Accepting request 929157 from home:schubi2

- Added aide.service and aide.timer in order to run aide periodically in the background via systemd timer. OBS-URL: https://build.opensuse.org/request/show/929157 OBS-URL: https://build.opensuse.org/package/show/security/aide?expand=0&rev=44
2021-11-04 11:22:32 +00:00 · 2021-11-04 11:22:32 +00:00 · f585d67793
commit f585d67793
parent 2b3fe5ba67
8 changed files with 186 additions and 0 deletions
--- a/aide-systemd.patch
+++ b/aide-systemd.patch
@ -0,0 +1,24 @@
+diff -Naur org/doc/aide.1 patch/doc/aide.1
+--- org/doc/aide.1	2021-11-03 16:06:51.562903494 +0100
+++ patch/doc/aide.1	2021-11-03 16:17:31.549730006 +0100
+@@ -135,7 +135,7 @@
+ default \fBdatabase_in\fR and \fBdatabase_out\fR config values.
+ 
+ .SH SEE ALSO
+-.BR aide.conf (5)
+.BR aide.conf (5), aide.service (8), aide.timer (8)
+ .SH BUGS
+ There are probably bugs in this release. Please report them
+ at https://github.com/aide/aide/issues .
+diff -Naur org/doc/aide.conf.5 patch/doc/aide.conf.5
+--- org/doc/aide.conf.5	2021-11-03 16:06:51.582903583 +0100
+++ patch/doc/aide.conf.5	2021-11-03 16:18:03.469869750 +0100
+@@ -668,7 +668,7 @@
+ .B "/foo e+p+u+g"
+ .PP
+ .SH "SEE ALSO"
+-.BR aide (1)
+.BR aide (1), aide.service (8), aide.timer (8)
+ .SH DISCLAIMER
+ All trademarks are the property of their respective owners.
+ No animals were harmed while making this webpage or this piece of
--- a/aide.changes
+++ b/aide.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov  4 10:51:25 UTC 2021 - Stefan Schubert <schubi@suse.de>
+
+- Added aide.service and aide.timer in order to run
+  aide periodically in the background via systemd timer.
+
 -------------------------------------------------------------------
 Fri Apr  2 07:03:22 UTC 2021 - Marcus Meissner <meissner@suse.com>

--- a/aide.service
+++ b/aide.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Checking system for changed files
+Documentation=man:aide(1)
+After=local-fs.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/usr/bin/aide --check --config=/etc/aide_service.conf; exit 0" 
+IOSchedulingClass=idle
+IOSchedulingPriority=7
--- a/aide.service.8
+++ b/aide.service.8
@ -0,0 +1,24 @@
+.TH AIDE.SERVICE 8 "2021-02-10" "aide v0.17.3" "systemd environment"
+.SH NAME
+\fBaide\fP \- Advanced Intrusion Detection Environment
+
+systemd environment
+.SH SYNOPSIS
+aide.service
+
+aide.timer
+.SH DESCRIPTION
+For easier maintenance of big clusters, aide can be run by systemd.timer(5) in regular intervals.
+
+The specific time can be set in /usr/lib/systemd/system/\fBaide.timer\fR (tag OnCalendar) or can be configured in /etc/systemd/system/aide.timer.d/local.conf. See systemd.unit(5) for more information.
+
+The timer can be manually started via the call "systemctl start aide.timer" or can be started while the boot process which has been enabled by the call "systemctl enable aide.timer".
+
+The result of the check will be written to "/var/log/aide_service.log". This can be set in the file /etc/aide_systemd.conf.
+
+.SH HINT
+Keep in mind that you have to init the database with the call "aide --init ; cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" at first before you are starting this service.
+
+.SH SEE ALSO
+.BR aide (1)
+.BR aide.conf (5)
--- a/aide.spec
+++ b/aide.spec
@ -26,19 +26,27 @@ Source0:        https://github.com/aide/aide/releases/download/v%{version}/aide-
 Source1:        aide.conf
 Source2:        aide-cron_daily.sh
 Source3:        aide-test.sh
+Source4:        aide.service
+Source5:        aide.service.8
+Source6:        aide.timer
+Source7:        aide.timer.8
+Source8:        aide_service.conf
 Source42:       https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz.asc
 Source43:       aide.keyring
 Patch1:         aide-0.17.3-as-needed.patch
 Patch2:         aide-xattr-in-libc.patch
+Patch3:         aide-systemd.patch
 BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  curl-devel
 BuildRequires:  flex
+BuildRequires:  gzip
 BuildRequires:  libacl-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  pcre-devel
 BuildRequires:  pkgconfig
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  zlib-devel

 %description
@ -54,6 +62,7 @@ Simple AIDE test script for externalized testing.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 autoreconf -fiv
@ -76,8 +85,17 @@ autoreconf -fiv
 %make_install
 install -m 700 -d     %{buildroot}%{_localstatedir}/lib/aide
 install -m 700 -d     %{buildroot}%{_sysconfdir}
+install -m 700 -d     %{buildroot}%{_unitdir}/
+install -m 700 -d     %{buildroot}%{_mandir}/man8
 install -m 600 %{SOURCE1} %{buildroot}%{_sysconfdir}/aide.conf
 install -m 700 %{SOURCE3} %{buildroot}%{_bindir}/
+install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/aide.service
+install -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/aide.timer
+install -m 644 %{SOURCE5} %{buildroot}%{_mandir}/man8/aide.service.8
+install -m 644 %{SOURCE7} %{buildroot}%{_mandir}/man8/aide.timer.8
+install -m 600 %{SOURCE8} %{buildroot}%{_sysconfdir}/aide_service.conf
+gzip -9 %{buildroot}%{_mandir}/man8/aide.service.8
+gzip -9 %{buildroot}%{_mandir}/man8/aide.timer.8
 mkdir -p doc/examples%{_sysconfdir}/cron.daily/
 cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh

@ -88,6 +106,13 @@ if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then
  sed -i '/verbose=/d' %{_sysconfdir}/aide.conf
  sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf
 fi
+%systemd_post %{name}.service %{name}.timer
+
+%preun
+%systemd_preun %{name}.service %{name}.timer
+
+%postun
+%systemd_postun %{name}.service %{name}.timer

 %check
 rm -rf %{_localstatedir}/tmp/aide-test
@ -123,6 +148,11 @@ rm -rf $TESTDIR
 /%{_mandir}/man5/aide.conf.5.gz
 %{_localstatedir}/lib/aide
 %config(noreplace) %{_sysconfdir}/aide.conf
+%config(noreplace) %{_sysconfdir}/aide_service.conf
+%{_unitdir}/aide.service
+%{_unitdir}/aide.timer
+%{_mandir}/man8/aide.timer.8*
+%{_mandir}/man8/aide.service.8*

 %files test
 %{_bindir}/aide-test.sh
--- a/aide.timer
+++ b/aide.timer
@ -0,0 +1,12 @@
+[Unit]
+Description=Checking system for changed files
+Documentation=man:aide(1)
+After=local-fs.target
+
+[Timer]
+OnCalendar= daily
+AccuracySec=12h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/aide.timer.8
+++ b/aide.timer.8
@ -0,0 +1 @@
+.so aide.service.8
--- a/aide_service.conf
+++ b/aide_service.conf
@ -0,0 +1,79 @@
+#
+# AIDE Configuration file for systemd service aide.service
+#
+
+#
+# Configuration parameters
+#
+database_in=file:/var/lib/aide/aide.db
+database_out=file:/var/lib/aide/aide.db.new
+report_url=file:/var/log/aide_service.log
+warn_dead_symlinks=yes
+
+#
+# Custom rules
+#
+Binlib   = p+i+n+u+g+s+b+m+c+sha256+sha512 
+ConfFiles  = p+i+n+u+g+s+b+m+c+sha256+sha512
+Logs   = p+i+n+u+g+S 
+Devices  = p+i+n+u+g+s+b+c+sha256+sha512
+Databases  = p+n+u+g 
+StaticDir  = p+i+n+u+g 
+ManPages  = p+i+n+u+g+s+b+m+c+sha256+sha512
+
+#
+# Directories and files
+# 
+# Kernel, system map, etc. 
+/boot      Binlib 
+
+# watch config files, but exclude, what changes at boot time, ...
+!/etc/mtab 
+!/etc/lvm*
+/etc      ConfFiles
+
+# Binaries 
+/bin     Binlib 
+/sbin      Binlib 
+
+# Libraries 
+/lib     Binlib 
+
+# Complete /usr and /opt
+/usr      Binlib 
+/opt      Binlib 
+
+# Log files 
+/var/log$    StaticDir 
+#/var/log/aide/aide.log(.[0-9])?(.gz)?  Databases 
+#/var/log/aide/error.log(.[0-9])?(.gz)? Databases 
+#/var/log/setuid.changes(.[0-9])?(.gz)? Databases 
+/var/log     Logs 
+
+# Devices 
+!/dev/pts 
+/dev      Devices 
+
+# Other miscellaneous files 
+/var/run$     StaticDir 
+!/var/run 
+/var/lib    Databases
+
+# Test only the directory when dealing with /proc 
+/proc$      StaticDir 
+!/proc 
+ 
+# manpages can be trojaned, especially depending on *roff implementation 
+#/usr/man     ManPages 
+#/usr/share/man    ManPages 
+#/usr/local/man    ManPages 
+ 
+# check sources for modifications 
+#/usr/src     L 
+#/usr/local/src    L 
+
+# Check headers for same 
+#/usr/include     L 
+#/usr/local/include    L 
+
+