  ##############################################################################
 #                                                                            ##
############################################################################## #
#                                                                            # #
#                        Policy file for AIX 5.X                             # #
#                                                                            ##
##############################################################################

  ##############################################################################
 #                                                                            ##
############################################################################## #
#                                                                            # #
# Global Variable Definitions                                                # #
#                                                                            # #
# These are defined at install time by the installation script.  You may     # #
# Manually edit these if you are using this file directly and not from the   # #
# installation script itself.                                                # #
#                                                                            ##
##############################################################################

@@section GLOBAL
TWDOCS=;
TWROOT=;
TWBIN=;
TWPOL=;
TWDB=;
TWSKEY=;
TWLKEY=;
TWREPORT=;
HOSTNAME=;

  ##############################################################################
 #  Predefined Variables                                                      #
##############################################################################
#
#  Property Masks
#
#  -  ignore the following properties
#  +  check the following properties
#
#  a  access timestamp (mutually exclusive with +CMSH)
#  b  number of blocks allocated
#  c  inode creation/modification timestamp
#  d  ID of device on which inode resides
#  g  group id of owner
#  i  inode number
#  l  growing files (logfiles for example)
#  m  modification timestamp
#  n  number of links
#  p  permission and file mode bits
#  r  ID of device pointed to by inode (valid only for device objects)
#  s  file size
#  t  file type
#  u  user id of owner
#
#  C  CRC-32 hash
#  H  HAVAL hash
#  M  MD5 hash
#  S  SHA hash
#
##############################################################################

Device        = +pugsdr-intlbamcCMSH ;
Dynamic       = +pinugtd-srlbamcCMSH ;
Growing       = +pinugtdl-srbamcCMSH ;
IgnoreAll     = -pinugtsdrlbamcCMSH ;
IgnoreNone    = +pinugtsdrbamcCMSH-l ;
ReadOnly      = +pinugtsdbmCM-rlacSH ;
Temporary     = +pugt ;

@@section FS 

  ########################################
 #                                      ##
######################################## #
#                                      # #
#  Tripwire Binaries and Data Files    # #
#                                      ##
########################################

# Tripwire Binaries
(
  rulename = "Tripwire Binaries",
)
{
  $(TWBIN)/siggen                      -> $(ReadOnly) ;
  $(TWBIN)/tripwire                    -> $(ReadOnly) ;
  $(TWBIN)/twadmin                     -> $(ReadOnly) ;
  $(TWBIN)/twprint                     -> $(ReadOnly) ;
}

# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases
(
  rulename = "Tripwire Data Files",
)
{
  # NOTE: We remove the inode attribute because when Tripwire creates a backup,
  # it does so by renaming the old file and creating a new one (which will
  # have a new inode number).  Inode is left turned on for keys, which shouldn't
  # ever change.

  # NOTE: The first integrity check triggers this rule and each integrity check
  # afterward triggers this rule until a database update is run, since the
  # database file does not exist before that point.

  $(TWDB)                              -> $(Dynamic) -i ;
  $(TWPOL)/tw.pol                      -> $(ReadOnly) -i ;
  $(TWPOL)/tw.cfg                      -> $(ReadOnly) -i ;
  $(TWLKEY)/$(HOSTNAME)-local.key      -> $(ReadOnly) ;
  $(TWSKEY)/site.key                   -> $(ReadOnly) ;

  # don't scan the individual reports
  $(TWREPORT)                          -> $(Dynamic) (recurse=0) ;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#  OS Boot and Configuration Files             # #
#                                              ##
################################################
(
  rulename = "OS Boot and Configuration Files",
)
{
  /etc                          -> $(IgnoreNone) -SHa ;
}

  ###################################################
 #                                                 ##
################################################### #
#                                                 # #
#  Mount Points                                   # #
#                                                 ##
###################################################
(
  rulename = "Mount Points",
)
{
  /                             -> $(ReadOnly) ;
  /usr                          -> $(ReadOnly) ;
  /var                          -> $(ReadOnly) ;
}

  ###################################################
 #                                                 ##
################################################### #
#                                                 # #
#  Misc Top-Level Directories                     # #
#                                                 ##
###################################################
(
  rulename = "Misc Top-Level Directories",
)
{
  /lost+found                   -> $(ReadOnly) ;
  /hacmplocal                   -> $(ReadOnly) ;
  /homelocal                    -> $(ReadOnly) ;
  /opt                          -> $(ReadOnly) ;
  !/var/adm/csd	;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#   System Devices                             # #
#                                              ##
################################################
(
  rulename = "System Devices",
)
{
  /dev                          -> $(Device) ;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#  OS Binaries and Libraries                   # #   
#                                              ##
################################################
(
  rulename = "OS Binaries and Libraries",
)
{
  /sbin                         -> $(ReadOnly) ;
  /usr/bin                      -> $(ReadOnly) ;
  /usr/lib                      -> $(ReadOnly) ;
  /usr/sbin                     -> $(ReadOnly) ;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#  Root Directory and Files                    # #
#                                              ##
################################################
(
  rulename = "Root Directory and Files",
)
{
  #/.dtprofile                    -> $(Dynamic) ;
  ! /.netscape/cache ; 
  /.netscape/history.dat         -> $(Dynamic) ;
  /.sh_history                   -> $(Dynamic) ;
  #/.Xauthority                   -> $(ReadOnly) ;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#  Temporary Directories                       # #
#                                              ##
################################################
(
  rulename = "Temporary Directories",
)
{
  /tmp                          -> $(Temporary) ;
  /var/tmp                      -> $(Temporary) ;
}

  ################################################
 #                                              ##
################################################ #
#                                              # #
#  Directories to Ignore                       # #
#                                              ##
################################################
(
  rulename = "Directories to Ignore",
)
{
  !/proc ;
}


  ################################################
 #                                              ##
################################################ #
#                                              # #
#  System and Boot Changes                     # #
#                                              ##
################################################
(
  rulename = "System and Boot Changes",
)
{
  /etc/es/objrepos		-> $(ReadOnly) -SHacm ;
  /etc/es/objrepos/HACMPresource -> $(ReadOnly) -SHCMcm ;
  /etc/lpp/diagnostics/data 	-> $(ReadOnly) -SHCMacm ;
  /etc/ntp.drift		-> $(ReadOnly) -SHiacm ;
  !/etc/objrepos ;
  /etc/security			-> $(ReadOnly) -SHacm ;
  /usr/es/adm/cluster.log	-> $(ReadOnly) -SHCMsbm ;
  /usr/es/sbin/cluster/etc/objrepos/active -> $(ReadOnly) -SHim ;
  !/usr/etc/sbin/cluster/history ;
  /usr/share/lib/objrepos      -> $(ReadOnly) -m ;
  /usr/lib/objrepos      -> $(ReadOnly) -m ;
  !/var/adm/SPlogs ;
  /var/ha/log                      -> $(Growing) -i ;
  !/var/adm ;
  !/var/ct ;

  #/var/backups                    -> $(Dynamic) -i ;
  #/var/db/host.random             -> $(ReadOnly) -mCM ;
  #/var/db/locate.database         -> $(ReadOnly) -misCM ;
  #/var/cron                       -> $(Growing) -i ;
  #/var/log                        -> $(Growing) -i ;
  #/var/run                        -> $(Dynamic) -i ;
  #/var/mail                       -> $(Growing) ;
  #/var/msgs/bounds                -> $(ReadOnly) -smbCM ;
  #/var/spool/clientmqueue         -> $(Temporary) ;
  #/var/spool/mqueue               -> $(Temporary) ;
  #!/var/tmp/vi.recover ;           # perl script periodically removes this
}
