From 6bf5754c0e1ee53ac1e7b6631277cfc2ec45bc78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 21 Dec 2023 13:26:08 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 aide revision aad92bb13b18f074f39aa8ba2b2d875e --- .gitattributes | 23 +++ aide-0.18-as-needed.patch | 13 ++ aide-0.18.6.tar.gz | 3 + aide-0.18.6.tar.gz.asc | 14 ++ aide-cron_daily.sh | 38 ++++ aide-systemd.patch | 26 +++ aide-test.sh | 11 ++ aide-xattr-in-libc.patch | 211 ++++++++++++++++++++ aide.changes | 406 ++++++++++++++++++++++++++++++++++++++ aide.conf | 85 ++++++++ aide.keyring | 112 +++++++++++ aide.service | 10 + aide.service.8 | 24 +++ aide.spec | 166 ++++++++++++++++ aide.timer | 12 ++ aide.timer.8 | 1 + aide_service.conf | 79 ++++++++ 17 files changed, 1234 insertions(+) create mode 100644 .gitattributes create mode 100644 aide-0.18-as-needed.patch create mode 100644 aide-0.18.6.tar.gz create mode 100644 aide-0.18.6.tar.gz.asc create mode 100644 aide-cron_daily.sh create mode 100644 aide-systemd.patch create mode 100644 aide-test.sh create mode 100644 aide-xattr-in-libc.patch create mode 100644 aide.changes create mode 100644 aide.conf create mode 100644 aide.keyring create mode 100644 aide.service create mode 100644 aide.service.8 create mode 100644 aide.spec create mode 100644 aide.timer create mode 100644 aide.timer.8 create mode 100644 aide_service.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/aide-0.18-as-needed.patch b/aide-0.18-as-needed.patch new file mode 100644 index 0000000..dd6875b --- /dev/null +++ b/aide-0.18-as-needed.patch @@ -0,0 +1,13 @@ +Index: aide-0.18.3/Makefile.am +=================================================================== +--- aide-0.18.3.orig/Makefile.am ++++ aide-0.18.3/Makefile.am +@@ -65,7 +65,7 @@ aide_SOURCES += include/fopen.h src/fope + endif + + aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS} +-aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} ++aide_LDADD = -lm ${LDFLAGS} ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} + + if HAVE_CHECK + TESTS = check_aide diff --git a/aide-0.18.6.tar.gz b/aide-0.18.6.tar.gz new file mode 100644 index 0000000..367217d --- /dev/null +++ b/aide-0.18.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ff36ce47d37d0cc987762d5d961346d475de74bba8a1832fd006db6edd3c10e +size 383127 diff --git a/aide-0.18.6.tar.gz.asc b/aide-0.18.6.tar.gz.asc new file mode 100644 index 0000000..11fe21e --- /dev/null +++ b/aide-0.18.6.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAmTIxuAACgkQGO6GOGAi +71ftsAv/bkzrJqAidCXFHf57lBcWFwcK8j9P1CNDF+sufw1Y7MVO/LaC0B6WGJyN +LjX9+bddNFl6k6uy8KW4O6DUGLV85milImKfNybIanyDTkA2/447r9GlT6+AEd5n +rlibs4yQ/39+2fjbeEENcKXGsfv0UMmx+GgR7uyQiEoj4ohyWH1x9Ti5mahcvr1L +GLNn7XdCcBXzhJIzQtjxZ68zKlIAjw25ajltBPd2s3Ep3xEhYYIvSfOrLtoWvBTB +MBAPcq1SHPJkdZVdnyCpLV5uUB7bQLURzw9ZVlePtBHWB97MBzy3d+4mB7G6jN2i +eMCYR7W0NKV7WoIZRVlz/8XA1rifrlCNO/pmul7cz8fOa9MQIQmFhgAbDr4zRbJs +r2ilh6mDh3nCjhl9qi13lyk6q3Y4cC5XyfMSprmt+QcOGmdWFOV2kcXhGL4hqCZX +uNkgv7uyARDJvs9uylagAkR39zmKNsK9brcT6NgF8srz9+FNXu32AC88mV6JtrCb +xdoH7aWM +=qETo +-----END PGP SIGNATURE----- diff --git a/aide-cron_daily.sh b/aide-cron_daily.sh new file mode 100644 index 0000000..f056c8e --- /dev/null +++ b/aide-cron_daily.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# +# AIDE _Example_ Cron Script +# +# Use at your own risk! +# +# Matthias G. Eckermann +# + +AIDEBINARY=/usr/bin/aide +AIDECONFIG=/etc/aide.conf +AIDEDOMOUNT= +AIDERODEVICE= +MOUNT=/bin/mount +UMOUNT=/bin/umount + +# +# if you want to have the aide database on a CDROM, +# then play with these options: +# +#AIDERODEVICE=/media/cdrom +#AIDEDOMOUNT="yes" # some non-zero-string +#AIDECONFIG=/media/cdrom/aide.conf + +if [ ".$AIDEDOMOUNT" != "." ] && [ ".$AIDERODEVICE" != "." ] ; then + echo "mounting $AIDERODEVICE" + $MOUNT $AIDERODEVICE +fi + +if [ -x $AIDEBINARY -a $AIDECONFIG ]; then + $AIDEBINARY --config=$AIDECONFIG --check +fi + +if [ ".$AIDEDOMOUNT" != "." ] && [ ".$AIDERODEVICE" != "." ] ; then + echo "unmounting $AIDERODEVICE" + $UMOUNT $AIDERODEVICE +fi + diff --git a/aide-systemd.patch b/aide-systemd.patch new file mode 100644 index 0000000..ff4b500 --- /dev/null +++ b/aide-systemd.patch @@ -0,0 +1,26 @@ +Index: aide-0.18.3/doc/aide.1 +=================================================================== +--- aide-0.18.3.orig/doc/aide.1 ++++ aide-0.18.3/doc/aide.1 +@@ -143,7 +143,7 @@ See \fB--version\fR output for the defau + default \fBdatabase_in\fR and \fBdatabase_out\fR config values. + + .SH SEE ALSO +-.BR aide.conf (5) ++.BR aide.conf (5), aide.service (8), aide.timer (8) + .SH BUGS + There are probably bugs in this release. Please report them + at https://github.com/aide/aide/issues . +Index: aide-0.18.3/doc/aide.conf.5 +=================================================================== +--- aide-0.18.3.orig/doc/aide.conf.5 ++++ aide-0.18.3/doc/aide.conf.5 +@@ -1090,7 +1090,7 @@ In the following, the first is not allow + .B "/foo e+p+u+g" + .PP + .SH "SEE ALSO" +-.BR aide (1) ++.BR aide (1), aide.service (8), aide.timer (8) + .SH DISCLAIMER + All trademarks are the property of their respective owners. + No animals were harmed while making this webpage or this piece of diff --git a/aide-test.sh b/aide-test.sh new file mode 100644 index 0000000..6835adb --- /dev/null +++ b/aide-test.sh @@ -0,0 +1,11 @@ +#!/bin/sh +export TESTDIR=`mktemp -d /tmp/aide.XXXXXX` +install -m 700 -d $TESTDIR/var/lib/aide +install -m 700 -d $TESTDIR/etc +install -m 600 /etc/aide.conf $TESTDIR/etc/aide.conf.new +sed -e "s#/var/lib/aide#$TESTDIR/var/lib/aide#g" <$TESTDIR/etc/aide.conf.new >$TESTDIR/etc/aide.conf +/usr/bin/aide -c $TESTDIR/etc/aide.conf --init || exit 1 +mv $TESTDIR/var/lib/aide/aide.db.new $TESTDIR/var/lib/aide/aide.db +/usr/bin/aide -c $TESTDIR/etc/aide.conf --check --verbose || exit 1 + +rm -rf $TESTDIR diff --git a/aide-xattr-in-libc.patch b/aide-xattr-in-libc.patch new file mode 100644 index 0000000..4b68664 --- /dev/null +++ b/aide-xattr-in-libc.patch @@ -0,0 +1,211 @@ +Index: aide-0.18.6/configure.ac +=================================================================== +--- aide-0.18.6.orig/configure.ac ++++ aide-0.18.6/configure.ac +@@ -59,7 +59,7 @@ dnl Do the right thing for glibc... + AIDE_DEFS="-D_GNU_SOURCE" + + dnl This is borrowed from libtool +- ++ + if test $ac_cv_c_compiler_gnu = yes; then + LD_STATIC_FLAG='-static' + +@@ -101,54 +101,54 @@ else + # All AIX code is PIC. + LD_STATIC_FLAG='-bnso -bI:/lib/syscalls.exp' + ;; +- ++ + hpux9* | hpux10* | hpux11*) + # Is there a better LD_STATIC_FLAG that works with the bundled CC? + ## wl='-Wl,' + LD_STATIC_FLAG="${wl}-a ${wl}archive" + ## pic_flag='+Z' + ;; +- ++ + irix5* | irix6*) + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + # PIC (with -KPIC) is the default. + ;; +- ++ + cygwin* | mingw* | os2*) + # We can build DLLs from non-PIC. + ;; +- ++ + osf3* | osf4* | osf5*) + # All OSF/1 code is PIC. + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + ;; +- ++ + sco3.2v5*) + ## pic_flag='-Kpic' + LD_STATIC_FLAG='-dn' + ## special_shlib_compile_flags='-belf' + ;; +- ++ + solaris*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + sunos4*) + ## pic_flag='-PIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Qoption ld ' + ;; +- ++ + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + uts4*) + ## pic_flag='-pic' + LD_STATIC_FLAG='-Bstatic' +@@ -338,8 +338,6 @@ fi + + AIDE_PKG_CHECK(selinux, SELinux, no, SELINUX, libselinux, selinux) + +-AIDE_PKG_CHECK(xattr, xattr, no, XATTR, libattr, xattrs) +- + AIDE_PKG_CHECK(capabilities, POSIX 1003.1e capabilities, no, CAPABILITIES, libcap, caps) + + AIDE_PKG_CHECK(e2fsattrs, e2fsattrs, no, E2FSATTRS, e2p, e2fsattrs) +Index: aide-0.18.6/include/db_config.h +=================================================================== +--- aide-0.18.6.orig/include/db_config.h ++++ aide-0.18.6/include/db_config.h +@@ -19,7 +19,7 @@ + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +- ++ + #ifndef _DB_CONFIG_H_INCLUDED + #define _DB_CONFIG_H_INCLUDED + +@@ -32,7 +32,6 @@ + #ifdef WITH_ZLIB + #include + #endif +-#include "attributes.h" + #include "hashsum.h" + #include "db_line.h" + #include "list.h" +@@ -75,7 +74,7 @@ + /* int (*close)(_db_config*); */ + /* int db_size; */ + /* DB_FIELD* db_order; */ +-/* void* local; */ ++/* void* local; */ + /* }_db_config ; */ + + typedef struct database { +@@ -111,14 +110,14 @@ typedef struct db_config { + #ifdef WITH_ZLIB + /* Is dbout gzipped or not */ + int gzip_dbout; +- ++ + #endif + + DB_ATTR_TYPE db_out_attrs; + + char *check_path; + RESTRICTION_TYPE check_file_type; +- ++ + char* config_file; + char* config_version; + bool config_check_warn_unrestricted_rules; +@@ -160,7 +159,7 @@ typedef struct db_config { + int symlinks_found; + DB_ATTR_TYPE attr; + +-#ifdef WITH_ACL ++#ifdef WITH_ACL + int no_acl_on_symlinks; + #endif + int warn_dead_symlinks; +Index: aide-0.18.6/src/do_md.c +=================================================================== +--- aide-0.18.6.orig/src/do_md.c ++++ aide-0.18.6/src/do_md.c +@@ -45,7 +45,6 @@ + + #ifdef WITH_XATTR + #include +-#include + #ifndef ENOATTR + # define ENOATTR ENODATA + #endif +@@ -327,7 +326,7 @@ md_hashsums calc_hashsums(char* fullpath + } + + void fs2db_line(struct stat* fs,db_line* line) { +- ++ + line->inode=fs->st_ino; + + if(ATTR(attr_uid)&line->attr) { +@@ -349,7 +348,7 @@ void fs2db_line(struct stat* fs,db_line* + }else{ + line->size=0; + } +- ++ + if(ATTR(attr_linkcount)&line->attr){ + line->nlink=fs->st_nlink; + }else { +@@ -367,7 +366,7 @@ void fs2db_line(struct stat* fs,db_line* + }else{ + line->ctime=0; + } +- ++ + if(ATTR(attr_atime)&line->attr){ + line->atime=fs->st_atime; + }else{ +@@ -379,13 +378,13 @@ void fs2db_line(struct stat* fs,db_line* + } else { + line->bcount=0; + } +- ++ + } + + #ifdef WITH_ACL + void acl2line(db_line* line) { + acl_type *ret = NULL; +- ++ + #ifdef WITH_POSIX_ACL + if(ATTR(attr_acl)&line->attr) { + acl_t acl_a = NULL; +@@ -438,7 +437,7 @@ void acl2line(db_line* line) { + acl_free(acl_d); + } + line->acl = ret; +-#endif ++#endif + } + #endif + +@@ -600,4 +599,3 @@ void capabilities2line(db_line* line) { + void no_hash(db_line* line) { + line->attr&=~get_hashes(true); + } +- diff --git a/aide.changes b/aide.changes new file mode 100644 index 0000000..752fca9 --- /dev/null +++ b/aide.changes @@ -0,0 +1,406 @@ +------------------------------------------------------------------- +Thu Aug 3 08:40:38 UTC 2023 - Paolo Stivanin + +- Update to 0.18.6: + * Fix double free() during report generation + * Improve handling of ACL errors + +------------------------------------------------------------------- +Mon Jul 3 08:30:54 UTC 2023 - Paolo Stivanin + +- Update to 0.18.5: + * Fix child directory processing on equal match + +------------------------------------------------------------------- +Fri Jun 30 10:05:30 UTC 2023 - Paolo Stivanin + +- Update to 0.18.4: + * Fix handling of extended attributes on symlinks + * Add missing ')' to log message + * Fix static linking of the aide binary + * Don't require database_out for --dry-init + * Remove strerror() calls from thread log messages + +------------------------------------------------------------------- +Mon Jun 5 12:16:24 UTC 2023 - Andrea Manzini + +- switched service macros from %systemd_* to %service_* + according to documentation at https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Registering_unit_files_in_install_scripts + +------------------------------------------------------------------- +Mon Jun 5 07:56:04 UTC 2023 - Andrea Manzini + +- Update to 0.18.3: + * Handle readlink() errors + +- Update to 0.18.2: + * Add warning if rules contain not compiled-in attributes + * Add missing lock for tree operations during file system scan + +------------------------------------------------------------------- +Fri Mar 17 14:55:57 UTC 2023 - Dirk Müller + +- update to 0.18.1: + * Fix handling of empty growing files + * Fix segfault when using --dry-init + * Update README +- switch to pcre2 + +------------------------------------------------------------------- +Thu Feb 23 16:50:23 UTC 2023 - Paolo Perego + +- Update to 0.18 +- Rename aide-0.17.3-as-needed.patch to and rebase aide-0.18-as-needed.patch +- Added autoconf and autoconf-archive as building dependencies due to an error + when reconfiguring the source +- Rebase aide-xattr-in-libc.patch + +------------------------------------------------------------------- +Tue Mar 29 09:19:54 UTC 2022 - Paolo Stivanin + +- Update to 0.17.4: + * fix CVE-2021-45417: precalculate buffer size in base64 functions (bsc#1194735) + +------------------------------------------------------------------- +Thu Nov 4 10:51:25 UTC 2021 - Stefan Schubert + +- Added aide.service and aide.timer in order to run + aide periodically in the background via systemd timer. +- aide-systemd.patch: hook in new manpages + +------------------------------------------------------------------- +Fri Apr 2 07:03:22 UTC 2021 - Marcus Meissner + +- added missing pcre-devel buildrequires. + +------------------------------------------------------------------- +Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin + +- Update default config file to match v0.17 + +------------------------------------------------------------------- +Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin + +- Update to 0.17.3: + * BACKWARDS INCOMPATIBLE CHANGES + - '--verbose' command line option and 'verbose' config option are no + longer supported, use 'log_level' and 'report_level' options instead + - '--report' command line option is no longer supported, use + 'report_url' config option instead + - 'ignore_list' config option is no longer supported, use + 'report_ignore_changed_attrs' instead + - 'report_attributes' config option is no longer supported, use + 'report_force_attrs' instead + - (restricted) regular rules must start with literal '/', i.e. the rule + cannot begin with a macro variable + - config lines must end with new line + - '@' and ' ' in the configuration are now escaped with '\', that means + to match a '\' you have to use four backslashes '\\\\' in your rules + - 'gzip_dbout=false' fails now with config error when no zlib support + is compiled in + - remove '--with-initial-errors' configure option + - remove PostgreSQL database backend support + - remove Sun ACL support + - remove config and database signing support + * Enhancements: + - add new '--log-level' command line option and 'log_level' config option + - introduce named log levels + - add new 'report' log level to help to debug rule matching + - add new 'config' log level to help to debug config and rule parsing + - aad new '--dry-init' command + - add new '--path-check' command + - add directory support for @@include + - add new @@x_include config macro + - add new @@x_include_setenv config macro + - add new default compound group 'H' (all compiled-in hashsums) + - add support for per-report_url options + - add new 'report_level' config option + - add new 'report_append' config option + - add exit code 21 for file lock errors + - add default config values, available hashsums and compound groups + to '--version' output + - add Linux capabilities support + - show changed attributes in 'different attributes' message + - enable 'gost' and 'whirlpool' checksums when using gcrypt + - add 'stribog256' and 'stribog512' gcrypt algorithms + - add config file names to log output + * Miscellaneous behaviour changes: + - 'report_summarize_changes': hashsum changes are now indicated with 'H' + - print '--help' and '--verion' output to stdout + - log messages and errors are always written to stderr + - initialise report URLs after configuration parsing + - allow empty values for macro variables + - SIGUSR1 now toggles debug log level + - fail on errors in regular expressions during config parsing + - fail on invalid URLs during config check + - Fail on double slash in rule path + - cache log lines when 'log_level' is not yet set + * Deprecations: + - 'database' config option is now deprecated, use 'database_in' instead + - 'summarize_changes' config option is now deprecated, use + 'report_summarize_changes' instead + - 'grouped' config option is now deprecated, use 'report_grouped' + instead + - non-alphanumeric group names are deprecated + * Notable bug fixes: + - fix line numbers in log messages + - remove warning when input database is '/dev/null' + - correctly handle UTF-8 in path names and rules + - fix compilation with curl and gcrypt + - warn on unsupported hash algorithms + - improve large-file support + * Remove obsolete aide-attributes.sh script + * Remove outdated manual.html + * Update documentation + +- Rename aide-0.16.1-as-needed.patch to and rebase aide-0.17.3-as-needed.patch +- Rebase aide-xattr-in-libc.patch +- Remove aide-define_hash_use_gcrypt.patch (no longer needed) +- Remove aide-dynamic.patch (no longer needed) + +------------------------------------------------------------------- +Thu Jul 30 20:13:39 UTC 2020 - Matthias Eliasson + +- Update to 0.16.2 + Bug fixes: + * Fix handling of directory-restricted negative rules + * Don't lock '/dev/null' when used as output database + * Fix parsing of rules containing '?' quantifier + * Fix extended attributes support (xattrs) + * Fix processing of go files + Please note: + * The addition of the "trusted.*", "user.*" and the "security.*" + namespaces to the xattrs attribute might lead to a vast amount of + reported changed entries during your next AIDE run. You can use the + `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore + changes of the xattrs attribute; but be aware that this will exclude + the expected but also the unexpected (potentially malicious) changes. +- Run spec-cleaner + +------------------------------------------------------------------- +Thu Jul 11 13:03:25 UTC 2019 - + +- Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360). + Add aide-define_hash_use_gcrypt.patch + +------------------------------------------------------------------- +Sun Mar 17 21:20:12 UTC 2019 - Matthias Eliasson + +- Update to 0.16.1 + * Move to GitHub + * Update documentation + * Bug fixes +- Upstream have moved to GitHub update URL and Source URLs accordingly +- Refresh patch: aide-xattr-in-libc.patch +- aide-0.16.1-as-needed.patch: replaces aide-0.16-as-needed.patch +- Some cleanup of spec with spec-cleaner + +------------------------------------------------------------------- +Wed Jan 18 13:38:03 UTC 2017 - meissner@suse.com + +- Updated to 0.16 + - lots of bugfixes + - including regexp matching within subdirectories of expressions +- aide-0.16-as-needed.patch: replaces aide-0.15.1-as-needed.patch +- aide-no_m4_dir.patch: upstream +- aide.keyring: added from keyserver, cross checked key id on + http://aide.sourceforge.net/ and a signature from someone + I signed. + +------------------------------------------------------------------- +Thu Jul 2 08:07:07 UTC 2015 - meissner@suse.com + +- aide-dynamic.patch: avoid overwriting dl* functions, as we might + load libcrypto.so dynamically in FIPS mode. + +------------------------------------------------------------------- +Wed May 28 21:51:58 UTC 2014 - crrodriguez@opensuse.org + +- aide-xattr-in-libc.patch: Once upon a time, 10 years ago, basic extended + attribute functionality moved to libc, therefore libattr is most of the + time, not needed at all. + +------------------------------------------------------------------- +Thu Jan 23 08:33:09 UTC 2014 - meissner@suse.com + +- seperate a -test package to help with externalized testing. + +------------------------------------------------------------------- +Wed Jan 15 14:11:14 UTC 2014 - meissner@suse.com + +- aide.conf: Move from md5 and sha1 as default to sha256+sha512, also + to allow FIPS enabling with aide working. FATE#315925 + +------------------------------------------------------------------- +Fri Apr 26 11:26:37 UTC 2013 - mmeister@suse.com + +- Removed AC_CONFIG_MACRO_DIR([m4]) from configure.in to fix + build with new automake: aide-no_m4_dir.patch + +------------------------------------------------------------------- +Wed Jan 4 13:34:11 UTC 2012 - crrodriguez@opensuse.org + +- libmhash development was abandoned in 2007, so it is time + for it to go into the library heaven, use libgcrypt instead. + +------------------------------------------------------------------- +Fri Dec 2 06:21:56 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sat Sep 17 10:50:07 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Add missing call to make +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri Oct 01 15:12:21 CEST 2010 - freespacer@gmx.de + +- updated to version 0.15.1 + - Ignore changed file name if attributes does not match + - Allow absence of DB_CHECKINODE if file name has changed +- renew patch + +------------------------------------------------------------------- +Tue Aug 10 17:12:56 CEST 2010 - meissner@suse.de + +- updated to 0.15 + - lots of fixes and some new stuff + +------------------------------------------------------------------- +Fri Apr 30 00:40:34 CEST 2010 - ro@suse.de + +- make aide check verbose to get started +- add sleep and sync to fix build + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Wed Jun 17 19:43:10 CEST 2009 - crrodriguez@suse.de + +- fix build when as-needed is a default liker option + +------------------------------------------------------------------- +Mon Jan 5 14:19:26 CET 2009 - meissner@suse.de + +- fixed abort on check/update by removing the hash requirement bnc#406597 +- fixed version output bnc#463511 +- enhanced testcase to also run one aide --check + +------------------------------------------------------------------- +Fri Aug 22 09:48:36 CEST 2008 - meissner@suse.de + +- enabled SELinux support [Fate#303662] +- enabled curl +- disable static (does not make much sense) + +------------------------------------------------------------------- +Tue Feb 12 11:26:20 CET 2008 - meissner@suse.de + +- Version 0.13.1 + * Fixed bug with reading gzipped aide.db files + * Removed dead ustat code +- Version 0.13 + * Added support for selinux and xattr attributes + (kindly contributed by Red Hat) + * Added support for the Linux Audit System + (kindly contributed by Red Hat) + * Fixed usage of libgcrypt instead of libmhash + * Added file locking for output files + * Fixed bugs +- Version 0.12 + * Fixed bugs + * Allow http/https/ftp URLs through libcurl + * Support posix_fadvice() to avoid caching files +- enabled ACL and XATTR support + +------------------------------------------------------------------- +Thu Mar 29 10:13:37 CEST 2007 - meissner@suse.de + +- buildrequires flex,bison + +------------------------------------------------------------------- +Thu Apr 13 13:06:36 CEST 2006 - meissner@suse.de + +- run aide --init as test + +------------------------------------------------------------------- +Mon Feb 20 11:16:00 CET 2006 - mge@suse.de + +- update to 0.11 +- fixes bug #149059 + +------------------------------------------------------------------- +Wed Jan 25 21:34:08 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Sat Jan 14 22:08:31 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri Mar 18 15:46:21 CET 2005 - mge@suse.de + +- fixes #71272 - aide-0.10-47 config files not yet converted to utf8 + +------------------------------------------------------------------- +Mon Jan 26 11:16:41 CET 2004 - mge@suse.de + +- upgrade to 0.10 +- #33600: more usable default aide.conf + (thanks to Dirk Mueller ) +- example-cron-job + +------------------------------------------------------------------- +Sat Jan 10 22:05:03 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Wed Nov 13 01:36:35 CET 2002 - ro@suse.de + +- fix build for current bison + +------------------------------------------------------------------- +Thu Aug 15 16:11:22 CEST 2002 - mge@suse.de + +- update to 0.9 + +------------------------------------------------------------------- +Mon Apr 9 11:30:55 CEST 2001 - ro@suse.de + +- don't use macro for version +- remove obsolete macros + +------------------------------------------------------------------- +Wed Nov 22 13:00:27 MET 2000 - mge@suse.de + +- created PAC files +- make SPEC file 7.0 compliant + +------------------------------------------------------------------- +Sat Jul 15 22:06:58 MEST 2000 - mge@suse.de + +- initial SuSE RPM, config file /etc/aide.conf + +------------------------------------------------------------------- +Wed Jan 26 00:00:00 MEST 2000 - Matthew Kirkwood + +- Fixes for RH 6.1 and sysconfdir changed to /etc and /var/lib/aide added + +------------------------------------------------------------------- +Sun Sep 12 00:00:00 MEST 1999 - Rami Lehti + +- Some small changes to make this autogeneratable by configure. + +------------------------------------------------------------------- +Sat Sep 11 00:00:00 MEST 1999 - Zach Brown + +- First go diff --git a/aide.conf b/aide.conf new file mode 100644 index 0000000..b81c7c6 --- /dev/null +++ b/aide.conf @@ -0,0 +1,85 @@ +# +# AIDE _Example_ Configuration +# +# Thanks to the Debian people and Dirk Müller +# +# Use at your own risk! +# +# Matthias G. Eckermann +# + +# +# Configuration parameters +# +database_in=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new +report_url=stdout +warn_dead_symlinks=yes + +# +# Custom rules +# +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 + +# +# Directories and files +# +# Kernel, system map, etc. +/boot Binlib + +# watch config files, but exclude, what changes at boot time, ... +!/etc/mtab +!/etc/lvm* +/etc ConfFiles + +# Binaries +/bin Binlib +/sbin Binlib + +# Libraries +/lib Binlib + +# Complete /usr and /opt +/usr Binlib +/opt Binlib + +# Log files +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs + +# Devices +!/dev/pts +/dev Devices + +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +/var/lib Databases + +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L + + diff --git a/aide.keyring b/aide.keyring new file mode 100644 index 0000000..d966365 --- /dev/null +++ b/aide.keyring @@ -0,0 +1,112 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE4J+9wBEADaOHrCu7XWLSs4RzDPQMv4vCdtMASJJFBzXZzxaqUaDTZpwOxR +6wMw8PFwC0UphzbX/UBSZ1Q+31Xq0sCMOBfKA4hFVY7uDwLqommVVrctlvpcKNa4 +O1lov0pg7yessUnaidO+DoJ2SJW7pvvXcI6FWLXNENzsOWL8zzgIXrkU73hV3moL +yrfPXwwj+tppSXeOg7HgxRSUfoqKwVkCdtQEyvBI1ue33jhwL1/9RUg4m8ph2unk +QXJIloivIu7Yv0S3TgcbNzJJ7V1B/M+v1EjVKhtImp1iocxLctzE5d9G2MKfpAkg +c/9McV9+KdflpS5gWZIMHHKnsJ0dzh/LZGKi47298W0h4ce3BM9gGetNyu1f7hQi +9pumoUeMymkuPeuQv3NaecLY9LSvAF9KLWRwXXxoihDYlr4cbpMyS4jT/nFCd3cu +5CXBBIoeO2w+bpxs16LD83MQdg9vRKC77sgOC/O+gWIJDh31l4aystomOOHek069 +pWoOb1aIbFtaSYtVntyZ8DmyoDWvB3b/PXbxle5CkN/NPw9VDjZxqPSliTdUf1LG +EDPx22fFTHfMhjgC5XqceoWWCmvqy+4grHaLSkYKimI1DlhhVH6jYnhfBzcWDb4n +LyoRGOAKa0FurW5//I78wpkZCvTA4lTvJPHBI77+HlfiDjuuCMdFbyp6GQARAQAB +tCtIYW5uZXMgdm9uIEhhdWd3aXR6IDxodmhhdWd3aXR6QGRlYmlhbi5vcmc+iQJU +BBMBCgA+AhsBBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEK7vTD6qymzJTvPum +9pR9q2jnuTEFAmR8KDkFCRw1asMACgkQ9pR9q2jnuTH0/xAAgl3mNLOdSvUwTC6d +raw8jeQE2CmFroUVTvmMl3Ukwz946K/ba+eD8QZaFhcQ3UltxvCur518+EBo9nJ9 +WvBnd/Oi3j2ReL5Md038vrlXPd/lchK9RpOtrGIAraLk76rpPgnD9dVucqJpWL2M +gyTrjVyoaAzp2nJysENP1bBczDxduTSiahz6S7vAjb3IXRhrMrX3dQg3EBDloJFZ +mkoFYwnqdNzshqad8ehMaKc6doFg66DuEAilueESYBNLNNmqZqQD3in14DEDR9bj +b3XjFKTuf78ptTAf8ZsU9VrU+XCfx2o74kbfnOvkhMzGOIYX0B/z+06YV60GvFrD +UerXOZN4V5izVEdTkcHx0f+3SVnMieY1EGi3O+1dtvGeHS4qiuJPVOHlXPNoMjsX +McZNcNe4V0w1XO9tWRboM4lPM9gfz88gy1hO04y5NcNUq9JJi/RioOEFkcXs/Y0N +G8wOvHeBJ2mDJs7Gv06mmgFUrh1TwCiXw0+877nQpYfuL0h1zrsOC9Zvxqpm34Z5 +h5+HXD3RIbjkNjX7uQZKOEKNa+7P94XssZNOdsL2O6kw2NB/Hek0NatDq6O1yUwj +J9dx+VhX/suMXxPGW/ls36oiUZ1R7CV2Aya8YwIybTZWPK8gDec6uhkHH5O5e4I2 +guzttrtrKHJklOP9KIG8rE000Z20LEhhbm5lcyB2b24gSGF1Z3dpdHogPGhhbm5l +c0B2b25oYXVnd2l0ei5jb20+iQJXBBMBCgBBAhsBBQsJCAcDBRUKCQgLBRYCAwEA +Ah4BAheAAhkBFiEEK7vTD6qymzJTvPum9pR9q2jnuTEFAmR8KB8FCRw1asMACgkQ +9pR9q2jnuTEepw//ZGDHnwD8XVr3N0Ky6HoM1Jzoa+WiUQaFkrGIf7evyy27gTwH +fsI2Eupnrd6rBV8Osy5iGSlxP3tsg08pR7zvOxfMXSDuvcWabxQtNDTkpG47SSne +zHUup5ptFVrcggMXjKGnEq0WvNlB53qFdbg4og8K1BTT5/zwNcVp3PewGpyU6mu4 +xqdX+Ezt9oSpJ3c/UZBZD1lCEQQRD4ZubyxDJVTdQISCotkEe/SV5Pf9p29KTlMZ +ZINVR/eBYldQ+KO1E2GMheqpsnOP7Z9XMYCY9W3VyjJi1HSkJrzouRdlhPSwOsep +Y4zH58dwZJn5WMPRTsS7dMVqBndcWoYWjWILk/MXWj6Z+IYV0ffwfo23Aprh/EvB +IHfbG0yuys6CgvxfPZlMAJnG3bw/5IRRbWVBD/hWDEu7gzxBV0RnBBdBZJnEhBly +xJEPTPjkumGDjrwSTPe1UFUHBxgwVBm/+bo30rU3R8ggtGjCwM9un5e+zZlw/6Y9 +TLmWc8lWqTRnWD+7zFG+Cr1Rm/YgV3OmwX5v1bYNOORYVoj0wNx4qSe3VrW15SGz +rYu9LAQLvd1gFOZPjIXdL9x8nTQ3rNAQz6gl7hIUo0pKb3YLHM/vG2uVA7nK155j +BiC9w/8A3YR0Q7jikbLRl9YtSvkaAPeQ6qU7C1cCWaQhOcqVMZ10V2yU8zi5AY0E +Tgn8cgEMAM6Nv21neMk8LSH2HPDirz0w0UWnpkqdmk1oPCw+b4SILyJwNnOi1G5N +OP9ubGLDgr1HIzVnG18k429rScgKK9gddT0dqFmmQnFvGAVaMQPTNQVZFvPiZ27j +DjwupwcN5vnMlZ6Hqwk4vwTDqVi0qQ3lOnPYa9p4VLRmZO5a1A1F+CJsczifmohM +nCsbcoB1iqBV3/YgQa/RW2Gqjecq/g9fmvIMgj0+O03PAp4KGizRAhcBTkebpVrR +GedM9wFtn+rXNJ0PzVt0Ez2yJ+0FIKn0o/dT40h6oSDdXOce0WIW+jcAkKtpzTkf +9bleRqfRDYz2tvLbRrij1EO5POj6Z54BA/lzTCZFz9IRkrvOHyzPr6C5aP1BOJGd +NhWLXNuuxykMFyoQ591qSetDFH6egnjIFaIR7TNZITew49cZi1ZcYaIEb00EdjlR +6gMzX/WOA/tptfAcaK4r8A5NnDh0cxcaGQPN9WMtcyeWIJogFFMTC07YXB13l4yU +d/WfXI2l6QARAQABiQPbBBgBCgAmAhsCFiEEK7vTD6qymzJTvPum9pR9q2jnuTEF +AmR8KHMFCRpUNwEBqcDdIAQZAQgABgUCTgn8cgAKCRAY7oY4YCLvV/x3C/44CpgL +VRUZT8bxDp7ZjIpyxTB43f+tpGlykSFMYS3/Cw/i7ar1fjoAeVonXAp0PpqeuJ9w ++p9r3UWPZeVlmibYybLujnNDnV6RmeNtzc4HUtgPP/s7rynU6RFX46T5YRUBo/aC +hjFcWVi+YUaNfBdgaKyf4INWtuNTndLXlOJkuqGCikKOuuwReJ4pvs49whVj9Nug +jsotEf4/+tzsrCIWLtSF2BI/Fz0xV2vlmCzsB5fN4nC/ksaaXAL7jHwaUbTMLJ3W +9pcqBzyUd5CEMlE0bwPihyVItLLdTErbuN7M5v3iYSRakRzm0xCpyb01Ho/KWsTW +znaGh3XK6e05Avss8mIaju+Zf/Vk+oLNzGqI+YAgczWyK82yDbuxXfWauBI32nmF +XDwqN8pvPGGEm8BgMQxfKnV0mt3BezPTYBSuPw22+wVbao3xMJSIlIbFitw2ZOSL +mit64IYYVGaWr3awn65MSK/Db9SRaGv52gOR6ylDul7wkjNE8ohlaos0y9sJEPaU +fato57kxHA8QANbsBb9seSTd0jNBsqsSh2QWWaFU55DRSixz4AiTQZOwxQ6Bv0gi +gnWbKmPNuxzUXfTTK1PG8z7R3tfTObXFslrwjLmnZR0o7EYz9wJKLGBFhSxa+KJZ +chTRrWI7AALbBULgAgxP9nOLni1cRD+NhKfbipsph4jB97fgTqOi4Fglp5E7aC+8 +tfLiVgi3g8c+IWRgO4T1PT0JWzy/V78j1C+sv343zjtvwZAk35Z7mfX6KSjFsTWG +CFUSLT9FzgvJfTvlaneNdaE9mT1Ldb/2O2J1BF2FzL1EkQBVBkS83r3EtdN/tuZl +nJk+E1IrJ63ilgkzmM38SeGvwj7K8lK/EuRT3/+qTD1/f6uGOE8DNqi6CF8gi1bP +zDGfN1EbyR3ZQmfNey6nMBYDkS0bmAtNrvifeiVpwvNcRBHhCnpsOSZGPVEsJ2Wo +AslY0FOkgF+CUrxUb9TpCKY+9eXgQhCk3EqR7f0rKgsCp8w4Vbp4R0jII7jzrDkQ +x0mN2gbKz2PsJPxnQkEBFxfrVq/aMGyDsVL0Vz6K/MZWvUKheaLeatVudntE/Vso +lC9G3UsAAMDChecOrAnge/kyySqosJcfvfCvgLLxZlHHv+QWpFDaaQE9JZdDuaru +GkA33Xp0WFc0GhiEfnBR4iqoAqtdb8rp+vPQiA6sHu13NkThfsSiQn4CuQGNBE4J +/TQBDACoLGAOK8w/Mv1B3SZN/mfUYXgjJnOS1lqCNdKRG8MVQQCBVEe9QPU8yavh +/MpraEvPZhz6WSg7k1pHNMbKsDfv80ZX5WM95uMN69nmF/l+qo+eBJU8YIHWabkv +MSWTBeD1roo8CwHOl102ajgo0XzhCqeb4MkUCZCZxdTaoHcD+IW+4IbajozgzTYV +EQnyJdZwmB/EjRAncKDNCDoimHzjENQ9KOO/cPoGTFNfy9czoAmOY8gWt7b4wELD +Mx/tP06V3n9Zjpxx+sBId9xDv+Yd+JSJHbNk8FxQtRtZVGNv7SP0rIWv3AP+d93k +t/djtijzFTS5JxFViJtjwsDMdXQYnb+ReP4Jza5gLr/8gjbCRlLv/Bh1D9SyXFmf +tEcZyhJIUU2b2ybdCkwg/BdouoQxHN94bESy686djt1wiXLZa6s4jiFuMA3qfF+K +HDIbdjMBZzi0+XgJwwiqLlRkvLiG8/mGCijwFY+zzZ2lxKCOAEo8bUexOBz16Sw1 +Fj55vgsAEQEAAYkCPAQYAQoAJgIbDBYhBCu70w+qspsyU7z7pvaUfato57kxBQJk +fCiTBQkaVDZfAAoJEPaUfato57kxgtEQAMqDVz4YzHUHI6jvJTm+SQQP3TnNJLsi +MQshA+651W7dTgmIWKKEgXiuvQ33WWRDc3GoTC/TVGLXA1BNBejTJmtStsyQ+RVp +a4Y7KIPA3Va90IzPMqFUQztQgh689h+NIqgJovLmyZBmzIZ5f+LllfQ4ZCfeyBTz +qWbX8cDxP1hyD7ifd6IXuPtr7sycmPCHnhisttM/6WxCOgS3fmJuFjBaO3qB8nOz +vPRSsiYdBBpXd6v6GGJ3UhcBsYdAkVj9iQdkIkok3d9NnDlHklfjfE6Uj+MYEIzn +UOcQNOf3d0tlEYE5B1lUijYIJ5b0sdGl2z2PzQlJvvKIQrVKsc0KYiK61kbh6Tu+ +ldiiozyodUN3T6J82BSJp1blsRFnWK6kpaDz0geG275jViIuPnYIeVKSLFVvh0ji +Y0MxBv5kyKBpz33Y40tIdrGRo7Q3t07jACzyJT3aurKCnMK4jV/dPA45FunoAIck +16HTK8ShDQuEXP4Pu80z0Wv5V5MDRnJ0g/XhXjpNxNlhKvPEytIhDAVShWP0Rccp +J4ewy3QyapnS5FhldVHYQGowvpS8fS7MX8cqTDC83be0wcOKIGSjL6dQbVpXFT0/ +DV57ejodQ1OIFfKMtqLPqndQdU3BGxHh+1mD7XIR2H70vwXW0/vKG4yy0kMLEZ67 +gilA4+BAW5U+uQGNBE4J/a0BDADFSeNMstJh2Sx8LlLxTVoBVSPdm2G15kBsikDG +pWN4LiscKQT4Rmzi0uBuA1z+kD+eA+4G2nCqM7xO0RJAPLQi2zcfehdrbdwDBsFb +eCTe2lnbLqGodn0ff7YDlCyopKszgINOQQwXr4VSqG7cOGDGC38taaX5UBR7XJs0 +DMb4Hg0Oer7kN3kfSnOwihfS9lgunFIp3dNN1iUEp1NAVOyJhS//4zGh5EYiTd7y +QYQC21H6eiJTmnnvLm/nskiBeR4RFm8ozGAizcji+qwjR1AeeM7ifoIxtuVFH23A +Y7KGzId4y4Bh+Ni8uQO1eTGcc2XITAj5oFdYdC61wJ3B2i1w24gAYNqAJ8bodnYA +JatFRncuaYT6X5bNKHGT+u4KqedR55njEP7XxkXyfL06gI4ri1ef22d8X0kJIY3d +d2LD81qGfAEU8Q/qboPdeaVEtG0FfMCTqQ1yyct1jkbKZMUK/EPompgUZb6JTQov +bRGUPZFbhpq8nVAsu+jRRPVFzmkAEQEAAYkCPAQYAQoAJgIbIBYhBCu70w+qspsy +U7z7pvaUfato57kxBQJkfCiTBQkaVDXmAAoJEPaUfato57kx2aoQAMmvNTQYIRZE +GbUnHhfDlPKFHuQWUTZNgn8QzksUUF6JORdCoU3MqN/6Z2nHQ3LLiM07a9byk7zh ++W3K3J//UzZ24p5FfC3YOKzIOBP08Ij0EvuCajCeR5o/P7zHu5WBhoEgr5tEnFQC +oaeWdeL5GEBRrSmntUivhSUxWs0ntqk4cC0ncRgUb+28ZBGNa0ljqYoiatIHkTpR +E9RgJiaUsnmE5THkZ3xcvIemNFRjzQ5CjP65zlRbfrCJXsYiXF1gcOIPFoKaxtBi +w5HkgVd7cmHzClCkq/RTM+dDVo3V9b3zHB//1D8XwiQWvF7gMYymCCrnH+onKPi4 +XCDrCfm6toP6fEQa/nPJ92JtQiPLDpu1AxfpwNfZV/FIApNGuZ/Egs3sK7aVI76B +jvQs4chZUYfIY6axIJYceceXg1SFqiv15vjXLXi3RrtN7HaCDOCpSMQUG6gJ4dRh +VsKHK+wkqCmiIAPQt8rYkabev5dg+B+LGjj6oCmUyrCaoXubnkuX7pFqOCMDUw2b +ihb2H4k48HVxZdke3d4wPgq0oPCx3/04vFExq3PqOW9s0MTIC0XOY9GXJwJcFumQ +suOSVzMPRvWnBQnJYTfBtWehaxHG5dqNdOsNTdFfPfeD/qtHQ56RyYoqjZ87IY7q +E5GuuIiJTEypzeYfM0OkPPmPL4ku3B5J +=MtRc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/aide.service b/aide.service new file mode 100644 index 0000000..8051d3e --- /dev/null +++ b/aide.service @@ -0,0 +1,10 @@ +[Unit] +Description=Checking system for changed files +Documentation=man:aide(1) +After=local-fs.target + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/usr/bin/aide --check --config=/etc/aide_service.conf; exit 0" +IOSchedulingClass=idle +IOSchedulingPriority=7 diff --git a/aide.service.8 b/aide.service.8 new file mode 100644 index 0000000..0d9a660 --- /dev/null +++ b/aide.service.8 @@ -0,0 +1,24 @@ +.TH AIDE.SERVICE 8 "2021-02-10" "aide v0.17.3" "systemd environment" +.SH NAME +\fBaide\fP \- Advanced Intrusion Detection Environment + +systemd environment +.SH SYNOPSIS +aide.service + +aide.timer +.SH DESCRIPTION +For easier maintenance of big clusters, aide can be run by systemd.timer(5) in regular intervals. + +The specific time can be set in /usr/lib/systemd/system/\fBaide.timer\fR (tag OnCalendar) or can be configured in /etc/systemd/system/aide.timer.d/local.conf. See systemd.unit(5) for more information. + +The timer can be manually started via the call "systemctl start aide.timer" or can be started while the boot process which has been enabled by the call "systemctl enable aide.timer". + +The result of the check will be written to "/var/log/aide_service.log". This can be set in the file /etc/aide_systemd.conf. + +.SH HINT +Keep in mind that you have to init the database with the call "aide --init ; cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" at first before you are starting this service. + +.SH SEE ALSO +.BR aide (1) +.BR aide.conf (5) diff --git a/aide.spec b/aide.spec new file mode 100644 index 0000000..aafe61d --- /dev/null +++ b/aide.spec @@ -0,0 +1,166 @@ +# +# spec file for package aide +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: aide +Version: 0.18.6 +Release: 0 +Summary: Advanced Intrusion Detection Environment +License: GPL-2.0-or-later +URL: https://aide.github.io/ +Source0: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz +Source100: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz.asc +Source1: aide.conf +Source2: aide-cron_daily.sh +Source3: aide-test.sh +Source4: aide.service +Source5: aide.service.8 +Source6: aide.timer +Source7: aide.timer.8 +Source8: aide_service.conf +Source43: aide.keyring +Patch1: aide-0.18-as-needed.patch +Patch2: aide-xattr-in-libc.patch +Patch3: aide-systemd.patch +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: bison +BuildRequires: curl-devel +BuildRequires: flex +BuildRequires: gzip +BuildRequires: libacl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libselinux-devel +BuildRequires: pcre2-devel +BuildRequires: pkgconfig +BuildRequires: systemd-rpm-macros +BuildRequires: zlib-devel + +%description +AIDE is an intrusion detection system that checks file integrity. + +%package test +Summary: Simple AIDE testing +BuildArch: noarch + +%description test +Simple AIDE test script for externalized testing. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +autoreconf -fiv +%configure \ + --with-config_file=%{_sysconfdir}/aide.conf \ + --with-dbhmactype=md5 \ + --disable-static \ + --enable-lfs \ + --with-posix-acl \ + --with-xattr \ + --with-selinux \ + --with-curl \ + --with-zlib \ + --with-gcrypt \ + --without-mhash +# --enable-forced_configmd +%make_build + +%install +%make_install +install -m 700 -d %{buildroot}%{_localstatedir}/lib/aide +install -m 700 -d %{buildroot}%{_sysconfdir} +install -m 700 -d %{buildroot}%{_unitdir}/ +install -m 700 -d %{buildroot}%{_mandir}/man8 +install -m 600 %{SOURCE1} %{buildroot}%{_sysconfdir}/aide.conf +install -m 700 %{SOURCE3} %{buildroot}%{_bindir}/ +install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/aide.service +install -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/aide.timer +install -m 644 %{SOURCE5} %{buildroot}%{_mandir}/man8/aide.service.8 +install -m 644 %{SOURCE7} %{buildroot}%{_mandir}/man8/aide.timer.8 +install -m 600 %{SOURCE8} %{buildroot}%{_sysconfdir}/aide_service.conf +gzip -9 %{buildroot}%{_mandir}/man8/aide.service.8 +gzip -9 %{buildroot}%{_mandir}/man8/aide.timer.8 +mkdir -p doc/examples%{_sysconfdir}/cron.daily/ +cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh + +%pre +%service_add_pre %{name}.service %{name}.timer + +%post +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf + sed -i '/verbose=/d' %{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf +fi +%service_add_post %{name}.service %{name}.timer + +%preun +%service_del_preun %{name}.service %{name}.timer + +%postun +%service_del_postun %{name}.service %{name}.timer + +%check +rm -rf %{_localstatedir}/tmp/aide-test +mkdir %{_localstatedir}/tmp/aide-test +export TESTDIR=%{_localstatedir}/tmp/aide-test +%make_build DESTDIR=$TESTDIR install +install -m 700 -d $TESTDIR%{_localstatedir}/lib/aide +install -m 700 -d $TESTDIR%{_sysconfdir} +install -m 600 %{SOURCE1} $TESTDIR%{_sysconfdir}/aide.conf.new +sed -e "s#%{_localstatedir}/lib/aide#$TESTDIR%{_localstatedir}/lib/aide#g" <$TESTDIR%{_sysconfdir}/aide.conf.new >$TESTDIR%{_sysconfdir}/aide.conf +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf + sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf +fi +$TESTDIR/usr/bin/aide -D -c $TESTDIR%{_sysconfdir}/aide.conf +sleep 2 +sync +sleep 2 + +$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --init +mv $TESTDIR%{_localstatedir}/lib/aide/aide.db.new $TESTDIR%{_localstatedir}/lib/aide/aide.db +$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --check --log-level=info + +rm -rf $TESTDIR + +%files +%license COPYING +%doc AUTHORS ChangeLog NEWS README doc/examples +%{_bindir}/aide +/%{_mandir}/man1/aide.1.gz +/%{_mandir}/man5/aide.conf.5.gz +%{_localstatedir}/lib/aide +%config(noreplace) %{_sysconfdir}/aide.conf +%config(noreplace) %{_sysconfdir}/aide_service.conf +%{_unitdir}/aide.service +%{_unitdir}/aide.timer +%{_mandir}/man8/aide.timer.8* +%{_mandir}/man8/aide.service.8* + +%files test +%{_bindir}/aide-test.sh + +%changelog diff --git a/aide.timer b/aide.timer new file mode 100644 index 0000000..60f609f --- /dev/null +++ b/aide.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Checking system for changed files +Documentation=man:aide(1) +After=local-fs.target + +[Timer] +OnCalendar= daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/aide.timer.8 b/aide.timer.8 new file mode 100644 index 0000000..c8f7d9d --- /dev/null +++ b/aide.timer.8 @@ -0,0 +1 @@ +.so aide.service.8 diff --git a/aide_service.conf b/aide_service.conf new file mode 100644 index 0000000..7c1c080 --- /dev/null +++ b/aide_service.conf @@ -0,0 +1,79 @@ +# +# AIDE Configuration file for systemd service aide.service +# + +# +# Configuration parameters +# +database_in=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new +report_url=file:/var/log/aide_service.log +warn_dead_symlinks=yes + +# +# Custom rules +# +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 + +# +# Directories and files +# +# Kernel, system map, etc. +/boot Binlib + +# watch config files, but exclude, what changes at boot time, ... +!/etc/mtab +!/etc/lvm* +/etc ConfFiles + +# Binaries +/bin Binlib +/sbin Binlib + +# Libraries +/lib Binlib + +# Complete /usr and /opt +/usr Binlib +/opt Binlib + +# Log files +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs + +# Devices +!/dev/pts +/dev Devices + +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +/var/lib Databases + +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L + +