- enable xattr support and update config file
This commit is contained in:
parent
7d279b9716
commit
ac87434af1
174
aide-0.12-dedosify.patch
Normal file
174
aide-0.12-dedosify.patch
Normal file
@ -0,0 +1,174 @@
|
|||||||
|
--- aide-0.12/contrib/gpg2_check.sh.spc 2007-06-21 12:37:06.000000000 -0400
|
||||||
|
+++ aide-0.12/contrib/gpg2_check.sh 2007-06-21 12:39:53.000000000 -0400
|
||||||
|
@@ -1,32 +1,32 @@
|
||||||
|
-#!/bin/sh
|
||||||
|
-# $Id: gpg2_check.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
|
||||||
|
-
|
||||||
|
-# Script by Vincent Danen <vdanen@linsec.ca>
|
||||||
|
-
|
||||||
|
-hostname=`uname -n`
|
||||||
|
-echo "AIDE integrity check for ${hostname} beginning (`date`)"
|
||||||
|
-echo ""
|
||||||
|
-if [ ! -e /var/lib/aide/aide.db ] ; then
|
||||||
|
- echo "**** Error: AIDE database for ${hostname} not found."
|
||||||
|
- echo "**** Run 'aide --init' and move the appropriate database file."
|
||||||
|
-else
|
||||||
|
- if [ -f /etc/aide.conf ]; then
|
||||||
|
- if [ -f /var/lib/aide/aide.db.sig ]; then
|
||||||
|
- pushd /var/lib/aide >/dev/null
|
||||||
|
- echo "Verifying the GPG signature on the database..."
|
||||||
|
- echo ""
|
||||||
|
- gpg --verify aide.db.sig
|
||||||
|
- echo ""
|
||||||
|
- if [ "$?" == "1" ]; then
|
||||||
|
- echo "************************************************************"
|
||||||
|
- echo "GPG signature FAILED! Your database has been tampered with!"
|
||||||
|
- echo "************************************************************"
|
||||||
|
- exit 1
|
||||||
|
- fi
|
||||||
|
- popd >/dev/null
|
||||||
|
- fi
|
||||||
|
- nice -20 /usr/sbin/aide --check 2>/dev/null
|
||||||
|
- fi
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-exit 0
|
||||||
|
+#!/bin/sh
|
||||||
|
+# $Id: gpg2_check.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
|
||||||
|
+
|
||||||
|
+# Script by Vincent Danen <vdanen@linsec.ca>
|
||||||
|
+
|
||||||
|
+hostname=`uname -n`
|
||||||
|
+echo "AIDE integrity check for ${hostname} beginning (`date`)"
|
||||||
|
+echo ""
|
||||||
|
+if [ ! -e /var/lib/aide/aide.db ] ; then
|
||||||
|
+ echo "**** Error: AIDE database for ${hostname} not found."
|
||||||
|
+ echo "**** Run 'aide --init' and move the appropriate database file."
|
||||||
|
+else
|
||||||
|
+ if [ -f /etc/aide.conf ]; then
|
||||||
|
+ if [ -f /var/lib/aide/aide.db.sig ]; then
|
||||||
|
+ pushd /var/lib/aide >/dev/null
|
||||||
|
+ echo "Verifying the GPG signature on the database..."
|
||||||
|
+ echo ""
|
||||||
|
+ gpg --verify aide.db.sig
|
||||||
|
+ echo ""
|
||||||
|
+ if [ "$?" == "1" ]; then
|
||||||
|
+ echo "************************************************************"
|
||||||
|
+ echo "GPG signature FAILED! Your database has been tampered with!"
|
||||||
|
+ echo "************************************************************"
|
||||||
|
+ exit 1
|
||||||
|
+ fi
|
||||||
|
+ popd >/dev/null
|
||||||
|
+ fi
|
||||||
|
+ nice -20 /usr/sbin/aide --check 2>/dev/null
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+exit 0
|
||||||
|
--- aide-0.12/contrib/gpg2_update.sh.spc 2007-06-21 12:37:24.000000000 -0400
|
||||||
|
+++ aide-0.12/contrib/gpg2_update.sh 2007-06-21 12:39:43.000000000 -0400
|
||||||
|
@@ -1,52 +1,52 @@
|
||||||
|
-#!/bin/sh
|
||||||
|
-# $Id: gpg2_update.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
|
||||||
|
-#
|
||||||
|
-# script to update and rotate the AIDE database files and, optionally
|
||||||
|
-# create a detached GPG signature to verify the database file
|
||||||
|
-#
|
||||||
|
-# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
|
||||||
|
-
|
||||||
|
-usegpg=0
|
||||||
|
-
|
||||||
|
-if [ -f /root/.gnupg/secring.gpg ]; then
|
||||||
|
- usegpg=1
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-if [ ! -d /var/lib/aide ]; then
|
||||||
|
- echo "The AIDE database directory /var/lib/aide does not exist!"
|
||||||
|
- exit 1
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-pushd /var/lib/aide >/dev/null
|
||||||
|
-
|
||||||
|
-# copy the old database
|
||||||
|
-if [ -f aide.db ]; then
|
||||||
|
- newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
|
||||||
|
- if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
|
||||||
|
- # do an integrity check
|
||||||
|
- gpg --verify aide.db.sig
|
||||||
|
- if [ "$?" == "1" ]; then
|
||||||
|
- echo "************************************************************"
|
||||||
|
- echo "GPG signature FAILED! Your database has been tampered with!"
|
||||||
|
- echo "************************************************************"
|
||||||
|
- exit 1
|
||||||
|
- fi
|
||||||
|
- fi
|
||||||
|
- cp -av aide.db ${newfile}
|
||||||
|
- /usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
|
||||||
|
- if [ "${usegpg}" == "1" ]; then
|
||||||
|
- # create the signature file
|
||||||
|
- [[ -f aide.db.sig ]] && rm -f aide.db.sig
|
||||||
|
- gpg --detach-sign aide.db
|
||||||
|
- if [ "$?" == "1" ]; then
|
||||||
|
- echo "FATAL: Error occurred when creating the signature file!"
|
||||||
|
- exit 1
|
||||||
|
- fi
|
||||||
|
- fi
|
||||||
|
- gzip -9f ${newfile}
|
||||||
|
-else
|
||||||
|
- echo "The AIDE database does not exist, can't update!"
|
||||||
|
- exit 1
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-popd >/dev/null
|
||||||
|
+#!/bin/sh
|
||||||
|
+# $Id: gpg2_update.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
|
||||||
|
+#
|
||||||
|
+# script to update and rotate the AIDE database files and, optionally
|
||||||
|
+# create a detached GPG signature to verify the database file
|
||||||
|
+#
|
||||||
|
+# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
|
||||||
|
+
|
||||||
|
+usegpg=0
|
||||||
|
+
|
||||||
|
+if [ -f /root/.gnupg/secring.gpg ]; then
|
||||||
|
+ usegpg=1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+if [ ! -d /var/lib/aide ]; then
|
||||||
|
+ echo "The AIDE database directory /var/lib/aide does not exist!"
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+pushd /var/lib/aide >/dev/null
|
||||||
|
+
|
||||||
|
+# copy the old database
|
||||||
|
+if [ -f aide.db ]; then
|
||||||
|
+ newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
|
||||||
|
+ if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
|
||||||
|
+ # do an integrity check
|
||||||
|
+ gpg --verify aide.db.sig
|
||||||
|
+ if [ "$?" == "1" ]; then
|
||||||
|
+ echo "************************************************************"
|
||||||
|
+ echo "GPG signature FAILED! Your database has been tampered with!"
|
||||||
|
+ echo "************************************************************"
|
||||||
|
+ exit 1
|
||||||
|
+ fi
|
||||||
|
+ fi
|
||||||
|
+ cp -av aide.db ${newfile}
|
||||||
|
+ /usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
|
||||||
|
+ if [ "${usegpg}" == "1" ]; then
|
||||||
|
+ # create the signature file
|
||||||
|
+ [[ -f aide.db.sig ]] && rm -f aide.db.sig
|
||||||
|
+ gpg --detach-sign aide.db
|
||||||
|
+ if [ "$?" == "1" ]; then
|
||||||
|
+ echo "FATAL: Error occurred when creating the signature file!"
|
||||||
|
+ exit 1
|
||||||
|
+ fi
|
||||||
|
+ fi
|
||||||
|
+ gzip -9f ${newfile}
|
||||||
|
+else
|
||||||
|
+ echo "The AIDE database does not exist, can't update!"
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+popd >/dev/null
|
160
aide.conf
160
aide.conf
@ -1,6 +1,7 @@
|
|||||||
# Example configuration file for AIDE.
|
# Example configuration file for AIDE.
|
||||||
|
|
||||||
@@define DBDIR /var/lib/aide
|
@@define DBDIR /var/lib/aide
|
||||||
|
@@define LOGDIR /var/log/aide
|
||||||
|
|
||||||
# The location of the database to be read.
|
# The location of the database to be read.
|
||||||
database=file:@@{DBDIR}/aide.db.gz
|
database=file:@@{DBDIR}/aide.db.gz
|
||||||
@ -16,7 +17,7 @@ gzip_dbout=yes
|
|||||||
# Default.
|
# Default.
|
||||||
verbose=5
|
verbose=5
|
||||||
|
|
||||||
report_url=file:/var/log/aide.log
|
report_url=file:@@{LOGDIR}/aide.log
|
||||||
report_url=stdout
|
report_url=stdout
|
||||||
#report_url=stderr
|
#report_url=stderr
|
||||||
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
||||||
@ -35,23 +36,52 @@ report_url=stdout
|
|||||||
#a: atime
|
#a: atime
|
||||||
#c: ctime
|
#c: ctime
|
||||||
#S: check for growing size
|
#S: check for growing size
|
||||||
|
#acl: Access Control Lists
|
||||||
|
#selinux SELinux security context
|
||||||
|
#xattrs: Extended file attributes
|
||||||
#md5: md5 checksum
|
#md5: md5 checksum
|
||||||
#sha1: sha1 checksum
|
#sha1: sha1 checksum
|
||||||
|
#sha256: sha256 checksum
|
||||||
|
#sha512: sha512 checksum
|
||||||
#rmd160: rmd160 checksum
|
#rmd160: rmd160 checksum
|
||||||
#tiger: tiger checksum
|
#tiger: tiger checksum
|
||||||
#haval: haval checksum
|
|
||||||
#gost: gost checksum
|
#haval: haval checksum (MHASH only)
|
||||||
#crc32: crc32 checksum
|
#gost: gost checksum (MHASH only)
|
||||||
#R: p+i+n+u+g+s+m+c+md5
|
#crc32: crc32 checksum (MHASH only)
|
||||||
#L: p+i+n+u+g
|
#whirlpool: whirlpool checksum (MHASH only)
|
||||||
#E: Empty group
|
|
||||||
#>: Growing logfile p+u+g+i+n+S
|
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
||||||
|
#L: p+i+n+u+g+acl+selinux+xattrs
|
||||||
|
#E: Empty group
|
||||||
|
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
|
||||||
|
|
||||||
# You can create custom rules like this.
|
# You can create custom rules like this.
|
||||||
|
# With MHASH...
|
||||||
|
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
||||||
|
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||||
|
# Everything but access time (Ie. all changes)
|
||||||
|
EVERYTHING = R+ALLXTRAHASHES
|
||||||
|
|
||||||
NORMAL = R+b+sha1
|
# Sane, with multiple hashes
|
||||||
|
# NORMAL = R+rmd160+sha256+whirlpool
|
||||||
|
NORMAL = R+rmd160+sha256
|
||||||
|
|
||||||
DIR = p+i+n+u+g
|
# For directories, don't bother doing hashes
|
||||||
|
DIR = p+i+n+u+g+acl+selinux+xattrs
|
||||||
|
|
||||||
|
# Access control only
|
||||||
|
PERMS = p+i+u+g+acl+selinux
|
||||||
|
|
||||||
|
# Logfile are special, in that they often change
|
||||||
|
LOG = >
|
||||||
|
|
||||||
|
# Just do md5 and sha256 hashes
|
||||||
|
LSPP = R+sha256
|
||||||
|
|
||||||
|
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||||
|
# but we want to know when the data inside them changes
|
||||||
|
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
|
||||||
|
|
||||||
# Next decide what directories/files you want in the database.
|
# Next decide what directories/files you want in the database.
|
||||||
|
|
||||||
@ -62,19 +92,120 @@ DIR = p+i+n+u+g
|
|||||||
/opt NORMAL
|
/opt NORMAL
|
||||||
/usr NORMAL
|
/usr NORMAL
|
||||||
/root NORMAL
|
/root NORMAL
|
||||||
|
# These are too volatile
|
||||||
|
!/usr/src
|
||||||
|
!/usr/tmp
|
||||||
|
|
||||||
# Check only permissions, inode, user and group for /etc, but
|
# Check only permissions, inode, user and group for /etc, but
|
||||||
# cover some important files closely.
|
# cover some important files closely.
|
||||||
/etc p+i+u+g
|
/etc PERMS
|
||||||
!/etc/mtab
|
!/etc/mtab
|
||||||
|
# Ignore backup files
|
||||||
|
!/etc/.*~
|
||||||
/etc/exports NORMAL
|
/etc/exports NORMAL
|
||||||
/etc/fstab NORMAL
|
/etc/fstab NORMAL
|
||||||
/etc/passwd NORMAL
|
/etc/passwd NORMAL
|
||||||
/etc/group NORMAL
|
/etc/group NORMAL
|
||||||
/etc/gshadow NORMAL
|
/etc/gshadow NORMAL
|
||||||
/etc/shadow NORMAL
|
/etc/shadow NORMAL
|
||||||
|
/etc/security/opasswd NORMAL
|
||||||
|
|
||||||
/var/log p+n+u+g
|
/etc/hosts.allow NORMAL
|
||||||
|
/etc/hosts.deny NORMAL
|
||||||
|
|
||||||
|
/etc/sudoers NORMAL
|
||||||
|
/etc/skel NORMAL
|
||||||
|
|
||||||
|
/etc/logrotate.d NORMAL
|
||||||
|
|
||||||
|
/etc/resolv.conf DATAONLY
|
||||||
|
|
||||||
|
/etc/nscd.conf NORMAL
|
||||||
|
/etc/securetty NORMAL
|
||||||
|
|
||||||
|
# Shell/X starting files
|
||||||
|
/etc/profile NORMAL
|
||||||
|
/etc/bashrc NORMAL
|
||||||
|
/etc/bash_completion.d/ NORMAL
|
||||||
|
/etc/login.defs NORMAL
|
||||||
|
/etc/zprofile NORMAL
|
||||||
|
/etc/zshrc NORMAL
|
||||||
|
/etc/zlogin NORMAL
|
||||||
|
/etc/zlogout NORMAL
|
||||||
|
/etc/profile.d/ NORMAL
|
||||||
|
/etc/X11/ NORMAL
|
||||||
|
|
||||||
|
# Pkg manager
|
||||||
|
/etc/yum.conf NORMAL
|
||||||
|
/etc/yumex.conf NORMAL
|
||||||
|
/etc/yumex.profiles.conf NORMAL
|
||||||
|
/etc/yum/ NORMAL
|
||||||
|
/etc/yum.repos.d/ NORMAL
|
||||||
|
|
||||||
|
/var/log LOG
|
||||||
|
/var/run/utmp LOG
|
||||||
|
|
||||||
|
# This gets new/removes-old filenames daily
|
||||||
|
!/var/log/sa
|
||||||
|
# As we are checking it, we've truncated yesterdays size to zero.
|
||||||
|
!/var/log/aide.log
|
||||||
|
|
||||||
|
# LSPP rules...
|
||||||
|
# AIDE produces an audit record, so this becomes perpetual motion.
|
||||||
|
# /var/log/audit/ LSPP
|
||||||
|
/etc/audit/ LSPP
|
||||||
|
/etc/libaudit.conf LSPP
|
||||||
|
/usr/sbin/stunnel LSPP
|
||||||
|
/var/spool/at LSPP
|
||||||
|
/etc/at.allow LSPP
|
||||||
|
/etc/at.deny LSPP
|
||||||
|
/etc/cron.allow LSPP
|
||||||
|
/etc/cron.deny LSPP
|
||||||
|
/etc/cron.d/ LSPP
|
||||||
|
/etc/cron.daily/ LSPP
|
||||||
|
/etc/cron.hourly/ LSPP
|
||||||
|
/etc/cron.monthly/ LSPP
|
||||||
|
/etc/cron.weekly/ LSPP
|
||||||
|
/etc/crontab LSPP
|
||||||
|
/var/spool/cron/root LSPP
|
||||||
|
|
||||||
|
/etc/login.defs LSPP
|
||||||
|
/etc/securetty LSPP
|
||||||
|
/var/log/faillog LSPP
|
||||||
|
/var/log/lastlog LSPP
|
||||||
|
|
||||||
|
/etc/hosts LSPP
|
||||||
|
/etc/sysconfig LSPP
|
||||||
|
|
||||||
|
/etc/inittab LSPP
|
||||||
|
/etc/grub/ LSPP
|
||||||
|
/etc/rc.d LSPP
|
||||||
|
|
||||||
|
/etc/ld.so.conf LSPP
|
||||||
|
|
||||||
|
/etc/localtime LSPP
|
||||||
|
|
||||||
|
/etc/sysctl.conf LSPP
|
||||||
|
|
||||||
|
/etc/modprobe.conf LSPP
|
||||||
|
|
||||||
|
/etc/pam.d LSPP
|
||||||
|
/etc/security LSPP
|
||||||
|
/etc/aliases LSPP
|
||||||
|
/etc/postfix LSPP
|
||||||
|
|
||||||
|
/etc/ssh/sshd_config LSPP
|
||||||
|
/etc/ssh/ssh_config LSPP
|
||||||
|
|
||||||
|
/etc/stunnel LSPP
|
||||||
|
|
||||||
|
/etc/vsftpd.ftpusers LSPP
|
||||||
|
/etc/vsftpd LSPP
|
||||||
|
|
||||||
|
/etc/issue LSPP
|
||||||
|
/etc/issue.net LSPP
|
||||||
|
|
||||||
|
/etc/cups LSPP
|
||||||
|
|
||||||
# With AIDE's default verbosity level of 5, these would give lots of
|
# With AIDE's default verbosity level of 5, these would give lots of
|
||||||
# warnings upon tree traversal. It might change with future version.
|
# warnings upon tree traversal. It might change with future version.
|
||||||
@ -82,3 +213,8 @@ DIR = p+i+n+u+g
|
|||||||
#=/lost\+found DIR
|
#=/lost\+found DIR
|
||||||
#=/home DIR
|
#=/home DIR
|
||||||
|
|
||||||
|
# Ditto /var/log/sa reason...
|
||||||
|
!/var/log/and-httpd
|
||||||
|
|
||||||
|
# Admins dot files constantly change, just check perms
|
||||||
|
/root/.* PERMS
|
||||||
|
215
aide.conf.rhel
215
aide.conf.rhel
@ -1,215 +0,0 @@
|
|||||||
# Example configuration file for AIDE.
|
|
||||||
|
|
||||||
@@define DBDIR /var/lib/aide
|
|
||||||
|
|
||||||
# The location of the database to be read.
|
|
||||||
database=file:@@{DBDIR}/aide.db.gz
|
|
||||||
|
|
||||||
# The location of the database to be written.
|
|
||||||
#database_out=sql:host:port:database:login_name:passwd:table
|
|
||||||
#database_out=file:aide.db.new
|
|
||||||
database_out=file:@@{DBDIR}/aide.db.new.gz
|
|
||||||
|
|
||||||
# Whether to gzip the output to database
|
|
||||||
gzip_dbout=yes
|
|
||||||
|
|
||||||
# Default.
|
|
||||||
verbose=5
|
|
||||||
|
|
||||||
report_url=file:/var/log/aide.log
|
|
||||||
report_url=stdout
|
|
||||||
#report_url=stderr
|
|
||||||
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
|
||||||
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
|
|
||||||
|
|
||||||
# These are the default rules.
|
|
||||||
#
|
|
||||||
#p: permissions
|
|
||||||
#i: inode:
|
|
||||||
#n: number of links
|
|
||||||
#u: user
|
|
||||||
#g: group
|
|
||||||
#s: size
|
|
||||||
#b: block count
|
|
||||||
#m: mtime
|
|
||||||
#a: atime
|
|
||||||
#c: ctime
|
|
||||||
#acl: Access Control Lists
|
|
||||||
#selinux SELinux security context
|
|
||||||
#xattrs: Extended file attributes
|
|
||||||
#S: check for growing size
|
|
||||||
#md5: md5 checksum
|
|
||||||
#sha1: sha1 checksum
|
|
||||||
#sha256: sha256 checksum
|
|
||||||
#sha512: sha512 checksum
|
|
||||||
#rmd160: rmd160 checksum
|
|
||||||
#tiger: tiger checksum
|
|
||||||
|
|
||||||
#haval: haval checksum (MHASH only)
|
|
||||||
#gost: gost checksum (MHASH only)
|
|
||||||
#crc32: crc32 checksum (MHASH only)
|
|
||||||
#whirlpool: whirlpool checksum (MHASH only)
|
|
||||||
|
|
||||||
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
|
||||||
#L: p+i+n+u+g+acl+selinux+xattrs
|
|
||||||
#E: Empty group
|
|
||||||
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# You can create custom rules like this.
|
|
||||||
# With MHASH...
|
|
||||||
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
|
||||||
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
|
||||||
# Everything but access time (Ie. all changes)
|
|
||||||
EVERYTHING = R+ALLXTRAHASHES
|
|
||||||
|
|
||||||
# Sane, with multiple hashes
|
|
||||||
# NORMAL = R+rmd160+sha256+whirlpool
|
|
||||||
NORMAL = R+rmd160+sha256
|
|
||||||
|
|
||||||
# For directories, don't bother doing hashes
|
|
||||||
DIR = p+i+n+u+g+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# Access control only
|
|
||||||
PERMS = p+i+u+g+acl+selinux
|
|
||||||
|
|
||||||
# Logfile are special, in that they often change
|
|
||||||
LOG = >
|
|
||||||
|
|
||||||
# Just do md5 and sha256 hashes
|
|
||||||
LSPP = R+sha256
|
|
||||||
|
|
||||||
# Some files get updated automatically, so the inode/ctime/mtime change
|
|
||||||
# but we want to know when the data inside them changes
|
|
||||||
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
|
|
||||||
|
|
||||||
# Next decide what directories/files you want in the database.
|
|
||||||
|
|
||||||
/boot NORMAL
|
|
||||||
/bin NORMAL
|
|
||||||
/sbin NORMAL
|
|
||||||
/lib NORMAL
|
|
||||||
/opt NORMAL
|
|
||||||
/usr NORMAL
|
|
||||||
/root NORMAL
|
|
||||||
# These are too volatile
|
|
||||||
!/usr/src
|
|
||||||
!/usr/tmp
|
|
||||||
|
|
||||||
# Check only permissions, inode, user and group for /etc, but
|
|
||||||
# cover some important files closely.
|
|
||||||
/etc PERMS
|
|
||||||
!/etc/mtab
|
|
||||||
# Ignore backup files
|
|
||||||
!/etc/.*~
|
|
||||||
/etc/exports NORMAL
|
|
||||||
/etc/fstab NORMAL
|
|
||||||
/etc/passwd NORMAL
|
|
||||||
/etc/group NORMAL
|
|
||||||
/etc/gshadow NORMAL
|
|
||||||
/etc/shadow NORMAL
|
|
||||||
/etc/security/opasswd NORMAL
|
|
||||||
|
|
||||||
/etc/hosts.allow NORMAL
|
|
||||||
/etc/hosts.deny NORMAL
|
|
||||||
|
|
||||||
/etc/sudoers NORMAL
|
|
||||||
/etc/skel NORMAL
|
|
||||||
|
|
||||||
/etc/logrotate.d NORMAL
|
|
||||||
|
|
||||||
/etc/resolv.conf DATAONLY
|
|
||||||
|
|
||||||
/etc/nscd.conf NORMAL
|
|
||||||
/etc/securetty NORMAL
|
|
||||||
|
|
||||||
# Shell/X starting files
|
|
||||||
/etc/profile NORMAL
|
|
||||||
/etc/bashrc NORMAL
|
|
||||||
/etc/bash_completion.d/ NORMAL
|
|
||||||
/etc/login.defs NORMAL
|
|
||||||
/etc/zprofile NORMAL
|
|
||||||
/etc/zshrc NORMAL
|
|
||||||
/etc/zlogin NORMAL
|
|
||||||
/etc/zlogout NORMAL
|
|
||||||
/etc/profile.d/ NORMAL
|
|
||||||
/etc/X11/ NORMAL
|
|
||||||
|
|
||||||
# Pkg manager
|
|
||||||
/etc/yum.conf NORMAL
|
|
||||||
/etc/yumex.conf NORMAL
|
|
||||||
/etc/yumex.profiles.conf NORMAL
|
|
||||||
/etc/yum/ NORMAL
|
|
||||||
/etc/yum.repos.d/ NORMAL
|
|
||||||
|
|
||||||
/var/log LOG
|
|
||||||
# This gets new/removes-old filenames daily
|
|
||||||
!/var/log/sa
|
|
||||||
# As we are checking it, we've truncated yesterdays size to zero.
|
|
||||||
!/var/log/aide.log
|
|
||||||
|
|
||||||
# LSPP rules...
|
|
||||||
# AIDE produces an audit record, so this becomes perpetual motion.
|
|
||||||
# /var/log/audit/ LSPP
|
|
||||||
/etc/audit/ LSPP
|
|
||||||
/etc/libaudit.conf LSPP
|
|
||||||
/usr/sbin/stunnel LSPP
|
|
||||||
/var/spool/at LSPP
|
|
||||||
/etc/at.allow LSPP
|
|
||||||
/etc/at.deny LSPP
|
|
||||||
/etc/cron.allow LSPP
|
|
||||||
/etc/cron.deny LSPP
|
|
||||||
/etc/cron.d/ LSPP
|
|
||||||
/etc/cron.daily/ LSPP
|
|
||||||
/etc/cron.hourly/ LSPP
|
|
||||||
/etc/cron.monthly/ LSPP
|
|
||||||
/etc/cron.weekly/ LSPP
|
|
||||||
/etc/crontab LSPP
|
|
||||||
/var/spool/cron/root LSPP
|
|
||||||
|
|
||||||
/etc/login.defs LSPP
|
|
||||||
/etc/securetty LSPP
|
|
||||||
/var/log/faillog LSPP
|
|
||||||
/var/log/lastlog LSPP
|
|
||||||
|
|
||||||
/etc/hosts LSPP
|
|
||||||
/etc/sysconfig LSPP
|
|
||||||
|
|
||||||
/etc/inittab LSPP
|
|
||||||
# Grub isn't in LSPP, but pretend it is
|
|
||||||
/etc/grub/ LSPP
|
|
||||||
/etc/rc.d LSPP
|
|
||||||
|
|
||||||
/etc/ld.so.conf LSPP
|
|
||||||
|
|
||||||
/etc/localtime LSPP
|
|
||||||
|
|
||||||
/etc/sysctl.conf LSPP
|
|
||||||
|
|
||||||
/etc/modprobe.conf LSPP
|
|
||||||
|
|
||||||
/etc/pam.d LSPP
|
|
||||||
/etc/security LSPP
|
|
||||||
/etc/aliases LSPP
|
|
||||||
/etc/postfix LSPP
|
|
||||||
|
|
||||||
/etc/ssh/sshd_config LSPP
|
|
||||||
/etc/ssh/ssh_config LSPP
|
|
||||||
|
|
||||||
/etc/stunnel LSPP
|
|
||||||
|
|
||||||
/etc/vsftpd.ftpusers LSPP
|
|
||||||
/etc/vsftpd LSPP
|
|
||||||
|
|
||||||
/etc/issue LSPP
|
|
||||||
/etc/issue.net LSPP
|
|
||||||
|
|
||||||
/etc/cups LSPP
|
|
||||||
|
|
||||||
# With AIDE's default verbosity level of 5, these would give lots of
|
|
||||||
# warnings upon tree traversal. It might change with future version.
|
|
||||||
#
|
|
||||||
#=/lost\+found DIR
|
|
||||||
#=/home DIR
|
|
||||||
|
|
||||||
# Dito /var/log/sa reason...
|
|
||||||
!/var/log/and-httpd
|
|
40
aide.spec
40
aide.spec
@ -7,25 +7,26 @@
|
|||||||
Summary: Intrusion detection environment
|
Summary: Intrusion detection environment
|
||||||
Name: aide
|
Name: aide
|
||||||
Version: 0.13.1
|
Version: 0.13.1
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
URL: http://sourceforge.net/projects/aide
|
URL: http://sourceforge.net/projects/aide
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Source0: http://download.sourceforge.net/aide/aide-%{version}.tar.gz
|
Source0: http://download.sourceforge.net/aide/aide-%{version}.tar.gz
|
||||||
Source1: aide.conf
|
Source1: aide.conf
|
||||||
Source2: README.quickstart
|
Source2: README.quickstart
|
||||||
Source3: aide.conf.rhel
|
Patch1: aide-0.13.1-contextsize.patch
|
||||||
Patch0: aide-0.13.1-manuals.patch
|
Patch2: aide-0.12-dedosify.patch
|
||||||
Patch1: aide-0.12-selcon.patch
|
Patch3: aide-0.13.1-manuals.patch
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
|
||||||
Buildrequires: mhash-devel zlib-devel
|
BuildRequires: mktemp
|
||||||
|
Buildrequires: mhash-devel
|
||||||
|
Buildrequires: zlib-devel libgcrypt-devel
|
||||||
Buildrequires: flex bison
|
Buildrequires: flex bison
|
||||||
|
Buildrequires: libattr-devel libacl-devel libselinux-devel
|
||||||
|
Buildrequires: audit-libs-devel >= 1.2.8-2
|
||||||
%if "%{?_with_curl}x" != "x"
|
%if "%{?_with_curl}x" != "x"
|
||||||
Buildrequires: curl-devel
|
Buildrequires: curl-devel
|
||||||
%endif
|
%endif
|
||||||
Buildrequires: pkgconfig
|
|
||||||
Buildrequires: libattr-devel libacl-devel libselinux-devel
|
|
||||||
Buildrequires: audit-libs-devel >= 1.2.8-2
|
|
||||||
#Buildrequires: postgresql-devel libgcrypt-devel
|
#Buildrequires: postgresql-devel libgcrypt-devel
|
||||||
#(needs --with-psql and -lgcrypt in src/Makefile.in)
|
#(needs --with-psql and -lgcrypt in src/Makefile.in)
|
||||||
|
|
||||||
@ -36,22 +37,19 @@ checker and intrusion detection program.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch1 -p1 -b .contextsize
|
||||||
%patch0 -p1 -b .manuals
|
%patch2 -p1 -b .dedosify
|
||||||
# Adjust default paths in manual (not as safe as the patch).
|
%patch3 -p1 -b .manpages
|
||||||
#sed -i -e 's!@sysconfdir@/aide.db\(.new\)\?!%{_localstatedir}/lib/aide/aide.db\1.gz!' doc/aide.1.in
|
|
||||||
#sed -i -e 's!@sysconfdir@/aide.conf!%{_sysconfdir}/aide.conf!' doc/aide.1.in
|
|
||||||
%patch1 -p1 -b .selcon
|
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --with-config_file=%{_sysconfdir}/aide.conf \
|
%configure --with-config_file=%{_sysconfdir}/aide.conf \
|
||||||
--with-zlib \
|
--with-zlib \
|
||||||
|
--disable-static \
|
||||||
--with-mhash --enable-mhash \
|
--with-mhash --enable-mhash \
|
||||||
%{?_with_curl} %{?_without_curl} \
|
%{?_with_curl} %{?_without_curl} \
|
||||||
--with-selinux --with-posix-acl --with-configmactype=sha256 \
|
--with-selinux --with-posix-acl --with-audit \
|
||||||
--with-audit \
|
--with-xattr
|
||||||
%{?nostatic}
|
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
@ -59,11 +57,11 @@ make %{?_smp_mflags}
|
|||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
%makeinstall bindir=$RPM_BUILD_ROOT%{_sbindir}
|
%makeinstall bindir=$RPM_BUILD_ROOT%{_sbindir}
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
|
||||||
install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
|
install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
|
||||||
mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide
|
mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide
|
||||||
install -p %{SOURCE2} README.quickstart
|
install -p %{SOURCE2} README.quickstart
|
||||||
install -p %{SOURCE3} aide.conf.rhel
|
|
||||||
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
@ -73,15 +71,19 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%files
|
%files
|
||||||
%defattr(0644,root,root,0755)
|
%defattr(0644,root,root,0755)
|
||||||
%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/
|
%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/
|
||||||
%doc README.quickstart aide.conf.rhel
|
%doc README.quickstart
|
||||||
%attr(0700,root,root) %{_sbindir}/aide
|
%attr(0700,root,root) %{_sbindir}/aide
|
||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
%{_mandir}/man5/*
|
%{_mandir}/man5/*
|
||||||
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf
|
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf
|
||||||
%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
|
%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
|
||||||
|
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 30 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-6
|
||||||
|
- enable xattr support and update config file
|
||||||
|
|
||||||
* Fri Sep 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.13.1-5
|
* Fri Sep 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.13.1-5
|
||||||
- fix selcon patch to apply without fuzz
|
- fix selcon patch to apply without fuzz
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user