib/rootmenu.old 00777 root bin symlink X/usr/lib/shlib.etc 02755 root staff directory X#/usr/lib/suntools 00777 root bin symlink X/usr/lib/tabset 00777 root bin symlink X#/usr/lib/text_extras_menu 00777 root bin symlink X#/usr/lib/textswrc 00777 root bin symlink X/usr/lib/zoneinfo 00777 root bin symlink X/usr/local 02755 bin staff directory X#/usr/man 00777 root staff symlink X#/usr/mdec 00777 root staff symlink X/usr/net 00777 root staff directory X/usr/nserve 00777 root staff directory X#/usr/old 02755 bin staff directory X/usr/pub 00777 root staff symlink X/usr/share/lib 02755 root staff directory X#/usr/share/lib/me 02755 root staff directory X#/usr/share/lib/ms 02755 bin staff directory X/usr/share/lib/tmac 02755 root staff directory X/usr/share/src 02755 bin staff directory X#/usr/share/src/sun 02755 bin staff directory X#/usr/share/src/sun/sunview1 02755 bin staff directory X#/usr/share/src/sun/sunview1/examples 02755 root staff directory X#/usr/share/src/sun/sunview1/iconedit 02755 root staff directory X/usr/spool 00777 root staff symlink X/usr/src 00777 root staff symlink X#/usr/stand 00777 root staff symlink X#/usr/sys 00777 root staff symlink X/usr/tmp 00777 root staff symlink X/usr/ucb 02755 bin staff directory X/usr/ucbinclude 00777 root staff directory X/usr/ucblib 00777 root staff directory X/var 02755 bin staff directory X END_OF_FILE if test 27138 -ne `wc -c <'tripwire-1.0/contrib/README.ASET'`; then echo shar: \"'tripwire-1.0/contrib/README.ASET'\" unpacked with wrong size! fi # end of 'tripwire-1.0/contrib/README.ASET' fi if test -f 'tripwire-1.0/src/sigfetch.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/sigfetch.c'\" else echo shar: Extracting \"'tripwire-1.0/src/sigfetch.c'\" $3168 characters$ sed "s/^X//" >'tripwire-1.0/src/sigfetch.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: sigfetch.c,v 1.3 92/10/18 19:28:25 genek Exp $"; X#endif X X/* X * sigfetch.c X * X * generate signatures for a given file. X * X * Gene Kim X * Purdue University X * October 14, 1992 X */ X X#include "../include/config.h" X#include <stdio.h> X#include <fcntl.h> X#ifdef STDLIBH X# include <stdlib.h> X#endif X#include <sys/param.h> X#include <sys/types.h> X#include <sys/stat.h> X#ifndef XENIX X# include <sys/time.h> X#else X# include <time.h> X#endif /* XENIX */ X#ifdef DIRENT X# include <dirent.h> X#else X# ifndef XENIX X# include <sys/dir.h> X# else /* XENIX */ X# include <sys/ndir.h> X# endif /* XENIX */ X#endif /* DIRENT */ X#if (defined(SYSV) && (SYSV < 3)) X# include <limits.h> X#endif /* SVR2 */ X#ifdef STRINGH X#include <string.h> X#else X#include <strings.h> X#endif X#include "../include/list.h" X#include "../include/tripwire.h" X Xextern int optind; X Xint (*pf_signatures [NUM_SIGS]) () = { X SIG0FUNC, X SIG1FUNC, X SIG2FUNC, X SIG3FUNC, X SIG4FUNC, X SIG5FUNC, X SIG6FUNC, X SIG7FUNC, X SIG8FUNC, X SIG9FUNC X }; X Xint printhex = 0; Xint sigallget = 1; Xint sigvector[NUM_SIGS] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; Xchar *signames[NUM_SIGS] = { X "nullsig", X "md5", X "snefru", X "crc32", X "crc16", X "md4", X "md2", X "nullsig", X "nullsig", X "nullsig" X }; Xint verbosity = 0; Xint quiet = 0; X Xchar *progname; X Xvoid Xusage() X{ X fprintf(stderr, "sigfetch: usage: [-0123456789qv] [ file ... ]\n"); X exit(1); X} X Xmain(argc, argv) X int argc; X char *argv[]; X{ X int i, c; X int fd; X X progname = argv[0]; X X optind = 1; X while ((c = getopt(argc, argv, "0123456789aqvh")) != -1) { X switch(c) { X case '0': sigallget = 0; sigvector[0] = 1; break; X case '1': sigallget = 0; sigvector[1] = 1; break; X case '2': sigallget = 0; sigvector[2] = 1; break; X case '3': sigallget = 0; sigvector[3] = 1; break; X case '4': sigallget = 0; sigvector[4] = 1; break; X case '5': sigallget = 0; sigvector[5] = 1; break; X case '6': sigallget = 0; sigvector[6] = 1; break; X case '7': sigallget = 0; sigvector[7] = 1; break; X case '8': sigallget = 0; sigvector[8] = 1; break; X case '9': sigallget = 0; sigvector[9] = 1; break; X case 'a': sigallget = 1; break; X case 'v': verbosity = 1; break; X case 'q': quiet = 1; break; X case 'h': printhex = 1; break; X case '?': X default: X usage(); X exit(1); X } X } X X argc -= optind; X argv += optind; X X for (i = 0; i < argc; i++) { X if (strcmp(argv[i], "-") == 0) X fd = 0; X else X if ((fd = open(argv[i], O_RDONLY, 0)) < 0) { X warn_with_err("sigfetch: open() on '%s' failed! Skipping...\n", X argv[i]); X continue; X } X sigfetch(fd); X X if (fd) X close(fd); X } X} X Xint Xsigfetch(fd) X int fd; X{ X char sigs[NUM_SIGS][SIG_MAX_LEN]; X char sigs_concat[1024]; X int i; X X /* collect signatures */ X for (i = 0; i < NUM_SIGS; i++) { X char *pc = sigs[i]; X X if (sigallget || sigvector[i]) { X X (*pf_signatures[i])(fd, pc, SIG_MAX_LEN); X if (!quiet) X printf("sig%d: %-9s: %s\n", i, signames[i], sigs[i]); X else X printf("%s ", sigs[i]); X X } X } X X if (quiet) X printf("\n"); X X} END_OF_FILE if test 3168 -ne `wc -c <'tripwire-1.0/src/sigfetch.c'`; then echo shar: \"'tripwire-1.0/src/sigfetch.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/sigfetch.c' fi if test -f 'tripwire-1.0/include/patchlevel.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/include/patchlevel.h'\" else echo shar: Extracting \"'tripwire-1.0/include/patchlevel.h'\" $86 characters$ sed "s/^X//" >'tripwire-1.0/include/patchlevel.h' <<'END_OF_FILE' X/* $Id: patchlevel.h,v 1.1.1.2 92/11/02 18:19:43 genek Exp $ */ X X#define PATCHLEVEL 1 END_OF_FILE if test 86 -ne `wc -c <'tripwire-1.0/include/patchlevel.h'`; then echo shar: \"'tripwire-1.0/include/patchlevel.h'\" unpacked with wrong size! fi # end of 'tripwire-1.0/include/patchlevel.h' fi if test -f 'tripwire-1.0/sigs/snefru/snefru.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/snefru/snefru.h'\" else echo shar: Extracting \"'tripwire-1.0/sigs/snefru/snefru.h'\" $22 characters$ sed "s/^X//" >'tripwire-1.0/sigs/snefru/snefru.h' <<'END_OF_FILE' Xint sig_snefru_get(); END_OF_FILE if test 22 -ne `wc -c <'tripwire-1.0/sigs/snefru/snefru.h'`; then echo shar: \"'tripwire-1.0/sigs/snefru/snefru.h'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/snefru/snefru.h' fi echo shar: End of archive 2 $of 8$. cp /dev/null ark2isdone MISSING="" for I in 1 2 3 4 5 6 7 8 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 8 archives. echo "Now read the README file" rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 -- Gene Spafford Software Engineering Research Center & Dept. of Computer Sciences Purdue University, W. Lafayette IN 47907-1398 Internet: spaf@cs.purdue.edu phone: (317) 494-7825