CHANGES
mktwpol.sh and mktwpol-generic.sh and twsetup.sh
https://sourceforge.net/projects/mktwpol

 ===========================================================================================
 Ver	# Date	 Changes and Remarks
 ===========================================================================================
1.0.1	# 181215 Sent mktwpol-1.0.1.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Change  `mktwpol.sh cruft` intro message
	#	 Rename twsetup-1.0.0.sh twsetup-1.0.1.sh with no code changes
	#	 Move variable assigment descriptions to mktwpol-default.rules
	#	 -------------------------------
	#	 Changes in all mktwpol*.rules :
	#	 Move /, /opt, /usr from "Invariant Directories" to "OS Bin and Lib ..."
	#	   (recurse = 0) - to detect any touching of those branch directories
	#	 In "Audit programs data directories" filelist
	#	   change recurse level for /var/lib/rkhunter/db from "0" to "1"
	#	 In "Root User Directory" rule
	#	   move /root/.bash_history
	#	   from "Files that systematically change"
	#	   add /root/.links/links.his
	#	   to   "Files that change inode number"
	#	 ----------------------------------
	#	 Changes in mktwpol-default.rules :
	#	   - in "Configuration Files"
	#	      Make policy for /etc/ntpd.conf = $(ReadOnly) -mbsCM
	#	   - in "OS Bin and Lib Directories"
	#	      Add WWW Contents Directories - ignore date change
	#	      Make policy for /var/www/html /var/www/localhost = $(ReadOnly) -m
	#	   - in "User Bin and Lib Directories" / "Shared scripts"
	#	      Add /usr/share/*/*/*/*/*.sh
	#		  /usr/share/syslog-ng/include/scl/loadbalancer/gen-loadbalancer.sh
	#	 ---------------------------------------
	#	 Changes in mktwpol-portage-tree.rules :
	#	   - Add code for packages in category "net-misc" for net-misc/openntpd
	#	      Make policy for /etc/ntpd.conf = $(ReadOnly) -mbsCM
	#	   - Under CATEGORY "www-servers"
	#	      Make policy for /var/www/html /var/www/localhost = $(ReadOnly) -m
	#	 ------------------------------------------
	#	 Changes in mktwpol-gentoo-packages.rules :
	#	 Remove packages no longer in portage tree:
	#	   veracity obfsproxy rxvt boxbackup evilvte systemd-sysv-utils
	#	   vmware-tools vmware-modules vmware-player vmware-workstation
	#	   gnat-gcc ntop python-updater obnam [app-emulation/]wine
	#	   polarssl ytalk monotone jikes qshare kccmp lfhex
	#	   procinfo ypserv ypbind ocfs2-tools jabberd2 mu-conference
	#	   ultimate fsharp cyphesis icc ifs idb unrar-gpl
	#	   ircservices aufs3 aufs4 guacamole-server paludis uclibc
	#	   splashutils siproxd w3af syslogread squidclamav c-icap inn
	#	   glark couchdb gentoolkit-dev localepurge
	#	   - in "Boot, Kernel, and Init" rule
	#	      Add  wine-any wine-d3d9 wine-staging wine-vanilla sbsigntools
	#		intel-microcode linux-firmware
	#	   - in "Compression/Archiving Programs" rule
	#	      Add  app-arch/pigz
	#	   - in "[core|diff|find]utils procps" rule
	#	      Add  cpulimit
	#	   - in "Cron, Inetd, and Logging"
	#	      Make policy for /etc/ntpd.conf = $(ReadOnly) -mbsCM
	#	   - in "File Manipulation Programs" rule
	#	      Add  ripgrep
	#	   - in "File Manipulation Programs" rule
	#	      Disambiguate sys-apps/file
	#	   - in "Filesystem Programs" rule
	#	      Add  fuse-common fatresize
	#	   - in "Network - Filter/View" rule
	#	      Add  sslsplit pingu
	#	   - in "Network - Setup/Services" rule
	#	      Add  seafile coturn iwd
	#	   - in "Programming Languages/Tools" rule
	#	      Add  openjdk-bin openjdk
	#	   - in "Shell and Terminal Programs" rule
	#	      Add  sakura yash
	#	   - in "System Auditing Programs" rule
	#	      Add  ossec-hids
	#	   - in "WWW Related Programs" rule
	#	      Add FILELIST_2, Ignore date change on html contents directories
	#	      Make policy for /var/www/html /var/www/localhost = $(ReadOnly) -m
1.0.0	# 170401 Sent mktwpol-1.0.0.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 BUGFIX: Change break from processing pseudo-two-dimensional FILELIST array
	#	   from:  [ -n "${FILELIST[$i]}" ] && process_filelist || break
	#	   to:    [ -z "${FILELIST[$i]}" ] && break || process_filelist
	#	 BUGFIX: Warning if duplicate entries in rules file now sent to STDERR
	#	 BUGFIX: Startup reported wrong rules file if "-R" and CONFIG_FILE differed
	#	   The bug only affected the startup report sent to the screen
	#	 Change order of tests in select_policy, affecting some $Filetype assignments
	#	   - Eliminate resource hog  [[ "`file -b $targetfile`" =~ kernel ]]  test
	#	   - Add trailing slash to   [[ $targetfile =~ ^/lib/modules/ ]]  test
	#	 Use `portageq vdb_path` to establish installed package db directory
	#	 Change "for i in `ls *CONTENTS`" to "for i in *CONTENTS" (several places)
	#	 Substitute bash-builtin ":" for "true" & eliminate a superfluous "true"
	#	 Substitute "printf %-32s" for calculation and looping of number of tabs
	#	   - remove output_line subroutine: see `printf` command now in select_policy
	#	 Stifle reporting "Plain-text Policy File :" when policy is sent to STDOUT
	#	 Remove undocumented REVERT switch and deprecated code from tmp_array builder
	#	 Rename twsetup-0.0.8.sh twsetup-1.0.0.sh with no code changes
	#	 Add script for comparing scope of rules files to README, for the curious user
	#	 Rename "mktwpol-gentoo-YYMMDD.rules" to "mktwpol-gentoo-packages.rules"
	#	 Rename "mktwpol-no-packages.rules"   to "mktwpol-default.rules"
	#	 Change Makefile to install "mktwpol-default.rules" as default
	#	 -------------------------------
	#	 Changes in all mktwpol*.rules :
	#	   - in "Boot, Kernel, and Init" rule
	#	      Add  /usr/lib/systemd/system
	#	   - in "Configuration Files" rule
	#	      Add  /usr/local/etc  /usr/*-gnu/etc
	#	      Stifle reports for a few files kept in /etc/dnsmasq.d/
	#	   - in "Local ebuilds ..." FILELIST
	#	      Add  /usr/local/portage-crossdev
	#	   - in "OS Bin and Lib Directories" catchall rule
	#	      Change  /lib  to  /lib*  (to catch /lib32, /lib64)
	#	      Add  /usr/*-gnu/*bin
	#	   - in "User Bin and Lib Directories" catchall rule
	#	      Change /usr/local/lib  to  /usr/local/lib*
	#	      Add  /usr/lib32  /usr/lib64  [note (recurse=1) for this group]
	#	      /usr/lib* can't be used because it overlaps fully recursed /usr/libexec
	#	 ----------------------------------
	#	 Changes in mktwpol-default.rules :
	#	   - Rename "Kernel, modules and openrc" rule "Boot, Kernel, and Init"
	#	   - Add "Cross-compile toolchain" FILELIST
	#	       = /usr/*-gnu/*-gnu/*bin /usr/*-gnu/usr/*bin /usr/share/crossdev/etc
	#	   - in "Python scripts and modules" FILELIST, change recursion from 1 to 0
	#	   - in "Shared Scripts" FILELIST, add /usr/lib32/*/*.sh and similar
	#	 ---------------------------------------
	#	 Changes in mktwpol-portage-tree.rules :
	#	   - Revise code to allow wildcard in CATEGORIES
	#	   - Add "Boot, Kernel, and Init" rule
	#	   - Move bulk of "sys-apps" CATEGORY to "Boot, Kernel, and Init" rule
	#	   - Add CATEGORY "cross*" to catch crossdev, cross-x86*, and similar
	#	   - Add CATEGORY "net-vpn", added to the portage tree
	#	   - Move "/etc/security" to "Configuration Files"
	#	   - in "sys-apps" Category
	#	      Add  STOPLIST='*/portage/tests/*' with explanatory remarks
	#	 ------------------------------------------
	#	 Changes in mktwpol-gentoo-packages.rules :
	#	   - in "Boot, Kernel, and Init" rule
	#	      Add  systemd-boot wine dosemu elogind
	#	   - in "Compression/Archiving Programs" rule
	#	      Add  borgbackup lz5 attic backup-manager backupninja bacula btrbk
	#		   burp ccollect dirvish hdup holland rear reoback restic rsnapshot
	#		   sarab simplebackup tarsnap ripmime ytnef
	#	   - in "[core|diff|find]utils procps" rule
	#	      Add  diffoscope dirdiff
	#	   - in "Cron, Inetd, and Logging" rule
	#	      Add  mcelog
	#	   - in "Database Related Programs" rule
	#	      Add  sqlcl-bin
	#	   - in "Editor Programs" rule
	#	      Add  dhex hexcurse lfhex yudit
	#	   - in "Filesystem Programs" rule
	#	      Add  dislocker
	#	   - in "File Manipulation Programs" rule
	#	      Add  agrep the_silver_searcher
	#	   - in "Gentoo Specific Programs" rule
	#	      Add  crossdev
	#	      Add  STOPLIST='*/portage/tests/*' with explanatory remarks
	#	   - in "MTA Related Programs" rule
	#	      Add  offlineimap
	#	   - in "Network - Filter/View" rule
	#	      Add  ipset urh scapy
	#	      Disambiguate  net-analyzer/slurm
	#	   - in "Network - Setup/Services" rule
	#	      Add  wireguard nextcloud coredns
	#	      Change  net-misc/tor to net-vpn/tor
	#	   - in "Package Manager Programs" rule
	#	      Add  conan calamares mercurial-server
	#	   - in "Programming Languages/Tools" rule
	#	      Add  gnat-gcc dev-lang/mono
	#	   - in "Security Related Programs" rule
	#	      Add  openpam bleachbit
	#	   - in "Shell and Terminal Programs" rule
	#	      Add  pconsole polysh shmux evilvte mlterm mrxvt roxterm
	#	   - in "Toolchain Programs" rule
	#	      Add  STOPLIST='*/qt5/mkspecs/*' with explanatory remarks
	#	   - in "WWW Related Programs" rule
	#	      Add  caddy pound tomcat
0.2.6	# 170206 Sent mktwpol-0.2.6.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Correct # twadmin in twsetup.sh make_txt_cfg routine to show "site.key"
	#	 Revise mktwpol.sh "cruft" routine to use `stat` instead of `eix`
	#	 Change tripwire database backup skip inode test from "on Reiserfs" to always
	#	 Add information to README file
	#	   - use `twprint --print-dbfile` to see tripwire database
	#	   - use `mktwpol.sh cruft`	  to check for deprecated package names
	#	   - use `mktwpol.sh -u`	  to detect wildcard directory name changes
	#	 Remove packages no longer in portage tree:
	#	   cpufrequtils flo zeroinstall-injector
	#	   gorg openswan publicfile zypper qca-ossl dragonegg
	#	   shorewall-core shorewall-lite shorewall6 shorewall6-lite
	#	   asuka noip-updater ntlmaps oops showconsole sshfs-fuse truecrypt
	#	   perdition ibm-jdk-bin hp-jdk-bin soylatte-jdk-bin apple-jdk-bin
	#	   madwifi-ng-tools quickshare nsis app-portage/epm
	#	   webfs www-apache/mod_fastcgi mod_ftpd tightvnc
	#	   gnuradius silc-server uevt gcruft
	#	 Add dev-perl and dev-python to CATEGORIES in mktwpol-portage-tree.rules
	#	 Add /usr/lib/python* in mktwpol-no-packages.rules
	#	 Add "-cm" to part of "System Boot Changes" rule
	#	 Add "SFT_MOD=-icm" to part of "System Boot Changes" rule, to skip /etc/mtab
	#	 Add /etc/resolv.conf to "Configuration Files" rules
	#	 Add "-i" to /root/.lesshst
	#	 Add boot0
	#	   to "Boot, Kernel, and Init" rule
	#	 Add dio fatrace
	#	  to "[core|diff|find]utils procps" rule
	#	 Add /usr/local/etc
	#	  to "Configuration Files" rule
	#	 Add linuxptp
	#	   to "Cron, Inetd, and Logging" rule
	#	 add aufs4
	#	   to "Filesystem Programs" rule
	#	 Add rspamd rmilter
	#	   to "MTA Related Programs" rule
	#	 Add hexinject netpipe goaccess nicstat
	#	   to "Network - Filter/View" rule
	#	 Add guix
	#	   to "Package Manager Programs" rule
	#	 Add lsyncd clsync owncloud rinetd
	#	   to "Network - Setup/Services" rule
	#	 Add uid_wrapper spiped suricata firejail hashcat serf netdata
	#	   to "Security Related Programs" rule
	#	 Add icinga2
	#	  to "System Auditing Programs" rule
	#	 Add (recurse = 0) to /run/lock, to avoid reporting /run/lock/cron.daily
	#	  to "System Boot Changes" rule
	#	 Add pshs shellinabox
	#	  to "WWW Related Programs" rule
0.2.5	# 150205 Sent mktwpol-0.2.5.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Add remarks in mktwpol.cfg file re: RULES_FILE switch
	#	 Add/rearrange code in config_mktwpol routine,
	#	   to pick-up assignment of RULES_FILE from CONFIG_FILE
	#	 Remove packages no longer in portage tree:
	#	   cyassl openmcl qemu-user udept
	#	 Recognize renamed packages: postgresql-server -> postgresql
	#	 Add 'Perl scripts and modules' to mktwpol-no-packages.rules
	#	 Add virtualbox virtualbox-bin virtualbox-guest-additions
	#	   vmware-tools vmware-modules vmware-player vmware-workstation
	#	   xe-guest-utilities
	#	   to "Boot, Kernel, and Init" rule
	#	 Add pbzip2 nx unar
	#	   to "Compression/Archiving Programs" rule
	#	 Add ngxtop
	#	   to "[core|diff|find]utils procps" rule
	#	 Add mariadb
	#	   to "Database Related Programs" rule
	#	 Add openafs wdfs
	#	   to "Filesystem Programs" rule
	#	 Add gentoo-functions
	#	   to "Gentoo Specific Programs" rule
	#	 Add numactl numad uhd megactl flo
	#	   to "Hardware and Device Programs" rule
	#	 Add /lib/udev to "Hardware and Devices" FileList
	#	 Add jffnms fwknop sflowtool sec mping netperf netio netdiscover
	#	   packit dietsniff p0f thcrut w3af cutter iperf apinger ntopng
	#	   to "Network - Filter/View" rule
	#	 Add tigervnc lcr yate minissdpd guacamole-server libtelnet ccrtp
	#	   dnscrypt-proxy
	#	   to "Network - Setup/Services" rule
	#	 Add etckeeper
	#	   to "Package Manager Programs" rule
	#	 Add clojure bin86 rust yasm xsb tuprolog radare2
	#	   to "Programming Languages/Tools" rule
	#	 Add gamin
	#	 Move fail2ban sshguard
	#	   to "Security Related Programs" rule
	#	 Add nrpe
	#	   to "System Auditing Programs" rule
	#	 Add musl
	#	   to "Toolchain Programs" rule
	#	 Add hiawatha polipo
	#	   to "WWW Related Programs" rule
0.2.4	# 140404 Sent mktwpol-0.2.4.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Add alternative rules file, mktwpol-portage-tree.rules
	#	   - sweeps part of the Portage tree database for package names
	#	 Add alternative rules file, mktwpol-no-packages.rules
	#	   - creates short but comprehensive tripwire policy
	#	 Increase scope and adjust policies in catchall rules
	#	 Revise tmp_array[] building routine to reduce execution time
	#	 Whitespace style changes to generated policy text
	#	 Add undocumented "cruft" switch for finding deprecated packages
	#	 Add ETC_SEC=ReadOnly to:
	#		"Boot, Kernel, and Init" rule
	#		"Filesystem Programs" rule
	#		"Gentoo Specific Programs" rule
	#		"Hardware and Device Programs" rule
	#		"Package Manager Programs" rule
	#	 Remove module-rebuild from and ...
	#	 Add systemd-sysv-utils gnu-efi udev-init-scripts
	#	   to "Boot, Kernel, and Init" rule
	#	 Add snappy tsm zpaq dar pdlzip plzip fsarchiver ncompress
	#	   to "Compression/Archiving Programs" rule
	#	 Add cronbase
	#	   to "Cron, Inetd, and Logging" rule
	#	 Add proot md5deep criu lttng-modules lttng-tools nmon
	#	   to "[core|diff|find]utils procps" rule
	#	 Add mysql-init-scripts unixODBC
	#	   to "Database Related Programs" rule
	#	 Add recode unifdef enca
	#	   to "File Manipulation Programs" rule
	#	 Add ifuse ecryptfs-utils thin-provisioning-tools ceph
	#	   to "Filesystem Programs" rule
	#	 Add elogv perl-cleaner eselect-java eselect-python eselect-sh
	#	   localepurge baselayout-java
	#	   to "Gentoo Specific Programs" rule
	#	 Add pmtools opensc udiskie noflushd iasl cpufrequtils
	#	   to "Hardware and Device Programs" rule
	#	 Add mailutils
	#	   to "MTA Related Programs" rule
	#	 Add ifstatus nethogs isic netwox tcpstat ipaudit tcptrack
	#	   bmon masscan tcptraceroute speedtest-cli arpd netselect
	#	   net-snmp rrdtool metasploit
	#	   to "Network - Filter/View" rule
	#	 Add ansible connman netplug siproxd cfengine freerdp nstx
	#	   minidlna portspoof netkit-telnetd fakeidentd irda-utils
	#	   isatapd
	#	   to "Network - Setup/Services" rule
	#	 Add osc stow
	#	   to "Package Manager Programs" rule
	#	 Add idb cmocka flex m4
	#	   to "Programming Languages/Tools" rule
	#	 Add nss-pam-ldapd bcwipe
	#	   to "Security Related Programs" rule
	#	 Expand "Shell Programs" to "Shell and Terminal Programs"
	#	 Add aterm eterm rxvt rxvt-unicode suite3270 xterm xvt
	#	   toybox
	#	   to "Shell and Terminal Programs" rule
	#	 Add monit audit
	#	   to "System Auditing Programs" rule
	#	 Add binutils-config gcc-config
	#	   to "Toolchain Programs" rule
	#	 Add /usr/games/bin
	#	   to "User Bin and Lib Directories" rule
	#	 Add mico apr-util haproxy
	#	   to "WWW Related Programs" rule
0.2.3	# 140215 Sent mktwpol-0.2.3.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Expand scope of STOPLIST effect, now works against packages
	#	 Repair test_for_dupe_rules to include FILELIST_5 entries
	#	 Add blosc
	#	   to "Compression/Archiving Programs" rule
	#	 Add scite gemas
	#	   to "Editor Programs" rule
	#	 Add zisofs-tools rar2fs
	#	   to "Filesystem Programs" rule
	#	 Add esearch
	#	   to "Gentoo Specific Programs" rule
	#	 Add apmd bluedevil
	#	   to "Hardware and Device Programs" rule
	#	 Add stunnel macchanger rtsp-conntrack libnetfilter_conntrack
	#	   ufw bwping
	#	   to "Network - Filter/View" rule
	#	 Add rygel sslh
	#	   to "Network - Setup/Services" rule
	#	 Add pkgconf
	#	   to "Package Manager Programs" rule
	#	 Add abcl clisp clozurecl cmucl ecls gcl openmcl jikes ghc
	#	   scala
	#	   to "Programming Languages/Tools" rule
	#	 Add m2crypto
	#	   to "Security Related Programs" rule
	#	 Remove /etc/security/limits.conf from FILELIST part of
	#	   "Security Related Programs" rule (duplicates file from 'pam')
0.2.2	# 140202 Sent mktwpol-0.2.2.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 mktwpol.sh /proc/* entries limited to zero-size, non-directory
	#	 STOPLIST[] prevents generating policy under FILELIST[] wildcard
	#	 Expand FILELIST array clearing on external cfg to include "_5"
	#	 Add INCL_PATHS variable to facilitate changing scope of policy
	#	   via mktwpol.cfg file, vs. scope being hardcoded in script
	#	 Add /usr/libexec/* to INCL_PATHS to capture package files
	#	 Eliminate escape of "`" characters in README alias instructions
	#	 Remove reference to Red Hat in policy file footer
	#	 Clarify function of AUTO_UPDATE variable, in mktwpol.cfg
	#	 Replace "echo -n" and "echo -e" with "printf"
	#	 Move /usr/lib/pkgconfig from FILELIST[17] to FILELIST_2[17],
	#	   otherwise, "-mc" modifier is applied to all PACKAGES[17]
	#	 Add epoch openrc-settingsd lightdm lxdm u-boot-tools palo
	#	   to "Boot, Kernel, and Init" rule
	#	 Add obnam cabextract lbzip2 spideroak-bin lziprecover xdelta
	#	   mscompress pigz diffball
	#	   to "Compression/Archiving Programs" rule
	#	 Add bsdiff sysstat killproc verynice ftop
	#	   to "[core|diff|find]utils procps" rule
	#	 Add syslogread cronutils minlog
	#	   to "Cron, Inetd, and Logging" rule
	#	 Add e3 jedit ne adie xvile
	#	   to "Editor Programs" rule
	#	 Add glark coccinelle byacc dos2unix ronn sgrep
	#	   to "File Manipulation Programs" rule
	#	 Add cvmfs s3fs blocks smbnetfs unadf curlftpfs simple-mtpfs
	#	   to "Filesystem Programs" rule
	#	 Add http-replicator porticron gentoolkit-dev python-updater
	#	   tarsync cfg-update g-cpan
	#	   to "Gentoo Specific Programs" rule
	#	 Add lm_sensors nbd cpupower tw_cli udisks iotools open-iscsi
	#	   to "Hardware and Device Programs" rule
	#	 Add unrealircd prosody
	#	   to "IRC/P2P Related Programs" rule
	#	 Add opendkim amavis-logwatch mimedefang mailfilter dbmail
	#	   imapsync
	#	   to "MTA Related Programs" rule
	#	 Add netsniff-ng ldns-utils iftop netwatch yersinia ipsec-tools
	#	   hydra darkstat nftools iptraf-ng braa knocker nmbscan nsat
	#	   synscan pglinux pmacct openbsd-netcat tcpreplay
	#	   to "Network - Filter/View" rule
	#	 Add atftp dibbler vrrpd rbldnsd sheerdns torque openswan dante
	#	   portfwd stuntman xl2tpd knot heartbeat pacemaker corosync
	#	   noip-updater ofono frox hylafaxplus nsscache socat
	#	   to "Network - Setup/Services" rule
	#	 Add /etc/cups/printers.conf to new FILELIST_5[22],
	#	   in "Other Config Files" rule
	#	 Add nsis alien zeroinstall-injector suse-build pkgconfig
	#	   to "Package Manager Programs" rule
	#	 Rename "Programming Langauges" "Programming Languages/Tools"
	#	 Add autogen rakudo nqp swi-prolog vala sbcl ispc julia strace
	#	   cscope boost-m4
	#	   to "Programming Languages/Tools" rule
	#	 Remove python-updater from "Programming Languages" rule
	#	 Add acl fprintd munge nss_ldap pam_mount codecrypt
	#	   /etc/security/limits.conf ssdeep
	#	   to "Security Related Programs" rule
	#	 Add scponly
	#	   to "Shell Programs" rule
	#	 Add postfix-logwatch mk-livestatus inotify-tools
	#	   to "System Auditing Programs" rule
	#	 Add /run/lock (to skip being flagged on number of links)
	#	   to "System Boot Changes" rule
	#	 Add gnuconfig uclibc gnustep-base icmake scons dietlibc
	#	   to "Toolchain Programs" rule
	#	 Add varnish lftp oops gorg publicfile mod_gnutls inn
	#	   apache-tools wordpress suhosin
	#	   to "WWW Related Programs" rule
0.2.1	# 131130 Sent mktwpol-0.2.1.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Skip tripwire database backup file inode check, if on Reiserfs
	#	 Pass $FORCE_PRINT from twsetup.sh to mktwpol.sh, eliminate -f switch
	#	 Add test to twsetup, for FORCE_PRINT compatible mktwpol.sh
	#	 If a tw.cfg exists, twsetup.sh offers to update tripwire
	#	   `twsetup.sh -u` acts similar to `mktwpol.sh -u`
	#	 Select RULES_FILE, CONFIG_FILE, and EXISTING_TXT_POLFILE
	#	   as newest in tw_cfg_dir, /etc/{mktwpol,tripwire}, and /root
	#	 Add ability to establish TXT_POLFILE in mktwpol.cfg
	#	 Replace `which` with `command -v` in twsetup.sh
	#	 Correct remark about errors during policy encryption
	#	   twadmin is indifferent about missing files at this point
	#	 Add instructions for finding removed packagenames
	#	 Add tripwire policy switch definitions to "Rules" file
	#	 Move some comments from "Rules" file to mktwpol.cfg
	#	 Change policy for non-recursed REPORTDIR to $(ReadOnly) -ms
	#	 Add /dev /sys /usr /var to "Invariant Directories" rule
	#	 Revamp "Local Config Files" to "Other Config Files"
	#	   Adopt recursive inspection of /etc and /usr/etc directories
	#	   Eliminated individual naming of local config files
	#	   Special policies for files affected by systematic activity
	#	   Hard-code ignore of TXT_POLFILE in policy file header
	#	   Capture STDERR of twsetup.sh `tripwire --init` to variable
	#	     otherwise --init flags temporary/missing zero-byte file
	#	 Eliminate individual file naming in FILELIST section of
	#	   "Root User Directory" rule, policy recurses all of '/root'
	#	 Changed /root STOPLIST to FILELIST_3 with relaxed inspection
	#	 Add /root/.viminfo to FILELIST_3 "Root User Directory" rule
	#	 Add xen xen-pvgrub xen-tools aqemu qemu qemu-user s6 slim
	#	   daemontools daemontools-encore hibernate-script genkernel
	#	   genkernel-next dracut plymouth debootstrap netifrc
	#	   gentoo-systemd-integration to "Boot, Kernel, and Init" rule
	#	 Remove kerneloops ksymoops from "Boot, Kernel, and Init" rule
	#	 Add cdiff procenv psmisc oprofile perf
	#	   to "[core|diff|find]utils procps" rule
	#	 Remove fuser from "[core|diff|find]utils procps" rule
	#	 Add amanda bareos libtar lzip lrzip backuppc turbolift p7zip
	#	   dropbox deja-dup duplicity
	#	   to "Compression/Archiving Programs" rule
	#	 Add alemic mdbtools mongodb redis ldb couchdb hdf5 idutils
	#	   to "Database Related Programs" rule
	#	 Add bindfs go-mtpfs glusterfs gvfs moosefs ocfs ocfs2-tools
	#	   s3ql xfsdump zfs bcache-tools aufs3 aufs-util exfat-utils
	#	   f2fs-tools nilfs-utils nfs-utils squashfs-tools squashfuse
	#	   snapraid archivemount unionfs-fuse lessfs cryptsetup
	#	   to "Filesystem Programs" rule
	#	 Remove nfs ntfsprogs from "Filesystem Programs" rule
	#	 Add euscan gentoopm portpeek fquery flaggie udept matter pfl
	#	   to "Gentoo Specific Programs" rule
	#	 Remove findcruft from "Gentoo Specific Programs" rule
	#	 Add apcupsd eudev whdd mtx sdparm sg3_utils lsscsi i2c-tools
	#	   fio fxload uevt gptfdisk linux-gpib
	#	   to "Hardware and Device Programs" rule
	#	 Relocate psmisc from "Hardware and Device Programs" to "[core|diff|find]utils procps"
	#	 Remove hotplug-base module-init-tools from "Hardware and Device Programs" rule
	#	 Add ifstat nessus nessus-bin ntop slurm snort zniper hping
	#	   shorewall shorewall-core shorewall-lite shorewall6 sslsniff
	#	   shorewall6-lite ettercap privoxy scanssh ike-scan portsentry
	#	   fping sslscan wapiti zabbix munin mtr zmap
	#	   to "Network - Filter/View" rule
	#	 Add equo pkgcore zypper setuptools dpkg
	#	   bzr cvs git mercurial monotone subversion veracity
	#	   to "Package Manager Programs" rule
	#	 Add dash dtatch conmux dsh esh pdsh psh mksh
	#	   to "Shell Programs" rule
	#	 Remove csh from "Shell Programs" rule
	#	 Add autoconf-wrapper automake-wrapper makedepend pcc tcc
	#	   kgcc64 dev-util/ninja pmake qtcore binutils-apple
	#	   to "Toolchain Programs" rule
	#	 Remove FILELIST (ac-wrapper.sh) from "Toolchain Programs" rule
	#	 Add libidn tightvnc wireless-regdb x11vnc net-misc/tor
	#	   autoupnp quagga libsrtp dhcdrop qshare tftp-hpa sshuttle
	#	   openvpn vpnc tinc x2goserver asterisk pptpd openresolv
	#	   swift cinder nova neutron glance nsd mpd ipvsadm keepalived
	#	   netatalk cyphesis rtmpdump radmind ipxe opendnssec exabgp
	#	   openvswitch salt dnsimple-dyndns xrootd opendchub radvd
	#	   netpipes to "Network - Setup/Services" rule
	#	 Remove hostap-driver from "Network - Setup/Services" rule
	#	 Add openfire mumble umurmur silc-server asuka dccserver
	#	   ultimate to "IRC/P2P Related Programs" rule
	#	 Add yacc bison to "File Manipulation Programs" rule
	#	 Remove slocate from "File Manipulation Programs" rule
	#	 Remove jabberd from "IRC/P2P Related Programs" rule
	#	 Add /usr/libexec to "OS Bin and Lib Directories" rule
	#	 Add nikto icinga to "System Auditing Programs" rule
	#	 Add obfsproxy truecrypt watchdog dropbear polarssl xhost
	#	   aircrack-ng libgpg-error loop-aes keystone pssh pam_ssh
	#	   qca-ossl pycrypto lxsession pass mit-krb5 mhash cyassl
	#	   freeradius gnuradius to "Security Related Programs" rule
	#	 Add htpdate chrony collectd to "Cron, Inetd, and Logging" rule
	#	 Add pypy jython elixir execline fsharp icc ifc cython fpc
	#	   ccache llvm clang dragonegg gdb valgrind python-exec yap
	#	   distorm64 systemtap erlang to "Programming Languages" rule
	#	 Remove qt-core from "Programming Languages" rule
	#	 Add isync opendmarc amavisd-new to "MTA Related Programs" rule
	#	 Remove qsf from "MTA Related Programs" rule
	#	 Add filezilla squid squidclamav squidguard gatling axtls
	#	   webfs gunicorn tinyproxy uwsgi c-icap rails memcached
	#	   quickshare cntlm ntlmaps phpmyadmin to "WWW Related Programs" rule
	#	 Remove mini_httpd php-toolkit from "WWW Related Programs" rule
	#	 Add gvim vim-core jed jupp mg moe nvi vile to "Editor Programs" rule
0.2.0	# 130921 Sent mktwpol-0.2.0.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Additions and changes in the tarball
	#	  - added Makefile, COPYING
	#	  - executable scripts have "-version-number" in their names,
	#	    softlinked to mktwpol.sh and twsetup.sh by Makefile
	#	  - mktwpol.cfg separated from README and rearranged, updated
	#	    added instructions for adding a single package name
	#	 Reversed logic from KEEP_DEFAULT_RULES to UNSET_DEFAULT_RULES
	#	 Add remarks re: database being an added file at initial install
	#	  - cure with `tripwire --update`, not twsetup.sh or mktwpol.sh
	#	 Add tips re: obtaining secure passphrase automation
	#	 Generated policy now includes rule number, as well as name
	#	 Fix a bug where policy header always pointed to a tw.cfg,
	#	  even if the user had defined a different tripwire config file
	#	 Fix an error in post set-up tutorial for non-default location
	#	  with non-default tw config, e.g., /etc/tw-sandbox/goofy.cfg
	#	 Add mktwpol.sh "dump" parameter to list packagenames
	#	 Rearrange the order of the RULENAME[] definitions
	#	 Separated RULENAME[], etc. definitions into its own file
	#	  - this signals the end of the 0.1.x line of revisions
	#	  - mktwpol.sh will look in /etc/tripwire, /var/lib/mktwpol, and /root
	#	 Eliminate "Security Control File" rule
	#	  - moved "/etc/security" to "Security Related Programs" rule
	#	 Add tmux to "Shell Programs" rule
	#	 Add tnef to "Compression/Archiving Programs" rule
	#	 Add sxid to "System Auditing Programs" rule
	#	 Add arcconf to "Hardware and Device Programs" rule
	#	 Add epm conf-update to "Gentoo Specific Programs" rule
	#	 Add iplog logserial ulogd to "Cron, Inetd, and Logging" rule
	#	 Add minit runit showconsole to "Boot, Kernel, and Init" rule
	#	 Add argus conntrack-tools dsniff ferm firewalld
	#	  fwipsec gnu-netcat ipkungfu nast nfacct nload nufw portmon
	#	  psad scanlogd ssldump tcpflow to "Network - Filter/View" rule
	#	 Add clamsmtp dspam getmail gld imapfilter popfile postgrey
	#	  qpopper razor rblcheck smtptools to "MTA Related Programs" rule
	#	 Add fuser procinfo procinfo-ng psmon to "[core|diff|find]utils procps" rule
0.1.5	# 130913 Sent mktwpol-0.1.5.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Security related changes re: mktwpol.cfg
	#	  - Demand that mktwpol.cfg be permissions 600 ( -rw------ )
	#	  - Demand that mktwpol.cfg be owned by root
	#	  Revert method of reading mktwpol.cfg from "eval" to "source"
	#	  - Freeze TW_CFG against change by mktwpol.cfg using "readonly"
	#	  - Use of "eval" created a massive functional bug
	#	 twsetup: Suggest `mktwpol -u` only if MKTWPOL_CMD == mktwpol*
	#		  Fixed bash command that sets TW_BASE
	#		    ${TW_CFG_DIR##/*/} -> ${TW_CFG_DIR##*/}
	#		  If the parameter following "-c" does not have a slash,
	#		    then treat it as config filename in /etc/tripwire
	#		  Tip suggests the use of `less` to view policy and database
	#		  Tips give correct command lines for non-default install
	#	 mktwpol: Delay showing "Delete [plain-text policy] now?" prompt
	#	            - now after making database, was after making tw.pol
	#		  Eliminated "Do you want to update tripwire?" prompt
	#		  Removed (-q) "Quiet" switch
	#		  Changed "-c mktwpol.cfg" switch to "-C"
	#		  Accept "-C" mktwpol.cfg name without prepending directory
	#		  "-c" switch points to non-default tripwire config dir
	#	 Add code for separate mktwpol.rules rule definition file
	#	  - undocumented "-R" rule file switch, default mktwpol.rules
	#	  - the generator will stabilize, but package-names won't
	#	  - At some future time, will remove "Internal default" rules
	#	    from the script, and will provide them in mktwpol.rules file
	#	 More bugfixes on use of non-default tripwire config dir
0.1.4	# 130910 Sent mktwpol-0.1.4.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 twsetup.sh substitutes `cat twpol.txt` if MKTWPOL_CMD not found
	#	 twsetup.sh catches errors in creating encrypted policy file
	#	 Add (-b) bypass plain-text policy text generator
	#	 Add (-p) user changeable MKTWPOL_CMD_LINE
	#	  - default is `mktwpol.sh -f`
	#	 Prevent mktwpol.cfg from asserting several variables
	#	  - TW_CFG, TW_CFG_DIR, TW_TXT_CFG are "frozen out"
	#	 Change mktwpol.cfg variable UPDATETW to AUTO_UPDATE
	#	 Change mktwpol.cfg variable REMOVE_POL to AUTO_RM
	#	 Fix twsetup.sh vs. mktwpol.cfg priority bug
	#	  - added (-f) "Force print to STDOUT" switch to mktwpol.sh
	#	  - ignore mktwpol.cfg setting of TW_CFG, TW_CFG_DIR and TW_TXT_CFG
	#	    change method of parsing mktwpol.sh from "source" to "eval"
	#	 Remove tripwire initial setup functions from mktwpol-generic.sh
	#	  - tmpwatch_cronjob, test_tw_setup (which called twinstall)
	#	 Remove (-v) verbose switch from mktwpol.sh
	#	 Change (-q) quiet switch, no longer stifles progress display
	#	 Combine config_mktwpol and assign_misc_mktwpol_defaults routines
	#	 Combine assign_query_package and test_for_query_package routines
	#	 Combine mangle_strings into get_twcfg_variables routine
	#	 Combine test_twsetup into outro_twsetup routine
	#	 Change get_twcfg_variables name to config_twsetup
	#	 Add test for /var/db/pkg installed packages database
	#	 Add roccat-tools to "Hardware and Device Programs" rule
0.1.3	# 130908 Sent mktwpol-0.1.3.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 twsetup: provides tripwire config and policy encryption routines
	#	  - Uses `mktwpol.sh > text_policy` instead of `mktwpol -u`
	#	 All scripts handle being passed a directory name for TW_CFG
	#	 twsetup: reacts suitably to twcfg.txt changes and re-set-up
	#	 twsetup: makes database and report directories if necessary
	#	 Add (-c) switch for other than /etc/tripwire config directory
	#	 Add (-d) switch for other than /var/lib database directories
	#	 Add (-r) switch to remove plain-text config and policy
	#	 Add undocumented "null_password" command line parameter
	#	 Should work on multiple configuration instances on one system
	#	  - twsetup: naming the db dir, report dir, and cronjob follows
	#	    the name chosen for the tripwire setup directory
	#	  - when TW_CFG is not the tripwire default, /etc/tripwire/tw.cfg
	#	    assign "--cfgfile $TW_CFG" to $NONSTD_TW_CFG
	#	    twsetup: Add $NONSTD_TW_CFG to twadmin --create-cfgfile
	#	    twsetup: Add $NONSTD_TW_CFG to tripwire --check
	#	    twsetup: Add $NONSTD_TW_CFG to optional cronjob
	#	    mktwpol: Add $NONSTD_TW_CFG to twadmin --create-polfile
	#	    mktwpol: Add $NONSTD_TW_CFG to tripwire --init
	#	  - To see, try `twsetup.sh -c /etc/tw-sandbox`
	#	 Add subroutine to test tripwire set-up, run a filesystem scan
	#	 Makes a twcfg.txt file if tw.cfg and twcfg.txt are not present
	#	 Asks to make tripwire cronjob if none is found in /etc/cron.*/
	#	 Asks to write tmpwatch routine to tripwire cronjob
	#	  - bails silently if cronjob exists and has tmpwatch routine
	#	 Change ${TMPWATCH_AGE} variable default from "168" to "336" (hours)
	#	 twsetup.sh sitekey and localkey routines called from a do loop
	#	 Tweak and correct user prompts, script comments
	#	  - twsetup.sh informs user which of twcfg.txt or tw.cfg has been read
	#	  - use a word other than "install" to describe actions
	#	 mktwpol-generic.sh will use twsetup.sh /or/ twinstall.sh
	#	 README revamped, updated to changes in mktwpol.sh and twsetup.sh
0.1.2	# 130904 Sent mktwpol-0.1.2.tar.gz (no mktwpol-generic.sh) to SourceForge
	#	 Simplified HOSTNAME string substitution in twsetup.sh
	#	 Clean up $TW_CFG_DIR/tw.cfg to $TW_CFG in twsetup.sh
	#	 Add errorcheck on presence/absence of twcfg.txt in twsetup.sh
	#	 Comment out `expect` routines in mktwpol.sh update_tripwire_policy
	#	 Change tripwire database install prompt to refer to ${DB_FILE}
	#	 Made editorial changes to README to refer to twsetup.sh
	#	 Add attribution to Tripwire(R) 2.4 Open Source install script
	# 130903 Add twsetup.sh script to release package
	#	 Add errorlevel on 'skip config' exit in update_tripwire_policy
	#	 Change "Writing to" to "Writing plain-text policy to"
	#	 Add puppet to "Security Related Programs" rule
	#	 Add strongswan to "Network - Setup/Services" rule
	#	 Add sshguard to "Network - Filter/View" rule
	#	 Add a number of packages to "System Auditing Programs" rule
	#	 - filewatcher, integrit, logcheck, logsentry, logsurfer+, lsat
	#	 - petrovich, sagan, tenshi, yaala
	#	 Add socklog to "Cron, Inetd, and Logging" rule
	# 130902 Add klibc to "Toolchain Programs" rule
	# 130901 Move example mktwpol.cfg file from mktwpol-generic.sh to README
	#	 - Add remark about QUERY_* variable only used in mktwpol-generic.sh
	#	 Add mktwpol to "Security Related Programs" rule
	#	 https://devmanual.gentoo.org/ebuild-writing/functions/src_install/index.html
	#	 - Renamed CHANGELOG to CHANGES
	#	 - Removed LICENSE : see /usr/portage/licenses/CC-BY-SA-3.0
0.1.1	# 130831 Sent mktwpol-0.1.1.tar.gz (with mktwpol.sh only) to SourceForge
	#	 Supply text of Creative Commons license in LICENSE
	#	 Invert chronological order of CHANGELOG
	#	 Add reference to https://sourceforge.net/projects/mktwpol
	#	 Changed variable IGNORLST[] to STOPLIST[]
	#	 - Tripwire "!" indicates a stop point - file or directory tree
0.1.0	# 130830 Sent mktwpol-0.1.0.tar.gz (with mktwpol.sh only) to SourceForge
	#	 Add LICENSE, AUTHORS, README files
	#	 Separate CHANGELOG from mktwpol-generic.sh
	#	 Add efitools to "Hardware and Device Programs" rule
 **	# 130827 Established https://sourceforge.net/projects/mktwpol
 **	# 130826 Sent [only mktwpol.sh v. 25AUG13] to http://bugs.gentoo.org/34662
	# 130825 Add moreutils to "File Manipulation Programs" rule
	#	 Add minised to "File Manipulation Programs" rule
	#	 Add elilo and efibootmgr to "Boot, Kernel, and Init" rule
	#	 Add systemd and mbr to "Boot, Kernel, and Init" rule
	#	 Add ms-sys to "Hardware and Device Programs" rule
	#	 Add chntpw to "Security Related Programs" rule
	#	 Add testdisk to "File Manipulation Programs" rule
	# 130824 Add obexftp to "Network - Setup/Services" rule
	#	 Add apr to "WWW Related Programs" rule
	# 130820 Add opensmtpd to "MTA Related Programs" rule
	# 130811 Add python-updater to "Programming Languages" rule
	# 130810 Add lz4 to "Compression/Archiving Programs" rule
	#	 Add pygtk and numpy to "Programming Languages" rule
	#	 Add adjtimex alsa-lib alsa-tools to "Hardware and Device Programs" rule
	#	 Add attr to "Filesystem Programs" rule
	# 130804 Add libgcrypt to "Security Related Programs" rule
	#	 Add whois to "Network - Setup/Services" rule
	#	 Add libzip to "Compression/Archiving Programs" rule
	# 130714 Add avahi to "Network - Setup/Services" rule
	# 130707 Add cups-filters to "Hardware and Device Programs" rule
	# 130629 Add hexedit to "Editor Programs" rule
	# 130622 Add layman to "Package Manager Programs" rule
	# 130602 Add zile to "Editor Programs" rule
	#	 Add wdiff to "[core|diff|find]utils procps" rule
	# 130512 Add wicd to "Network - Setup/Services" rule
	# 130407 Add imake to "Toolchain Programs" rule
	#	 Add redland to "Database Related Programs" rule
	#	 Add numerous ftpd to "WWW Related Programs" rule
	#	 Add libarchive to "Compression/Archiving Programs" rule
	#	 Add cifs-utils to "Filesystem Programs" rule
	# 130403 Add sysklogd to "Cron, Inetd, and Logging" rule
	#	 Add sandbox to "Programming Languages" rule
	# 130331 Add routines to automate entry of site and local passphrases
	#	 Add als-utils to "Hardware and Device Programs" rule
	# 130324 Add /etc/sysctl.d/local.conf to "Local Config Files" rule
	#	 Add gcruft and findcruft to "'Gentoo Specific Programs" rule
	#	 Add kmod to "Boot, Kernel, and Init" rule
	# 130317 Add vnstat to "Network - Filter/View" rule
	#	 Add eselect to "Gentoo Specific Programs" rule
	#	 Add unrar programs to "Compression/Archiving Programs" rule
	#	 Add ntp and openntpd to "Cron, Inetd, and Logging" rule
	# 130316 Add iw and wpa_supplicant to "Network - Setup/Services" rule
	# 130223 Add ETC_SEC=ReadOnly to several rules:
	#		"Cron, Inetd, and Logging"
	#		"Shell Programs"
	#		"WWW Related Programs"
	#		"IRC/P2P Related Programs"
	#		"MTA Related Programs"
	#		"Database Related Programs"
	#		"Security Related Programs"
	#	 Add /etc/portage/make.conf to "Local Config Files" rule
	#	 Add /run to "System Boot Changes" rule
	# 130211 Add ccsh, fish, ksh to "Shell Programs" rule
	#	 Add fdm to "MTA Related Programs" rule
	# 130209 Add sniffit to "Network - Filter/View" rule
	# 130101 Add unhide to "System Auditing Programs" rule
	# 121225 Add exim to "MTA Related Programs" rule
	# 121223 Add libcap, libcap-ng to "File Manipulation Programs" rule
	#	 Add iotop to "[core|diff|find]utils procps" rule
	# 121220 Add ngrep to "Network - Filter/View" rule
	# 121209 Add wireless-tools to "Network - Setup/Services" rule
	#	 Add bmf, bogofilter, qsf, and spamprobe to "MTA ..." rule
	# 121202 Add ufed to "Gentoo Specific Programs" rule
	# 121125 Add pinentry to "Security Related Programs" rule
	#	 Add acpid, hplip to "Hardware and Device Programs" rule
	# 121118 Add pcmciautils to "Hardware and Device Programs" rule
	#	 Add poppler to "File Manipulation Programs" rule
	# 121104 Add ntfs3g to "'Filesystem Programs" rule
	# 121029 Add splashutils to "'Boot, Kernel, and Init" rule
	# 121028 Add boost to "Programming Languages" rule
	#	 Add rpm2targz to "Compression/Archiving Programs" rule
	# 121014 Add bincimap and others to "MTA Related Programs" rule
	# 121013 Add xc, cracklib & others to "Security Related Programs" rule
	# 121012 Add nginx and others to "WWW Related Programs" rule
	# 120904 Add /opt/bin to "User binaries" catchall rule
	# 120526 Add reference to http://bugs.gentoo.org/34662, in "version"
	#	 Add fbgetty, mingetty, qingy and others to "Boot, Kernel and Init"
 **	#	 Sent [only mktwpol.sh v. 30MAR12] to http://bugs.gentoo.org/34662
	# 120330 Add `tr | sort -u` to process_packagename to remove slotted dupes
 **	# 120213 Sent [only mktwpol.sh v. 16NOV11] to http://bugs.gentoo.org/34662
	# 111116 Add cyrus-sasl to "Security Related Programs" packages
	# 110522 Group "Boot, Kernel and Init" and added material for openrc
	# 110501 Rearrange Property Mask Aliases part of hardcoded header
	#	 Terse progress report appears on STDERR unless -q switch is invoked
	#	 Add references to OpenSUSE's `zypper` package mananger
	#	 Add some, corrected some, shuffled some package names
	#	 Add "Include Executables" command line switch
 **	# 110414 Sent [only mktwpol.sh v. 14APR11] to http://bugs.gentoo.org/34662
	#	 Fork into "mktwpol.sh" and "mktwpol-generic.sh"
	#	  - mktwpol.sh eliminates interaction with twinstall, many comments
	#	  - mktwpol.sh reads Gentoo /var/lib/db/*/*/CONTENTS files
	#	 Add ${TMPWATCH_AGE} variable.  Defaults to "168" (hours)
	#	 Add "Append tmpwatch to cronjob" function and switch
	#	 Direct STDERR of QUERY_PACKAGE command to /dev/null
	#	 More informative output when QUERY_PACKAGE program is not found
	#	 Add working QUERY_PACKAGE command for paludis
	#	 Separate "query_distro" into its own subroutine
	#	  - mktwpol-generic.sh is bloated, adaptable to systems other than Gentoo
	#	 Substitute bash script equivalent for grep, in process_packagename
	#	 Add EXCEPT[] and SEC_EX[] facility to cherry-pick files from wildcard
	#	 Add "Skip packages" switch to skip looking for package contents
	#	 Add ${FOLD} variable for text-wrap command.  Defaults to "fmt -u"
	#	 Change logic relating to script configuration file(s)
	#	  - keep default RULENAME[] suite if config file asserts KEEP_DEFAULT_RULES
	#	  - keep default RULENAME[] suite if config file does not set a RULENAME
	#	  - with no config line parm, seeks (optional) $TWCFG_DIR/mktwpol.cfg
	#	 Direct most `echo` output to STDERR to keep it visible to user
	#	 Eliminate most "sleep" pauses.  User can scroll up if inclined.
	#	 Reads tw.cfg (or twcfg.txt) just one time to obtain the tripwire variables
	#	 Working data moved from TMP_FILE to tmp_array[] variable
	#	 Numerous changes to comments, progress output, etc.
	#	 Add check for duplicate entries in PACKAGES[] and FILELIST[]
	#	 Fix bug where /etc/hosts could appear from two sources (baselayout)
	#	 Fix bug where SUID/SGID directory forced a rule with complete recursion
	#	 Fix bug affecting QUERY_PACKAGE commands having three or more words
 **	# 110106 Sent [only mktwpol.sh v. 06JAN11] to http://bugs.gentoo.org/344577
 **	# 110103 Sent [only mktwpol.sh v. 03JAN11] to http://bugs.gentoo.org/344577
	#	 Made numerous policy changes, especially in /var/run
	#	 Made "presence of package query program" test generic
	#	 Add SFT_MOD[] variable to subtract time check from /proc/mounts softlink
	#	 Add rules for socket, pipe, and soft-link files
	#	 Change variable names BINSECVALUE[] to BIN_SEC[], etc.
	#	 Add option to add tmpwatch lines to /etc/cron.daily/tripwire.cron
	#	 Add test for tw.cfg, site.key, and conditionally running twinstall.sh
	#	 Printing of long package or file lists broken into multiple lines
	#	 Import tripwire setup variables from tw.cfg or twcfg.txt file
	#	 Shuffled changes record to bottom of file.  Numerous remark revisions.
	#	 Move some functions to subroutines to simplify view of program structure
	#	 Fix bug where /lib/*, but not /usr/lib/*, was assigned Filetype=Lib
	#	 Fix bug where /log/*, but not /var/log/*, was assigned Filetype=Log
	#	 Change name from mktripwire.sh to mktwpol.sh
 0.0.4	# 101124 Sent to http://bugs.gentoo.org/344577
	#	 http://www.syntaxtechnology.com/2009/07/install-tripwire-on-fedora-11
	#	 Add facilities for future adaptation to other package managers; see:
	#	 Substitute `tripwire --init` for `tripwire --check --interactive`
	#	 Substitute `twadmin --create-policy` for `tripwire --update-policy`
	#	 Removed SIG_LOW, SIG_MED, and SIG_HI variables; now uses numerical values
	#	 Uses tripwire internal aliases instead of SEC_LOG, SEC_TTY, SEC_CONFIG, etc.
	#	 Add system variables (TWPOL, TWKEY, TWDB, TWREPORT) for portability
	#	 Add tripwire policy mask reference information to header
	#	 Add FILELIST[]="/lib/rcscripts/*/*" entry to "Gentoo Specific Files" rule
	#	 Made numerous policy level changes, moving of files between rules, etc.
	#	 Add numerous PACKAGES, FILELIST entries, renamed several RULENAMES
	#	 Rename some routines to better represent their functions
	#	 Add option to delete text policy file after tripwire --update-policy
	#	 Eliminate "exit" when qlist/equery not found (script processes any file list)
	#	 Apply SEC_MOD[] variable to files that are directory names
	#	 Add RECURSE_x[] array
	#	 Fix bug: SGID attribute of $targetfile was ignored
	#	 Fix bug: some variables were not cleared for external config
	#	 Move credits to copyright message in footer
	#	 Change variable name REMARKS[] to COMMENTS[]
	#	 Substitute `qlist --exact` for `equery --quiet files` (significantly faster)
 0.0.3	# 101121 Sent to http://bugs.gentoo.org/344577
	#	 Add warning: default generated policy does not check /var/log directory
	#	 Add default RULENAME  using /var/log/*[g] filelist
	#	 Add default RULENAMEs for Database (e.g., mysql) and Programming
	#	 Add "hidden" debug mode (the word "debug" followed by optional rulenumber)
	#	 Add options for Quiet and Verbose progress reporting
	#	 Replace XWINLIST[] and SKIPINOD[] arrays with FILELIST_x[] arrays
	#	 Add FILELIST_x[], REMARKS_x[], and SEC_MOD_x[] arrays
	#	 Add SEC_MOD variable array
	#	 Add option to take RULENAME[], etc. from separate config file
	#	 Add invocation parameters, help and version messages
 0.0.2	# 101107 Sent to http://bugs.gentoo.org/344577
 0.0.1	# 101106 Sent to http://bugs.gentoo.org/34662
