import aide-0.16-11.el8
This commit is contained in:
parent
ca4bb72a72
commit
f7e8351a14
@ -51,8 +51,6 @@ report_url=stdout
|
||||
#crc32: crc32 checksum (MHASH only)
|
||||
#whirlpool: whirlpool checksum (MHASH only)
|
||||
|
||||
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
|
||||
|
||||
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
||||
#L: p+i+n+u+g+acl+selinux+xattrs
|
||||
#E: Empty group
|
||||
@ -65,150 +63,245 @@ ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||
# Everything but access time (Ie. all changes)
|
||||
EVERYTHING = R+ALLXTRAHASHES
|
||||
|
||||
# Sane, with multiple hashes
|
||||
# NORMAL = R+rmd160+sha256+whirlpool
|
||||
NORMAL = FIPSR+sha512
|
||||
# Sane
|
||||
# NORMAL = R+sha512
|
||||
NORMAL = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha512
|
||||
|
||||
# For directories, don't bother doing hashes
|
||||
DIR = p+i+n+u+g+acl+selinux+xattrs
|
||||
|
||||
# Access control only
|
||||
PERMS = p+i+u+g+acl+selinux
|
||||
PERMS = p+u+g+acl+selinux+xattrs
|
||||
|
||||
# Logfile are special, in that they often change
|
||||
LOG = >
|
||||
LOG = p+u+g+n+S+acl+selinux+xattrs
|
||||
|
||||
# Just do sha256 and sha512 hashes
|
||||
LSPP = FIPSR+sha512
|
||||
# Content + file type.
|
||||
CONTENT = sha512+ftype
|
||||
|
||||
# Extended content + file type + access.
|
||||
CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
|
||||
|
||||
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||
# but we want to know when the data inside them changes
|
||||
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
|
||||
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
|
||||
# Next decide what directories/files you want in the database.
|
||||
|
||||
/boot NORMAL
|
||||
/bin NORMAL
|
||||
/sbin NORMAL
|
||||
/lib NORMAL
|
||||
/lib64 NORMAL
|
||||
/opt NORMAL
|
||||
/usr NORMAL
|
||||
/root NORMAL
|
||||
/boot CONTENT_EX
|
||||
/opt/ CONTENT
|
||||
|
||||
# Admins dot files constantly change, just check perms
|
||||
/root/\..* PERMS
|
||||
# Otherwise get all of /root.
|
||||
/root/ CONTENT_EX
|
||||
|
||||
# These are too volatile
|
||||
!/usr/src
|
||||
!/usr/tmp
|
||||
!/usr/src/
|
||||
!/usr/tmp/
|
||||
|
||||
# Check only permissions, inode, user and group for /etc, but
|
||||
# cover some important files closely.
|
||||
/etc PERMS
|
||||
!/etc/mtab
|
||||
# Ignore backup files
|
||||
!/etc/.*~
|
||||
/etc/exports NORMAL
|
||||
/etc/fstab NORMAL
|
||||
/etc/passwd NORMAL
|
||||
/etc/group NORMAL
|
||||
/etc/gshadow NORMAL
|
||||
/etc/shadow NORMAL
|
||||
/etc/security/opasswd NORMAL
|
||||
# Otherwise get all of /usr.
|
||||
/usr/ CONTENT_EX
|
||||
|
||||
/etc/hosts.allow NORMAL
|
||||
/etc/hosts.deny NORMAL
|
||||
# trusted databases
|
||||
/etc/hosts$ CONTENT_EX
|
||||
/etc/host.conf$ CONTENT_EX
|
||||
/etc/hostname$ CONTENT_EX
|
||||
/etc/issue$ CONTENT_EX
|
||||
/etc/issue.net$ CONTENT_EX
|
||||
/etc/protocols$ CONTENT_EX
|
||||
/etc/services$ CONTENT_EX
|
||||
/etc/localtime$ CONTENT_EX
|
||||
/etc/alternatives/ CONTENT_EX
|
||||
/etc/sysconfig CONTENT_EX
|
||||
/etc/mime.types$ CONTENT_EX
|
||||
/etc/terminfo/ CONTENT_EX
|
||||
/etc/exports$ CONTENT_EX
|
||||
/etc/fstab$ CONTENT_EX
|
||||
/etc/passwd$ CONTENT_EX
|
||||
/etc/group$ CONTENT_EX
|
||||
/etc/gshadow$ CONTENT_EX
|
||||
/etc/shadow$ CONTENT_EX
|
||||
/etc/subgid$ CONTENT_EX
|
||||
/etc/subuid$ CONTENT_EX
|
||||
/etc/security/opasswd$ CONTENT_EX
|
||||
/etc/skel/ CONTENT_EX
|
||||
/etc/subuid$ CONTENT_EX
|
||||
/etc/subgid$ CONTENT_EX
|
||||
/etc/sssd/ CONTENT_EX
|
||||
/etc/machine-id$ CONTENT_EX
|
||||
/etc/swid/ CONTENT_EX
|
||||
/etc/system-release-cpe$ CONTENT_EX
|
||||
/etc/shells$ CONTENT_EX
|
||||
/etc/tmux.conf$ CONTENT_EX
|
||||
/etc/xattr.conf$ CONTENT_EX
|
||||
|
||||
/etc/sudoers NORMAL
|
||||
/etc/skel NORMAL
|
||||
|
||||
/etc/logrotate.d NORMAL
|
||||
# networking
|
||||
/etc/hosts.allow$ CONTENT_EX
|
||||
/etc/hosts.deny$ CONTENT_EX
|
||||
/etc/firewalld/ CONTENT_EX
|
||||
!/etc/NetworkManager/system-connections/
|
||||
/etc/NetworkManager/ CONTENT_EX
|
||||
/etc/networks$ CONTENT_EX
|
||||
/etc/dhcp/ CONTENT_EX
|
||||
/etc/wpa_supplicant/ CONTENT_EX
|
||||
/etc/resolv.conf$ DATAONLY
|
||||
/etc/nscd.conf$ CONTENT_EX
|
||||
|
||||
/etc/resolv.conf DATAONLY
|
||||
# logins and accounts
|
||||
/etc/login.defs$ CONTENT_EX
|
||||
/etc/libuser.conf$ CONTENT_EX
|
||||
/var/log/faillog$ PERMS
|
||||
/var/log/lastlog$ PERMS
|
||||
/var/run/faillock/ PERMS
|
||||
/etc/pam.d/ CONTENT_EX
|
||||
/etc/security/ CONTENT_EX
|
||||
/etc/securetty$ CONTENT_EX
|
||||
/etc/polkit-1/ CONTENT_EX
|
||||
/etc/sudo.conf$ CONTENT_EX
|
||||
/etc/sudoers CONTENT_EX
|
||||
/etc/sudoers.d/ CONTENT_EX
|
||||
|
||||
/etc/nscd.conf NORMAL
|
||||
/etc/securetty NORMAL
|
||||
|
||||
# Shell/X starting files
|
||||
/etc/profile NORMAL
|
||||
/etc/bashrc NORMAL
|
||||
/etc/bash_completion.d/ NORMAL
|
||||
/etc/login.defs NORMAL
|
||||
/etc/zprofile NORMAL
|
||||
/etc/zshrc NORMAL
|
||||
/etc/zlogin NORMAL
|
||||
/etc/zlogout NORMAL
|
||||
/etc/profile.d/ NORMAL
|
||||
/etc/X11/ NORMAL
|
||||
# Shell/X startup files
|
||||
/etc/profile$ CONTENT_EX
|
||||
/etc/profile.d/ CONTENT_EX
|
||||
/etc/bashrc$ CONTENT_EX
|
||||
/etc/bash_completion.d/ CONTENT_EX
|
||||
/etc/zprofile$ CONTENT_EX
|
||||
/etc/zshrc$ CONTENT_EX
|
||||
/etc/zlogin$ CONTENT_EX
|
||||
/etc/zlogout$ CONTENT_EX
|
||||
/etc/X11/ CONTENT_EX
|
||||
|
||||
# Pkg manager
|
||||
/etc/yum.conf NORMAL
|
||||
/etc/yumex.conf NORMAL
|
||||
/etc/yumex.profiles.conf NORMAL
|
||||
/etc/yum/ NORMAL
|
||||
/etc/yum.repos.d/ NORMAL
|
||||
|
||||
/var/log LOG
|
||||
/var/run/utmp LOG
|
||||
/etc/dnf/ CONTENT_EX
|
||||
/etc/yum.conf$ CONTENT_EX
|
||||
/etc/yum/ CONTENT_EX
|
||||
/etc/yum.repos.d/ CONTENT_EX
|
||||
|
||||
# This gets new/removes-old filenames daily
|
||||
!/var/log/sa
|
||||
# As we are checking it, we've truncated yesterdays size to zero.
|
||||
!/var/log/aide.log
|
||||
|
||||
# LSPP rules...
|
||||
# auditing
|
||||
# AIDE produces an audit record, so this becomes perpetual motion.
|
||||
# /var/log/audit/ LSPP
|
||||
/etc/audit/ LSPP
|
||||
/etc/libaudit.conf LSPP
|
||||
/usr/sbin/stunnel LSPP
|
||||
/var/spool/at LSPP
|
||||
/etc/at.allow LSPP
|
||||
/etc/at.deny LSPP
|
||||
/etc/cron.allow LSPP
|
||||
/etc/cron.deny LSPP
|
||||
/etc/cron.d/ LSPP
|
||||
/etc/cron.daily/ LSPP
|
||||
/etc/cron.hourly/ LSPP
|
||||
/etc/cron.monthly/ LSPP
|
||||
/etc/cron.weekly/ LSPP
|
||||
/etc/crontab LSPP
|
||||
/var/spool/cron/root LSPP
|
||||
/var/log/audit/ PERMS
|
||||
/etc/audit/ CONTENT_EX
|
||||
/etc/libaudit.conf$ CONTENT_EX
|
||||
/etc/aide.conf$ CONTENT_EX
|
||||
|
||||
/etc/login.defs LSPP
|
||||
/etc/securetty LSPP
|
||||
/var/log/faillog LSPP
|
||||
/var/log/lastlog LSPP
|
||||
# System logs
|
||||
/etc/rsyslog.conf$ CONTENT_EX
|
||||
/etc/rsyslog.d/ CONTENT_EX
|
||||
/etc/logrotate.conf$ CONTENT_EX
|
||||
/etc/logrotate.d/ CONTENT_EX
|
||||
/etc/systemd/journald.conf$ CONTENT_EX
|
||||
/var/log/ LOG+ANF+ARF
|
||||
/var/run/utmp LOG
|
||||
|
||||
/etc/hosts LSPP
|
||||
/etc/sysconfig LSPP
|
||||
# secrets
|
||||
/etc/pkcs11/ CONTENT_EX
|
||||
/etc/pki/ CONTENT_EX
|
||||
/etc/crypto-policies/ CONTENT_EX
|
||||
/etc/certmonger/ CONTENT_EX
|
||||
/var/lib/systemd/random-seed$ PERMS
|
||||
|
||||
/etc/inittab LSPP
|
||||
/etc/grub/ LSPP
|
||||
/etc/rc.d LSPP
|
||||
# init system
|
||||
/etc/systemd/ CONTENT_EX
|
||||
/etc/rc.d/ CONTENT_EX
|
||||
/etc/tmpfiles.d/ CONTENT_EX
|
||||
|
||||
/etc/ld.so.conf LSPP
|
||||
# boot config
|
||||
/etc/default/ CONTENT_EX
|
||||
/etc/grub.d/ CONTENT_EX
|
||||
/etc/dracut.conf CONTENT_EX
|
||||
/etc/dracut.conf.d/ CONTENT_EX
|
||||
|
||||
/etc/localtime LSPP
|
||||
# glibc linker
|
||||
/etc/ld.so.cache$ CONTENT_EX
|
||||
/etc/ld.so.conf$ CONTENT_EX
|
||||
/etc/ld.so.conf.d/ CONTENT_EX
|
||||
/etc/ld.so.preload$ CONTENT_EX
|
||||
|
||||
/etc/sysctl.conf LSPP
|
||||
# kernel config
|
||||
/etc/sysctl.conf CONTENT_EX
|
||||
/etc/sysctl.d/ CONTENT_EX
|
||||
/etc/modprobe.d/ CONTENT_EX
|
||||
/etc/modules-load.d/ CONTENT_EX
|
||||
/etc/depmod.d/ CONTENT_EX
|
||||
/etc/udev/ CONTENT_EX
|
||||
/etc/crypttab$ CONTENT_EX
|
||||
|
||||
/etc/modprobe.conf LSPP
|
||||
#### Daemons ####
|
||||
|
||||
/etc/pam.d LSPP
|
||||
/etc/security LSPP
|
||||
/etc/aliases LSPP
|
||||
/etc/postfix LSPP
|
||||
# cron jobs
|
||||
/var/spool/at/ CONTENT
|
||||
/etc/at.allow$ CONTENT
|
||||
/etc/at.deny$ CONTENT
|
||||
/var/spool/anacron CONTENT
|
||||
/etc/anacrontab$ CONTENT_EX
|
||||
/etc/cron.allow$ CONTENT_EX
|
||||
/etc/cron.deny$ CONTENT_EX
|
||||
/etc/cron.d/ CONTENT_EX
|
||||
/etc/cron.daily/ CONTENT_EX
|
||||
/etc/cron.hourly/ CONTENT_EX
|
||||
/etc/cron.monthly/ CONTENT_EX
|
||||
/etc/cron.weekly/ CONTENT_EX
|
||||
/etc/crontab$ CONTENT_EX
|
||||
/var/spool/cron/root/ CONTENT
|
||||
|
||||
/etc/ssh/sshd_config LSPP
|
||||
/etc/ssh/ssh_config LSPP
|
||||
# time keeping
|
||||
/etc/chrony.conf CONTENT_EX
|
||||
/etc/chrony.keys$ CONTENT_EX
|
||||
|
||||
/etc/stunnel LSPP
|
||||
# mail
|
||||
/etc/aliases$ CONTENT_EX
|
||||
/etc/aliases.db$ CONTENT_EX
|
||||
/etc/postfix/ CONTENT_EX
|
||||
|
||||
/etc/vsftpd.ftpusers LSPP
|
||||
/etc/vsftpd LSPP
|
||||
# ssh
|
||||
/etc/ssh/sshd_config CONTENT_EX
|
||||
/etc/ssh/ssh_config CONTENT_EX
|
||||
|
||||
/etc/issue LSPP
|
||||
/etc/issue.net LSPP
|
||||
# stunnel
|
||||
/etc/stunnel/ CONTENT_EX
|
||||
|
||||
# printing
|
||||
/etc/cups/ CONTENT_EX
|
||||
/etc/cupshelpers/ CONTENT_EX
|
||||
/etc/avahi/ CONTENT_EX
|
||||
|
||||
# web server
|
||||
/etc/httpd/ CONTENT_EX
|
||||
|
||||
# dns
|
||||
/etc/named/ CONTENT_EX
|
||||
/etc/named.conf$ CONTENT_EX
|
||||
/etc/named.iscdlv.key$ CONTENT_EX
|
||||
/etc/named.rfc1912.zones$ CONTENT_EX
|
||||
/etc/named.root.key$ CONTENT_EX
|
||||
|
||||
# xinetd
|
||||
/etc/xinetd.conf$ CONTENT_EX
|
||||
/etc/xinetd.d/ CONTENT_EX
|
||||
|
||||
# IPsec
|
||||
/etc/ipsec.conf CONTENT_EX
|
||||
/etc/ipsec.secrets CONTENT_EX
|
||||
/etc/ipsec.d/ CONTENT_EX
|
||||
|
||||
# USB guard
|
||||
/etc/usbguard/ CONTENT_EX
|
||||
|
||||
# Ignore some files
|
||||
!/etc/mtab$
|
||||
!/etc/.*~
|
||||
|
||||
# Now everything else
|
||||
/etc/ PERMS
|
||||
|
||||
/etc/cups LSPP
|
||||
|
||||
# With AIDE's default verbosity level of 5, these would give lots of
|
||||
# warnings upon tree traversal. It might change with future version.
|
||||
@ -221,3 +314,4 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
|
||||
|
||||
# Admins dot files constantly change, just check perms
|
||||
/root/\..* PERMS
|
||||
!/root/.xauth*
|
||||
|
31
SOURCES/coverity2.patch
Normal file
31
SOURCES/coverity2.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff --up ./src/compare_db.c ./src/compare_db.c
|
||||
--- ./src/compare_db.c
|
||||
+++ ./src/compare_db.c
|
||||
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
|
||||
} else {
|
||||
*values = malloc(1 * sizeof (char*));
|
||||
if (DB_FTYPE&attr) {
|
||||
- easy_string(get_file_type_string(line->perm))
|
||||
+ char *file_type = get_file_type_string(line->perm);
|
||||
+ if (!file_type) {
|
||||
+ error(2,"%s: ", file_type);
|
||||
+ }
|
||||
+ easy_string(file_type)
|
||||
} else if (DB_LINKNAME&attr) {
|
||||
easy_string(line->linkname)
|
||||
easy_number((DB_SIZE|DB_SIZEG),size,"%li")
|
||||
diff -up ./src/db_file.c ./src/db_file.c
|
||||
--- ./src/db_file.c
|
||||
+++ ./src/db_file.c
|
||||
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
|
||||
|
||||
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
|
||||
|
||||
+ if (*db_order == NULL){
|
||||
+ error(1,"malloc for *db_order failed in %s", __func__);
|
||||
+ }
|
||||
+
|
||||
while ((i=db_scan())!=TNEWLINE){
|
||||
switch (i) {
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Intrusion detection environment
|
||||
Name: aide
|
||||
Version: 0.16
|
||||
Release: 8%{?dist}
|
||||
Release: 11%{?dist}
|
||||
URL: http://sourceforge.net/projects/aide
|
||||
License: GPLv2+
|
||||
|
||||
@ -34,6 +34,9 @@ Patch4: aide-0.16-crypto-disable-haval-and-others.patch
|
||||
Patch5: coverity.patch
|
||||
Patch6: aide-0.16-crash-elf.patch
|
||||
|
||||
# 1676487 - Null pointer dereference fix spotted by coverity
|
||||
Patch7: coverity2.patch
|
||||
|
||||
%description
|
||||
AIDE (Advanced Intrusion Detection Environment) is a file integrity
|
||||
checker and intrusion detection program.
|
||||
@ -78,6 +81,20 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
|
||||
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
|
||||
|
||||
%changelog
|
||||
* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
|
||||
- rebuild
|
||||
- minor edit of aide.conf
|
||||
|
||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
|
||||
- respin
|
||||
- minor edit of aide.conf
|
||||
|
||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
|
||||
- Null pointer dereference fix spotted by coverity
|
||||
resolves: rhbz#1676487
|
||||
- aide.conf needs updates for RHEL 8
|
||||
resolves: rhbz#1708015
|
||||
|
||||
* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
|
||||
- fixed wrong line wrapping of messages in the syslog format
|
||||
resolves: rhbz#1628153
|
||||
@ -300,4 +317,3 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
|
||||
|
||||
* Sun Sep 07 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.1.20030902
|
||||
- Initial package version.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user