Newsgroups: comp.sources.unix From: spaf@cs.purdue.edu (Gene Spafford) Subject: v26i178: tripwire - security integrity monitor, Part06/08 Sender: unix-sources-moderator@vix.com Approved: paul@vix.com Submitted-By: spaf@cs.purdue.edu (Gene Spafford) Posting-Number: Volume 26, Issue 178 Archive-Name: tripwire/part06 #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh 'tripwire-1.0/man/tripwire.8' <<'END_OF_FILE' X.\" $Id: tripwire.8,v 1.2 92/11/03 02:34:17 genek Exp $ X.\" X.TH TRIPWIRE 8 "October 14, 1992" X.SH NAME Xtripwire \- a file integrity checker for UNIX systems X.SH SYNOPSIS X.B tripwire X[ X.I options \fP...\fI X] X.SH DESCRIPTION X.LP XTripwire is a system file integrity checker, a utility that Xcompares a designated set of files and directories against Xinformation stored in a previously generated database. XAdded or deleted files are flagged and reported, as are any files Xthat have changed from its previously recorded state in the Xdatabase. When run against system files on a regular basis, Xchanges in critical system files would be spotted at the next Xtime-interval when Tripwire is run, so damage control measures Xcan be implemented immediately. X.LP XUsing Tripwire, system administrators can conclude with an Xextremely high degree of certainty that a given set of files Xremain untouched from unauthorized modifications, provided the Xprogram and database are appropriately protected (e.g., stored on Xread-only media). X.LP XTripwire uses message-digest algorithms (cryptographic checksums) Xto detect changes in a hard-to-spoof manner. This should be able Xto detect significant changes to critical files, including those Xcaused by insertion of backdoors or viruses. Tripwire also Xmonitors changes to file permissions, modification times, and Xother significant changes to inodes as selected by the system Xadministrator on a per-file/directory basis. X.LP XTripwire runs in one of three modes: Database Generation, XDatabase Update, or Integrity Checking mode. In Database XGeneration mode, Tripwire initializes the database based upon the Xthe entries enumerated in the \fItw.config\fP file. Database XUpdate mode provides incremental database update functionality on Xa per-file/directory basis, to obviate having to regenerate the Xentire database every time a file changes. Finally, Integrity XChecking modes provides the tripwire-like functionality which Xcompares all files in the database file against those currently Xresiding on the filesystem and reports any changes. X.SH OPTIONS X.LP XWhen run without any arguments, \fItripwire\fP runs in Integrity XChecking mode. X.TP 20 X.B \-initialize XDatabase Generation mode. Creates the database which is used for Xall subsequent Integrity Checking runs. X.TP X.B -update entry XDatabase Update mode. This mode updates the specified \fIentry\fP Xin the database. If \fIentry\fP is a file, only that file is Xupdates. If \fIentry\fP is a directory, the directory and all of Xits children are updated. If \fIentry\fP is also a X\fItw.config\fP file, the entire entry in the database is Xupdated. X.TP X.B \-d dbasefile XReads the database information from the specified file X\fIdbasefile\fP. \fIstdin\fP can specified by ``-d -''. X.TP X.B \-c configfile XRead the configuration information from the specified file X\fIconfigfile\fP. \fIstdin\fP can specified by ``-c -''. X.TP X.B \-D\fIvar\fP=\fIvalue\fP XDefines the \fItw.config\fP variable \fIvar\fP to \fIvalue\fP. X(As if \fI@@define\fP were used.) X.TP X.B \-U\fIvar\fP XUndefine the \fItw.config\fP variable \fIvar\fP. X(As if \fI@@undef\fP were used.) X.TP X.B \-i #|all XIgnore the specified signature, and skip it when comparing Xagainst database entries. If \fIall\fP is specified, no Xsignatures are collected or compared. X.TP X.B \-E XPrints out preprocessed \fItw.config\fP file to \fIstdout\fP. X.TP X.B \-q XQuiet mode. Skips Phase 5 which lists all the {\fIobserved, Xexpected\fP} pairs for each changed file. X.TP X.B \-v XVerbose mode. X.TP X.B \-version XPrints out version information. X.SH DATABASE GENERATION MODE X.LP XIn Database Generation mode, \fItripwire\fP will create the Xdatabase file based upon the entries in \fItw.config\fP. The Xname of this database file is defined at compile-time in X\fIconfig.h\fP \- defaults to \fItw.db_[hostname]\fP. The Xgenerated database is placed in \fB./databases\fP directory, and Xmust be moved to the target directory manually. X.LP XNote that you must manually move this file to your database Xdirectory. This is because the default database directory should Xbe a read-only file system. X.SH DATABASE UPDATE MODE X.LP XIn Database Update mode, \fItripwire\fP updates only the Xspecified subset of files in the database. The updated database Xis read as normal, and the database with the updated entries is Xwritten out to the \fB./Databases\fP directory, as well as a Xbackup of the original database. X.LP X\fItripwire\fP in Database Update mode requires one argument, Xwhich is used as an \fIentry\fP. The \fIentry\fP argument Xspecifies which file or directory is to be updated, and is interpreted Xsimilar to \fItw.config\fP entries. If the argument is a Xfilename, only that file is updated in the database. Similarly, Xif the argument is a directory name, the directory and its Xchildren are updated. X.LP XIf the argument is also an entry in the \fItw.config\fP file, the Xentire entry is updated. Running \fItripwire\fP in this fashion Xwill flag files that have been added or deleted in this entry. X.SH INTEGRITY CHECKING MODE X.LP XIn Integrity Checking mode, \fItripwire\fP reads in the Xpreviously generated database, and then rebuilds a new database Xto reflect the current files. \fItripwire\fP reports any files Xthat have been added or deleted, and then reports any files that Xhave changed. X.LP XIn the \fItw.config\fP file, there is a description of which attributes Xcan change that can be safely ignored. \fItripwire\fP applies these Xignore-rules to dismiss which changes can be safely ignored. X.LP XEach file that differs from the information stored in the database Xis considered ``changed.'' However, only the changes that remain Xafter the ignore-rules are applied are displayed. For each change, Xthe expected and actual information is printed. For instance: X.LP X.Ps X.ps -2 X.vs -2 X2:30am (mentor) 985 % tripwire X### Phase 1: Reading configuration file X### Phase 2: Generating file list X### Phase 3: Creating file information database X### Phase 4: Searching for inconsistencies X### X### Total files scanned: 82 X### Files added: 0 X### Files deleted: 0 X### Files changed: 80 X### X### After applying rules: X### Changes discarded: 79 X### Changes remaining: 1 X### Xchanged: -rw------- genek 4433 Oct 13 02:30:34 1992 /tmp/genek/tripwire-0.92/config.h X### Phase 5: Generating observed/expected pairs for changed files X### X### Attr Observed (what it is) Expected (what it should be) X### =========== ============================= ============================= X/tmp/genek/tripwire-0.92/config.h X st_size: 4441 4433 X md5 (sig1): 0aqL1O06C3Fj1YBXz3.CPdcb 0cPX1H.DYS.s1vZdKD.ELMDR X snefru (sig2): 0PcgcK/MZvEm.8pIWe.Gbnn/ /8VoJv1JcoUA0NvoGN.k3P6E X crc32 (sig3): .EHA6x /OuGNV X crc16 (sig4): ...9/q ...6yu X md4 (sig5): /hQ0sU.UEbJo.UR4VZ/mNG/h .UR4VZ/mNG/h/VSG/W/Z643k X md2 (sig6): .hLwjb.VRA0O.Z72y90xTYqA 1LR0Gg1l.vqB0.1g330Pi8/p X.ps X.vs X.Pe X.SH ENVIRONMENT XNone. X.SH BUGS XThis manual page is still not self-contained yet \- users still Xneed to read the design document to really understand the Xutility. X.SH SEE ALSO X.IR "Tripwire Design Document" , Xby Gene Kim and Eugene Spafford X.SH AUTHORS X.nf XGene Kim XPurdue University Xgenek@mentor.cc.purdue.edu X XEugene Spafford XPurdue University Xspaf@cs.purdue.edu X.fi X END_OF_FILE if test 7596 -ne `wc -c <'tripwire-1.0/man/tripwire.8'`; then echo shar: \"'tripwire-1.0/man/tripwire.8'\" unpacked with wrong size! fi # end of 'tripwire-1.0/man/tripwire.8' fi if test -f 'tripwire-1.0/man/tw.config.5' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/man/tw.config.5'\" else echo shar: Extracting \"'tripwire-1.0/man/tw.config.5'\" \(7470 characters\) sed "s/^X//" >'tripwire-1.0/man/tw.config.5' <<'END_OF_FILE' X.\" $Id: tw.config.5,v 1.1.1.2 92/11/02 18:20:25 genek Exp $ X.\" X.TH TW.CONFIG 5 "October 5, 1992" X.SH NAME Xtw.config \- configuration file for Tripwire X.SH SYNOPSIS Xtw.config X.SH DESCRIPTION XThe \fItw.config\fP file contains the list of files and Xdirectories that are scanned by Tripwire. Information on these Xfiles are collected and stored in the \fItw_db\fP database file. X.LP XThe first section describes the entry format in the X\fItw.config\fP file which describes the files monitored Xby Tripwire. The second section describes the proprocessing Xdirectives that Tripwire provides. These directives, which Xprovide similar functionality of the C preprocessor and M4 macro Xprocessor, allow Tripwire to make bindings at run-time. This Xallows system administrators to use common \fItw.config\fP files Xacross multiple machines \- or even across an entire site. X.SH ENTRY FORMAT X.LP XEach entry in \fItw.config\fP is single line in the following form: X.sp X.RS X\fBFormat\fP: \fI[!|=] entry [ignore-flags][template]\fP X.RE X.RS X.Pe X.TP 12 X.I entry XAn \fIentry\fP is the absolute pathname of a file or a directory. XWithout any prefixes, the \fIentry\fP is added to the list of files Xto be scanned. X.RS X.TP X.I ! XInclusive prune. Prunes \fIentry\fP from the list of files to be Xscanned. If \fIentry\fP is a file, the file is removed list of Xfiles. If \fIentry\fP is a directory, the directory and all of Xits children are removed from the list of files. X.TP X.I = XExclusive prune. Does not prune \fIentry\fP, but does prune its Xchildren. This has no effect if \fIentry\fP is a file. This Xoption is useful for monitoring directories with transient files X(e.g., /tmp and /var/tmp). X.RE X.TP X.I ignore-flags X\fIignore-flags\fP describe inode and file attributes. \fIignore-flags\fP Xeither specifies Tripwire to ignore changes in a specific attribute, or to Xreport them. \fIignore-flags\fP are provided in the form: X.I X[ [+|-][pinugsam12] ... ] X.RS X.TP 4 X.I - Xignore the following attributes X.TP X.I + Xdo not ignore the following attributes X.TP X.I p Xpermission and file mode bits X.TP X.I i Xinode number X.TP X.I n Xnumber of links (i.e., inode reference count) X.TP X.I u Xuser id of owner X.TP X.I g Xgroup id of owner X.TP X.I s Xsize of file X.TP X.I a Xaccess timestamp X.TP X.I m Xmodification timestamp X.TP X.I c Xinode creation timestamp X.TP X.I 0 Xsignature 0 \- null signature X.TP X.I 1 Xsignature 1 \- MD5, the RSA Data Security, Inc. Message Digesting Algorithm. X.TP X.I 2 Xsignature 2 \- Snefru, the Xerox Secure Hash Function. X.TP X.I 3 Xsignature 3 \- CRC-32, 32-bit Cyclic Redundancy Check. X.TP X.I 4 Xsignature 4 \- CRC-16, the standard (non-CCITT) 16-bit Cyclic Redundancy Check. X.TP X.I 5 Xsignature 5 \- MD4, the RSA Data Security, Inc. Message Digesting Algorithm. X.TP X.I 6 Xsignature 6 \- MD2, the RSA Data Security, Inc. Message Digesting Algorithm. X.TP X.I 7 Xsignature 7 \- null signature (reserved for future expansion) X.TP X.I 8 Xsignature 8 \- null signature (reserved for future expansion) X.TP X.I 9 Xsignature 9 \- null signature (reserved for future expansion) X.RE X.TP X.I templates X\fItemplate\fP are predefined sets of \fIignore-flags\fP that are Xthe most useful for most system administration and monitoring Xsetups. X.RE X.LP XThe following templates have been pre-defined to make these long ignore Xmask descriptions unnecessary. X.RS X.nf X.TP 6 X.I R X[R]ead-only (+pinugsm12-a) \fI(default)\fP X.TP X.I L X[L]og file (+pinug-sam12) X.TP X.I N Xignore [N]othing (+pinusgsamc12) X.TP X.I E Xignore [E]verything (-pinusgsamc12) X.fi X.RE X.LP XBy default, Tripwire uses the R template. Since it applies the Xset of \fIignore-flags\fP {+pinugsm12-a}, Tripwire will ignore Xany changed files where only the access time stamp has changed. X.LP XYou can combine the use of templates with ignore-flag modifiers. XThe following entry monitors only changes in user-id and group-id Xinformation. X.Ps X/etc/lp E+ug X.Pe X.SH ENTRY EXAMPLES X.LP XThe following entry will scan all the files in /etc, and report Xany changes in mode bits, inode number, reference count, uid, Xgid, modification and creation timestamp, and the signatures. XHowever, it will ignore any changes in the access timestamp. X.Ps X/etc +pinugsm12-a X.Pe X.LP XThe following example shows a very simple \fItw.config\fP file that Xmonitors a subset of the /etc directory. X.Ps X/etc R # all system files X!/etc/lp R # ...but not those logs X=/tmp N # just the directory, not its files X.Pe X.LP XNote the difference between pruning (via "!") and ignoring everything X(via "E" template): Ignoring everything in a directory still monitors Xfor added and deleted files. Pruning a directory will prevent Tripwire Xfrom even looking in the specified directory. X.LP X.I Hint: XTripwire running slowly? Modify your tripwire.config entries to Xignore signatures 2 through 9 when this computationally-exorbitant Xprotection is not needed. (See README and design document for further Xdetails.) X.SH PREPROCESSOR X.LP XTripwire incorporates a general purpose preprocessor that parses Xthe \fItw.config\fP in one-pass. Available preprocessing directives Xinclude file inclusion, macro defines, conditionals based upon Xhostname or macros, and on-the-fly macro substitution. These directives Xprovide C-preprocessor and m4-like capabilities. X.LP XThe authors envision multiple machines sharing the same \fItw.config\fP Xfile by using header files and conditionals. X.RS X.TP 30 X.I @@ifhost HOSTNAME Xincludes text until matching \fI@@endif\fPd if the machine Xhostname matches the specified \fIHOSTNAME\fP. X.TP X.I @@ifnhost HOSTNAME Xincludes text until matching \fI@@endif\fP if the machine Xhostname does not match the specified \fIHOSTNAME\fP. X.TP X.I @@else Xprovides if-else semantics to preprocessor. X.TP X.I @@define VAR STRING Xdefines variable \fIVAR\fP to \fISTRING\fP. If the second argument Xis not provides, then a null-string is assigned to \fIVAR\fP. X.TP X.I @@undef VAR Xclears definition of variable \fIVAR\fP. X.TP X.I @@ifdef VAR Xincludes text until matching \fI@@endif\fP if the variable \fIVAR\fP Xhas been defined. X.TP X.I @@ifndef VAR Xincludes text until matching \fI@@endif\fP if the variable \fIVAR\fP Xhas not been defined. X.TP X.I @@endif Xcloses up \fI@@ifhost\fP, \fI@@ifnhost\fP, \fI@@ifdef\fP, and X\fI@@ifndef\fP. X.TP X.I @@include "FILENAME" Xreads in the specified source file. Quotes are optional. X.TP X.I @@VAR Xsubstitutes the definition of (\fIVAR\fP) with the X\fI@@define\fP'ed value. X.RE X.LP X.I Example: XA host-dependent inclusion can be specified many ways so tw.config Xfiles can be shared among multiple machines. So, if the machine X"mentor.cc.purdue.edu" is the only machine that has a certain file, Xyou could use: X.Ps X@@ifhost mentor.cc.purdue.edu X/etc/tw.log.mentor R X@@endif X X@@define ARCHIVE +pinugsamc-12 X/etc/tw.log @@ARCHIVE X.Pe X.SH CAVEATS X.LP XAlthough \fItripwire\fP provides hooks for ten different Xsignature routines, using all ten would certainly be overkill in Xalmost any imaginable situation. However, having up to ten Xsignature routines in your signature arsenal allows system Xadministrators considerable flexibility in finding the balance Xbetween performance and security for their specific site. This Xis the reason for supplying CRC-16 and CRC-32 which are trivially Xsimple to crack. These routines are not secure, but they are Xsignificantly faster than the cryptographic checksumming Xroutines. X.SH AUTHOR X.nf XGene Kim XPurdue University Xgenek@mentor.cc.purdue.edu X XEugene Spafford XPurdue University Xspaf@cs.purdue.edu X.fi X END_OF_FILE if test 7470 -ne `wc -c <'tripwire-1.0/man/tw.config.5'`; then echo shar: \"'tripwire-1.0/man/tw.config.5'\" unpacked with wrong size! fi # end of 'tripwire-1.0/man/tw.config.5' fi if test -f 'tripwire-1.0/src/Makefile' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/src/Makefile'\" else echo shar: Extracting \"'tripwire-1.0/src/Makefile'\" \(7439 characters\) sed "s/^X//" >'tripwire-1.0/src/Makefile' <<'END_OF_FILE' X# $Id: Makefile,v 1.2 92/11/03 02:35:09 genek Exp $ X# X# Tripwire build X# X XOFILES = config.parse.o main.o list.o ignorevec.o dbase.build.o \ X utils.o preen.o preen.interp.o preen.report.o \ X nullsig.o config.prim.o dbase.update.o \ X config.pre.o \ X $(OSIGS) X XOSIGS = $(OSIG1) $(OSIG2) $(OSIG3) $(OSIG4) $(OSIG5) $(OSIG6) X XSIGDIR = ../sigs XSIG1DIR = $(SIGDIR)/md5 XSIG2DIR = $(SIGDIR)/snefru XSIG3DIR = $(SIGDIR)/crc32 XSIG4DIR = $(SIGDIR)/crc XSIG5DIR = $(SIGDIR)/md4 XSIG6DIR = $(SIGDIR)/md2 X XOSIG1 = $(SIG1DIR)/md5wrapper.o $(SIG1DIR)/md5.o XOSIG2 = $(SIG2DIR)/snefru.o XOSIG3 = $(SIG3DIR)/crc32.o XOSIG4 = $(SIG4DIR)/crc.o XOSIG5 = $(SIG5DIR)/md4.o $(SIG5DIR)/md4wrapper.o XOSIG6 = $(SIG6DIR)/md2.o $(SIG6DIR)/md2wrapper.o X XCFILES = config.parse.c main.c list.c ignorevec.c dbase.build.c \ X utils.c preen.c preen.interp.c preen.report.c \ X nullsig.c config.prim.c dbase.update.c \ X config.pre.c \ X $(CSIGS) X XCSIGS = $(CSIG1) $(CSIG2) $(CSIG3) $(CSIG4) $(CSIG5) $(CSIG6) X XCSIG1 = $(SIG1DIR)/md5wrapper.c $(SIG1DIR)/md5.c XCSIG2 = $(SIG2DIR)/snefru.c XCSIG3 = $(SIG3DIR)/crc32.c XCSIG4 = $(SIG4DIR)/crc.c XCSIG5 = $(SIG5DIR)/md4.c $(SIG5DIR)/md4wrapper.c XCSIG6 = $(SIG6DIR)/md2.c $(SIG6DIR)/md2wrapper.c X X### X Xall: tripwire sigfetch X Xtripwire: $(P) $(OFILES) X $(CC) $(CFLAGS) -o $@ $(OFILES) $(LIBS) X X$(OSIG1): ../include/byteorder.h X (cd $(SIG1DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X$(OSIG2): ../include/byteorder.h X (cd $(SIG2DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X$(OSIG3): ../include/byteorder.h X (cd $(SIG3DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X$(OSIG4): ../include/byteorder.h X (cd $(SIG4DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X$(OSIG5): ../include/byteorder.h X (cd $(SIG5DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X$(OSIG6): ../include/byteorder.h X (cd $(SIG6DIR); make CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I..") X X../include/byteorder.h ../include/inode.h: X (cd ../aux; make CC=$(CC) CFLAGS="$(CFLAGS)" \ X LDFLAGS="$(LDFLAGS)" CPP="$(CPP)" SHELL=$(SHELL) all) X X X# need $(LDFLAGS) because this may interact with the way nullsig.o and X# utils.o were compiled Xsigfetch: $(OSIGS) sigfetch.c X $(CC) $(CFLAGS) -o sigfetch sigfetch.c $(OSIGS) nullsig.o utils.o $(LIBS) X Xconfig.lex.c: config.pre.l X $(LEX) config.pre.l X mv lex.yy.c config.lex.c X Xconfig.pre.c: config.lex.c config.pre.y X $(YACC) config.pre.y X sed 's/lex\.yy\.c/config.lex.c/' < y.tab.c > config.pre.c X rm y.tab.c X X.c.o: X $(CC) $(CFLAGS) -c $< X Xinstall: tripwire X $(INSTALL) tripwire $(TARGET) X Xclean: X -rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c X Xclobber: clean X -rm -f tripwire sigfetch X X# Some other dependencies X Xconfig.lex.o: config.lex.c Xconfig.parse.o: config.parse.c Xconfig.parse.o: ../include/config.h Xconfig.parse.o: ../include/list.h Xconfig.parse.o: ../include/tripwire.h Xconfig.parse.o: ../sigs/snefru/snefru.h Xconfig.parse.o: ../sigs/md5/md5.h Xconfig.parse.o: ../sigs/crc32/crc32.h Xconfig.parse.o: ../sigs/crc/crc.h Xconfig.parse.o: ../sigs/md2/md2.h Xconfig.parse.o: ../sigs/md4/md4.h Xconfig.parse.o: ../include/inode.h Xconfig.pre.o: config.pre.c Xconfig.pre.o: ../include/config.h Xconfig.pre.o: ../include/list.h Xconfig.pre.o: ../include/tripwire.h Xconfig.pre.o: ../sigs/snefru/snefru.h Xconfig.pre.o: ../sigs/md5/md5.h Xconfig.pre.o: ../sigs/crc32/crc32.h Xconfig.pre.o: ../sigs/crc/crc.h Xconfig.pre.o: ../sigs/md2/md2.h Xconfig.pre.o: ../sigs/md4/md4.h Xconfig.pre.o: ../include/inode.h Xconfig.pre.o: ./config.lex.c Xconfig.prim.o: config.prim.c Xconfig.prim.o: ../include/config.h Xconfig.prim.o: ../include/tripwire.h Xconfig.prim.o: ../sigs/snefru/snefru.h Xconfig.prim.o: ../sigs/md5/md5.h Xconfig.prim.o: ../sigs/crc32/crc32.h Xconfig.prim.o: ../sigs/crc/crc.h Xconfig.prim.o: ../sigs/md2/md2.h Xconfig.prim.o: ../sigs/md4/md4.h Xconfig.prim.o: ../include/inode.h Xconfig.prim.o: ../include/list.h Xdbase.build.o: dbase.build.c Xdbase.build.o: ../include/config.h Xdbase.build.o: ../include/list.h Xdbase.build.o: ../include/tripwire.h Xdbase.build.o: ../sigs/snefru/snefru.h Xdbase.build.o: ../sigs/md5/md5.h Xdbase.build.o: ../sigs/crc32/crc32.h Xdbase.build.o: ../sigs/crc/crc.h Xdbase.build.o: ../sigs/md2/md2.h Xdbase.build.o: ../sigs/md4/md4.h Xdbase.build.o: ../include/inode.h Xdbase.update.o: dbase.update.c Xdbase.update.o: ../include/config.h Xdbase.update.o: ../include/list.h Xdbase.update.o: ../include/tripwire.h Xdbase.update.o: ../sigs/snefru/snefru.h Xdbase.update.o: ../sigs/md5/md5.h Xdbase.update.o: ../sigs/crc32/crc32.h Xdbase.update.o: ../sigs/crc/crc.h Xdbase.update.o: ../sigs/md2/md2.h Xdbase.update.o: ../sigs/md4/md4.h Xdbase.update.o: ../include/inode.h Xignorevec.o: ignorevec.c Xignorevec.o: ../include/config.h Xignorevec.o: ../include/list.h Xignorevec.o: ../include/tripwire.h Xignorevec.o: ../sigs/snefru/snefru.h Xignorevec.o: ../sigs/md5/md5.h Xignorevec.o: ../sigs/crc32/crc32.h Xignorevec.o: ../sigs/crc/crc.h Xignorevec.o: ../sigs/md2/md2.h Xignorevec.o: ../sigs/md4/md4.h Xignorevec.o: ../include/inode.h Xlist.o: list.c Xlist.o: ../include/config.h Xlist.o: ../include/list.h Xmain.o: main.c Xmain.o: ../include/config.h Xmain.o: ../include/list.h Xmain.o: ../include/tripwire.h Xmain.o: ../sigs/snefru/snefru.h Xmain.o: ../sigs/md5/md5.h Xmain.o: ../sigs/crc32/crc32.h Xmain.o: ../sigs/crc/crc.h Xmain.o: ../sigs/md2/md2.h Xmain.o: ../sigs/md4/md4.h Xmain.o: ../include/inode.h Xmain.o: ../include/patchlevel.h Xnullsig.o: nullsig.c Xnullsig.o: ../include/config.h Xnullsig.o: ../include/tripwire.h Xnullsig.o: ../sigs/snefru/snefru.h Xnullsig.o: ../sigs/md5/md5.h Xnullsig.o: ../sigs/crc32/crc32.h Xnullsig.o: ../sigs/crc/crc.h Xnullsig.o: ../sigs/md2/md2.h Xnullsig.o: ../sigs/md4/md4.h Xnullsig.o: ../include/inode.h Xnullsig.o: ../include/sigs.h Xpreen.o: preen.c Xpreen.o: ../include/config.h Xpreen.o: ../include/list.h Xpreen.o: ../include/tripwire.h Xpreen.o: ../sigs/snefru/snefru.h Xpreen.o: ../sigs/md5/md5.h Xpreen.o: ../sigs/crc32/crc32.h Xpreen.o: ../sigs/crc/crc.h Xpreen.o: ../sigs/md2/md2.h Xpreen.o: ../sigs/md4/md4.h Xpreen.o: ../include/inode.h Xpreen.interp.o: preen.interp.c Xpreen.interp.o: ../include/config.h Xpreen.interp.o: ../include/list.h Xpreen.interp.o: ../include/tripwire.h Xpreen.interp.o: ../sigs/snefru/snefru.h Xpreen.interp.o: ../sigs/md5/md5.h Xpreen.interp.o: ../sigs/crc32/crc32.h Xpreen.interp.o: ../sigs/crc/crc.h Xpreen.interp.o: ../sigs/md2/md2.h Xpreen.interp.o: ../sigs/md4/md4.h Xpreen.interp.o: ../include/inode.h Xpreen.report.o: preen.report.c Xpreen.report.o: ../include/config.h Xpreen.report.o: ../include/list.h Xpreen.report.o: ../include/tripwire.h Xpreen.report.o: ../sigs/snefru/snefru.h Xpreen.report.o: ../sigs/md5/md5.h Xpreen.report.o: ../sigs/crc32/crc32.h Xpreen.report.o: ../sigs/crc/crc.h Xpreen.report.o: ../sigs/md2/md2.h Xpreen.report.o: ../sigs/md4/md4.h Xpreen.report.o: ../include/inode.h Xsigfetch.o: sigfetch.c Xsigfetch.o: ../include/config.h Xsigfetch.o: ../include/list.h Xsigfetch.o: ../include/tripwire.h Xsigfetch.o: ../sigs/snefru/snefru.h Xsigfetch.o: ../sigs/md5/md5.h Xsigfetch.o: ../sigs/crc32/crc32.h Xsigfetch.o: ../sigs/crc/crc.h Xsigfetch.o: ../sigs/md2/md2.h Xsigfetch.o: ../sigs/md4/md4.h Xsigfetch.o: ../include/inode.h Xutils.o: utils.c Xutils.o: ../include/config.h Xutils.o: ../include/list.h Xutils.o: ../include/tripwire.h Xutils.o: ../sigs/snefru/snefru.h Xutils.o: ../sigs/md5/md5.h Xutils.o: ../sigs/crc32/crc32.h Xutils.o: ../sigs/crc/crc.h Xutils.o: ../sigs/md2/md2.h Xutils.o: ../sigs/md4/md4.h Xutils.o: ../include/inode.h END_OF_FILE if test 7439 -ne `wc -c <'tripwire-1.0/src/Makefile'`; then echo shar: \"'tripwire-1.0/src/Makefile'\" unpacked with wrong size! fi # end of 'tripwire-1.0/src/Makefile' fi if test -f 'tripwire-1.0/sigs/md2/md2.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/md2/md2.c'\" else echo shar: Extracting \"'tripwire-1.0/sigs/md2/md2.c'\" \(7130 characters\) sed "s/^X//" >'tripwire-1.0/sigs/md2/md2.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: md2.c,v 1.1.1.2 92/11/02 18:21:23 genek Exp $"; X#endif X X/* MD2C.C - RSA Data Security, Inc., MD2 message-digest algorithm X */ X X/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All X rights reserved. X X License to copy and use this software is granted for X non-commercial Internet Privacy-Enhanced Mail provided that it is X identified as the "RSA Data Security, Inc. MD2 Message Digest X Algorithm" in all material mentioning or referencing this software X or this function. X X RSA Data Security, Inc. makes no representations concerning either X the merchantability of this software or the suitability of this X software for any particular purpose. It is provided "as is" X without express or implied warranty of any kind. X X These notices must be retained in any copies of any part of this X documentation and/or software. X */ X X#include "global.h" X#include "md2.h" X Xstatic void MD2Transform PROTO_LIST X ((unsigned char [16], unsigned char [16], unsigned char [16])); Xstatic void MD2_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); Xstatic void MD2_memset PROTO_LIST ((POINTER, int, unsigned int)); X X/* Permutation of 0..255 constructed from the digits of pi. It gives a X "random" nonlinear byte substitution operation. X */ Xstatic unsigned char PI_SUBST[256] = { X 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, X 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, X 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, X 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, X 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, X 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, X 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, X 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, X 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, X 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, X 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, X 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, X 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, X 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, X 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, X 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, X 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, X 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 X}; X Xstatic unsigned char *PADDING[] = { X (unsigned char *)"", X (unsigned char *)"\001", X (unsigned char *)"\002\002", X (unsigned char *)"\003\003\003", X (unsigned char *)"\004\004\004\004", X (unsigned char *)"\005\005\005\005\005", X (unsigned char *)"\006\006\006\006\006\006", X (unsigned char *)"\007\007\007\007\007\007\007", X (unsigned char *)"\010\010\010\010\010\010\010\010", X (unsigned char *)"\011\011\011\011\011\011\011\011\011", X (unsigned char *)"\012\012\012\012\012\012\012\012\012\012", X (unsigned char *)"\013\013\013\013\013\013\013\013\013\013\013", X (unsigned char *)"\014\014\014\014\014\014\014\014\014\014\014\014", X (unsigned char *) X "\015\015\015\015\015\015\015\015\015\015\015\015\015", X (unsigned char *) X "\016\016\016\016\016\016\016\016\016\016\016\016\016\016", X (unsigned char *) X "\017\017\017\017\017\017\017\017\017\017\017\017\017\017\017", X (unsigned char *) X "\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020" X}; X X/* MD2 initialization. Begins an MD2 operation, writing a new context. X */ Xvoid MD2Init (context) XMD2_CTX *context; /* context */ X{ X context->count = 0; X MD2_memset ((POINTER)context->state, 0, sizeof (context->state)); X MD2_memset X ((POINTER)context->checksum, 0, sizeof (context->checksum)); X} X X/* MD2 block update operation. Continues an MD2 message-digest X operation, processing another message block, and updating the X context. X */ Xvoid MD2Update (context, input, inputLen) XMD2_CTX *context; /* context */ Xunsigned char *input; /* input block */ Xunsigned int inputLen; /* length of input block */ X{ X unsigned int i, index, partLen; X X /* Update number of bytes mod 16 */ X index = context->count; X context->count = (index + inputLen) & 0xf; X X partLen = 16 - index; X X /* Transform as many times as possible. X */ X if (inputLen >= partLen) { X MD2_memcpy X ((POINTER)&context->buffer[index], (POINTER)input, partLen); X MD2Transform (context->state, context->checksum, context->buffer); X X for (i = partLen; i + 15 < inputLen; i += 16) X MD2Transform (context->state, context->checksum, &input[i]); X X index = 0; X } X else X i = 0; X X /* Buffer remaining input */ X MD2_memcpy X ((POINTER)&context->buffer[index], (POINTER)&input[i], X inputLen-i); X} X X/* MD2 finalization. Ends an MD2 message-digest operation, writing the X message digest and zeroizing the context. X */ Xvoid MD2Final (digest, context) Xunsigned char digest[16]; /* message digest */ XMD2_CTX *context; /* context */ X{ X unsigned int index, padLen; X X /* Pad out to multiple of 16. X */ X index = context->count; X padLen = 16 - index; X MD2Update (context, PADDING[padLen], padLen); X X /* Extend with checksum */ X MD2Update (context, context->checksum, 16); X X /* Store state in digest */ X MD2_memcpy ((POINTER)digest, (POINTER)context->state, 16); X X /* Zeroize sensitive information. X */ X MD2_memset ((POINTER)context, 0, sizeof (*context)); X} X X/* MD2 basic transformation. Transforms state and updates checksum X based on block. X */ Xstatic void MD2Transform (state, checksum, block) Xunsigned char state[16]; Xunsigned char checksum[16]; Xunsigned char block[16]; X{ X unsigned int i, j, t; X unsigned char x[48]; X X /* Form encryption block from state, block, state ^ block. X */ X MD2_memcpy ((POINTER)x, (POINTER)state, 16); X MD2_memcpy ((POINTER)x+16, (POINTER)block, 16); X for (i = 0; i < 16; i++) X x[i+32] = state[i] ^ block[i]; X X /* Encrypt block (18 rounds). X */ X t = 0; X for (i = 0; i < 18; i++) { X for (j = 0; j < 48; j++) X t = x[j] ^= PI_SUBST[t]; X t = (t + i) & 0xff; X } X X /* Save new state */ X MD2_memcpy ((POINTER)state, (POINTER)x, 16); X X /* Update checksum. X */ X t = checksum[15]; X for (i = 0; i < 16; i++) X t = checksum[i] ^= PI_SUBST[block[i] ^ t]; X X /* Zeroize sensitive information. X */ X MD2_memset ((POINTER)x, 0, sizeof (x)); X} X X/* Note: Replace "for loop" with standard memcpy if possible. X */ Xstatic void MD2_memcpy (output, input, len) XPOINTER output; XPOINTER input; Xunsigned int len; X{ X unsigned int i; X X for (i = 0; i < len; i++) X output[i] = input[i]; X} X X/* Note: Replace "for loop" with standard memset if possible. X */ Xstatic void MD2_memset (output, value, len) XPOINTER output; Xint value; Xunsigned int len; X{ X unsigned int i; X X for (i = 0; i < len; i++) X ((char *)output)[i] = (char)value; X} END_OF_FILE if test 7130 -ne `wc -c <'tripwire-1.0/sigs/md2/md2.c'`; then echo shar: \"'tripwire-1.0/sigs/md2/md2.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/md2/md2.c' fi if test -f 'tripwire-1.0/Changelog' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/Changelog'\" else echo shar: Extracting \"'tripwire-1.0/Changelog'\" \(6891 characters\) sed "s/^X//" >'tripwire-1.0/Changelog' <<'END_OF_FILE' X# $Id: Changelog,v 1.3 92/11/03 13:34:39 genek Exp $ X XThe following is the official list of changes between revisions: X Xfirst official release X1.0: Tue Nov 3 02:35:17 EST 1992 X reorganized distribution into heirarchy. X changed pathnames (./Tests -> ./tests, ./Databases -> ./databases). X tripwire now creates ./databases directory if it doesn't already exist X when -initialize. X finished TODO list. X Xended beta testing period X0.92 beta 6: Tue Oct 20 14:55:03 EST 1992 X attempting to fix macro recursion problem. (thanks Shabbir Safdar) X fixed 'make test' variable assignment problem. (thanks Tom Gutnick) X fixed lstat()/SVR3 problem. (thanks Simon Leinen) X X0.92 beta 5: Sun Oct 18 19:33:19 EST 1992 X integrated substantial source code cleanup patch. X (thanks Ken McDonell) X added types.c to glean struct stat info. X added -i #|all flags, to specify which signatures to skip. X this feature was added to make running Tripwire on an hourly X basis reasonable. i.e., on hourly runs, check only CRC's. X On daily runs, check md5. On weekly runs, check all signatures. X (thanks John Rouillard) X fixed usage message, and -D and -U error handling. X added "-initialise" for people who don't speak American. :-) X (thanks Michael Barnett) X got signature object file dependencies right, finally. X X0.92 beta 4: Fri Oct 16 18:32:36 EST 1992 X the day of patch-infamy. X a one-line fix to stop tripwire from saying all filenames are X not absolutely qualified. *sigh* X X0.92 beta 3: Fri Oct 16 18:02:59 EST 1992 X fixed Makefile rule. (thanks Rich Salz) X fixed duplicate yacc token. (thanks Rich Salz) X fixed qualified filename bug. (thanks Ken McDonnel) X removed htonl(), ntohl() routines in utils.c. X added -D, -U flags to do command-line defines and undefines. X (thanks John Rouillard) X added more checks for null lists in list.c. X @@ifdef and @@ifhost support logical expressions: X @@ifdef (x || y && (z1 && (z2))) is now legal in tw.config grammar. X @@ifhost (x || y && (z1 && (z2))) is now legal in tw.config grammar. X added line continuation with '\' in tw.config grammar. X added @@echo for testing. maybe we'll keep it? X default ignore flags and templates now ignore signatures 3-9. X added [()|&] as characters that need to be escaped in database. X fixed filename_escape_expand(). X X0.92 beta 2: Fri Oct 16 12:18:28 EST 1992 X finally fixed up '=' pruning. (thanks David Wiseman) X added Porting database. X added transient file handling in config.parse.c. X fixed comment handling in config.parse.c. X merged gazillions of platform dependencies. let's hope everything X still works. X reorganized Makefile so it's easier to spot your own platform, I hope. X make Tripwire compiles bearable for systems w/o BSD filesystems. X various semantic and lint cleanups. X reorganized phase 3 presenation. more verbose, hopefully clearer. X (thanks Christopher Samuel) X added user-contributed tripwire.config files. X purged >14 character filenames: X database.build.c -> dbase.build.c X tripwire.config -> tw.config X tripwire.database_@ -> tw.db_@ X ^^-- room for 9-character hostname X added COPS interface in ./contrib. (thanks Shabbir Safdar) X added "-f dbasefile" option to specify alternate dbase file. X (allows "-f -" to read from stdin.) X added "-c configfile" option to specify alternate config file X (allows "-c -" to read from stdin.) X added code to escape filenames starting with '#'. X added tw.config preprocessor directives: X @@ifhost X @@define x VAR X @@undef x X @@ifdef x X @@endif X @@include X ...and X variable substition (@@x --(turns into)--> VAR) X added "-E" or "-preprocess" to print out processed tw.config X file. (ala "cc -E" or "cpp".) X added incremental database. (-update entry) X md5 fix for Cray. (thanks John Cristy) X AIX fix for stat structure. (thanks Shabbir Safdar) X config_interpolate() now caches vectors, instead recomputing every X time. X tripwire now makes backup of files when doing "-update". X played with profiler. halved the number of calls strlen(). X (I wonder if we can do the same with strcpy().) X made backup file 14-character length friendly for SVR3 people. X so, now tripwire is completely 14-character filename friendly, right? X implemented tw.config parsing routines in lex and yacc X added @@dbaseversion directive to specify what format the tw_db files X use. this is to prevent reading in unknown database files. X completed filename_escape_expand() to handle all sorts of escape X sequences (escaped octals, cooked-style escaped characters, X and all of tripwire's special characters [e.g., '\@']). X added warning of null characters in filename. X created consistent escaping and de-escaping of characters to and X from database. X sped up character escaping routines by using all table-lookups. X moved database format strings into the header file. X list generation sped up (1500 files in 20 seconds on Sequent). X added tw.config.5 manual page, which describes the tw.config X syntax and preprocessor directives. X added @@else directive to tw.config parser. X changed signature routines to return number in base-64. X this has the unfortunate effect of making all the signatures look X like pathnames, but it does make signature storage 6 bytes instead X of 8 bytes. X added support for 10 signatures. X fixed tripwire -update. now skips directory entries when regenerating X database. X added CRC16 and CRC32 to signature routine repository. X added "sigs.h" to make signature routines more general. X added MD2 and MD4. X changed 'make test' so no files are clobbered. X fixed '-d dbasefile' bug. X X X X0.9beta8: Thu Sep 17 19:06:18 EST 1992 X eliminated use of 'sort' and 'diff', using list routines instead X (fixed tripwire confusion in parsing '=' additions from diff X which generated zillions of bogus changed file entries.) X this speeds up Phase 3 considerably, since we don't sort! X sped up linked-list/hash routines (HASHSZ increased by 100x) X removed diff.sorted.c X (thanks to the five people who tested this: David Wiseman, John X Sutton, Lance Bailey, John Rouillard, David Smith). X X0.9beta7: Thu Sep 10 20:45:02 EST 1992 X fixed list initialization routine. X fixed Makefile, README, manual page. X fixed memory leak problems (spotted by Purify). X fixed default ignore-masking handling bug. X (didn't convert to internal form first) X fixed ignore-mask parsing. (David Smith) X added banner to Tripwire databases on creation. X taught tripwire to say what version it is. X sped up most commonly called routines (config_interpolate() and X slash_count()). Thanks Rich Salz! X X0.9beta6: Wed Sep 09 21:04:35 EST 1992 X First version of Tripwire to see the light of day. X END_OF_FILE if test 6891 -ne `wc -c <'tripwire-1.0/Changelog'`; then echo shar: \"'tripwire-1.0/Changelog'\" unpacked with wrong size! fi # end of 'tripwire-1.0/Changelog' fi if test -f 'tripwire-1.0/Ported' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/Ported'\" else echo shar: Extracting \"'tripwire-1.0/Ported'\" \(6820 characters\) sed "s/^X//" >'tripwire-1.0/Ported' <<'END_OF_FILE' X## $Id: Ported,v 1.2 92/11/03 04:57:24 genek Exp $ X X## Following is an information list of machines to which X## Tripwire has been ported. This lists the OS environment, X## special flags, skeleton config file, and other info X## to enable you to get up and running. It is *not* quite X## complete because not every filesystem configuration will X## be represented in this list. X## X## Also, we credit (and thank again!) our beta testers who X## provided this information for the release. X Xvendor: Apple Xos: A/UX Xos version: 3.x Xcompiler: cc Xcflags: -O Xldflags: Xlibs: Xconf.h: conf-aux3.h Xtw.config: Xcontributor: Phillip Porch (root@raidernet.com) X Xvendor: Carnegie-Mellon University Xos: Mach Xos version: 2.x Xcompiler: cc Xcflags: -O Xldflags: none Xlibs: none Xconf.h: conf-mach.h Xtw.config: not available Xcontributor: Peter Shipley X Xvendor: Convex Xos: ConvexOS Xos version: 9.1 Xcompiler: cc Xcflags: -O Xldflags: none Xlibs: none Xconf.h: conf-convex.h Xnotes: Xcontributor: Adrian P. van Bloois X Xvendor: Cray Research Xos: Unicos Xos version: 6.1.6 Xcompiler: cc Xcflags: -g Xldflags: none Xlibs: none Xconf.h: conf-unicos.h Xnotes: Xcontributor: Michael Barnett Xcontributor: cristy@eplrx7.es.duPont.com (John Cristy) Xcontributor: John Sutton X Xvendor: DEC Xos: Ultrix Xos version: 4.x Xcompiler: cc Xcflags: -g Xldflags: none Xlibs: none Xconf.h: conf-bsd.h Xnotes: Xcontributor: Shabbir Safdar Xcontributor: John Sutton Xcontributor: Michaela Harlander X Xvendor: Encore (Multimax) Xos: Umax Xos version: 2.4.1 Xcompiler: cc Xcflags: -O Xldflags: Xlibs: Xconf.h: conf-umaxv.h Xnotes: Xcontributor: Michael Barnett X Xvendor: FPS Xos: FPX Xos version: 4.3.3 Xcompiler: cc Xcflags: -g Xldflags: none Xlibs: none Xconf.h: conf-bsd.h Xtw.config: Xnotes: Xcontributor: John Sutton X Xvendor: HP Xos: HP/UX Xos version: 8.x, 9.x Xcompiler: cc Xcflags: -O -Aa -N (ansi) Xcflags: -O -Ak -N (k&r) Xcflags: -O -Wl,-a,archive -O -Ac (ensure archived, NO shared libraries) Xldflags: Xlibs: Xconf.h: conf-hpux.h Xnotes: from Lance Bailey: Xnotes: -Aa ansi Xnotes: -Ac K&R Xnotes: -Wl,-a,archive ensure archived and NOT shared libraries on linking Xnotes: -O optimizer Xnotes: -g debugger Xcontributor: Lance Bailey Xcontributor: Joe Polcari Xcontributor: Michaela Harlander X Xvendor: IBM Xos: AIX Xos version: 3.x Xcompiler: cc Xcflags: -g Xldflags: none Xlibs: none Xconf.h: conf-aix.h Xcontributor: Shabbir Safdar Xcontributor: John Sutton X Xvendor: IBM/Intel box Xos: BSDI Xos version: beta Xcompiler: gcc Xcflags: -O Xldflags: none Xlibs: none Xconf.h: conf-bsd.h Xtw.config: Xnotes: Xcontributor: Michaela Harlander X Xvendor: MIPS Computer Systems Xos: EP/IX Xos version: 1.4.3 Xcompiler: cc Xcflags: -O -systype sysv -I/usr/include/bsd -I/usr/include/sysv Xldflags: none Xlibs: -lbsd Xconf.h: conf-epix.h Xtw.config: (Gosh, I haven't submitted one yet) Xnotes: Xcontributor: Shabbir J. Safdar Xcontributor: Michaela Harlander X Xvendor: NeXT Xos: Mach (NeXTstep) Xos version: 2.x, 3.x Xcompiler: cc Xcflags: -O (2.x), -O2 (3.0) Xldflags: -Bstatic Xlibs: none Xconf.h: conf-mach.h Xtw.config: (Gosh, I haven't submitted one yet) Xnotes: Xcontributor: Joe Polcari X Xvendor: OSF Xos: OSF/1 Xos version: 1.0.4 Xcompiler: cc Xcflags: -O Xlibs: -lsun -lc_s Xldflags: -non_shared Xconf.h: conf-osf1.h Xnotes: Xcontributor: Dean Brock X Xvendor: OSF Xos: OSF/1 Xos version: 1.0.4 Xcompiler: gcc Xcflags: -O -g Xlibs: Xldflags: Xconf.h: conf-osf1.h Xnotes: Xcontributor: Rich Salz X Xvendor: Pyramid Xos: DC/OSx (SVR4) Xos version: 1.1 [all releases] Xcompiler: cc Xcflags: -O -Kold Xldflags: -dn Xlibs: none Xconf.h: conf-svr4.h Xtw.config: Xcontributor: Ken McDonell X Xvendor: Pyramid Xos: DC/OSx (att universe) Xos version: 5.1 [all releases] Xcompiler: cc Xcflags: -OG Xldflags: none Xlibs: none Xconf.h: conf-osx-att.h Xtw.config: Xcontributor: Ken McDonell X Xvendor: Pyramid Xos: DC/OSx (ucb universe) Xos version: 5.1 [all releases] Xcompiler: cc Xcflags: -OG Xldflags: none Xlibs: none Xconf.h: conf-osx-ucb.h Xtw.config: Xcontributor: Ken McDonell X Xvendor: Sequent Xos: Dynix Xos version: 3.x Xcompiler: cc Xcflags: -O Xldflags: Xlibs: Xconf.h: conf-dynix.h Xnotes: Xcontributor: Gene Kim X Xvendor: Sun Xos: SunOS Xos version: 4.0.3 Xcompiler: gcc, cc Xcflags: -O Xldflags: -Bstatic Xlibs: none Xconf.h: conf-bsd.h Xtw.config: I have submitted one Xnotes: if you run ARM/ASET, see ./contrib/README.ASET Xcontributor: Joe Polcari Xcontributor: John Sutton Xcontributor: Brad Powell X Xvendor: Sun Microsystems, Inc. Xos: SunOS Xos version: 5.x (Solaris 2.x) Xcompiler: cc Xcflags: -O Xldflags: Xlibs: Xconf.h: conf-svr4.h Xnotes: Xcontributor: Brad Powell Xcontributor: Michaela Harlander X Xvendor: SCO, Tandy Xos: Xenix Xos version: 03.02.00, 2.2.4 Xcompiler: cc Xcflags: Xldflags: Xlibs: -lx Xconf.h: conf-xenix.h Xnotes: Xcontributor: Daniel Ray X X Xvendor: Santa Cruz Operation Xos: XENIX System V 386 Xos version: 2.2.6 Xcompiler: Microsoft C 5.1 Xcflags: -O Xldflags: -s -lx Xlibs: none Xconf.h: conf-sysv4.h [modified for xenix to support MAXNAMLEN] Xtw.config: Xnotes: see all my email to you Xcontributor: Daniel Ray X Xvendor: SGI Xos: IRIX Xos version: 4.x Xcompiler: cc Xcflags: -O -cckr Xlibs: none Xldflags: none Xconf.h: conf-svr4.h Xnotes: Xcontributor: Bill Henderson Xcontributor: John G. Sutton X Xvendor: SGI Xos: IRIX Xos version: 4.0.5 Xcompiler: cc Xcflags: Xldflags: Xlibs: -lsun -lc_s Xconf.h: conf-irix4.h Xnotes: Xcontributor: Simon Leinen END_OF_FILE if test 6820 -ne `wc -c <'tripwire-1.0/Ported'`; then echo shar: \"'tripwire-1.0/Ported'\" unpacked with wrong size! fi # end of 'tripwire-1.0/Ported' fi if test -f 'tripwire-1.0/sigs/crc/crc.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/sigs/crc/crc.c'\" else echo shar: Extracting \"'tripwire-1.0/sigs/crc/crc.c'\" \(6511 characters\) sed "s/^X//" >'tripwire-1.0/sigs/crc/crc.c' <<'END_OF_FILE' X#ifndef lint Xstatic char rcsid[] = "$Id: crc.c,v 1.1.1.2 92/11/02 18:20:37 genek Exp $"; X#endif X X/* X * crc.c X * X * signature function hook for CRC-16. X * X * Gene Kim X * Purdue University X * October 14, 1992 X */ X X /* ============================================================= */ X /* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or */ X /* code or tables extracted from it, as desired without restriction. */ X /* */ X /* First, the polynomial itself and its table of feedback terms. The */ X /* polynomial is */ X /* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */ X /* */ X /* Note that we take it "backwards" and put the highest-order term in */ X /* the lowest-order bit. The X^32 term is "implied"; the LSB is the */ X /* X^31 term, etc. The X^0 term (usually shown as "+1") results in */ X /* the MSB being 1. */ X /* */ X /* Note that the usual hardware shift register implementation, which */ X /* is what we're using (we're merely optimizing it by doing eight-bit */ X /* chunks at a time) shifts bits into the lowest-order term. In our */ X /* implementation, that means shifting towards the right. Why do we */ X /* do it this way? Because the calculated CRC must be transmitted in */ X /* order from highest-order term to lowest-order term. UARTs transmit */ X /* characters in order from LSB to MSB. By storing the CRC this way, */ X /* we hand it to the UART in the order low-byte to high-byte; the UART */ X /* sends each low-bit to hight-bit; and the result is transmission bit */ X /* by bit from highest- to lowest-order term without requiring any bit */ X /* shuffling on our part. Reception works similarly. */ X /* */ X /* The feedback terms table consists of 256, 32-bit entries. Notes: */ X /* */ X /* The table can be generated at runtime if desired; code to do so */ X /* is shown later. It might not be obvious, but the feedback */ X /* terms simply represent the results of eight shift/xor opera- */ X /* tions for all combinations of data and CRC register values. */ X /* */ X /* The values must be right-shifted by eight bits by the "updcrc" */ X /* logic; the shift must be unsigned (bring in zeroes). On some */ X /* hardware you could probably optimize the shift in assembler by */ X /* using byte-swap instructions. */ X /* polynomial $edb88320 */ X /* */ X /* -------------------------------------------------------------------- */ X X#include "../../include/config.h" X#include X#include X#ifdef STDLIBH X#include X#include X#endif X#include "../../include/sigs.h" X#define BUFSIZE 4096 X Xstatic unsigned int crc16; X Xstatic unsigned int crc16tab[256] = X{ X X X 0x0000, 0xC0C1, 0xC181, 0x0140, 0xC301, 0x03C0, 0x0280, 0xC241, X 0xC601, 0x06C0, 0x0780, 0xC741, 0x0500, 0xC5C1, 0xC481, 0x0440, X 0xCC01, 0x0CC0, 0x0D80, 0xCD41, 0x0F00, 0xCFC1, 0xCE81, 0x0E40, X 0x0A00, 0xCAC1, 0xCB81, 0x0B40, 0xC901, 0x09C0, 0x0880, 0xC841, X 0xD801, 0x18C0, 0x1980, 0xD941, 0x1B00, 0xDBC1, 0xDA81, 0x1A40, X 0x1E00, 0xDEC1, 0xDF81, 0x1F40, 0xDD01, 0x1DC0, 0x1C80, 0xDC41, X 0x1400, 0xD4C1, 0xD581, 0x1540, 0xD701, 0x17C0, 0x1680, 0xD641, X 0xD201, 0x12C0, 0x1380, 0xD341, 0x1100, 0xD1C1, 0xD081, 0x1040, X 0xF001, 0x30C0, 0x3180, 0xF141, 0x3300, 0xF3C1, 0xF281, 0x3240, X 0x3600, 0xF6C1, 0xF781, 0x3740, 0xF501, 0x35C0, 0x3480, 0xF441, X 0x3C00, 0xFCC1, 0xFD81, 0x3D40, 0xFF01, 0x3FC0, 0x3E80, 0xFE41, X 0xFA01, 0x3AC0, 0x3B80, 0xFB41, 0x3900, 0xF9C1, 0xF881, 0x3840, X 0x2800, 0xE8C1, 0xE981, 0x2940, 0xEB01, 0x2BC0, 0x2A80, 0xEA41, X 0xEE01, 0x2EC0, 0x2F80, 0xEF41, 0x2D00, 0xEDC1, 0xEC81, 0x2C40, X 0xE401, 0x24C0, 0x2580, 0xE541, 0x2700, 0xE7C1, 0xE681, 0x2640, X 0x2200, 0xE2C1, 0xE381, 0x2340, 0xE101, 0x21C0, 0x2080, 0xE041, X 0xA001, 0x60C0, 0x6180, 0xA141, 0x6300, 0xA3C1, 0xA281, 0x6240, X 0x6600, 0xA6C1, 0xA781, 0x6740, 0xA501, 0x65C0, 0x6480, 0xA441, X 0x6C00, 0xACC1, 0xAD81, 0x6D40, 0xAF01, 0x6FC0, 0x6E80, 0xAE41, X 0xAA01, 0x6AC0, 0x6B80, 0xAB41, 0x6900, 0xA9C1, 0xA881, 0x6840, X 0x7800, 0xB8C1, 0xB981, 0x7940, 0xBB01, 0x7BC0, 0x7A80, 0xBA41, X 0xBE01, 0x7EC0, 0x7F80, 0xBF41, 0x7D00, 0xBDC1, 0xBC81, 0x7C40, X 0xB401, 0x74C0, 0x7580, 0xB541, 0x7700, 0xB7C1, 0xB681, 0x7640, X 0x7200, 0xB2C1, 0xB381, 0x7340, 0xB101, 0x71C0, 0x7080, 0xB041, X 0x5000, 0x90C1, 0x9181, 0x5140, 0x9301, 0x53C0, 0x5280, 0x9241, X 0x9601, 0x56C0, 0x5780, 0x9741, 0x5500, 0x95C1, 0x9481, 0x5440, X 0x9C01, 0x5CC0, 0x5D80, 0x9D41, 0x5F00, 0x9FC1, 0x9E81, 0x5E40, X 0x5A00, 0x9AC1, 0x9B81, 0x5B40, 0x9901, 0x59C0, 0x5880, 0x9841, X 0x8801, 0x48C0, 0x4980, 0x8941, 0x4B00, 0x8BC1, 0x8A81, 0x4A40, X 0x4E00, 0x8EC1, 0x8F81, 0x4F40, 0x8D01, 0x4DC0, 0x4C80, 0x8C41, X 0x4400, 0x84C1, 0x8581, 0x4540, 0x8701, 0x47C0, 0x4680, 0x8641, X 0x8201, 0x42C0, 0x4380, 0x8341, 0x4100, 0x81C1, 0x8081, 0x4040 X}; X Xstatic void XUpdateCRC16(buffer, bufsize) X unsigned char *buffer; X int bufsize; X{ X register unsigned int i, tmp; X X for (i = 0; i < bufsize; i++) { X tmp = crc16 ^ buffer[i]; X crc16 = (crc16 >> 8) ^ crc16tab[tmp & 0xff]; X /* X crc16 = (crc16 >> 8) ^ crc16tab[((crc16 ^ buffer[i]) & 0xff)]; X */ X } X} X Xsig_crc_get(fd_in, ps_signature, siglen) X int fd_in; X char *ps_signature; X int siglen; X{ X unsigned char buffer[BUFSIZE]; X int readin = -1; X int scratch[100]; X X if (lseek(fd_in, 0, SEEK_SET) < 0) { X perror("sig_crc_get: lseek()"); X exit(1); X } X X X crc16 = 0; X while ((readin = read(fd_in, (char *)buffer, (off_t) BUFSIZE)) == BUFSIZE) { X UpdateCRC16(buffer, BUFSIZE); X } X if (readin != 0) { X UpdateCRC16(buffer, readin); X } X sprintf(ps_signature, "%s", ltob64((unsigned long)(crc16 & 0xFFFF), (char *)scratch)); X X return 0; X} X END_OF_FILE if test 6511 -ne `wc -c <'tripwire-1.0/sigs/crc/crc.c'`; then echo shar: \"'tripwire-1.0/sigs/crc/crc.c'\" unpacked with wrong size! fi # end of 'tripwire-1.0/sigs/crc/crc.c' fi if test -f 'tripwire-1.0/configs/tw.conf.hp2' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/configs/tw.conf.hp2'\" else echo shar: Extracting \"'tripwire-1.0/configs/tw.conf.hp2'\" \(5418 characters\) sed "s/^X//" >'tripwire-1.0/configs/tw.conf.hp2' <<'END_OF_FILE' X# X# tripwire.config X# Generic version for HP/UX X# X# Joe Polcari X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tripwire.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam12] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner 1: signature 1 X# g : group id of owner 2: signature 2 X# s : size of file X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +pinugsm12-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: (default) R : [R]ead-only (+pinugsm12-a) X# L : [L]og file (+pinug-sam12) X# N : ignore [N]othing (+pinusgsamc12) X# E : ignore [E]verything (-pinusgsamc12) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+ug X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbitant X# protection is not needed. (See README and design document for further X# details.) X# X# First, root's "home" X=/ L X/.rhosts R # may not exist X/.profile R # may not exist X/.cshrc R # may not exist X/.login R # may not exist X#/.exrc R # may not exist X/.logout R # may not exist X#/.emacs R # may not exist X/.forward R # may not exist X#/.netrc R # may not exist X/.defaults R X/.suntools R X/.mailrc R X/.kermrc R X/.newsrc R X X# Unix itself X/vmunix R X X# Now, some critical directories and files X# Some exceptions are noted further down X/etc R X/etc/inetd.conf R X/etc/rc R X/etc/rc.boot R X/etc/rc.local R-2 X/etc/rc.single R X#/etc/rc.ip R X/etc/ttytab R X/etc/exports R X/etc/ttys L X/etc/dumpdates L X/etc/mtab L X/etc/motd L X/etc/rmtab L X/etc/utmp L X/etc/group R # changes should be infrequent X# The next line may need to be replaced with /etc/security X# if C2 is enabled X/etc/passwd L X X/var L X X/dev E X X/usr/etc R X X# Checksumming the following is not so critical. However, X# setuid/setgid files are special-cased further down. X X/lib R-2 X X/bin R-2 X X/usr/bin R-2 X X/usr/ucb R-2 X X/usr/lib R-2 X X/usr1/local R-2 X X/usr2/pics E X X=/usr L X=/usr/spool L X/usr/spool/cron L X/usr/spool/mqueue L X/usr/spool/mail L X X# You may or may not have the following X#/usr/ftp L X#/usr/ftp/bin R X#/usr/ftp/etc R X X# put entries in for /var/yp if you need it X# put entries for uucp if you need them X# put entries for /var/adm if you need it X X=/tmp X=/var/tmp X X# Here are entries for setuid/setgid files. On these, we use X# both signatures just to be sure. X# X# You may want/need to edit this list. Batteries not inc. X X/admin N X/bin/at R X/bin/atq R X/bin/atrm R X#/bin/cancel R X/bin/chfn R X/bin/chsh R X/bin/crontab R X/bin/cu R X/bin/df R X/bin/iostat R X/bin/ipcs R X/bin/login R X#/bin/lpstat R X/bin/mail R X/bin/newgrp R X/bin/passwd R X/bin/su R X#/bin/sunview1/sv_acquire R X#/bin/sunview1/sv_release R X#/bin/sunview1/toolplaces R X/bin/tip R X/bin/uucp R X/bin/uuname R X/bin/uustat R X/bin/uux R X/bin/wall R X/bin/write R X#/bin/ypchfn R X#/bin/ypchsh R X/bin/yppasswd R X/usr/bin/at R X/usr/bin/atq R X/usr/bin/atrm R X#/usr/bin/cancel R X/usr/bin/chfn R X/usr/bin/chsh R X/usr/bin/crontab R X/usr/bin/cu R X/usr/bin/df R X/usr/bin/iostat R X/usr/bin/ipcs R X/usr/bin/login R X#/usr/bin/lpstat R X/usr/bin/mail R X/usr/bin/newgrp R X/usr/bin/passwd R X/usr/bin/su R X#/usr/bin/sunview1/sv_acquire R X#/usr/bin/sunview1/sv_release R X#/usr/bin/sunview1/toolplaces R X/usr/bin/tip R X/usr/bin/uucp R X/usr/bin/uuname R X/usr/bin/uustat R X/usr/bin/uux R X/usr/bin/wall R X/usr/bin/write R X#/usr/bin/ypchfn R X#/usr/bin/ypchsh R X/usr/bin/yppasswd R X/usr/etc/arp R X#/usr/etc/chill R X#/usr/etc/devinfo R X/usr/etc/dkinfo R X/usr/etc/dmesg R X/usr/etc/dump R X/usr/etc/dumpfs R X/usr/etc/keyenvoy R X/usr/etc/kgmon R X/usr/etc/lpc R X/usr/etc/nfsstat R X/usr/etc/ping R X/usr/etc/rpc.rwalld R X/usr/etc/trpt R X/usr/ucb/lpq R X/usr/ucb/lpr R X/usr/ucb/netstat R X/usr/ucb/rcp R X/usr/ucb/rdist R X/usr/ucb/rlogin R X/usr/ucb/rsh R X/usr/ucb/talk R X/usr/ucb/vmstat R END_OF_FILE if test 5418 -ne `wc -c <'tripwire-1.0/configs/tw.conf.hp2'`; then echo shar: \"'tripwire-1.0/configs/tw.conf.hp2'\" unpacked with wrong size! fi # end of 'tripwire-1.0/configs/tw.conf.hp2' fi if test -f 'tripwire-1.0/include/config.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'tripwire-1.0/include/config.h'\" else echo shar: Extracting \"'tripwire-1.0/include/config.h'\" \(4699 characters\) sed "s/^X//" >'tripwire-1.0/include/config.h' <<'END_OF_FILE' X/* $Id: config.h,v 1.3 92/11/03 02:47:02 genek Exp $ */ X X/* X * config.h X * X * Tripwire configuration file X * X * Gene Kim X * Purdue University X */ X X X/*** X *** Operating System specifics X *** X *** Look in the .,/configs directory, and include appropriate header X *** file that corresponds with your operating system. X ***/ X X#include "../configs/conf-dynix.h" X X X/*** X *** SYSTEM SPECIFIC Tripwire Configuration X ***/ X X/******* signature functions ***************************************** X * X * Choose among these: X * X * sig_md5_get : MD5 function X * (the RSA Data Security, Inc. MD5 Message- X * Digesting Algorithm) X * sig_snefru_get : Snefru function X * (the Xerox Secure Hash Function) X * sig_null_get : null function (returns 0 for all) X * X * By default, Tripwire uses X * int (pf_signature0)() = sig_null_get; X * int (pf_signature1)() = sig_md5_get; X * int (pf_signature2)() = sig_snefru_get; X * X * However, since Snefru is comparatively computationally expensive, you X * might consider using only MD5. This can be done in the configuration, X * however, and should not be done by defining away the signature here. X * X * You can replace one of the signature algorithms with another of your X * own choice by adding it to the build procedure, and putting it in X * here in place of one of these standard routines. See the design X * document for hints on this. X * X * To do this, just set one of the signature function pointers to X * your own function. X * X *********************************************************************/ X X#define SIG0FUNC sig_null_get X#define SIG1FUNC sig_md5_get X#define SIG2FUNC sig_snefru_get X#define SIG3FUNC sig_crc32_get X#define SIG4FUNC sig_crc_get X#define SIG5FUNC sig_md4_get X#define SIG6FUNC sig_md2_get X#define SIG7FUNC sig_null_get X#define SIG8FUNC sig_null_get X#define SIG9FUNC sig_null_get X X#define SIG0NAME "nullsig" X#define SIG1NAME "md5" X#define SIG2NAME "snefru" X#define SIG3NAME "crc32" X#define SIG4NAME "crc16" X#define SIG5NAME "md4" X#define SIG6NAME "md2" X#define SIG7NAME "nullsig" X#define SIG8NAME "nullsig" X#define SIG9NAME "nullsig" X X/******* path to Tripwire files ************************************** X * X * Ideally, CONFIG_PATH and DATABASE_PATH should be pointing to X * some read-only media, or some filesystem mounted remotely X * from a "secure-server". (See design document for details.) X * X * Note: No trailing '/' in the paths! X * X *********************************************************************/ X X/* X#if !defined(SYSV) || (defined(SYSV) && (SYSV > 2)) X# define CONFIG_PATH "/usr/adm/tcheck" X# define DATABASE_PATH "/usr/adm/tcheck/databases" X#else X# define CONFIG_PATH "/usr/local/adm/tcheck" X# define DATABASE_PATH "/usr/local/adm/tcheck/databases" X#endif X*/ X X#define CONFIG_PATH "/tmp/genek" X#define DATABASE_PATH "/tmp/genek" X X/******* name of Tripwire files ************************************** X * X * Static filenames are nice, but we allow run-time binding to X * support multiple hosts sharing the same directory (without X * having to recompile. X * X * Use the '@' character to represent the hostname of the machine X * running Tripwire. X * X * For example "tripwire.database_@" would expand to: X * X * tripwire.database-mentor.cc.purdue.edu X * X *********************************************************************/ X X#define CONFIG_FILE "tw.config" X#define DATABASE_FILE "tw.db_@" X X/******* Default ignore mask **************************************** X * X * Usually, the only thing you want to ignore is the access time X * stamp. But there may be applications where you want to know X * about any accesses, too. X * X * Similarly, there may be some environments where you can have a much X * more forgiving ignore mask. X * X * By default, Tripwire uses: X * "R" -- read-only files, where only the access time X * stamp can change. X * Alternatively, you might want to make the default be "R-2" X * This would be faster than simply "R", at some small loss X * (perhaps) of protection. X * X *********************************************************************/ X X#define DEFAULTIGNORE "R-3456789" X X/******* Temporary file template ************************************ X * X * Usually, temporary files are stored in /tmp. You may want X * to use a different directory if your system does not support X * the BSD "sticky" bit on directories. (i.e., only owner or root X * can rename or delete files.) X * X * Make sure that there are at least 6 X's in the template. X * Each consecutive X signifies a number that mktemp() can X * fill in with a random number. X * X *********************************************************************/ X X#define TEMPFILE_TEMPLATE "/tmp/twzXXXXXX" X X X END_OF_FILE if test 4699 -ne `wc -c <'tripwire-1.0/include/config.h'`; then echo shar: \"'tripwire-1.0/include/config.h'\" unpacked with wrong size! fi # end of 'tripwire-1.0/include/config.h' fi echo shar: End of archive 6 \(of 8\). cp /dev/null ark6isdone MISSING="" for I in 1 2 3 4 5 6 7 8 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 8 archives. echo "Now read the README file" rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 -- Gene Spafford Software Engineering Research Center & Dept. of Computer Sciences Purdue University, W. Lafayette IN 47907-1398 Internet: spaf@cs.purdue.edu phone: (317) 494-7825