tripwire exclusions to avoid triggering on routine updates

8f1df824 · Bob Mottram · 61d55573 · 8f1df824
Commit 8f1df824 authored 7 years ago by Bob Mottram
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -105,6 +105,11 @@ function install_tripwire {
    if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/tripwire ;' /etc/tripwire/twpol.txt
    fi
+    # Ignore /etc/freedombone
+    if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
+        sed -i '\|/etc\t\t->.*|a\    !/etc/freedombone ;' /etc/tripwire/twpol.txt
+    fi
+    # Ignore /etc/pihole
    if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/pihole ;' /etc/tripwire/twpol.txt
    fi
@@ -115,6 +120,44 @@ function install_tripwire {
    if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
    fi
+    # Ignore additional install files
+    if ! grep -q '!/usr/local/bin/freedombone' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/freedombone*    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!=/usr/local/bin' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !=/usr/local/bin    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/addremove' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/addremove    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/backup' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/backup2friends' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup2friends    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/batman' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/batman    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/control' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/control    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/controluser' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/controluser    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/cronic' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/cronic    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/meshavahi' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/meshavahi    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/restore' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restore    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+    if ! grep -q '!/usr/local/bin/restorefromfriend' /etc/tripwire/twpol.txt; then
+        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restorefromfriend    -> $(SEC_BIN) ;' /etc/tripwire/twpol.txt
+    fi
+
    # Avoid logging the changed database
    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
    # site key name