diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /app-forensics/aide/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'app-forensics/aide/files')
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-as-needed.patch | 36 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-configure.patch | 74 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-equ-matching.patch | 83 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-gentoo.patch | 36 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch | 49 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-zlib.patch | 12 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.14-as-needed.patch | 20 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.14-configure.patch | 38 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.14-gentoo.patch | 26 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.15.1-gentoo.patch | 26 | ||||
-rw-r--r-- | app-forensics/aide/files/aide.conf | 115 | ||||
-rwxr-xr-x | app-forensics/aide/files/aide.cron | 192 | ||||
-rwxr-xr-x | app-forensics/aide/files/aideinit | 145 |
13 files changed, 852 insertions, 0 deletions
diff --git a/app-forensics/aide/files/aide-0.13.1-as-needed.patch b/app-forensics/aide/files/aide-0.13.1-as-needed.patch new file mode 100644 index 000000000000..9e0ec4d73aff --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-as-needed.patch @@ -0,0 +1,36 @@ +diff -Naur aide-0.13.1.orig/configure.in aide-0.13.1/configure.in +--- aide-0.13.1.orig/configure.in 2006-12-09 06:49:21.000000000 +0900 ++++ aide-0.13.1/configure.in 2009-12-16 19:30:17.000000000 +0900 +@@ -546,12 +546,12 @@ + if test x$with_zlib = xyes; then + AC_CHECK_HEADERS(zlib.h,, + [AC_MSG_ERROR([You don't have zlib properly installed. Install it or try --without-zlib.])]) +- save_LDFLAGS=$LDFLAGS +- LDFLAGS="$LDFLAGS $LD_STATIC_FLAG" ++# saveLIBS=$LIBS ++ LIBS="$LIBS -lz $LD_STATIC_FLAG" + AC_CHECK_LIB(z,gzdopen,, + [AC_MSG_ERROR([You don't have zlib properly installed. Install it or try --without-zlib.])] + ) +- LDFLAGS=$save_LDFLAGS ++# LIBS=$saveLIBS + AC_DEFINE(WITH_ZLIB,1,[use zlib]) + fi + +@@ -565,13 +565,13 @@ + fi + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) +-# save_LDFLAGS=$LDFLAGS ++# saveLIBS=$LIBS + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS $LD_STATIC_FLAG" ++ LIBS="$LIBS $CURL_LIBS $LD_STATIC_FLAG" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) +-# LDFLAGS=$save_LDFLAGS ++# LIBS=$saveLIBS + AC_DEFINE(WITH_CURL,1,[use curl]) + compoptionstring="${compoptionstring}WITH_CURL\\n"], + fi diff --git a/app-forensics/aide/files/aide-0.13.1-configure.patch b/app-forensics/aide/files/aide-0.13.1-configure.patch new file mode 100644 index 000000000000..75eb5559ebba --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-configure.patch @@ -0,0 +1,74 @@ +--- configure.in.old 2008-01-26 15:07:28.000000000 +0100 ++++ configure.in 2008-01-26 15:14:05.000000000 +0100 +@@ -160,7 +160,9 @@ + fi + + # Check whether static linking has explicitly been disabled +-AC_ARG_ENABLE(static,[ --disable-static Disable static linking (lowers the security of aide)], [aide_static_choice=$enableval], [aide_static_choice=yes]) ++AC_ARG_ENABLE(static, ++ AC_HELP_STRING([--disable-static],[Disable static linking (lowers the security of aide)]), ++ [aide_static_choice=$enableval], [aide_static_choice=yes]) + + if test "$aide_static_choice" != "yes"; then + LD_STATIC_FLAG="" +@@ -190,8 +192,8 @@ + AC_CHECK_FUNCS(stricmp strnstr strnlen) + + AC_ARG_WITH([mmap], +- [AC_HELP_STRING([--with-mmap], +- [use mmap @<:@default=check@:>@])], ++ AC_HELP_STRING([--with-mmap], ++ [use mmap @<:@default=check@:>@]), + [], + [with_mmap=check] + ) +@@ -283,8 +285,8 @@ + AC_CHECK_HEADERS(syslog.h inttypes.h fcntl.h) + + AC_ARG_WITH([locale], +- [AC_HELP_STRING([--with-locale], +- [use locale stuff])], ++ AC_HELP_STRING([--with-locale], ++ [use locale stuff]), + [], + [with_locale=no] + ) +@@ -369,10 +371,10 @@ + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], + [], +- [with_posix_acl_support=no] ++ [with_posix_acl=no] + ) + +-AS_IF([test "x$with_posix_acl_support" != xno], ++AS_IF([test "x$with_posix_acl" != xno], + [AC_DEFINE(WITH_POSIX_ACL,1,[use POSIX ACLs]) + AC_DEFINE(WITH_ACL,1,[use ACL]) + ACLLIB="-lacl" +@@ -388,10 +390,10 @@ + [AC_HELP_STRING([--with-selinux], + [use SELinux (no checking)])], + [], +- [with_selinux_support=no] ++ [with_selinux=no] + ) + +-AS_IF([test "x$with_selinux_support" != xno], ++AS_IF([test "x$with_selinux" != xno], + [AC_DEFINE(WITH_SELINUX,1,[use SELinux]) + if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists libselinux; then + SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static) +@@ -410,10 +412,10 @@ + [AC_HELP_STRING([--with-xattr], + [use xattr (no checking)])], + [], +- [with_xattr_support=no] ++ [with_xattr=no] + ) + +-AS_IF([test "x$with_xattr_support" != xno], ++AS_IF([test "x$with_xattr" != xno], + [AC_DEFINE(WITH_XATTR,1,[use xattr]) + ATTRLIB=-lattr + compoptionstring="${compoptionstring}WITH_XATTR\\n" diff --git a/app-forensics/aide/files/aide-0.13.1-equ-matching.patch b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch new file mode 100644 index 000000000000..e5d02a5ea7d5 --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch @@ -0,0 +1,83 @@ +--- src/gen_list.c.orig 2007-12-19 15:37:13.000000000 -0800 ++++ src/gen_list.c 2007-12-19 16:19:43.000000000 -0800 +@@ -732,33 +732,6 @@ + return retval; + } + +-//this is used to check if $text if equal to a node in $rxrlist +-//should be used to check equ_rx_lst only +-int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr) +-{ +- list* r=NULL; +- int retval=1; +- char *temp; +- +- for(r=rxrlist;r;r=r->next){ +- temp=((rx_rule*)r->data)->rx; +- +- //FIXME, if rx not begin with ^, may need to do something else +- if(temp[0]=='^') //^ is for reg exp, we can ignore this character +- temp++; +- +- //we don't need to worry about buff-overflow, so strcmp is safe +- if((retval=strcmp(temp, text))==0){ +- *attr=((rx_rule*)r->data)->attr; +- error(231,"\"%s\" matches string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- break; +- } else { +- error(231,"\"%s\" doesn't match string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- } +- } +- return retval; +-} +- + /* + * Function check_node_for_match() + * calls itself recursively to go to the top and then back down. +@@ -783,35 +756,24 @@ + return retval; + } + +- /* We need this to check whether this was the first one * +- * to be called and not a recursive call */ +- if(!((retval&16)==16)){ +- retval|=16; ++ /* if this call is not recursive we check the equals list and we set top * ++ * and retval so we know following calls are recursive */ ++ if(!(retval&16)){ + top=1; +- } else { +- top=0; +- } +- +- /* if no deeper match found */ +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ retval|=16; ++ + if(!check_list_for_match(node->equ_rx_lst,text,attr)){ +- /* +- Zhi Wen Wong added this line to fix bug that equ not work for +- compare +- if we do "=/bin", we should only check /bin +- so, /bin/bash or /bin/something should return 0 as neg +- */ +- if(!check_list_for_equal(node->equ_rx_lst,text,attr)) +- retval|=(2|4); +- }; +- }; ++ retval|=2|4; ++ } ++ } + /* We'll use retval to pass information on whether to recurse + * the dir or not */ + + +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ /* If 4 and 8 are not set, we will check for matches */ ++ if(!(retval&(4|8))){ + if(!check_list_for_match(node->sel_rx_lst,text,attr)) +- retval|=(1|8); ++ retval|=1|8; + } + + /* Now let's check the ancestors */ diff --git a/app-forensics/aide/files/aide-0.13.1-gentoo.patch b/app-forensics/aide/files/aide-0.13.1-gentoo.patch new file mode 100644 index 000000000000..9c1c07b5ce5f --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-gentoo.patch @@ -0,0 +1,36 @@ +diff -Naur aide-0.13.1.orig/Makefile.am aide-0.13.1/Makefile.am +--- aide-0.13.1.orig/Makefile.am 2006-10-11 03:39:01.000000000 +0900 ++++ aide-0.13.1/Makefile.am 2007-09-27 01:35:39.000000000 +0900 +@@ -33,7 +33,7 @@ + src/aide -c doc/aide.conf -V20 + + update-db: all +- src/aide -B "database_out=file://$(top_srcdir)/doc/aide.db" -c doc/aide.conf -i ++ src/aide -B "database_out=file://$(abs_top_srcdir)/doc/aide.db" -c doc/aide.conf -i + + dist-hook: configure + mkdir $(distdir)/include +diff -Naur aide-0.13.1.orig/doc/aide.conf.in aide-0.13.1/doc/aide.conf.in +--- aide-0.13.1.orig/doc/aide.conf.in 2006-11-25 04:53:56.000000000 +0900 ++++ aide-0.13.1/doc/aide.conf.in 2007-09-27 01:35:39.000000000 +0900 +@@ -19,7 +19,7 @@ + # corresponding line. + # + +-@@define TOPDIR @top_srcdir@ ++@@define TOPDIR @abs_top_srcdir@ + + @@ifndef TOPDIR + @@define TOPDIR / +diff -Naur aide-0.13.1.orig/src/Makefile.am aide-0.13.1/src/Makefile.am +--- aide-0.13.1.orig/src/Makefile.am 2006-10-28 06:10:38.000000000 +0900 ++++ aide-0.13.1/src/Makefile.am 2007-09-27 01:35:39.000000000 +0900 +@@ -20,6 +20,8 @@ + # This is no longer needed + # SUBDIRS = crypt + ++DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ ++ + bin_PROGRAMS = aide + + aide_SOURCES = \ diff --git a/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch new file mode 100644 index 000000000000..56b39693f4ff --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch @@ -0,0 +1,49 @@ +diff -urp aide-0.13.1.orig/doc/aide.1 aide-0.13.1/doc/aide.1 +--- aide-0.13.1.orig/doc/aide.1 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1 2009-04-14 15:49:18.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in +--- aide-0.13.1.orig/doc/aide.1.in 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1.in 2009-04-14 15:49:56.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h +--- aide-0.13.1.orig/include/report.h 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/include/report.h 2009-04-14 15:46:28.000000000 -0700 +@@ -31,6 +31,7 @@ + #define UNIMPLEMENTED_FUNCTION_ERROR 16 + #define INVALID_CONFIGURELINE_ERROR 17 + #define IO_ERROR 18 ++#define VERSION_MISMATCH_ERROR 19 + + /* Errorcodes */ + #define HASH_ALGO_ERROR 30 +diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c +--- aide-0.13.1.orig/src/md.c 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/src/md.c 2009-04-14 15:46:28.000000000 -0700 +@@ -201,6 +201,12 @@ int init_md(struct md_container* md) { + #endif + #ifdef WITH_GCRYPT + error(255,"Gcrypt library initialization\n"); ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); diff --git a/app-forensics/aide/files/aide-0.13.1-zlib.patch b/app-forensics/aide/files/aide-0.13.1-zlib.patch new file mode 100644 index 000000000000..0ca5af25275d --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-zlib.patch @@ -0,0 +1,12 @@ +diff -Naur aide-0.13.1.orig//src/be.c aide-0.13.1//src/be.c +--- aide-0.13.1.orig//src/be.c 2006-12-15 01:09:24.000000000 +0900 ++++ aide-0.13.1//src/be.c 2010-05-26 20:08:10.000000000 +0900 +@@ -161,7 +161,7 @@ + #endif + #ifdef WITH_ZLIB + if(iszipped && !inout){ +- fh=gzdopen(fd,"wb9+"); ++ fh=gzdopen(fd,"wb9"); + if(fh==NULL){ + error(0,_("Couldn't open file %s for %s"),u->value, + inout?"reading\n":"writing\n"); diff --git a/app-forensics/aide/files/aide-0.14-as-needed.patch b/app-forensics/aide/files/aide-0.14-as-needed.patch new file mode 100644 index 000000000000..7a90b4e25079 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-as-needed.patch @@ -0,0 +1,20 @@ +--- aide-0.14.orig/configure.in 2010-02-26 17:25:29.000000000 +0900 ++++ aide-0.14/configure.in 2010-05-27 00:11:34.000000000 +0900 +@@ -42,7 +42,7 @@ + AC_ARG_WITH(extra-libs, + AC_HELP_STRING([--with-extra-libs], + [Specify additional paths with -L to find libraries]), +- [LDFLAGS="$LDFLAGS $withval"] ++ [LIBS="$LIBS $withval"] + ) + AC_ARG_WITH(extra-link-libs, + AC_HELP_STRING([--with-extra-link-libs], +@@ -671,7 +671,7 @@ + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS" ++ LIBS="$LIBS $CURL_LIBS" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) diff --git a/app-forensics/aide/files/aide-0.14-configure.patch b/app-forensics/aide/files/aide-0.14-configure.patch new file mode 100644 index 000000000000..54afd8c4f4c6 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-configure.patch @@ -0,0 +1,38 @@ +diff -Naur aide-0.14.orig/configure.in aide-0.14/configure.in +--- aide-0.14.orig/configure.in 2010-02-26 17:25:29.000000000 +0900 ++++ aide-0.14/configure.in 2010-06-09 14:24:43.000000000 +0900 +@@ -407,14 +407,14 @@ + AC_ARG_WITH([zlib], + AC_HELP_STRING([--with-zlib], + [use zlib compression]), +- , ++ [with_zlib="$withval"], + [with_zlib=yes] + ) + + AC_ARG_WITH([curl], + AC_HELP_STRING([--with-curl], + [use curl for http,https and ftp backends]), +- , ++ [with_curl="$withval"], + [with_curl=no] + ) + +@@ -422,7 +422,7 @@ + AC_ARG_WITH([sun-acl], + [AC_HELP_STRING([--with-sun-acl], + [use ACL on solaris (no checking)])], +- [], ++ [with_sun_acl="$withval"], + [with_sun_acl=no] + ) + +@@ -440,7 +440,7 @@ + AC_ARG_WITH([posix-acl], + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], +- [], ++ [with_posix_acl_support="$withval"], + [with_posix_acl_support=no] + ) + diff --git a/app-forensics/aide/files/aide-0.14-gentoo.patch b/app-forensics/aide/files/aide-0.14-gentoo.patch new file mode 100644 index 000000000000..f2c8156ed161 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-gentoo.patch @@ -0,0 +1,26 @@ +diff -Naur aide-0.14.orig//src/Makefile.am aide-0.14//src/Makefile.am +--- aide-0.14.orig//src/Makefile.am 2010-02-20 04:23:08.000000000 +0900 ++++ aide-0.14//src/Makefile.am 2010-05-26 23:56:47.000000000 +0900 +@@ -26,7 +26,7 @@ + LEX_OUTPUT_ROOT = lex.yy + + LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @ELFLIB@ +-AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g ++AM_CFLAGS = -DLOCALEDIR=\"$(localedir)\" @AIDE_DEFS@ -W -Wall -g + + CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ + +diff -Naur aide-0.14.orig//src/db.c aide-0.14//src/db.c +--- aide-0.14.orig//src/db.c 2010-02-18 05:06:57.000000000 +0900 ++++ aide-0.14//src/db.c 2010-05-27 00:16:07.000000000 +0900 +@@ -26,6 +26,10 @@ + #include "db_file.h" + #include "db_disk.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide-0.15.1-gentoo.patch b/app-forensics/aide/files/aide-0.15.1-gentoo.patch new file mode 100644 index 000000000000..01c06f72387e --- /dev/null +++ b/app-forensics/aide/files/aide-0.15.1-gentoo.patch @@ -0,0 +1,26 @@ +diff -Naur aide-0.15.1.orig//src/Makefile.am aide-0.15.1//src/Makefile.am +--- aide-0.15.1.orig//src/Makefile.am 2010-08-02 03:23:44.000000000 +0900 ++++ aide-0.15.1//src/Makefile.am 2010-10-28 01:22:49.897871135 +0900 +@@ -26,7 +26,7 @@ + LEX_OUTPUT_ROOT = lex.yy + + LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ +-AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g ++AM_CFLAGS = -DLOCALEDIR=\"$(localedir)\" @AIDE_DEFS@ -W -Wall -g + + CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ + +diff -Naur aide-0.15.1.orig//src/db.c aide-0.15.1//src/db.c +--- aide-0.15.1.orig//src/db.c 2010-08-09 02:39:31.000000000 +0900 ++++ aide-0.15.1//src/db.c 2010-10-28 01:22:12.930091842 +0900 +@@ -27,6 +27,10 @@ + #include "db_file.h" + #include "db_disk.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide.conf b/app-forensics/aide/files/aide.conf new file mode 100644 index 000000000000..cef1813db9f8 --- /dev/null +++ b/app-forensics/aide/files/aide.conf @@ -0,0 +1,115 @@ +# AIDE conf + +database=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Here are all the things we can check - these are the default rules +# +#p: permissions +#i: inode +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#md5: md5 checksum +#sha1: sha1 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum +#R: p+i+n+u+g+s+m+c+md5 +#L: p+i+n+u+g +#E: Empty group +#>: Growing logfile p+u+g+i+n+S +#haval: haval checksum +#gost: gost checksum +#crc32: crc32 checksum + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha1 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha1 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha1 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib Binlib +/usr/lib Binlib +/usr/local/lib Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L diff --git a/app-forensics/aide/files/aide.cron b/app-forensics/aide/files/aide.cron new file mode 100755 index 000000000000..c28b78f8e9db --- /dev/null +++ b/app-forensics/aide/files/aide.cron @@ -0,0 +1,192 @@ +#!/bin/bash +# Modified: Benjamin Smee +# Date: Fri Sep 10 11:35:41 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Set this to suppress mailings when there's nothing to report +QUIETREPORTS=1 + +# This parameter defines which aide command to run from the cron script. +# Sensible values are "update" and "check". +# Default is "check", ensuring backwards compatibility. +# Since "update" does not take any longer, it is recommended to use "update", +# so that a new database is created every day. The new database needs to be +# manually copied over the current one, though. +COMMAND=update + +# This parameter defines how many lines to return per e-mail. Output longer +# than this value will be truncated in the e-mail sent out. +LINES=1000 + +# This parameter gives a grep regular expression. If given, all output lines +# that _don't_ match the regexp are listed first in the script's output. This +# allows to easily remove noise from the aide report. +NOISE="(/var/cache/|/var/lib/|/var/tmp)" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +LOGDIR="/var/log/aide" +LOGFILE="aide.log" +CONFFILE="/etc/aide/aide.conf" +ERRORLOG="aide_error.log" +MAILLOG="aide_mail.log" +ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` + +[ -f /usr/bin/aide ] || exit 0 + +DATABASE=`grep "^database=file:/" $CONFFILE | head -n 1 | cut --delimiter=: --fields=2` +FQDN=`hostname -f` +DATE=`date +"at %Y-%m-%d %H:%M"` + +# default values + +DATABASE="${DATABASE:-/var/lib/aide/aide.db}" + +AIDEARGS="-V4" + +if [ ! -f $DATABASE ]; then + /usr/sbin/sendmail $MAILTO <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +Fatal error: The AIDE database does not exist! +This may mean you haven't created it, or it may mean that someone has removed it. +EOF + exit 0 +fi + +# Removed so no deps on debianutils - strerror +#[ -f "$LOGDIR/$LOGFILE" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null +#[ -f "$LOGDIR/$ERRORLOG" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null + +aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" +RETVAL=$? + +if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then + # Bail now because there was no output and QUIETREPORTS is set + exit 0 +fi + +MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` + +(cat << EOF +This is an automated report generated by the Advanced Intrusion Detection +Environment on $FQDN ${DATE}. + +EOF + +# include error log in daily report e-mail + +if [ "$RETVAL" != "0" ]; then + cat > "$LOGDIR/$ERRORLOG" << EOF + +***************************************************************************** +* aide returned a non-zero exit value * +***************************************************************************** + +EOF + echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" +else + touch "$LOGDIR/$ERRORLOG" +fi +< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" +rm -f "$ERRORTMP" + +if [ -s "$LOGDIR/$ERRORLOG" ]; then + errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` + if [ ${errorlines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned many errors. * +* the error log output has been truncated in this mail * +**************************************************************************** + +EOF + echo "Error output is $errorlines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$ERRORLOG" + echo "The full output can be found in $LOGDIR/$ERRORLOG." + else + echo "Errors produced ($errorlines lines):" + cat "$LOGDIR/$ERRORLOG" + fi +else + echo "AIDE produced no errors." +fi + +# include de-noised log + +if [ -n "$NOISE" ]; then + NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` + NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` + sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ + grep '^\(changed\|removed\|added\):' | \ + grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 + + if [ -n "$NOISE" ]; then + < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP + rm -f $NOISETMP2 + echo "De-Noised output removes everything matching $NOISE." + else + mv $NOISETMP2 $NOISETMP + echo "No noise expression was given." + fi + + if [ -s "$NOISETMP" ]; then + loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "De-Noised output is $loglines lines, truncated to $LINES." + < $NOISETMP head -$LINES + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "De-Noised output of the daily AIDE run ($loglines lines):" + cat $NOISETMP + fi + else + echo "AIDE detected no changes after removing noise." + fi + rm -f $NOISETMP + echo "============================================================================" +fi + +# include non-de-noised log + +if [ -s "$LOGDIR/$LOGFILE" ]; then + loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "Output is $loglines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$LOGFILE" + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "Output of the daily AIDE run ($loglines lines):" + cat "$LOGDIR/$LOGFILE" + fi +else + echo "AIDE detected no changes." +fi +) > ${MAILTMP} + +( +cat <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +EOF +cat ${MAILTMP} +) | /usr/sbin/sendmail $MAILTO + +rm -f "$MAILTMP" diff --git a/app-forensics/aide/files/aideinit b/app-forensics/aide/files/aideinit new file mode 100755 index 000000000000..6a3c60c37837 --- /dev/null +++ b/app-forensics/aide/files/aideinit @@ -0,0 +1,145 @@ +#!/bin/sh +# Copyright 2003 Mike Markley <mike@markley.org> +# This script is free for any purpose whatseoever so long as the above +# copyright notice remains in place. +# +# Modified for Gentoo: Benjamin Smee +# Date: Fri Sep 10 11:36:04 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Defaults +#MAILTO="${MAILTO:-root}" + +# Options +opt_f=0 +opt_y=0 +opt_c=0 +opt_b=0 +config="/etc/aide/aide.conf" + +aideinit_usage() { + echo "Usage: $0 [options] -- [aide options]" + echo " -y|--yes Overwrite output file" + echo " -f|--force Force overwrite of database" + echo " -c|--config Specify alternate config file" + echo " -o|--output Specify alternate output file" + echo " -d|--database Specify alternate database file" + echo " -b|--background Run in the background" +} + +while [ -n "$1" ]; do + case "$1" in + -h|--help) + aideinit_usage + exit 0 + ;; + -f|--force) + opt_f=1 + shift + ;; + -y|--yes) + opt_y=1 + shift + ;; + -b|--background) + opt_b=1 + shift + ;; + -o|--output) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + outfile=$1 + shift + ;; + -d|--database) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + dbfile=$1 + shift + ;; + -c|--config) + opt_c=1 + shift + [ -z "$1" ] && aideinit_usage && exit 1 + config=$1 + shift + ;; + --) + shift + break 2 + ;; + *) + echo "Unknown option $1 (use -- to delimit aideinit and aide options)" + exit + ;; + esac +done + +if [ ! -f "$config" ]; then + echo "$0: $config: file not found" + exit 1 +fi + +if [ -z "$outfile" ]; then + outfile=`egrep "database_out=file:" $config | cut -d: -f2` + [ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new" +fi +if [ -z "$dbfile" ]; then + dbfile=`egrep "database=file:" $config | cut -d: -f2` + [ -z "$dbfile" ] && dbfile="/var/lib/aide/aide.db" +fi + +if [ -f $outfile ]; then + if [ $opt_y -eq 0 ]; then + echo -n "Overwrite existing $outfile [Yn]? " + read yn + case "$yn" in + [Nn]*) + exit 0 + ;; + esac + fi +fi + +extraflags="" + +if [ $opt_c -eq 1 ]; then + extraflags="$extraflags --config $config" +fi + +if [ $opt_b -eq 1 ]; then + (aide --init $extraflags $@ >/var/log/aide/aideinit.log 2>/var/log/aide/aideinit.errors + if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo "$dbfile exists and -f was not specified" >> /var/log/aide/aideinit.errors + fi + lines=`wc -l /var/log/aide/aideinit.errors | awk '{ print $1 }'` + if [ "$lines" -gt 0 ]; then + (echo "AIDE init errors:"; cat /var/log/aide/aideinit.errors) | /bin/mail -s "AIDE initialization problem" $MAILTO + else + cp -f $outfile $dbfile + fi) & + exit 0 +fi + +echo "Running aide --init..." +aide --init $extraflags $@ + +return=$? +if [ $return -ne 0 ]; then + echo "Something didn't quite go right; see $outfile for details" >&2 + exit $return +fi + +if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo -n "Overwrite $dbfile [yN]? " + read yn + case "$yn" in + [yY]*) + cp -f $outfile $dbfile + ;; + esac +else + cp -f $outfile $dbfile +fi |