rpms/aide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- New upstream release

Browse Source
This commit is contained in:
Steve Grubb 2010-02-23 01:23:16 +00:00
parent 6b365dd884
commit ae8b785b25
8 changed files with 5 additions and 571 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1,2 +1,4 @@
aide-0.13.1.tar.gz.asc
aide-0.13.1.tar.gz
aide-0.14-rc1.tar.gz
aide-0.14-rc1.tar.gz.asc

174
aide-0.12-dedosify.patch
View File

@ -1,174 +0,0 @@
--- aide-0.12/contrib/gpg2_check.sh.spc 2007-06-21 12:37:06.000000000 -0400
+++ aide-0.12/contrib/gpg2_check.sh 2007-06-21 12:39:53.000000000 -0400
@@ -1,32 +1,32 @@
-#!/bin/sh
-# $Id: gpg2_check.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
-
-# Script by Vincent Danen <vdanen@linsec.ca>
-
-hostname=`uname -n`
-echo "AIDE integrity check for ${hostname} beginning (`date`)"
-echo ""
-if [ ! -e /var/lib/aide/aide.db ] ; then
- echo "**** Error: AIDE database for ${hostname} not found."
- echo "**** Run 'aide --init' and move the appropriate database file."
-else
- if [ -f /etc/aide.conf ]; then
- if [ -f /var/lib/aide/aide.db.sig ]; then
- pushd /var/lib/aide >/dev/null
- echo "Verifying the GPG signature on the database..."
- echo ""
- gpg --verify aide.db.sig
- echo ""
- if [ "$?" == "1" ]; then
- echo "************************************************************"
- echo "GPG signature FAILED! Your database has been tampered with!"
- echo "************************************************************"
- exit 1
- fi
- popd >/dev/null
- fi
- nice -20 /usr/sbin/aide --check 2>/dev/null
- fi
-fi
-
-exit 0
+#!/bin/sh
+# $Id: gpg2_check.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
+
+# Script by Vincent Danen <vdanen@linsec.ca>
+
+hostname=`uname -n`
+echo "AIDE integrity check for ${hostname} beginning (`date`)"
+echo ""
+if [ ! -e /var/lib/aide/aide.db ] ; then
+ echo "**** Error: AIDE database for ${hostname} not found."
+ echo "**** Run 'aide --init' and move the appropriate database file."
+else
+ if [ -f /etc/aide.conf ]; then
+ if [ -f /var/lib/aide/aide.db.sig ]; then
+ pushd /var/lib/aide >/dev/null
+ echo "Verifying the GPG signature on the database..."
+ echo ""
+ gpg --verify aide.db.sig
+ echo ""
+ if [ "$?" == "1" ]; then
+ echo "************************************************************"
+ echo "GPG signature FAILED! Your database has been tampered with!"
+ echo "************************************************************"
+ exit 1
+ fi
+ popd >/dev/null
+ fi
+ nice -20 /usr/sbin/aide --check 2>/dev/null
+ fi
+fi
+
+exit 0
--- aide-0.12/contrib/gpg2_update.sh.spc 2007-06-21 12:37:24.000000000 -0400
+++ aide-0.12/contrib/gpg2_update.sh 2007-06-21 12:39:43.000000000 -0400
@@ -1,52 +1,52 @@
-#!/bin/sh
-# $Id: gpg2_update.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
-#
-# script to update and rotate the AIDE database files and, optionally
-# create a detached GPG signature to verify the database file
-#
-# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
-
-usegpg=0
-
-if [ -f /root/.gnupg/secring.gpg ]; then
- usegpg=1
-fi
-
-if [ ! -d /var/lib/aide ]; then
- echo "The AIDE database directory /var/lib/aide does not exist!"
- exit 1
-fi
-
-pushd /var/lib/aide >/dev/null
-
-# copy the old database
-if [ -f aide.db ]; then
- newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
- if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
- # do an integrity check
- gpg --verify aide.db.sig
- if [ "$?" == "1" ]; then
- echo "************************************************************"
- echo "GPG signature FAILED! Your database has been tampered with!"
- echo "************************************************************"
- exit 1
- fi
- fi
- cp -av aide.db ${newfile}
- /usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
- if [ "${usegpg}" == "1" ]; then
- # create the signature file
- [[ -f aide.db.sig ]] && rm -f aide.db.sig
- gpg --detach-sign aide.db
- if [ "$?" == "1" ]; then
- echo "FATAL: Error occurred when creating the signature file!"
- exit 1
- fi
- fi
- gzip -9f ${newfile}
-else
- echo "The AIDE database does not exist, can't update!"
- exit 1
-fi
-
-popd >/dev/null
+#!/bin/sh
+# $Id: gpg2_update.sh,v 1.1 2006/01/22 20:25:37 rvdb Exp $
+#
+# script to update and rotate the AIDE database files and, optionally
+# create a detached GPG signature to verify the database file
+#
+# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
+
+usegpg=0
+
+if [ -f /root/.gnupg/secring.gpg ]; then
+ usegpg=1
+fi
+
+if [ ! -d /var/lib/aide ]; then
+ echo "The AIDE database directory /var/lib/aide does not exist!"
+ exit 1
+fi
+
+pushd /var/lib/aide >/dev/null
+
+# copy the old database
+if [ -f aide.db ]; then
+ newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
+ if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
+ # do an integrity check
+ gpg --verify aide.db.sig
+ if [ "$?" == "1" ]; then
+ echo "************************************************************"
+ echo "GPG signature FAILED! Your database has been tampered with!"
+ echo "************************************************************"
+ exit 1
+ fi
+ fi
+ cp -av aide.db ${newfile}
+ /usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
+ if [ "${usegpg}" == "1" ]; then
+ # create the signature file
+ [[ -f aide.db.sig ]] && rm -f aide.db.sig
+ gpg --detach-sign aide.db
+ if [ "$?" == "1" ]; then
+ echo "FATAL: Error occurred when creating the signature file!"
+ exit 1
+ fi
+ fi
+ gzip -9f ${newfile}
+else
+ echo "The AIDE database does not exist, can't update!"
+ exit 1
+fi
+
+popd >/dev/null

49
aide-0.13.1-contextsize.patch
View File

@ -1,49 +0,0 @@
From: Steve Conklin <sconklin@redhat.com>
To: aide-devel@lists.sourceforge.net
Only the first 32 characters of the selinux context was displayed, which
often isn't enough to see what changed.
This patch increases the displayed length to 128 characters for selinux
contexts and also for link names.
diff -up aide-0.13.1/src/compare_db.c.selcon aide-0.13.1/src/compare_db.c
--- aide-0.13.1/src/compare_db.c.selcon 2006-11-30 14:06:56.000000000 -0500
+++ aide-0.13.1/src/compare_db.c 2008-09-26 13:23:25.000000000 -0400
@@ -53,9 +53,10 @@
const int old_col = 12;
const int new_col = 40;
-const int part_len = 33; /* usable length of line[] */
-char oline[33];
-char nline[33];
+const int part_len = 33; /* usable length of line[] for most purposes */
+const int long_part_len = 129; /* length of line[] for link names and selinux contexts */
+char oline[129];
+char nline[129];
const char* entry_format= " %-9s: %-33s, %s\n";
const char* entry_format_justnew=" %-9s: %-33c %s\n";
/*************/
@@ -379,17 +380,17 @@ void print_str_changes(char*old,char*new
if(old==NULL){
if(new!=NULL){
- snprintf(oline,part_len,"<NULL>");
- snprintf(nline,part_len,"%s",new);
+ snprintf(oline,long_part_len,"<NULL>");
+ snprintf(nline,long_part_len,"%s",new);
ok = 1;
}
} else if(new==NULL){
- snprintf(oline,part_len,"%s",old);
- snprintf(nline,part_len,"<NULL>");
+ snprintf(oline,long_part_len,"%s",old);
+ snprintf(nline,long_part_len,"<NULL>");
ok = 1;
} else if(strcmp(old,new)!=0){
- snprintf(oline,part_len,"%s",old);
- snprintf(nline,part_len,"%s",new);
+ snprintf(oline,long_part_len,"%s",old);
+ snprintf(nline,long_part_len,"%s",new);
ok = 1;
}
if(ok)

41
aide-0.13.1-libgrypt-init.patch
View File

@ -1,41 +0,0 @@
diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in
--- aide-0.13.1.orig/doc/aide.1.in 2009-12-01 12:23:10.000000000 -0500
+++ aide-0.13.1/doc/aide.1.in 2009-12-01 12:28:14.000000000 -0500
@@ -67,6 +67,7 @@ conditions:
.IP "16 Unimplemented function error"
.IP "17 Invalid configureline error"
.IP "18 IO error"
+.IP "19 Version mismatch error"
.PP
.SH NOTES
Please note that due to mmap issues, aide cannot be terminated with
diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h
--- aide-0.13.1.orig/include/report.h 2009-12-01 12:23:10.000000000 -0500
+++ aide-0.13.1/include/report.h 2009-12-01 12:27:43.000000000 -0500
@@ -31,6 +31,7 @@
#define UNIMPLEMENTED_FUNCTION_ERROR 16
#define INVALID_CONFIGURELINE_ERROR 17
#define IO_ERROR 18
+#define VERSION_MISMATCH_ERROR 19
/* Errorcodes */
#define HASH_ALGO_ERROR 30
diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c
--- aide-0.13.1.orig/src/md.c 2009-12-01 12:23:10.000000000 -0500
+++ aide-0.13.1/src/md.c 2009-12-01 12:27:04.000000000 -0500
@@ -201,6 +201,15 @@ int init_md(struct md_container* md) {
#endif
#ifdef WITH_GCRYPT
error(255,"Gcrypt library initialization\n");
+ /*
+ Initialize libgcrypt as per
+ http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ */
+ if(!gcry_check_version(GCRYPT_VERSION)) {
+ error(0,"libgcrypt version mismatch\n");
+ exit(VERSION_MISMATCH_ERROR);
+ }
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);

18
aide-0.13.1-manuals.patch
View File

@ -1,18 +0,0 @@
diff -Nur aide-0.13.1-orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in
--- aide-0.13.1-orig/doc/aide.1.in 2006-11-30 20:38:16.000000000 +0100
+++ aide-0.13.1/doc/aide.1.in 2007-01-05 23:28:44.000000000 +0100
@@ -73,11 +73,11 @@
SIGTERM. Use SIGKILL to terminate.
.PP
.SH FILES
-.B @sysconfdir@/aide.conf
+.B /etc/aide.conf
Default aide configuration file.
-.B @sysconfdir@/aide.db
+.B /var/lib/aide/aide.db.gz
Default aide database.
-.B @sysconfdir@/aide.db.new
+.B /var/lib/aide/aide.db.new.gz
Default aide output database.
.SH SEE ALSO
.BR aide.conf (5)

286
aide-0.13.1-prelink2.patch
View File

@ -1,286 +0,0 @@
diff -up aide-0.13.1/configure.in.prelink aide-0.13.1/configure.in
--- aide-0.13.1/configure.in.prelink 2006-12-08 22:49:21.000000000 +0100
+++ aide-0.13.1/configure.in 2009-05-13 16:14:49.000000000 +0200
@@ -405,6 +405,30 @@ AS_IF([test "x$with_selinux_support" !=
AC_SUBST(SELINUXLIB)
+
+AC_MSG_CHECKING(for prelink-support)
+AC_ARG_WITH([prelink],
+ [AC_HELP_STRING([--with-prelink],[use prelink (no checking)])],
+ [case $with_prelink in
+ yes) AC_DEFINE_UNQUOTED(PRELINK_PATH, "/usr/sbin/prelink", [path to prelink])
+ AC_DEFINE(WITH_PRELINK,1,[use prelink])
+ ELFLIB="-lelf"
+ compoptionstring="${compoptionstring}WITH_PRELINK\\n"
+ AC_MSG_RESULT([/usr/sbin/prelink])
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_DEFINE_UNQUOTED(PRELINK_PATH, "$with_prelink", [path to prelink])
+ AC_DEFINE(WITH_PRELINK,1,[use prelink])
+ ELFLIB="-lelf"
+ compoptionstring="${compoptionstring}WITH_PRELINK\\n"
+ AC_MSG_RESULT([$with_prelink])
+ ;;
+ esac],
+ [with_prelink=no]
+)
+AC_SUBST(ELFLIB)
+
AC_MSG_CHECKING(for xattr-support)
AC_ARG_WITH([xattr],
[AC_HELP_STRING([--with-xattr],
diff -up aide-0.13.1/src/do_md.c.prelink aide-0.13.1/src/do_md.c
--- aide-0.13.1/src/do_md.c.prelink 2006-10-27 22:47:20.000000000 +0200
+++ aide-0.13.1/src/do_md.c 2009-05-13 17:37:51.000000000 +0200
@@ -65,6 +65,86 @@
/*
#include <gcrypt.h>
*/
+
+#ifdef WITH_PRELINK
+#include <sys/wait.h>
+#include <gelf.h>
+
+/*
+ * Is file descriptor prelinked binary/library?
+ * Return: 1(yes) / 0(no)
+ *
+ */
+int is_prelinked(int fd) {
+ Elf *elf = NULL;
+ Elf_Scn *scn = NULL;
+ Elf_Data *data = NULL;
+ GElf_Ehdr ehdr;
+ GElf_Shdr shdr;
+ GElf_Dyn dyn;
+ int bingo;
+
+ (void) elf_version(EV_CURRENT);
+
+ if ((elf = elf_begin (fd, ELF_C_READ, NULL)) == NULL
+ || elf_kind(elf) != ELF_K_ELF
+ || gelf_getehdr(elf, &ehdr) == NULL
+ || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC))
+ return 0;
+
+ bingo = 0;
+ while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) {
+ (void) gelf_getshdr(scn, &shdr);
+
+ if (shdr.sh_type != SHT_DYNAMIC)
+ continue;
+
+ while (!bingo && (data = elf_getdata (scn, data)) != NULL) {
+ int maxndx = data->d_size / shdr.sh_entsize;
+ int ndx;
+
+ for (ndx = 0; ndx < maxndx; ++ndx) {
+ (void) gelf_getdyn (data, ndx, &dyn);
+ if (!(dyn.d_tag == DT_GNU_PRELINKED || dyn.d_tag == DT_GNU_LIBLIST))
+ continue;
+ bingo = 1;
+ break;
+ }
+ }
+ }
+
+ return bingo;
+}
+
+/*
+ * Open path via prelink -y, set fd
+ * Return: 0(not success) / !0(prelink child process)
+ *
+ */
+pid_t open_prelinked(const char * path, int * fd) {
+ const char *cmd = PRELINK_PATH;
+ pid_t pid = 0;
+ int pipes[2];
+
+ pipes[0] = pipes[1] = -1;
+ pipe(pipes);
+ if (!(pid = fork())) {
+ /* child */
+ close(pipes[0]);
+ dup2(pipes[1], STDOUT_FILENO);
+ close(pipes[1]);
+ unsetenv("MALLOC_CHECK_");
+ execl(cmd, cmd, "--verify", path, (char *) NULL);
+ }
+ /* parent */
+ close(pipes[1]);
+ *fd = pipes[0];
+ return pid;
+
+}
+
+#endif
+
void md_init_fail(const char* s,db_line* db,byte** hash,DB_ATTR_TYPE i) {
error(0,"Message digest %s initialise failed\nDisabling %s for file %s\n",s,s,db->filename);
db->attr=db->attr&(~i);
@@ -121,6 +201,9 @@ void calc_md(struct AIDE_STAT_TYPE* old_
struct AIDE_STAT_TYPE fs;
int sres=0;
int stat_diff,filedes;
+#ifdef WITH_PRELINK
+ pid_t pid;
+#endif
error(255,"calc_md called\n");
#ifdef _PARAMETER_CHECK_
@@ -166,6 +249,22 @@ void calc_md(struct AIDE_STAT_TYPE* old_
/*
Now we have a 'valid' filehandle to read from a file.
*/
+
+#ifdef WITH_PRELINK
+ /*
+ * Let's take care of prelinked libraries/binaries
+ */
+ pid=0;
+ if ( is_prelinked(filedes) ) {
+ close(filedes);
+ pid = open_prelinked(line->filename, &filedes);
+ if (pid == 0) {
+ error(0, "Error on starting prelink undo\n");
+ return;
+ }
+ }
+#endif
+
off_t r_size=0;
off_t size=0;
char* buf;
@@ -176,47 +275,58 @@ void calc_md(struct AIDE_STAT_TYPE* old_
if (init_md(&mdc)==RETOK) {
#ifdef HAVE_MMAP
- off_t curpos=0;
+#ifdef WITH_PRELINK
+ if (pid == 0) {
+#endif
+ off_t curpos=0;
- r_size=fs.st_size;
- /* in mmap branch r_size is used as size remaining */
- while(r_size>0){
- if(r_size<MMAP_BLOCK_SIZE){
+ r_size=fs.st_size;
+ /* in mmap branch r_size is used as size remaining */
+ while(r_size>0){
+ if(r_size<MMAP_BLOCK_SIZE){
#ifdef __hpux
- buf = mmap(0,r_size,PROT_READ,MAP_PRIVATE,filedes,curpos);
+ buf = mmap(0,r_size,PROT_READ,MAP_PRIVATE,filedes,curpos);
#else
- buf = mmap(0,r_size,PROT_READ,MAP_SHARED,filedes,curpos);
+ buf = mmap(0,r_size,PROT_READ,MAP_SHARED,filedes,curpos);
#endif
- curpos+=r_size;
- size=r_size;
- r_size=0;
- }else {
+ curpos+=r_size;
+ size=r_size;
+ r_size=0;
+ }else {
#ifdef __hpux
- buf = mmap(0,MMAP_BLOCK_SIZE,PROT_READ,MAP_PRIVATE,filedes,curpos);
+ buf = mmap(0,MMAP_BLOCK_SIZE,PROT_READ,MAP_PRIVATE,filedes,curpos);
#else
- buf = mmap(0,MMAP_BLOCK_SIZE,PROT_READ,MAP_SHARED,filedes,curpos);
+ buf = mmap(0,MMAP_BLOCK_SIZE,PROT_READ,MAP_SHARED,filedes,curpos);
#endif
- curpos+=MMAP_BLOCK_SIZE;
- size=MMAP_BLOCK_SIZE;
- r_size-=MMAP_BLOCK_SIZE;
- }
- if ( buf == MAP_FAILED ) {
- error(0,"error mmap'ing %s: %s\n", line->filename,strerror(errno));
- close(filedes);
- close_md(&mdc);
- return;
- }
- conf->catch_mmap=1;
- if (update_md(&mdc,buf,size)!=RETOK) {
- error(0,"Message digest failed during update\n");
- close_md(&mdc);
- munmap(buf,size);
- return;
- }
- munmap(buf,size);
- conf->catch_mmap=0;
+ curpos+=MMAP_BLOCK_SIZE;
+ size=MMAP_BLOCK_SIZE;
+ r_size-=MMAP_BLOCK_SIZE;
+ }
+ if ( buf == MAP_FAILED ) {
+ error(0,"error mmap'ing %s: %s\n", line->filename,strerror(errno));
+ close(filedes);
+ close_md(&mdc);
+ return;
+ }
+ conf->catch_mmap=1;
+ if (update_md(&mdc,buf,size)!=RETOK) {
+ error(0,"Message digest failed during update\n");
+ close_md(&mdc);
+ munmap(buf,size);
+ return;
+ }
+ munmap(buf,size);
+ conf->catch_mmap=0;
+ }
+ /* we have used MMAP, let's return */
+ close_md(&mdc);
+ md2line(&mdc,line);
+ close(filedes);
+ return;
+#ifdef WITH_PRELINK
}
-#else /* not HAVE_MMAP */
+#endif
+#endif /* not HAVE_MMAP */
buf=malloc(READ_BLOCK_SIZE);
#if READ_BLOCK_SIZE>SSIZE_MAX
#error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE
@@ -229,11 +339,22 @@ void calc_md(struct AIDE_STAT_TYPE* old_
}
r_size+=size;
}
+
+#ifdef WITH_PRELINK
+ if (pid) {
+ int status;
+ (void) waitpid(pid, &status, 0);
+ if (!WIFEXITED(status) || WEXITSTATUS(status)) {
+ error(0, "Error on exit of prelink child process\n");
+ close_md(&mdc);
+ return;
+ }
+ }
+#endif
free(buf);
-#endif /* HAVE_MMAP else branch */
close_md(&mdc);
md2line(&mdc,line);
-
+
} else {
error(3,"Message digest initialization failed.\n");
no_hash(line);
diff -up aide-0.13.1/src/Makefile.am.prelink aide-0.13.1/src/Makefile.am
--- aide-0.13.1/src/Makefile.am.prelink 2006-10-27 23:10:38.000000000 +0200
+++ aide-0.13.1/src/Makefile.am 2009-05-13 16:14:49.000000000 +0200
@@ -50,7 +50,7 @@ aide_SOURCES = \
INCLUDES = -I$(top_srcdir)/include
-LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@
+LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @ELFLIB@
AM_LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@

2
aide.spec
View File

@ -14,7 +14,7 @@ Source2: README.quickstart
Source3: aide.logrotate
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
BuildRequires: mktemp
BuildRequires: prelink autoconf automake elfutils-libelf-devel
BuildRequires: prelink elfutils-libelf-devel
%if 0%{?rhel} == 0
Buildrequires: mhash-devel
%endif

4
sources
View File

@ -1,2 +1,2 @@
eb724c089677d634a02d015ef943522c aide-0.13.1.tar.gz.asc
27978cc6bca4f0fbf3f6f5a1b330661c aide-0.13.1.tar.gz
5af59a71e77df0f9b444d8e56a044abd aide-0.14-rc1.tar.gz.asc
e13d4ef4fbd6558c5026306cba556803 aide-0.14-rc1.tar.gz