commit cb05f916cbb502d6fff4269d6dda4d6859bc72168ebcb25b4e0ffba8b9d01384 Author: Adrian Schröter Date: Fri May 3 10:54:29 2024 +0200 Sync from SUSE:SLFO:Main aide revision aad92bb13b18f074f39aa8ba2b2d875e diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/aide-0.18-as-needed.patch b/aide-0.18-as-needed.patch new file mode 100644 index 0000000..cc7c2a1 --- /dev/null +++ b/aide-0.18-as-needed.patch @@ -0,0 +1,13 @@ +Index: aide-0.18.3/Makefile.am +=================================================================== +--- aide-0.18.3.orig/Makefile.am ++++ aide-0.18.3/Makefile.am +@@ -65,7 +65,7 @@ aide_SOURCES += include/fopen.h src/fope + endif + + aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS} +-aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} ++aide_LDADD = -lm ${LDFLAGS} ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} + + if HAVE_CHECK + TESTS = check_aide diff --git a/aide-0.18.6.tar.gz b/aide-0.18.6.tar.gz new file mode 100644 index 0000000..c50968f --- /dev/null +++ b/aide-0.18.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ff36ce47d37d0cc987762d5d961346d475de74bba8a1832fd006db6edd3c10e +size 383127 diff --git a/aide-0.18.6.tar.gz.asc b/aide-0.18.6.tar.gz.asc new file mode 100644 index 0000000..9e002f9 --- /dev/null +++ b/aide-0.18.6.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAmTIxuAACgkQGO6GOGAi +71ftsAv/bkzrJqAidCXFHf57lBcWFwcK8j9P1CNDF+sufw1Y7MVO/LaC0B6WGJyN +LjX9+bddNFl6k6uy8KW4O6DUGLV85milImKfNybIanyDTkA2/447r9GlT6+AEd5n +rlibs4yQ/39+2fjbeEENcKXGsfv0UMmx+GgR7uyQiEoj4ohyWH1x9Ti5mahcvr1L +GLNn7XdCcBXzhJIzQtjxZ68zKlIAjw25ajltBPd2s3Ep3xEhYYIvSfOrLtoWvBTB +MBAPcq1SHPJkdZVdnyCpLV5uUB7bQLURzw9ZVlePtBHWB97MBzy3d+4mB7G6jN2i +eMCYR7W0NKV7WoIZRVlz/8XA1rifrlCNO/pmul7cz8fOa9MQIQmFhgAbDr4zRbJs +r2ilh6mDh3nCjhl9qi13lyk6q3Y4cC5XyfMSprmt+QcOGmdWFOV2kcXhGL4hqCZX +uNkgv7uyARDJvs9uylagAkR39zmKNsK9brcT6NgF8srz9+FNXu32AC88mV6JtrCb +xdoH7aWM +=qETo +-----END PGP SIGNATURE----- diff --git a/aide-cron_daily.sh b/aide-cron_daily.sh new file mode 100644 index 0000000..db4e824 --- /dev/null +++ b/aide-cron_daily.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# +# AIDE _Example_ Cron Script +# +# Use at your own risk! +# +# Matthias G. Eckermann +# + +AIDEBINARY=/usr/bin/aide +AIDECONFIG=/etc/aide.conf +AIDEDOMOUNT= +AIDERODEVICE= +MOUNT=/bin/mount +UMOUNT=/bin/umount + +# +# if you want to have the aide database on a CDROM, +# then play with these options: +# +#AIDERODEVICE=/media/cdrom +#AIDEDOMOUNT="yes" # some non-zero-string +#AIDECONFIG=/media/cdrom/aide.conf + +if [ ".$AIDEDOMOUNT" != "." ] && [ ".$AIDERODEVICE" != "." ] ; then + echo "mounting $AIDERODEVICE" + $MOUNT $AIDERODEVICE +fi + +if [ -x $AIDEBINARY -a $AIDECONFIG ]; then + $AIDEBINARY --config=$AIDECONFIG --check +fi + +if [ ".$AIDEDOMOUNT" != "." ] && [ ".$AIDERODEVICE" != "." ] ; then + echo "unmounting $AIDERODEVICE" + $UMOUNT $AIDERODEVICE +fi + diff --git a/aide-systemd.patch b/aide-systemd.patch new file mode 100644 index 0000000..737aea2 --- /dev/null +++ b/aide-systemd.patch @@ -0,0 +1,26 @@ +Index: aide-0.18.3/doc/aide.1 +=================================================================== +--- aide-0.18.3.orig/doc/aide.1 ++++ aide-0.18.3/doc/aide.1 +@@ -143,7 +143,7 @@ See \fB--version\fR output for the defau + default \fBdatabase_in\fR and \fBdatabase_out\fR config values. + + .SH SEE ALSO +-.BR aide.conf (5) ++.BR aide.conf (5), aide.service (8), aide.timer (8) + .SH BUGS + There are probably bugs in this release. Please report them + at https://github.com/aide/aide/issues . +Index: aide-0.18.3/doc/aide.conf.5 +=================================================================== +--- aide-0.18.3.orig/doc/aide.conf.5 ++++ aide-0.18.3/doc/aide.conf.5 +@@ -1090,7 +1090,7 @@ In the following, the first is not allow + .B "/foo e+p+u+g" + .PP + .SH "SEE ALSO" +-.BR aide (1) ++.BR aide (1), aide.service (8), aide.timer (8) + .SH DISCLAIMER + All trademarks are the property of their respective owners. + No animals were harmed while making this webpage or this piece of diff --git a/aide-test.sh b/aide-test.sh new file mode 100644 index 0000000..200df3b --- /dev/null +++ b/aide-test.sh @@ -0,0 +1,11 @@ +#!/bin/sh +export TESTDIR=`mktemp -d /tmp/aide.XXXXXX` +install -m 700 -d $TESTDIR/var/lib/aide +install -m 700 -d $TESTDIR/etc +install -m 600 /etc/aide.conf $TESTDIR/etc/aide.conf.new +sed -e "s#/var/lib/aide#$TESTDIR/var/lib/aide#g" <$TESTDIR/etc/aide.conf.new >$TESTDIR/etc/aide.conf +/usr/bin/aide -c $TESTDIR/etc/aide.conf --init || exit 1 +mv $TESTDIR/var/lib/aide/aide.db.new $TESTDIR/var/lib/aide/aide.db +/usr/bin/aide -c $TESTDIR/etc/aide.conf --check --verbose || exit 1 + +rm -rf $TESTDIR diff --git a/aide-xattr-in-libc.patch b/aide-xattr-in-libc.patch new file mode 100644 index 0000000..89dc074 --- /dev/null +++ b/aide-xattr-in-libc.patch @@ -0,0 +1,211 @@ +Index: aide-0.18.6/configure.ac +=================================================================== +--- aide-0.18.6.orig/configure.ac ++++ aide-0.18.6/configure.ac +@@ -59,7 +59,7 @@ dnl Do the right thing for glibc... + AIDE_DEFS="-D_GNU_SOURCE" + + dnl This is borrowed from libtool +- ++ + if test $ac_cv_c_compiler_gnu = yes; then + LD_STATIC_FLAG='-static' + +@@ -101,54 +101,54 @@ else + # All AIX code is PIC. + LD_STATIC_FLAG='-bnso -bI:/lib/syscalls.exp' + ;; +- ++ + hpux9* | hpux10* | hpux11*) + # Is there a better LD_STATIC_FLAG that works with the bundled CC? + ## wl='-Wl,' + LD_STATIC_FLAG="${wl}-a ${wl}archive" + ## pic_flag='+Z' + ;; +- ++ + irix5* | irix6*) + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + # PIC (with -KPIC) is the default. + ;; +- ++ + cygwin* | mingw* | os2*) + # We can build DLLs from non-PIC. + ;; +- ++ + osf3* | osf4* | osf5*) + # All OSF/1 code is PIC. + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + ;; +- ++ + sco3.2v5*) + ## pic_flag='-Kpic' + LD_STATIC_FLAG='-dn' + ## special_shlib_compile_flags='-belf' + ;; +- ++ + solaris*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + sunos4*) + ## pic_flag='-PIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Qoption ld ' + ;; +- ++ + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + uts4*) + ## pic_flag='-pic' + LD_STATIC_FLAG='-Bstatic' +@@ -338,8 +338,6 @@ fi + + AIDE_PKG_CHECK(selinux, SELinux, no, SELINUX, libselinux, selinux) + +-AIDE_PKG_CHECK(xattr, xattr, no, XATTR, libattr, xattrs) +- + AIDE_PKG_CHECK(capabilities, POSIX 1003.1e capabilities, no, CAPABILITIES, libcap, caps) + + AIDE_PKG_CHECK(e2fsattrs, e2fsattrs, no, E2FSATTRS, e2p, e2fsattrs) +Index: aide-0.18.6/include/db_config.h +=================================================================== +--- aide-0.18.6.orig/include/db_config.h ++++ aide-0.18.6/include/db_config.h +@@ -19,7 +19,7 @@ + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +- ++ + #ifndef _DB_CONFIG_H_INCLUDED + #define _DB_CONFIG_H_INCLUDED + +@@ -32,7 +32,6 @@ + #ifdef WITH_ZLIB + #include + #endif +-#include "attributes.h" + #include "hashsum.h" + #include "db_line.h" + #include "list.h" +@@ -75,7 +74,7 @@ + /* int (*close)(_db_config*); */ + /* int db_size; */ + /* DB_FIELD* db_order; */ +-/* void* local; */ ++/* void* local; */ + /* }_db_config ; */ + + typedef struct database { +@@ -111,14 +110,14 @@ typedef struct db_config { + #ifdef WITH_ZLIB + /* Is dbout gzipped or not */ + int gzip_dbout; +- ++ + #endif + + DB_ATTR_TYPE db_out_attrs; + + char *check_path; + RESTRICTION_TYPE check_file_type; +- ++ + char* config_file; + char* config_version; + bool config_check_warn_unrestricted_rules; +@@ -160,7 +159,7 @@ typedef struct db_config { + int symlinks_found; + DB_ATTR_TYPE attr; + +-#ifdef WITH_ACL ++#ifdef WITH_ACL + int no_acl_on_symlinks; + #endif + int warn_dead_symlinks; +Index: aide-0.18.6/src/do_md.c +=================================================================== +--- aide-0.18.6.orig/src/do_md.c ++++ aide-0.18.6/src/do_md.c +@@ -45,7 +45,6 @@ + + #ifdef WITH_XATTR + #include +-#include + #ifndef ENOATTR + # define ENOATTR ENODATA + #endif +@@ -327,7 +326,7 @@ md_hashsums calc_hashsums(char* fullpath + } + + void fs2db_line(struct stat* fs,db_line* line) { +- ++ + line->inode=fs->st_ino; + + if(ATTR(attr_uid)&line->attr) { +@@ -349,7 +348,7 @@ void fs2db_line(struct stat* fs,db_line* + }else{ + line->size=0; + } +- ++ + if(ATTR(attr_linkcount)&line->attr){ + line->nlink=fs->st_nlink; + }else { +@@ -367,7 +366,7 @@ void fs2db_line(struct stat* fs,db_line* + }else{ + line->ctime=0; + } +- ++ + if(ATTR(attr_atime)&line->attr){ + line->atime=fs->st_atime; + }else{ +@@ -379,13 +378,13 @@ void fs2db_line(struct stat* fs,db_line* + } else { + line->bcount=0; + } +- ++ + } + + #ifdef WITH_ACL + void acl2line(db_line* line) { + acl_type *ret = NULL; +- ++ + #ifdef WITH_POSIX_ACL + if(ATTR(attr_acl)&line->attr) { + acl_t acl_a = NULL; +@@ -438,7 +437,7 @@ void acl2line(db_line* line) { + acl_free(acl_d); + } + line->acl = ret; +-#endif ++#endif + } + #endif + +@@ -600,4 +599,3 @@ void capabilities2line(db_line* line) { + void no_hash(db_line* line) { + line->attr&=~get_hashes(true); + } +- diff --git a/aide.changes b/aide.changes new file mode 100644 index 0000000..39af29b --- /dev/null +++ b/aide.changes @@ -0,0 +1,406 @@ +------------------------------------------------------------------- +Thu Aug 3 08:40:38 UTC 2023 - Paolo Stivanin + +- Update to 0.18.6: + * Fix double free() during report generation + * Improve handling of ACL errors + +------------------------------------------------------------------- +Mon Jul 3 08:30:54 UTC 2023 - Paolo Stivanin + +- Update to 0.18.5: + * Fix child directory processing on equal match + +------------------------------------------------------------------- +Fri Jun 30 10:05:30 UTC 2023 - Paolo Stivanin + +- Update to 0.18.4: + * Fix handling of extended attributes on symlinks + * Add missing ')' to log message + * Fix static linking of the aide binary + * Don't require database_out for --dry-init + * Remove strerror() calls from thread log messages + +------------------------------------------------------------------- +Mon Jun 5 12:16:24 UTC 2023 - Andrea Manzini + +- switched service macros from %systemd_* to %service_* + according to documentation at https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Registering_unit_files_in_install_scripts + +------------------------------------------------------------------- +Mon Jun 5 07:56:04 UTC 2023 - Andrea Manzini + +- Update to 0.18.3: + * Handle readlink() errors + +- Update to 0.18.2: + * Add warning if rules contain not compiled-in attributes + * Add missing lock for tree operations during file system scan + +------------------------------------------------------------------- +Fri Mar 17 14:55:57 UTC 2023 - Dirk Müller + +- update to 0.18.1: + * Fix handling of empty growing files + * Fix segfault when using --dry-init + * Update README +- switch to pcre2 + +------------------------------------------------------------------- +Thu Feb 23 16:50:23 UTC 2023 - Paolo Perego + +- Update to 0.18 +- Rename aide-0.17.3-as-needed.patch to and rebase aide-0.18-as-needed.patch +- Added autoconf and autoconf-archive as building dependencies due to an error + when reconfiguring the source +- Rebase aide-xattr-in-libc.patch + +------------------------------------------------------------------- +Tue Mar 29 09:19:54 UTC 2022 - Paolo Stivanin + +- Update to 0.17.4: + * fix CVE-2021-45417: precalculate buffer size in base64 functions (bsc#1194735) + +------------------------------------------------------------------- +Thu Nov 4 10:51:25 UTC 2021 - Stefan Schubert + +- Added aide.service and aide.timer in order to run + aide periodically in the background via systemd timer. +- aide-systemd.patch: hook in new manpages + +------------------------------------------------------------------- +Fri Apr 2 07:03:22 UTC 2021 - Marcus Meissner + +- added missing pcre-devel buildrequires. + +------------------------------------------------------------------- +Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin + +- Update default config file to match v0.17 + +------------------------------------------------------------------- +Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin + +- Update to 0.17.3: + * BACKWARDS INCOMPATIBLE CHANGES + - '--verbose' command line option and 'verbose' config option are no + longer supported, use 'log_level' and 'report_level' options instead + - '--report' command line option is no longer supported, use + 'report_url' config option instead + - 'ignore_list' config option is no longer supported, use + 'report_ignore_changed_attrs' instead + - 'report_attributes' config option is no longer supported, use + 'report_force_attrs' instead + - (restricted) regular rules must start with literal '/', i.e. the rule + cannot begin with a macro variable + - config lines must end with new line + - '@' and ' ' in the configuration are now escaped with '\', that means + to match a '\' you have to use four backslashes '\\\\' in your rules + - 'gzip_dbout=false' fails now with config error when no zlib support + is compiled in + - remove '--with-initial-errors' configure option + - remove PostgreSQL database backend support + - remove Sun ACL support + - remove config and database signing support + * Enhancements: + - add new '--log-level' command line option and 'log_level' config option + - introduce named log levels + - add new 'report' log level to help to debug rule matching + - add new 'config' log level to help to debug config and rule parsing + - aad new '--dry-init' command + - add new '--path-check' command + - add directory support for @@include + - add new @@x_include config macro + - add new @@x_include_setenv config macro + - add new default compound group 'H' (all compiled-in hashsums) + - add support for per-report_url options + - add new 'report_level' config option + - add new 'report_append' config option + - add exit code 21 for file lock errors + - add default config values, available hashsums and compound groups + to '--version' output + - add Linux capabilities support + - show changed attributes in 'different attributes' message + - enable 'gost' and 'whirlpool' checksums when using gcrypt + - add 'stribog256' and 'stribog512' gcrypt algorithms + - add config file names to log output + * Miscellaneous behaviour changes: + - 'report_summarize_changes': hashsum changes are now indicated with 'H' + - print '--help' and '--verion' output to stdout + - log messages and errors are always written to stderr + - initialise report URLs after configuration parsing + - allow empty values for macro variables + - SIGUSR1 now toggles debug log level + - fail on errors in regular expressions during config parsing + - fail on invalid URLs during config check + - Fail on double slash in rule path + - cache log lines when 'log_level' is not yet set + * Deprecations: + - 'database' config option is now deprecated, use 'database_in' instead + - 'summarize_changes' config option is now deprecated, use + 'report_summarize_changes' instead + - 'grouped' config option is now deprecated, use 'report_grouped' + instead + - non-alphanumeric group names are deprecated + * Notable bug fixes: + - fix line numbers in log messages + - remove warning when input database is '/dev/null' + - correctly handle UTF-8 in path names and rules + - fix compilation with curl and gcrypt + - warn on unsupported hash algorithms + - improve large-file support + * Remove obsolete aide-attributes.sh script + * Remove outdated manual.html + * Update documentation + +- Rename aide-0.16.1-as-needed.patch to and rebase aide-0.17.3-as-needed.patch +- Rebase aide-xattr-in-libc.patch +- Remove aide-define_hash_use_gcrypt.patch (no longer needed) +- Remove aide-dynamic.patch (no longer needed) + +------------------------------------------------------------------- +Thu Jul 30 20:13:39 UTC 2020 - Matthias Eliasson + +- Update to 0.16.2 + Bug fixes: + * Fix handling of directory-restricted negative rules + * Don't lock '/dev/null' when used as output database + * Fix parsing of rules containing '?' quantifier + * Fix extended attributes support (xattrs) + * Fix processing of go files + Please note: + * The addition of the "trusted.*", "user.*" and the "security.*" + namespaces to the xattrs attribute might lead to a vast amount of + reported changed entries during your next AIDE run. You can use the + `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore + changes of the xattrs attribute; but be aware that this will exclude + the expected but also the unexpected (potentially malicious) changes. +- Run spec-cleaner + +------------------------------------------------------------------- +Thu Jul 11 13:03:25 UTC 2019 - + +- Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360). + Add aide-define_hash_use_gcrypt.patch + +------------------------------------------------------------------- +Sun Mar 17 21:20:12 UTC 2019 - Matthias Eliasson + +- Update to 0.16.1 + * Move to GitHub + * Update documentation + * Bug fixes +- Upstream have moved to GitHub update URL and Source URLs accordingly +- Refresh patch: aide-xattr-in-libc.patch +- aide-0.16.1-as-needed.patch: replaces aide-0.16-as-needed.patch +- Some cleanup of spec with spec-cleaner + +------------------------------------------------------------------- +Wed Jan 18 13:38:03 UTC 2017 - meissner@suse.com + +- Updated to 0.16 + - lots of bugfixes + - including regexp matching within subdirectories of expressions +- aide-0.16-as-needed.patch: replaces aide-0.15.1-as-needed.patch +- aide-no_m4_dir.patch: upstream +- aide.keyring: added from keyserver, cross checked key id on + http://aide.sourceforge.net/ and a signature from someone + I signed. + +------------------------------------------------------------------- +Thu Jul 2 08:07:07 UTC 2015 - meissner@suse.com + +- aide-dynamic.patch: avoid overwriting dl* functions, as we might + load libcrypto.so dynamically in FIPS mode. + +------------------------------------------------------------------- +Wed May 28 21:51:58 UTC 2014 - crrodriguez@opensuse.org + +- aide-xattr-in-libc.patch: Once upon a time, 10 years ago, basic extended + attribute functionality moved to libc, therefore libattr is most of the + time, not needed at all. + +------------------------------------------------------------------- +Thu Jan 23 08:33:09 UTC 2014 - meissner@suse.com + +- seperate a -test package to help with externalized testing. + +------------------------------------------------------------------- +Wed Jan 15 14:11:14 UTC 2014 - meissner@suse.com + +- aide.conf: Move from md5 and sha1 as default to sha256+sha512, also + to allow FIPS enabling with aide working. FATE#315925 + +------------------------------------------------------------------- +Fri Apr 26 11:26:37 UTC 2013 - mmeister@suse.com + +- Removed AC_CONFIG_MACRO_DIR([m4]) from configure.in to fix + build with new automake: aide-no_m4_dir.patch + +------------------------------------------------------------------- +Wed Jan 4 13:34:11 UTC 2012 - crrodriguez@opensuse.org + +- libmhash development was abandoned in 2007, so it is time + for it to go into the library heaven, use libgcrypt instead. + +------------------------------------------------------------------- +Fri Dec 2 06:21:56 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sat Sep 17 10:50:07 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Add missing call to make +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri Oct 01 15:12:21 CEST 2010 - freespacer@gmx.de + +- updated to version 0.15.1 + - Ignore changed file name if attributes does not match + - Allow absence of DB_CHECKINODE if file name has changed +- renew patch + +------------------------------------------------------------------- +Tue Aug 10 17:12:56 CEST 2010 - meissner@suse.de + +- updated to 0.15 + - lots of fixes and some new stuff + +------------------------------------------------------------------- +Fri Apr 30 00:40:34 CEST 2010 - ro@suse.de + +- make aide check verbose to get started +- add sleep and sync to fix build + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Wed Jun 17 19:43:10 CEST 2009 - crrodriguez@suse.de + +- fix build when as-needed is a default liker option + +------------------------------------------------------------------- +Mon Jan 5 14:19:26 CET 2009 - meissner@suse.de + +- fixed abort on check/update by removing the hash requirement bnc#406597 +- fixed version output bnc#463511 +- enhanced testcase to also run one aide --check + +------------------------------------------------------------------- +Fri Aug 22 09:48:36 CEST 2008 - meissner@suse.de + +- enabled SELinux support [Fate#303662] +- enabled curl +- disable static (does not make much sense) + +------------------------------------------------------------------- +Tue Feb 12 11:26:20 CET 2008 - meissner@suse.de + +- Version 0.13.1 + * Fixed bug with reading gzipped aide.db files + * Removed dead ustat code +- Version 0.13 + * Added support for selinux and xattr attributes + (kindly contributed by Red Hat) + * Added support for the Linux Audit System + (kindly contributed by Red Hat) + * Fixed usage of libgcrypt instead of libmhash + * Added file locking for output files + * Fixed bugs +- Version 0.12 + * Fixed bugs + * Allow http/https/ftp URLs through libcurl + * Support posix_fadvice() to avoid caching files +- enabled ACL and XATTR support + +------------------------------------------------------------------- +Thu Mar 29 10:13:37 CEST 2007 - meissner@suse.de + +- buildrequires flex,bison + +------------------------------------------------------------------- +Thu Apr 13 13:06:36 CEST 2006 - meissner@suse.de + +- run aide --init as test + +------------------------------------------------------------------- +Mon Feb 20 11:16:00 CET 2006 - mge@suse.de + +- update to 0.11 +- fixes bug #149059 + +------------------------------------------------------------------- +Wed Jan 25 21:34:08 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Sat Jan 14 22:08:31 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri Mar 18 15:46:21 CET 2005 - mge@suse.de + +- fixes #71272 - aide-0.10-47 config files not yet converted to utf8 + +------------------------------------------------------------------- +Mon Jan 26 11:16:41 CET 2004 - mge@suse.de + +- upgrade to 0.10 +- #33600: more usable default aide.conf + (thanks to Dirk Mueller ) +- example-cron-job + +------------------------------------------------------------------- +Sat Jan 10 22:05:03 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Wed Nov 13 01:36:35 CET 2002 - ro@suse.de + +- fix build for current bison + +------------------------------------------------------------------- +Thu Aug 15 16:11:22 CEST 2002 - mge@suse.de + +- update to 0.9 + +------------------------------------------------------------------- +Mon Apr 9 11:30:55 CEST 2001 - ro@suse.de + +- don't use macro for version +- remove obsolete macros + +------------------------------------------------------------------- +Wed Nov 22 13:00:27 MET 2000 - mge@suse.de + +- created PAC files +- make SPEC file 7.0 compliant + +------------------------------------------------------------------- +Sat Jul 15 22:06:58 MEST 2000 - mge@suse.de + +- initial SuSE RPM, config file /etc/aide.conf + +------------------------------------------------------------------- +Wed Jan 26 00:00:00 MEST 2000 - Matthew Kirkwood + +- Fixes for RH 6.1 and sysconfdir changed to /etc and /var/lib/aide added + +------------------------------------------------------------------- +Sun Sep 12 00:00:00 MEST 1999 - Rami Lehti + +- Some small changes to make this autogeneratable by configure. + +------------------------------------------------------------------- +Sat Sep 11 00:00:00 MEST 1999 - Zach Brown + +- First go diff --git a/aide.conf b/aide.conf new file mode 100644 index 0000000..955d2b4 --- /dev/null +++ b/aide.conf @@ -0,0 +1,85 @@ +# +# AIDE _Example_ Configuration +# +# Thanks to the Debian people and Dirk Müller +# +# Use at your own risk! +# +# Matthias G. Eckermann +# + +# +# Configuration parameters +# +database_in=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new +report_url=stdout +warn_dead_symlinks=yes + +# +# Custom rules +# +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 + +# +# Directories and files +# +# Kernel, system map, etc. +/boot Binlib + +# watch config files, but exclude, what changes at boot time, ... +!/etc/mtab +!/etc/lvm* +/etc ConfFiles + +# Binaries +/bin Binlib +/sbin Binlib + +# Libraries +/lib Binlib + +# Complete /usr and /opt +/usr Binlib +/opt Binlib + +# Log files +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs + +# Devices +!/dev/pts +/dev Devices + +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +/var/lib Databases + +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L + + diff --git a/aide.keyring b/aide.keyring new file mode 100644 index 0000000..854f290 --- /dev/null +++ b/aide.keyring @@ -0,0 +1,112 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE4J+9wBEADaOHrCu7XWLSs4RzDPQMv4vCdtMASJJFBzXZzxaqUaDTZpwOxR +6wMw8PFwC0UphzbX/UBSZ1Q+31Xq0sCMOBfKA4hFVY7uDwLqommVVrctlvpcKNa4 +O1lov0pg7yessUnaidO+DoJ2SJW7pvvXcI6FWLXNENzsOWL8zzgIXrkU73hV3moL +yrfPXwwj+tppSXeOg7HgxRSUfoqKwVkCdtQEyvBI1ue33jhwL1/9RUg4m8ph2unk +QXJIloivIu7Yv0S3TgcbNzJJ7V1B/M+v1EjVKhtImp1iocxLctzE5d9G2MKfpAkg +c/9McV9+KdflpS5gWZIMHHKnsJ0dzh/LZGKi47298W0h4ce3BM9gGetNyu1f7hQi +9pumoUeMymkuPeuQv3NaecLY9LSvAF9KLWRwXXxoihDYlr4cbpMyS4jT/nFCd3cu +5CXBBIoeO2w+bpxs16LD83MQdg9vRKC77sgOC/O+gWIJDh31l4aystomOOHek069 +pWoOb1aIbFtaSYtVntyZ8DmyoDWvB3b/PXbxle5CkN/NPw9VDjZxqPSliTdUf1LG +EDPx22fFTHfMhjgC5XqceoWWCmvqy+4grHaLSkYKimI1DlhhVH6jYnhfBzcWDb4n +LyoRGOAKa0FurW5//I78wpkZCvTA4lTvJPHBI77+HlfiDjuuCMdFbyp6GQARAQAB +tCtIYW5uZXMgdm9uIEhhdWd3aXR6IDxodmhhdWd3aXR6QGRlYmlhbi5vcmc+iQJU +BBMBCgA+AhsBBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEK7vTD6qymzJTvPum +9pR9q2jnuTEFAmR8KDkFCRw1asMACgkQ9pR9q2jnuTH0/xAAgl3mNLOdSvUwTC6d +raw8jeQE2CmFroUVTvmMl3Ukwz946K/ba+eD8QZaFhcQ3UltxvCur518+EBo9nJ9 +WvBnd/Oi3j2ReL5Md038vrlXPd/lchK9RpOtrGIAraLk76rpPgnD9dVucqJpWL2M +gyTrjVyoaAzp2nJysENP1bBczDxduTSiahz6S7vAjb3IXRhrMrX3dQg3EBDloJFZ +mkoFYwnqdNzshqad8ehMaKc6doFg66DuEAilueESYBNLNNmqZqQD3in14DEDR9bj +b3XjFKTuf78ptTAf8ZsU9VrU+XCfx2o74kbfnOvkhMzGOIYX0B/z+06YV60GvFrD +UerXOZN4V5izVEdTkcHx0f+3SVnMieY1EGi3O+1dtvGeHS4qiuJPVOHlXPNoMjsX +McZNcNe4V0w1XO9tWRboM4lPM9gfz88gy1hO04y5NcNUq9JJi/RioOEFkcXs/Y0N +G8wOvHeBJ2mDJs7Gv06mmgFUrh1TwCiXw0+877nQpYfuL0h1zrsOC9Zvxqpm34Z5 +h5+HXD3RIbjkNjX7uQZKOEKNa+7P94XssZNOdsL2O6kw2NB/Hek0NatDq6O1yUwj +J9dx+VhX/suMXxPGW/ls36oiUZ1R7CV2Aya8YwIybTZWPK8gDec6uhkHH5O5e4I2 +guzttrtrKHJklOP9KIG8rE000Z20LEhhbm5lcyB2b24gSGF1Z3dpdHogPGhhbm5l +c0B2b25oYXVnd2l0ei5jb20+iQJXBBMBCgBBAhsBBQsJCAcDBRUKCQgLBRYCAwEA +Ah4BAheAAhkBFiEEK7vTD6qymzJTvPum9pR9q2jnuTEFAmR8KB8FCRw1asMACgkQ +9pR9q2jnuTEepw//ZGDHnwD8XVr3N0Ky6HoM1Jzoa+WiUQaFkrGIf7evyy27gTwH +fsI2Eupnrd6rBV8Osy5iGSlxP3tsg08pR7zvOxfMXSDuvcWabxQtNDTkpG47SSne +zHUup5ptFVrcggMXjKGnEq0WvNlB53qFdbg4og8K1BTT5/zwNcVp3PewGpyU6mu4 +xqdX+Ezt9oSpJ3c/UZBZD1lCEQQRD4ZubyxDJVTdQISCotkEe/SV5Pf9p29KTlMZ +ZINVR/eBYldQ+KO1E2GMheqpsnOP7Z9XMYCY9W3VyjJi1HSkJrzouRdlhPSwOsep +Y4zH58dwZJn5WMPRTsS7dMVqBndcWoYWjWILk/MXWj6Z+IYV0ffwfo23Aprh/EvB +IHfbG0yuys6CgvxfPZlMAJnG3bw/5IRRbWVBD/hWDEu7gzxBV0RnBBdBZJnEhBly +xJEPTPjkumGDjrwSTPe1UFUHBxgwVBm/+bo30rU3R8ggtGjCwM9un5e+zZlw/6Y9 +TLmWc8lWqTRnWD+7zFG+Cr1Rm/YgV3OmwX5v1bYNOORYVoj0wNx4qSe3VrW15SGz +rYu9LAQLvd1gFOZPjIXdL9x8nTQ3rNAQz6gl7hIUo0pKb3YLHM/vG2uVA7nK155j +BiC9w/8A3YR0Q7jikbLRl9YtSvkaAPeQ6qU7C1cCWaQhOcqVMZ10V2yU8zi5AY0E +Tgn8cgEMAM6Nv21neMk8LSH2HPDirz0w0UWnpkqdmk1oPCw+b4SILyJwNnOi1G5N +OP9ubGLDgr1HIzVnG18k429rScgKK9gddT0dqFmmQnFvGAVaMQPTNQVZFvPiZ27j +DjwupwcN5vnMlZ6Hqwk4vwTDqVi0qQ3lOnPYa9p4VLRmZO5a1A1F+CJsczifmohM +nCsbcoB1iqBV3/YgQa/RW2Gqjecq/g9fmvIMgj0+O03PAp4KGizRAhcBTkebpVrR +GedM9wFtn+rXNJ0PzVt0Ez2yJ+0FIKn0o/dT40h6oSDdXOce0WIW+jcAkKtpzTkf +9bleRqfRDYz2tvLbRrij1EO5POj6Z54BA/lzTCZFz9IRkrvOHyzPr6C5aP1BOJGd +NhWLXNuuxykMFyoQ591qSetDFH6egnjIFaIR7TNZITew49cZi1ZcYaIEb00EdjlR +6gMzX/WOA/tptfAcaK4r8A5NnDh0cxcaGQPN9WMtcyeWIJogFFMTC07YXB13l4yU +d/WfXI2l6QARAQABiQPbBBgBCgAmAhsCFiEEK7vTD6qymzJTvPum9pR9q2jnuTEF +AmR8KHMFCRpUNwEBqcDdIAQZAQgABgUCTgn8cgAKCRAY7oY4YCLvV/x3C/44CpgL +VRUZT8bxDp7ZjIpyxTB43f+tpGlykSFMYS3/Cw/i7ar1fjoAeVonXAp0PpqeuJ9w ++p9r3UWPZeVlmibYybLujnNDnV6RmeNtzc4HUtgPP/s7rynU6RFX46T5YRUBo/aC +hjFcWVi+YUaNfBdgaKyf4INWtuNTndLXlOJkuqGCikKOuuwReJ4pvs49whVj9Nug +jsotEf4/+tzsrCIWLtSF2BI/Fz0xV2vlmCzsB5fN4nC/ksaaXAL7jHwaUbTMLJ3W +9pcqBzyUd5CEMlE0bwPihyVItLLdTErbuN7M5v3iYSRakRzm0xCpyb01Ho/KWsTW +znaGh3XK6e05Avss8mIaju+Zf/Vk+oLNzGqI+YAgczWyK82yDbuxXfWauBI32nmF +XDwqN8pvPGGEm8BgMQxfKnV0mt3BezPTYBSuPw22+wVbao3xMJSIlIbFitw2ZOSL +mit64IYYVGaWr3awn65MSK/Db9SRaGv52gOR6ylDul7wkjNE8ohlaos0y9sJEPaU +fato57kxHA8QANbsBb9seSTd0jNBsqsSh2QWWaFU55DRSixz4AiTQZOwxQ6Bv0gi +gnWbKmPNuxzUXfTTK1PG8z7R3tfTObXFslrwjLmnZR0o7EYz9wJKLGBFhSxa+KJZ +chTRrWI7AALbBULgAgxP9nOLni1cRD+NhKfbipsph4jB97fgTqOi4Fglp5E7aC+8 +tfLiVgi3g8c+IWRgO4T1PT0JWzy/V78j1C+sv343zjtvwZAk35Z7mfX6KSjFsTWG +CFUSLT9FzgvJfTvlaneNdaE9mT1Ldb/2O2J1BF2FzL1EkQBVBkS83r3EtdN/tuZl +nJk+E1IrJ63ilgkzmM38SeGvwj7K8lK/EuRT3/+qTD1/f6uGOE8DNqi6CF8gi1bP +zDGfN1EbyR3ZQmfNey6nMBYDkS0bmAtNrvifeiVpwvNcRBHhCnpsOSZGPVEsJ2Wo +AslY0FOkgF+CUrxUb9TpCKY+9eXgQhCk3EqR7f0rKgsCp8w4Vbp4R0jII7jzrDkQ +x0mN2gbKz2PsJPxnQkEBFxfrVq/aMGyDsVL0Vz6K/MZWvUKheaLeatVudntE/Vso +lC9G3UsAAMDChecOrAnge/kyySqosJcfvfCvgLLxZlHHv+QWpFDaaQE9JZdDuaru +GkA33Xp0WFc0GhiEfnBR4iqoAqtdb8rp+vPQiA6sHu13NkThfsSiQn4CuQGNBE4J +/TQBDACoLGAOK8w/Mv1B3SZN/mfUYXgjJnOS1lqCNdKRG8MVQQCBVEe9QPU8yavh +/MpraEvPZhz6WSg7k1pHNMbKsDfv80ZX5WM95uMN69nmF/l+qo+eBJU8YIHWabkv +MSWTBeD1roo8CwHOl102ajgo0XzhCqeb4MkUCZCZxdTaoHcD+IW+4IbajozgzTYV +EQnyJdZwmB/EjRAncKDNCDoimHzjENQ9KOO/cPoGTFNfy9czoAmOY8gWt7b4wELD +Mx/tP06V3n9Zjpxx+sBId9xDv+Yd+JSJHbNk8FxQtRtZVGNv7SP0rIWv3AP+d93k +t/djtijzFTS5JxFViJtjwsDMdXQYnb+ReP4Jza5gLr/8gjbCRlLv/Bh1D9SyXFmf +tEcZyhJIUU2b2ybdCkwg/BdouoQxHN94bESy686djt1wiXLZa6s4jiFuMA3qfF+K +HDIbdjMBZzi0+XgJwwiqLlRkvLiG8/mGCijwFY+zzZ2lxKCOAEo8bUexOBz16Sw1 +Fj55vgsAEQEAAYkCPAQYAQoAJgIbDBYhBCu70w+qspsyU7z7pvaUfato57kxBQJk +fCiTBQkaVDZfAAoJEPaUfato57kxgtEQAMqDVz4YzHUHI6jvJTm+SQQP3TnNJLsi +MQshA+651W7dTgmIWKKEgXiuvQ33WWRDc3GoTC/TVGLXA1BNBejTJmtStsyQ+RVp +a4Y7KIPA3Va90IzPMqFUQztQgh689h+NIqgJovLmyZBmzIZ5f+LllfQ4ZCfeyBTz +qWbX8cDxP1hyD7ifd6IXuPtr7sycmPCHnhisttM/6WxCOgS3fmJuFjBaO3qB8nOz +vPRSsiYdBBpXd6v6GGJ3UhcBsYdAkVj9iQdkIkok3d9NnDlHklfjfE6Uj+MYEIzn +UOcQNOf3d0tlEYE5B1lUijYIJ5b0sdGl2z2PzQlJvvKIQrVKsc0KYiK61kbh6Tu+ +ldiiozyodUN3T6J82BSJp1blsRFnWK6kpaDz0geG275jViIuPnYIeVKSLFVvh0ji +Y0MxBv5kyKBpz33Y40tIdrGRo7Q3t07jACzyJT3aurKCnMK4jV/dPA45FunoAIck +16HTK8ShDQuEXP4Pu80z0Wv5V5MDRnJ0g/XhXjpNxNlhKvPEytIhDAVShWP0Rccp +J4ewy3QyapnS5FhldVHYQGowvpS8fS7MX8cqTDC83be0wcOKIGSjL6dQbVpXFT0/ +DV57ejodQ1OIFfKMtqLPqndQdU3BGxHh+1mD7XIR2H70vwXW0/vKG4yy0kMLEZ67 +gilA4+BAW5U+uQGNBE4J/a0BDADFSeNMstJh2Sx8LlLxTVoBVSPdm2G15kBsikDG +pWN4LiscKQT4Rmzi0uBuA1z+kD+eA+4G2nCqM7xO0RJAPLQi2zcfehdrbdwDBsFb +eCTe2lnbLqGodn0ff7YDlCyopKszgINOQQwXr4VSqG7cOGDGC38taaX5UBR7XJs0 +DMb4Hg0Oer7kN3kfSnOwihfS9lgunFIp3dNN1iUEp1NAVOyJhS//4zGh5EYiTd7y +QYQC21H6eiJTmnnvLm/nskiBeR4RFm8ozGAizcji+qwjR1AeeM7ifoIxtuVFH23A +Y7KGzId4y4Bh+Ni8uQO1eTGcc2XITAj5oFdYdC61wJ3B2i1w24gAYNqAJ8bodnYA +JatFRncuaYT6X5bNKHGT+u4KqedR55njEP7XxkXyfL06gI4ri1ef22d8X0kJIY3d +d2LD81qGfAEU8Q/qboPdeaVEtG0FfMCTqQ1yyct1jkbKZMUK/EPompgUZb6JTQov +bRGUPZFbhpq8nVAsu+jRRPVFzmkAEQEAAYkCPAQYAQoAJgIbIBYhBCu70w+qspsy +U7z7pvaUfato57kxBQJkfCiTBQkaVDXmAAoJEPaUfato57kx2aoQAMmvNTQYIRZE +GbUnHhfDlPKFHuQWUTZNgn8QzksUUF6JORdCoU3MqN/6Z2nHQ3LLiM07a9byk7zh ++W3K3J//UzZ24p5FfC3YOKzIOBP08Ij0EvuCajCeR5o/P7zHu5WBhoEgr5tEnFQC +oaeWdeL5GEBRrSmntUivhSUxWs0ntqk4cC0ncRgUb+28ZBGNa0ljqYoiatIHkTpR +E9RgJiaUsnmE5THkZ3xcvIemNFRjzQ5CjP65zlRbfrCJXsYiXF1gcOIPFoKaxtBi +w5HkgVd7cmHzClCkq/RTM+dDVo3V9b3zHB//1D8XwiQWvF7gMYymCCrnH+onKPi4 +XCDrCfm6toP6fEQa/nPJ92JtQiPLDpu1AxfpwNfZV/FIApNGuZ/Egs3sK7aVI76B +jvQs4chZUYfIY6axIJYceceXg1SFqiv15vjXLXi3RrtN7HaCDOCpSMQUG6gJ4dRh +VsKHK+wkqCmiIAPQt8rYkabev5dg+B+LGjj6oCmUyrCaoXubnkuX7pFqOCMDUw2b +ihb2H4k48HVxZdke3d4wPgq0oPCx3/04vFExq3PqOW9s0MTIC0XOY9GXJwJcFumQ +suOSVzMPRvWnBQnJYTfBtWehaxHG5dqNdOsNTdFfPfeD/qtHQ56RyYoqjZ87IY7q +E5GuuIiJTEypzeYfM0OkPPmPL4ku3B5J +=MtRc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/aide.service b/aide.service new file mode 100644 index 0000000..48401ab --- /dev/null +++ b/aide.service @@ -0,0 +1,10 @@ +[Unit] +Description=Checking system for changed files +Documentation=man:aide(1) +After=local-fs.target + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/usr/bin/aide --check --config=/etc/aide_service.conf; exit 0" +IOSchedulingClass=idle +IOSchedulingPriority=7 diff --git a/aide.service.8 b/aide.service.8 new file mode 100644 index 0000000..bfa359c --- /dev/null +++ b/aide.service.8 @@ -0,0 +1,24 @@ +.TH AIDE.SERVICE 8 "2021-02-10" "aide v0.17.3" "systemd environment" +.SH NAME +\fBaide\fP \- Advanced Intrusion Detection Environment + +systemd environment +.SH SYNOPSIS +aide.service + +aide.timer +.SH DESCRIPTION +For easier maintenance of big clusters, aide can be run by systemd.timer(5) in regular intervals. + +The specific time can be set in /usr/lib/systemd/system/\fBaide.timer\fR (tag OnCalendar) or can be configured in /etc/systemd/system/aide.timer.d/local.conf. See systemd.unit(5) for more information. + +The timer can be manually started via the call "systemctl start aide.timer" or can be started while the boot process which has been enabled by the call "systemctl enable aide.timer". + +The result of the check will be written to "/var/log/aide_service.log". This can be set in the file /etc/aide_systemd.conf. + +.SH HINT +Keep in mind that you have to init the database with the call "aide --init ; cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" at first before you are starting this service. + +.SH SEE ALSO +.BR aide (1) +.BR aide.conf (5) diff --git a/aide.spec b/aide.spec new file mode 100644 index 0000000..647f26c --- /dev/null +++ b/aide.spec @@ -0,0 +1,166 @@ +# +# spec file for package aide +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: aide +Version: 0.18.6 +Release: 0 +Summary: Advanced Intrusion Detection Environment +License: GPL-2.0-or-later +URL: https://aide.github.io/ +Source0: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz +Source100: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz.asc +Source1: aide.conf +Source2: aide-cron_daily.sh +Source3: aide-test.sh +Source4: aide.service +Source5: aide.service.8 +Source6: aide.timer +Source7: aide.timer.8 +Source8: aide_service.conf +Source43: aide.keyring +Patch1: aide-0.18-as-needed.patch +Patch2: aide-xattr-in-libc.patch +Patch3: aide-systemd.patch +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: bison +BuildRequires: curl-devel +BuildRequires: flex +BuildRequires: gzip +BuildRequires: libacl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libselinux-devel +BuildRequires: pcre2-devel +BuildRequires: pkgconfig +BuildRequires: systemd-rpm-macros +BuildRequires: zlib-devel + +%description +AIDE is an intrusion detection system that checks file integrity. + +%package test +Summary: Simple AIDE testing +BuildArch: noarch + +%description test +Simple AIDE test script for externalized testing. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +autoreconf -fiv +%configure \ + --with-config_file=%{_sysconfdir}/aide.conf \ + --with-dbhmactype=md5 \ + --disable-static \ + --enable-lfs \ + --with-posix-acl \ + --with-xattr \ + --with-selinux \ + --with-curl \ + --with-zlib \ + --with-gcrypt \ + --without-mhash +# --enable-forced_configmd +%make_build + +%install +%make_install +install -m 700 -d %{buildroot}%{_localstatedir}/lib/aide +install -m 700 -d %{buildroot}%{_sysconfdir} +install -m 700 -d %{buildroot}%{_unitdir}/ +install -m 700 -d %{buildroot}%{_mandir}/man8 +install -m 600 %{SOURCE1} %{buildroot}%{_sysconfdir}/aide.conf +install -m 700 %{SOURCE3} %{buildroot}%{_bindir}/ +install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/aide.service +install -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/aide.timer +install -m 644 %{SOURCE5} %{buildroot}%{_mandir}/man8/aide.service.8 +install -m 644 %{SOURCE7} %{buildroot}%{_mandir}/man8/aide.timer.8 +install -m 600 %{SOURCE8} %{buildroot}%{_sysconfdir}/aide_service.conf +gzip -9 %{buildroot}%{_mandir}/man8/aide.service.8 +gzip -9 %{buildroot}%{_mandir}/man8/aide.timer.8 +mkdir -p doc/examples%{_sysconfdir}/cron.daily/ +cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh + +%pre +%service_add_pre %{name}.service %{name}.timer + +%post +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf + sed -i '/verbose=/d' %{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf +fi +%service_add_post %{name}.service %{name}.timer + +%preun +%service_del_preun %{name}.service %{name}.timer + +%postun +%service_del_postun %{name}.service %{name}.timer + +%check +rm -rf %{_localstatedir}/tmp/aide-test +mkdir %{_localstatedir}/tmp/aide-test +export TESTDIR=%{_localstatedir}/tmp/aide-test +%make_build DESTDIR=$TESTDIR install +install -m 700 -d $TESTDIR%{_localstatedir}/lib/aide +install -m 700 -d $TESTDIR%{_sysconfdir} +install -m 600 %{SOURCE1} $TESTDIR%{_sysconfdir}/aide.conf.new +sed -e "s#%{_localstatedir}/lib/aide#$TESTDIR%{_localstatedir}/lib/aide#g" <$TESTDIR%{_sysconfdir}/aide.conf.new >$TESTDIR%{_sysconfdir}/aide.conf +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf + sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf +fi +$TESTDIR/usr/bin/aide -D -c $TESTDIR%{_sysconfdir}/aide.conf +sleep 2 +sync +sleep 2 + +$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --init +mv $TESTDIR%{_localstatedir}/lib/aide/aide.db.new $TESTDIR%{_localstatedir}/lib/aide/aide.db +$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --check --log-level=info + +rm -rf $TESTDIR + +%files +%license COPYING +%doc AUTHORS ChangeLog NEWS README doc/examples +%{_bindir}/aide +/%{_mandir}/man1/aide.1.gz +/%{_mandir}/man5/aide.conf.5.gz +%{_localstatedir}/lib/aide +%config(noreplace) %{_sysconfdir}/aide.conf +%config(noreplace) %{_sysconfdir}/aide_service.conf +%{_unitdir}/aide.service +%{_unitdir}/aide.timer +%{_mandir}/man8/aide.timer.8* +%{_mandir}/man8/aide.service.8* + +%files test +%{_bindir}/aide-test.sh + +%changelog diff --git a/aide.timer b/aide.timer new file mode 100644 index 0000000..fafa047 --- /dev/null +++ b/aide.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Checking system for changed files +Documentation=man:aide(1) +After=local-fs.target + +[Timer] +OnCalendar= daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/aide.timer.8 b/aide.timer.8 new file mode 100644 index 0000000..33e076a --- /dev/null +++ b/aide.timer.8 @@ -0,0 +1 @@ +.so aide.service.8 diff --git a/aide_service.conf b/aide_service.conf new file mode 100644 index 0000000..6e97348 --- /dev/null +++ b/aide_service.conf @@ -0,0 +1,79 @@ +# +# AIDE Configuration file for systemd service aide.service +# + +# +# Configuration parameters +# +database_in=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new +report_url=file:/var/log/aide_service.log +warn_dead_symlinks=yes + +# +# Custom rules +# +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 + +# +# Directories and files +# +# Kernel, system map, etc. +/boot Binlib + +# watch config files, but exclude, what changes at boot time, ... +!/etc/mtab +!/etc/lvm* +/etc ConfFiles + +# Binaries +/bin Binlib +/sbin Binlib + +# Libraries +/lib Binlib + +# Complete /usr and /opt +/usr Binlib +/opt Binlib + +# Log files +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs + +# Devices +!/dev/pts +/dev Devices + +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +/var/lib Databases + +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L + +