Fixing tripwire policy

b4324107 · Bob Mottram · b7f63f6f · b4324107
Commit b4324107 authored 7 years ago by Bob Mottram
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -120,43 +120,9 @@ function install_tripwire {
    if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
    fi
-    # Ignore additional install files
-    if ! grep -q '!/usr/local/bin/freedombone' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/freedombone* ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!=/usr/local/bin' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !=/usr/local/bin ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/addremove' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/addremove ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/backup' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/backup2friends' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup2friends ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/batman' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/batman ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/control' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/control ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/controluser' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/controluser ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/cronic' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/cronic ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/meshavahi' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/meshavahi ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/restore' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restore ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/restorefromfriend' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restorefromfriend ;' /etc/tripwire/twpol.txt
-    fi
+    # Not much is in /usr/local/bin other than project commands and avoiding it removes
+    # problems with updates. This is a tradeoff, but not by much.
+    sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt

    # Avoid logging the changed database
    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt