From 4a50fc21e6fd60e34f3935ea8c8d08ef8df55e0bda729d370cb090f9566bfa88 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 24 Feb 2021 14:06:14 +0000 Subject: [PATCH] Accepting request 874872 from home:polslinux:branches:security - Update default config file to match v0.17 OBS-URL: https://build.opensuse.org/request/show/874872 OBS-URL: https://build.opensuse.org/package/show/security/aide?expand=0&rev=40 --- aide.changes | 5 ++++ aide.conf | 71 ++++++++++++++++++++++++++-------------------------- aide.spec | 20 +++++++++------ 3 files changed, 52 insertions(+), 44 deletions(-) diff --git a/aide.changes b/aide.changes index 7bc7c77..ac1e45a 100644 --- a/aide.changes +++ b/aide.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin + +- Update default config file to match v0.17 + ------------------------------------------------------------------- Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin diff --git a/aide.conf b/aide.conf index 7245c5a..955d2b4 100644 --- a/aide.conf +++ b/aide.conf @@ -1,86 +1,85 @@ # -# AIDE _Example_ Configuration +# AIDE _Example_ Configuration # -# Thanks to the Debian people and Dirk Müller +# Thanks to the Debian people and Dirk Müller # -# Use at your own risk! +# Use at your own risk! # -# Matthias G. Eckermann +# Matthias G. Eckermann # # # Configuration parameters # -database=file:/var/lib/aide/aide.db +database_in=file:/var/lib/aide/aide.db database_out=file:/var/lib/aide/aide.db.new -verbose=1 report_url=stdout warn_dead_symlinks=yes # # Custom rules # -Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 -ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 -Logs = p+i+n+u+g+S -Devices = p+i+n+u+g+s+b+c+sha256+sha512 -Databases = p+n+u+g -StaticDir = p+i+n+u+g -ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 # # Directories and files # # Kernel, system map, etc. -/boot Binlib +/boot Binlib # watch config files, but exclude, what changes at boot time, ... !/etc/mtab !/etc/lvm* -/etc ConfFiles +/etc ConfFiles # Binaries -/bin Binlib -/sbin Binlib +/bin Binlib +/sbin Binlib # Libraries -/lib Binlib +/lib Binlib # Complete /usr and /opt -/usr Binlib -/opt Binlib +/usr Binlib +/opt Binlib # Log files -/var/log$ StaticDir -#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases -#/var/log/aide/error.log(.[0-9])?(.gz)? Databases -#/var/log/setuid.changes(.[0-9])?(.gz)? Databases -/var/log Logs +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs # Devices !/dev/pts -/dev Devices +/dev Devices # Other miscellaneous files -/var/run$ StaticDir +/var/run$ StaticDir !/var/run -/var/lib Databases +/var/lib Databases # Test only the directory when dealing with /proc -/proc$ StaticDir +/proc$ StaticDir !/proc # manpages can be trojaned, especially depending on *roff implementation -#/usr/man ManPages -#/usr/share/man ManPages -#/usr/local/man ManPages +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages # check sources for modifications -#/usr/src L -#/usr/local/src L +#/usr/src L +#/usr/local/src L # Check headers for same -#/usr/include L -#/usr/local/include L +#/usr/include L +#/usr/local/include L diff --git a/aide.spec b/aide.spec index 3e457b4..e011c32 100644 --- a/aide.spec +++ b/aide.spec @@ -81,10 +81,12 @@ mkdir -p doc/examples%{_sysconfdir}/cron.daily/ cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh %post -# with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail -sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf -sed -i '/verbose=/d' %{_sysconfdir}/aide.conf -sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf + sed -i '/verbose=/d' %{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf +fi %check rm -rf %{_localstatedir}/tmp/aide-test @@ -95,10 +97,12 @@ install -m 700 -d $TESTDIR%{_localstatedir}/lib/aide install -m 700 -d $TESTDIR%{_sysconfdir} install -m 600 %{SOURCE1} $TESTDIR%{_sysconfdir}/aide.conf.new sed -e "s#%{_localstatedir}/lib/aide#$TESTDIR%{_localstatedir}/lib/aide#g" <$TESTDIR%{_sysconfdir}/aide.conf.new >$TESTDIR%{_sysconfdir}/aide.conf -# with the 0.17 update, the config file changed a bit. Wwe have to adapt those parameters, otherwise the program will fail -sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf -sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf -sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf + sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf +fi $TESTDIR/usr/bin/aide -D -c $TESTDIR%{_sysconfdir}/aide.conf sleep 2 sync