- Update to 0.13.1 release.

Sun Dec 10 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13-1
- Update to 0.13 release.
- Include default aide.conf from RHEL5 as doc example file.
Sun Oct 29 2006 Michael Schwendt <mschwendt[AT]users.sf.net> -
    0.12-3.20061027cvs
- CAUTION! This changes the database format and results in a report of
    false inconsistencies until an old database file is updated.
- Check out CVS 20061027 which now contains Red Hat's
    acl/xattr/selinux/audit patches.
- Patches merged upstream.
- Update manual page substitutions.

.cvsignore

@@ -1,2 +1,2 @@
-aide-0.12.tar.gz
-aide-0.12.tar.gz.asc
+aide-0.13.1.tar.gz.asc
+aide-0.13.1.tar.gz

aide-0.12-getopt.patch

@@ -1,14 +0,0 @@
-Do what the manual says.
-
-diff -Nur aide-0.12-orig/src/aide.c aide-0.12/src/aide.c
---- aide-0.12-orig/src/aide.c	2006-10-04 12:20:25.000000000 +0200
-+++ aide-0.12/src/aide.c	2006-10-14 22:35:47.000000000 +0200
-@@ -109,7 +109,7 @@
-     { "update", no_argument, NULL, 'u'},
-     { "config-check", no_argument, NULL, 'D'},
-     { "compare", no_argument, NULL, 'E'},
--    { NULL }
-+    { NULL, 0, NULL, 0 }
-   };
- 
-   while(1){

aide-0.12-rh-bugfixes.patch

@@ -1,160 +0,0 @@
-Hi,
-
-This patch removes a couple unnecessary memsets, fixes some memory leaks
-associated with strlastslash usage, fixes some memory leaks in populate_tree,
-and moves a couple assignments closer to where they are used in case they are
-not needed.
-
--Steve
-
-
-diff -ur aide-0.12_rc1.orig/src/base64.c aide-0.12_rc1/src/base64.c
---- aide-0.12_rc1.orig/src/base64.c	2006-10-16 13:31:43.000000000 -0400
-+++ aide-0.12_rc1/src/base64.c	2006-10-16 13:43:08.000000000 -0400
-@@ -103,8 +103,6 @@
-   }
-   outbuf = (char *)malloc(sizeof(char)*B64_BUF);
-   
--  memset((void*)outbuf,0,B64_BUF);
--  
-   /* Initialize working pointers */
-   inb = src;
-   i = 0;
-@@ -191,11 +189,9 @@
-     return NULL;
- 
- 
--
-   /* Initialize working pointers */
-   inb = src;
-   outbuf = (byte *)malloc(sizeof(byte)*B64_BUF);
--  memset(outbuf,0,sizeof(byte)*B64_BUF);
- 
-   l = 0;
-   triple = 0;
-diff -ur aide-0.12_rc1.orig/src/commandconf.c aide-0.12_rc1/src/commandconf.c
---- aide-0.12_rc1.orig/src/commandconf.c	2006-10-16 13:31:43.000000000 -0400
-+++ aide-0.12_rc1/src/commandconf.c	2006-10-16 13:43:08.000000000 -0400
-@@ -240,11 +240,11 @@
- {
-   int retval=0;
-   int c=0;
--  char* tmp=NULL;
-   int err=0;
--  int* domd=0;
-+  int* domd=NULL;
-   url_t* db_url=NULL;
- #ifdef WITH_MHASH
-+  char* tmp=NULL;
-   MHASH* md=NULL;
-   void* key=NULL;
-   int keylen;
-@@ -401,7 +401,7 @@
- 
- int check_db_order(DB_FIELD* d,int size, DB_FIELD a)
- {
--  int i=0;
-+  int i;
-   for(i=0;i<size;i++){
-     if(d[i]==a)
-       return RETFAIL;
-diff -ur aide-0.12_rc1.orig/src/gen_list.c aide-0.12_rc1/src/gen_list.c
---- aide-0.12_rc1.orig/src/gen_list.c	2006-10-16 13:31:43.000000000 -0400
-+++ aide-0.12_rc1/src/gen_list.c	2006-10-16 14:09:49.000000000 -0400
-@@ -229,8 +229,7 @@
- {
-     if( r!=NULL ){
-         node->conf_lineno = r->conf_lineno;  
--        node->rx=(char*)malloc(strlen(r->rx)+1);
--        strcpy(node->rx,r->rx);
-+        node->rx=strdup(r->rx);
-     } else {
-         node->conf_lineno = -1;
-         node->rx=NULL;
-@@ -265,13 +264,17 @@
-     if(isrx){
-       parent=get_seltree_node(tree,tmprxtok);
-     }else {
--      parent=get_seltree_node(tree,strlastslash(path));
-+      char* dirn=strlastslash(path);
-+      parent=get_seltree_node(tree,dirn);
-+      free(dirn);
-     }      
-     if(parent==NULL){
-       if(isrx){
- 	parent=new_seltree_node(tree,tmprxtok,isrx,r);
-       }else {
--	parent=new_seltree_node(tree,strlastslash(path),isrx,r);
-+        char* dirn=strlastslash(path);
-+        parent=new_seltree_node(tree,dirn,isrx,r);
-+        free(dirn);
-       }
-     }
-     free(tmprxtok);
-@@ -306,8 +309,7 @@
-     error(240,"Handling %s with %c \"%s\" with node \"%s\"\n",rxtok,type,curr_rule->rx,curnode->path);
- 	
-     
--    /* We have to add '^' to the first charaster of string... 
--     *
-+    /* We have to add '^' to the first character of string... 
-      */
- 
-     data=(char*)malloc(strlen(curr_rule->rx)+1+1);
-@@ -1518,9 +1520,14 @@
- 	if((add=check_rxtree(old->filename,tree,&attr))>0){
- 	  add_file_to_tree(tree,old,DB_OLD,0,attr);
- 	  i++;
--	}else if(!initdbwarningprinted){
--	  error(3,_("WARNING: Old db contains a file that shouldn\'t be there, run --init or --update\n"));
--	  initdbwarningprinted=1;
-+	}else{
-+          free_db_line(old);
-+          free(old);
-+          old=NULL;
-+          if(!initdbwarningprinted){
-+	    error(3,_("WARNING: Old db contains a file that shouldn\'t be there, run --init or --update\n"));
-+	    initdbwarningprinted=1;
-+	  }
- 	}
- 	if(i<100){
- 	  old=db_readline(DB_OLD);
-@@ -1543,6 +1550,10 @@
- 	if((add=check_rxtree(new->filename,tree,&attr))>0){
- 	  add_file_to_tree(tree,new,DB_NEW,0,attr);
- 	  i++;
-+	} else {
-+          free_db_line(new);
-+          free(new);
-+          new=NULL;
- 	}
- 	if(i<100){
- 	  new=db_readline(DB_NEW);
-@@ -1568,6 +1579,8 @@
- 	}
- 	if((conf->action&DO_INIT)&&!(conf->action&DO_COMPARE)){
- 	  free_db_line(new);
-+          free(new);
-+          new=NULL;
- 	}
- 	if(i<100){
- 	  new=db_readline(DB_DISK);
-diff -ur aide-0.12_rc1.orig/src/symboltable.c aide-0.12_rc1/src/symboltable.c
---- aide-0.12_rc1.orig/src/symboltable.c	2006-10-16 13:31:43.000000000 -0400
-+++ aide-0.12_rc1/src/symboltable.c	2006-10-16 13:43:08.000000000 -0400
-@@ -34,13 +34,13 @@
-     return NULL;
-   }
- 
--  l=item->prev;
-   p=item;
-   while(p!=NULL){
-     if (strcmp(s,((symba*)p->data)->name)==0) return p;
-     p=p->next;
-   }
-     
-+  l=item->prev;
-   while(l!=NULL){
-     /* Insert bug to here return l-> return p */
-     if (strcmp(s,((symba*)l->data)->name)==0) return l; 
-

aide.conf.rhel

@@ -0,0 +1,215 @@
+# Example configuration file for AIDE.
+
+@@define DBDIR /var/lib/aide
+
+# The location of the database to be read.
+database=file:@@{DBDIR}/aide.db.gz
+
+# The location of the database to be written.
+#database_out=sql:host:port:database:login_name:passwd:table
+#database_out=file:aide.db.new
+database_out=file:@@{DBDIR}/aide.db.new.gz
+
+# Whether to gzip the output to database
+gzip_dbout=yes
+
+# Default.
+verbose=5
+
+report_url=file:/var/log/aide.log
+report_url=stdout
+#report_url=stderr
+#NOT IMPLEMENTED report_url=mailto:root@foo.com
+#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
+
+# These are the default rules.
+#
+#p:      permissions
+#i:      inode:
+#n:      number of links
+#u:      user
+#g:      group
+#s:      size
+#b:      block count
+#m:      mtime
+#a:      atime
+#c:      ctime
+#acl:           Access Control Lists
+#selinux        SELinux security context
+#xattrs:        Extended file attributes
+#S:      check for growing size
+#md5:    md5 checksum
+#sha1:   sha1 checksum
+#sha256:        sha256 checksum
+#sha512:        sha512 checksum
+#rmd160: rmd160 checksum
+#tiger:  tiger checksum
+
+#haval:  haval checksum (MHASH only)
+#gost:   gost checksum (MHASH only)
+#crc32:  crc32 checksum (MHASH only)
+#whirlpool:     whirlpool checksum (MHASH only)
+
+#R:             p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
+#L:             p+i+n+u+g+acl+selinux+xattrs
+#E:             Empty group
+#>:             Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
+
+# You can create custom rules like this.
+# With MHASH...
+# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
+ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
+# Everything but access time (Ie. all changes)
+EVERYTHING = R+ALLXTRAHASHES
+
+# Sane, with multiple hashes
+# NORMAL = R+rmd160+sha256+whirlpool
+NORMAL = R+rmd160+sha256
+
+# For directories, don't bother doing hashes
+DIR = p+i+n+u+g+acl+selinux+xattrs
+
+# Access control only
+PERMS = p+i+u+g+acl+selinux
+
+# Logfile are special, in that they often change
+LOG = >
+
+# Just do md5 and sha256 hashes
+LSPP = R+sha256
+
+# Some files get updated automatically, so the inode/ctime/mtime change
+# but we want to know when the data inside them changes
+DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
+
+# Next decide what directories/files you want in the database.
+
+/boot   NORMAL
+/bin    NORMAL
+/sbin   NORMAL
+/lib    NORMAL
+/opt    NORMAL
+/usr    NORMAL
+/root   NORMAL
+# These are too volatile
+!/usr/src
+!/usr/tmp
+
+# Check only permissions, inode, user and group for /etc, but
+# cover some important files closely.
+/etc    PERMS
+!/etc/mtab
+# Ignore backup files
+!/etc/.*~
+/etc/exports  NORMAL
+/etc/fstab    NORMAL
+/etc/passwd   NORMAL
+/etc/group    NORMAL
+/etc/gshadow  NORMAL
+/etc/shadow   NORMAL
+/etc/security/opasswd   NORMAL
+
+/etc/hosts.allow   NORMAL
+/etc/hosts.deny    NORMAL
+
+/etc/sudoers NORMAL
+/etc/skel NORMAL
+
+/etc/logrotate.d NORMAL
+
+/etc/resolv.conf DATAONLY
+
+/etc/nscd.conf NORMAL
+/etc/securetty NORMAL
+
+# Shell/X starting files
+/etc/profile NORMAL
+/etc/bashrc NORMAL
+/etc/bash_completion.d/ NORMAL
+/etc/login.defs NORMAL
+/etc/zprofile NORMAL
+/etc/zshrc NORMAL
+/etc/zlogin NORMAL
+/etc/zlogout NORMAL
+/etc/profile.d/ NORMAL
+/etc/X11/ NORMAL
+
+# Pkg manager
+/etc/yum.conf NORMAL
+/etc/yumex.conf NORMAL
+/etc/yumex.profiles.conf NORMAL
+/etc/yum/ NORMAL
+/etc/yum.repos.d/ NORMAL
+
+/var/log   LOG
+# This gets new/removes-old filenames daily
+!/var/log/sa
+# As we are checking it, we've truncated yesterdays size to zero.
+!/var/log/aide.log
+
+# LSPP rules...
+# AIDE produces an audit record, so this becomes perpetual motion.
+# /var/log/audit/ LSPP
+/etc/audit/ LSPP
+/etc/libaudit.conf LSPP
+/usr/sbin/stunnel LSPP
+/var/spool/at LSPP
+/etc/at.allow LSPP
+/etc/at.deny LSPP
+/etc/cron.allow LSPP
+/etc/cron.deny LSPP
+/etc/cron.d/ LSPP
+/etc/cron.daily/ LSPP
+/etc/cron.hourly/ LSPP
+/etc/cron.monthly/ LSPP
+/etc/cron.weekly/ LSPP
+/etc/crontab LSPP
+/var/spool/cron/root LSPP
+
+/etc/login.defs LSPP
+/etc/securetty LSPP
+/var/log/faillog LSPP
+/var/log/lastlog LSPP
+
+/etc/hosts LSPP
+/etc/sysconfig LSPP
+
+/etc/inittab LSPP
+# Grub isn't in LSPP, but pretend it is
+/etc/grub/ LSPP
+/etc/rc.d LSPP
+
+/etc/ld.so.conf LSPP
+
+/etc/localtime LSPP
+
+/etc/sysctl.conf LSPP
+
+/etc/modprobe.conf LSPP
+
+/etc/pam.d LSPP
+/etc/security LSPP
+/etc/aliases LSPP
+/etc/postfix LSPP
+
+/etc/ssh/sshd_config LSPP
+/etc/ssh/ssh_config LSPP
+
+/etc/stunnel LSPP
+
+/etc/vsftpd.ftpusers LSPP
+/etc/vsftpd LSPP
+
+/etc/issue LSPP
+/etc/issue.net LSPP
+
+/etc/cups LSPP
+
+# With AIDE's default verbosity level of 5, these would give lots of
+# warnings upon tree traversal. It might change with future version.
+#
+#=/lost\+found    DIR
+#=/home           DIR
+
+# Dito /var/log/sa reason...
+!/var/log/and-httpd

aide.spec

@@ -6,22 +6,24 @@
 
 Summary: Intrusion detection environment
 Name: aide
-Version: 0.12
-Release: 2%{?dist}
+Version: 0.13.1
+Release: 1
 URL: http://sourceforge.net/projects/aide
 License: GPL
 Group: Applications/System
 Source0: http://download.sourceforge.net/aide/aide-%{version}.tar.gz
 Source1: aide.conf
 Source2: README.quickstart
-Patch0: aide-0.12-getopt.patch
-Patch1: aide-0.12-rh-bugfixes.patch
+Source3: aide.conf.rhel
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
 Buildrequires: mhash-devel zlib-devel
 Buildrequires: flex bison
 %if "%{?_with_curl}x" != "x"
 Buildrequires: curl-devel
 %endif
+Buildrequires: pkgconfig
+Buildrequires: libattr-devel libacl-devel libselinux-devel
+Buildrequires: audit-libs-devel >= 1.2.8-2
 #Buildrequires: postgresql-devel libgcrypt-devel
 #(needs --with-psql and -lgcrypt in src/Makefile.in)
 
@@ -32,8 +34,10 @@ checker and intrusion detection program.
 
 %prep
 %setup -q
-%patch0 -p1 -b .getopt
-%patch1 -p1 -b .rh-bugfixes
+
+# Adjust default paths in manual.
+sed -i -e 's!@sysconfdir@/aide.db\(.new\)\?!%{_localstatedir}/lib/aide/aide.db\1.gz!' doc/aide.1.in
+sed -i -e 's!@sysconfdir@/aide.conf!%{_sysconfdir}/aide.conf!' doc/aide.1.in
 
 
 %build
@@ -41,14 +45,10 @@ checker and intrusion detection program.
            --with-zlib \
            --with-mhash --enable-mhash \
            %{?_with_curl} %{?_without_curl} \
+           --with-selinux --with-posix-acl --with-configmactype=sha256 \
+           --with-audit \
            %{?nostatic}
 
-# Adjust default database paths.
-perl -pi -e 's!%{_sysconfdir}/aide.db!%{_localstatedir}/lib/aide.db!' config.h
-# Adjust default paths in manual.
-perl -pi -e 's!<prefix>/etc/aide.db!%{_localstatedir}/lib/aide.db!' doc/aide.1
-perl -pi -e 's!<prefix>/etc/aide.conf!%{_sysconfdir}/aide.conf!' doc/aide.1
-
 make %{?_smp_mflags}
 
 
@@ -59,6 +59,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
 install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
 mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide
 install -p %{SOURCE2} README.quickstart
+install -p %{SOURCE3} aide.conf.rhel
 
 
 %clean
@@ -68,7 +69,7 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(0644,root,root,0755)
 %doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/
-%doc README.quickstart
+%doc README.quickstart aide.conf.rhel
 %attr(0700,root,root) %{_sbindir}/aide
 %{_mandir}/man1/*
 %{_mandir}/man5/*
@@ -77,6 +78,21 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sun Dec 17 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13.1-1
+- Update to 0.13.1 release.
+
+* Sun Dec 10 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13-1
+- Update to 0.13 release.
+- Include default aide.conf from RHEL5 as doc example file.
+
+* Sun Oct 29 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-3.20061027cvs
+- CAUTION! This changes the database format and results in a report of
+  false inconsistencies until an old database file is updated.
+- Check out CVS 20061027 which now contains Red Hat's
+  acl/xattr/selinux/audit patches.
+- Patches merged upstream.
+- Update manual page substitutions.
+
 * Mon Oct 23 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-2
 - Add "memory leaks and performance updates" patch as posted
   to aide-devel by Steve Grubb.

sources

@@ -1,2 +1,2 @@
-fee8da9fe8ac4f78de1a237290ed3204  aide-0.12.tar.gz
-1073f8839dc68c6e0ae1251dd2371584  aide-0.12.tar.gz.asc
+eb724c089677d634a02d015ef943522c  aide-0.13.1.tar.gz.asc
+27978cc6bca4f0fbf3f6f5a1b330661c  aide-0.13.1.tar.gz