Compare commits
No commits in common. "c8" and "c10s" have entirely different histories.
@ -1 +0,0 @@
|
|||||||
b97f65bb12701a42baa2cce45b41ed6367a70734 SOURCES/aide-0.16.tar.gz
|
|
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
18
.gitignore
vendored
18
.gitignore
vendored
@ -1 +1,17 @@
|
|||||||
SOURCES/aide-0.16.tar.gz
|
aide-0.13.1.tar.gz.asc
|
||||||
|
aide-0.13.1.tar.gz
|
||||||
|
aide-0.14-rc1.tar.gz
|
||||||
|
aide-0.14-rc1.tar.gz.asc
|
||||||
|
aide-0.14-rc2.tar.gz
|
||||||
|
aide-0.14-rc2.tar.gz.asc
|
||||||
|
aide-0.14-rc3.tar.gz
|
||||||
|
aide-0.14-rc3.tar.gz.asc
|
||||||
|
aide-0.14.tar.gz
|
||||||
|
aide-0.14.tar.gz.asc
|
||||||
|
/aide-0.15.1.tar.gz
|
||||||
|
/aide-0.15.1.tar.gz.asc
|
||||||
|
/aide-0.16b1.tar.gz
|
||||||
|
/aide-0.16rc1.tar.gz
|
||||||
|
/aide-0.16.tar.gz
|
||||||
|
/aide-0.18.4.tar.gz
|
||||||
|
/aide-0.18.6.tar.gz
|
||||||
|
@ -1,123 +0,0 @@
|
|||||||
diff --git a/include/base64.h b/include/base64.h
|
|
||||||
index 0ff7116..381ef5d 100644
|
|
||||||
--- a/include/base64.h
|
|
||||||
+++ b/include/base64.h
|
|
||||||
@@ -36,7 +36,6 @@
|
|
||||||
#include <assert.h>
|
|
||||||
#include "types.h"
|
|
||||||
|
|
||||||
-#define B64_BUF 16384
|
|
||||||
#define FAIL -1
|
|
||||||
#define SKIP -2
|
|
||||||
|
|
||||||
diff --git a/src/base64.c b/src/base64.c
|
|
||||||
index fd01bac..1b0f301 100644
|
|
||||||
--- a/src/base64.c
|
|
||||||
+++ b/src/base64.c
|
|
||||||
@@ -85,11 +85,9 @@ FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Returns NULL on error */
|
|
||||||
-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */
|
|
||||||
char* encode_base64(byte* src,size_t ssize)
|
|
||||||
{
|
|
||||||
char* outbuf;
|
|
||||||
- char* retbuf;
|
|
||||||
int pos;
|
|
||||||
int i, l, left;
|
|
||||||
unsigned long triple;
|
|
||||||
@@ -101,7 +99,10 @@ char* encode_base64(byte* src,size_t ssize)
|
|
||||||
error(240,"\n");
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
- outbuf = (char *)malloc(sizeof(char)*B64_BUF);
|
|
||||||
+
|
|
||||||
+ /* length of encoded base64 string (padded) */
|
|
||||||
+ size_t length = sizeof(char)* ((ssize + 2) / 3) * 4;
|
|
||||||
+ outbuf = (char *)malloc(length + 1);
|
|
||||||
|
|
||||||
/* Initialize working pointers */
|
|
||||||
inb = src;
|
|
||||||
@@ -162,20 +163,14 @@ char* encode_base64(byte* src,size_t ssize)
|
|
||||||
inb++;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* outbuf is not completely used so we use retbuf */
|
|
||||||
- retbuf=(char*)malloc(sizeof(char)*(pos+1));
|
|
||||||
- memcpy(retbuf,outbuf,pos);
|
|
||||||
- retbuf[pos]='\0';
|
|
||||||
- free(outbuf);
|
|
||||||
+ outbuf[pos]='\0';
|
|
||||||
|
|
||||||
- return retbuf;
|
|
||||||
+ return outbuf;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */
|
|
||||||
byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
|
|
||||||
{
|
|
||||||
byte* outbuf;
|
|
||||||
- byte* retbuf;
|
|
||||||
char* inb;
|
|
||||||
int i;
|
|
||||||
int l;
|
|
||||||
@@ -188,10 +183,18 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
|
|
||||||
if (!ssize||src==NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
+ /* exit on unpadded input */
|
|
||||||
+ if (ssize % 4) {
|
|
||||||
+ error(3, "decode_base64: '%s' has invalid length (missing padding characters?)", src);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* calculate length of decoded string, substract padding chars if any (ssize is >= 4) */
|
|
||||||
+ size_t length = sizeof(byte) * ((ssize / 4) * 3)- (src[ssize-1] == '=') - (src[ssize-2] == '=');
|
|
||||||
|
|
||||||
/* Initialize working pointers */
|
|
||||||
inb = src;
|
|
||||||
- outbuf = (byte *)malloc(sizeof(byte)*B64_BUF);
|
|
||||||
+ outbuf = (byte *)malloc(length + 1);
|
|
||||||
|
|
||||||
l = 0;
|
|
||||||
triple = 0;
|
|
||||||
@@ -243,15 +246,11 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
|
|
||||||
inb++;
|
|
||||||
}
|
|
||||||
|
|
||||||
- retbuf=(byte*)malloc(sizeof(byte)*(pos+1));
|
|
||||||
- memcpy(retbuf,outbuf,pos);
|
|
||||||
- retbuf[pos]='\0';
|
|
||||||
-
|
|
||||||
- free(outbuf);
|
|
||||||
+ outbuf[pos]='\0';
|
|
||||||
|
|
||||||
if (ret_len) *ret_len = pos;
|
|
||||||
|
|
||||||
- return retbuf;
|
|
||||||
+ return outbuf;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t length_base64(char* src,size_t ssize)
|
|
||||||
diff --git a/src/db.c b/src/db.c
|
|
||||||
index 858240d..62c4faa 100644
|
|
||||||
--- a/src/db.c
|
|
||||||
+++ b/src/db.c
|
|
||||||
@@ -664,13 +664,15 @@ db_line* db_char2line(char** ss,int db){
|
|
||||||
|
|
||||||
time_t base64totime_t(char* s){
|
|
||||||
|
|
||||||
+ if(strcmp(s,"0")==0){
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
byte* b=decode_base64(s,strlen(s),NULL);
|
|
||||||
char* endp;
|
|
||||||
|
|
||||||
- if (b==NULL||strcmp(s,"0")==0) {
|
|
||||||
+ if (b==NULL) {
|
|
||||||
|
|
||||||
/* Should we print error here? */
|
|
||||||
- free(b);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
} else {
|
|
@ -1,17 +0,0 @@
|
|||||||
--- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400
|
|
||||||
+++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400
|
|
||||||
@@ -135,8 +135,13 @@
|
|
||||||
continue;
|
|
||||||
|
|
||||||
while (!bingo && (data = elf_getdata (scn, data)) != NULL) {
|
|
||||||
- int maxndx = data->d_size / shdr.sh_entsize;
|
|
||||||
+ int maxndx;
|
|
||||||
int ndx;
|
|
||||||
+
|
|
||||||
+ if (shdr.sh_entsize != 0)
|
|
||||||
+ maxndx = data->d_size / shdr.sh_entsize;
|
|
||||||
+ else
|
|
||||||
+ continue;
|
|
||||||
|
|
||||||
for (ndx = 0; ndx < maxndx; ++ndx) {
|
|
||||||
(void) gelf_getdyn (data, ndx, &dyn);
|
|
@ -1,153 +0,0 @@
|
|||||||
diff -up ./include/md.h.crypto ./include/md.h
|
|
||||||
--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200
|
|
||||||
+++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200
|
|
||||||
@@ -149,6 +149,7 @@ int init_md(struct md_container*);
|
|
||||||
int update_md(struct md_container*,void*,ssize_t);
|
|
||||||
int close_md(struct md_container*);
|
|
||||||
void md2line(struct md_container*,struct db_line*);
|
|
||||||
+DB_ATTR_TYPE get_available_crypto();
|
|
||||||
|
|
||||||
|
|
||||||
#endif /*_MD_H_INCLUDED*/
|
|
||||||
diff -up ./src/aide.c.crypto ./src/aide.c
|
|
||||||
--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200
|
|
||||||
+++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200
|
|
||||||
@@ -349,7 +349,7 @@ static void setdefaults_before_config()
|
|
||||||
|
|
||||||
conf->db_attrs = 0;
|
|
||||||
#if defined(WITH_MHASH) || defined(WITH_GCRYPT)
|
|
||||||
- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512;
|
|
||||||
+ conf->db_attrs |= get_available_crypto();
|
|
||||||
#ifdef WITH_MHASH
|
|
||||||
conf->db_attrs |= DB_GOST;
|
|
||||||
#ifdef HAVE_MHASH_WHIRLPOOL
|
|
||||||
diff -up ./src/md.c.crypto ./src/md.c
|
|
||||||
--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200
|
|
||||||
+++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200
|
|
||||||
@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) {
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
+const char * hash_gcrypt2str(int i) {
|
|
||||||
+ char * r = "?";
|
|
||||||
+#ifdef WITH_GCRYPT
|
|
||||||
+ switch (i) {
|
|
||||||
+ case GCRY_MD_MD5: {
|
|
||||||
+ r = "MD5";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_SHA1: {
|
|
||||||
+ r = "SHA1";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_RMD160: {
|
|
||||||
+ r = "RMD160";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_TIGER: {
|
|
||||||
+ r = "TIGER";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_HAVAL: {
|
|
||||||
+ r = "HAVAL";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_SHA256: {
|
|
||||||
+ r = "SHA256";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_SHA512: {
|
|
||||||
+ r = "SHA512";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case GCRY_MD_CRC32: {
|
|
||||||
+ r = "CRC32";
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
DB_ATTR_TYPE hash_mhash2attr(int i) {
|
|
||||||
DB_ATTR_TYPE r=0;
|
|
||||||
#ifdef WITH_MHASH
|
|
||||||
@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) {
|
|
||||||
Initialise md_container according it's todo_attr field
|
|
||||||
*/
|
|
||||||
|
|
||||||
+DB_ATTR_TYPE get_available_crypto() {
|
|
||||||
+
|
|
||||||
+ DB_ATTR_TYPE ret = 0;
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * This function is usually called before config processing
|
|
||||||
+ * and default verbose level is 5
|
|
||||||
+ */
|
|
||||||
+#define lvl 255
|
|
||||||
+
|
|
||||||
+ error(lvl, "get_available_crypto called\n");
|
|
||||||
+
|
|
||||||
+#ifdef WITH_GCRYPT
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * some initialization for FIPS
|
|
||||||
+ */
|
|
||||||
+ gcry_check_version(NULL);
|
|
||||||
+ error(lvl, "Found algos:");
|
|
||||||
+
|
|
||||||
+ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) {
|
|
||||||
+
|
|
||||||
+ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 )
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) {
|
|
||||||
+ ret |= hash_gcrypt2attr(i);
|
|
||||||
+ error(lvl, " %s", hash_gcrypt2str(i));
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ error(lvl, "\n");
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ error(lvl, "get_available_crypto_returned with %lld\n", ret);
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int init_md(struct md_container* md) {
|
|
||||||
|
|
||||||
int i;
|
|
||||||
@@ -201,18 +282,27 @@ int init_md(struct md_container* md) {
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef WITH_GCRYPT
|
|
||||||
- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
|
|
||||||
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
|
|
||||||
error(0,"gcrypt_md_open failed\n");
|
|
||||||
exit(IO_ERROR);
|
|
||||||
}
|
|
||||||
for(i=0;i<=HASH_GCRYPT_COUNT;i++) {
|
|
||||||
+
|
|
||||||
+
|
|
||||||
if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) {
|
|
||||||
- DB_ATTR_TYPE h=hash_gcrypt2attr(i);
|
|
||||||
- error(255,"inserting %llu\n",h);
|
|
||||||
+
|
|
||||||
+ DB_ATTR_TYPE h=hash_gcrypt2attr(i);
|
|
||||||
+
|
|
||||||
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) {
|
|
||||||
+ error(0,"Algo %s is not available\n", hash_gcrypt2str(i));
|
|
||||||
+ exit(-1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ error(255,"inserting %llu\n",h);
|
|
||||||
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
|
|
||||||
md->calc_attr|=h;
|
|
||||||
} else {
|
|
||||||
- error(0,"gcry_md_enable %i failed",i);
|
|
||||||
+ error(0,"gcry_md_enable %i failed\n",i);
|
|
||||||
md->todo_attr&=~h;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,103 +0,0 @@
|
|||||||
diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c
|
|
||||||
--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200
|
|
||||||
+++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200
|
|
||||||
@@ -511,9 +511,28 @@ int main(int argc,char**argv)
|
|
||||||
#endif
|
|
||||||
umask(0177);
|
|
||||||
init_sighandler();
|
|
||||||
-
|
|
||||||
setdefaults_before_config();
|
|
||||||
|
|
||||||
+#if WITH_GCRYPT
|
|
||||||
+ error(255,"Gcrypt library initialization\n");
|
|
||||||
+ /*
|
|
||||||
+ * Initialize libgcrypt as per
|
|
||||||
+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
|
|
||||||
+ *
|
|
||||||
+ *
|
|
||||||
+ */
|
|
||||||
+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
|
|
||||||
+ gcry_control(GCRYCTL_INIT_SECMEM, 1);
|
|
||||||
+
|
|
||||||
+ if(!gcry_check_version(GCRYPT_VERSION)) {
|
|
||||||
+ error(0,"libgcrypt version mismatch\n");
|
|
||||||
+ exit(VERSION_MISMATCH_ERROR);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+#endif /* WITH_GCRYPT */
|
|
||||||
+
|
|
||||||
+
|
|
||||||
if(read_param(argc,argv)==RETFAIL){
|
|
||||||
error(0, _("Invalid argument\n") );
|
|
||||||
exit(INVALID_ARGUMENT_ERROR);
|
|
||||||
@@ -646,6 +665,9 @@ int main(int argc,char**argv)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
+#ifdef WITH_GCRYPT
|
|
||||||
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
|
|
||||||
+#endif /* WITH_GCRYPT */
|
|
||||||
return RETOK;
|
|
||||||
}
|
|
||||||
const char* aide_key_3=CONFHMACKEY_03;
|
|
||||||
diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c
|
|
||||||
--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200
|
|
||||||
+++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200
|
|
||||||
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef WITH_GCRYPT
|
|
||||||
- error(255,"Gcrypt library initialization\n");
|
|
||||||
- if(!gcry_check_version(GCRYPT_VERSION)) {
|
|
||||||
- error(0,"libgcrypt version mismatch\n");
|
|
||||||
- exit(VERSION_MISMATCH_ERROR);
|
|
||||||
- }
|
|
||||||
- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
|
|
||||||
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
|
|
||||||
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
|
|
||||||
error(0,"gcrypt_md_open failed\n");
|
|
||||||
exit(IO_ERROR);
|
|
||||||
}
|
|
||||||
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
|
|
||||||
|
|
||||||
/*. There might be more hashes in the library. Add those here.. */
|
|
||||||
|
|
||||||
- gcry_md_reset(md->mdh);
|
|
||||||
+ gcry_md_close(md->mdh);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef WITH_MHASH
|
|
||||||
diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c
|
|
||||||
--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200
|
|
||||||
+++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200
|
|
||||||
@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s)
|
|
||||||
return(AIDE_SYSLOG_FACILITY);
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* We need these dummy stubs to fool the linker into believing that
|
|
||||||
- we do not need them at link time */
|
|
||||||
-
|
|
||||||
-void* dlopen(char*filename,int flag)
|
|
||||||
-{
|
|
||||||
- return NULL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-void* dlsym(void*handle,char*symbol)
|
|
||||||
-{
|
|
||||||
- return NULL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-void* dlclose(void*handle)
|
|
||||||
-{
|
|
||||||
- return NULL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-const char* dlerror(void)
|
|
||||||
-{
|
|
||||||
- return NULL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
const char* aide_key_2=CONFHMACKEY_02;
|
|
||||||
const char* db_key_2=DBHMACKEY_02;
|
|
@ -1,15 +0,0 @@
|
|||||||
diff -up ./doc/aide.1.in.orig ./doc/aide.1.in
|
|
||||||
--- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200
|
|
||||||
+++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200
|
|
||||||
@@ -103,9 +103,9 @@ echo <encoded_checksum> | base64 \-d | h
|
|
||||||
.SH FILES
|
|
||||||
.IP \fB@sysconfdir@/aide.conf\fR
|
|
||||||
Default aide configuration file.
|
|
||||||
-.IP \fB@sysconfdir@/aide.db\fR
|
|
||||||
+.IP \fB@localstatedir@/lib/aide/aide.db\fR
|
|
||||||
Default aide database.
|
|
||||||
-.IP \fB@sysconfdir@/aide.db.new\fR
|
|
||||||
+.IP \fB@localstatedir@/lib/aide/aide.db.new\fR
|
|
||||||
Default aide output database.
|
|
||||||
.SH SEE ALSO
|
|
||||||
.BR aide.conf (5)
|
|
@ -1,317 +0,0 @@
|
|||||||
# Example configuration file for AIDE.
|
|
||||||
|
|
||||||
@@define DBDIR /var/lib/aide
|
|
||||||
@@define LOGDIR /var/log/aide
|
|
||||||
|
|
||||||
# The location of the database to be read.
|
|
||||||
database=file:@@{DBDIR}/aide.db.gz
|
|
||||||
|
|
||||||
# The location of the database to be written.
|
|
||||||
#database_out=sql:host:port:database:login_name:passwd:table
|
|
||||||
#database_out=file:aide.db.new
|
|
||||||
database_out=file:@@{DBDIR}/aide.db.new.gz
|
|
||||||
|
|
||||||
# Whether to gzip the output to database
|
|
||||||
gzip_dbout=yes
|
|
||||||
|
|
||||||
# Default.
|
|
||||||
verbose=5
|
|
||||||
|
|
||||||
report_url=file:@@{LOGDIR}/aide.log
|
|
||||||
report_url=stdout
|
|
||||||
#report_url=stderr
|
|
||||||
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
|
||||||
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
|
|
||||||
|
|
||||||
# These are the default rules.
|
|
||||||
#
|
|
||||||
#p: permissions
|
|
||||||
#i: inode:
|
|
||||||
#n: number of links
|
|
||||||
#u: user
|
|
||||||
#g: group
|
|
||||||
#s: size
|
|
||||||
#b: block count
|
|
||||||
#m: mtime
|
|
||||||
#a: atime
|
|
||||||
#c: ctime
|
|
||||||
#S: check for growing size
|
|
||||||
#acl: Access Control Lists
|
|
||||||
#selinux SELinux security context
|
|
||||||
#xattrs: Extended file attributes
|
|
||||||
#md5: md5 checksum
|
|
||||||
#sha1: sha1 checksum
|
|
||||||
#sha256: sha256 checksum
|
|
||||||
#sha512: sha512 checksum
|
|
||||||
#rmd160: rmd160 checksum
|
|
||||||
#tiger: tiger checksum
|
|
||||||
|
|
||||||
#haval: haval checksum (MHASH only)
|
|
||||||
#gost: gost checksum (MHASH only)
|
|
||||||
#crc32: crc32 checksum (MHASH only)
|
|
||||||
#whirlpool: whirlpool checksum (MHASH only)
|
|
||||||
|
|
||||||
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
|
||||||
#L: p+i+n+u+g+acl+selinux+xattrs
|
|
||||||
#E: Empty group
|
|
||||||
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# You can create custom rules like this.
|
|
||||||
# With MHASH...
|
|
||||||
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
|
||||||
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
|
||||||
# Everything but access time (Ie. all changes)
|
|
||||||
EVERYTHING = R+ALLXTRAHASHES
|
|
||||||
|
|
||||||
# Sane
|
|
||||||
# NORMAL = R+sha512
|
|
||||||
NORMAL = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha512
|
|
||||||
|
|
||||||
# For directories, don't bother doing hashes
|
|
||||||
DIR = p+i+n+u+g+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# Access control only
|
|
||||||
PERMS = p+u+g+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# Logfile are special, in that they often change
|
|
||||||
LOG = p+u+g+n+S+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# Content + file type.
|
|
||||||
CONTENT = sha512+ftype
|
|
||||||
|
|
||||||
# Extended content + file type + access.
|
|
||||||
CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
|
|
||||||
|
|
||||||
# Some files get updated automatically, so the inode/ctime/mtime change
|
|
||||||
# but we want to know when the data inside them changes
|
|
||||||
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
|
||||||
|
|
||||||
# Next decide what directories/files you want in the database.
|
|
||||||
|
|
||||||
/boot CONTENT_EX
|
|
||||||
/opt CONTENT
|
|
||||||
|
|
||||||
# Admins dot files constantly change, just check perms
|
|
||||||
/root/\..* PERMS
|
|
||||||
# Otherwise get all of /root.
|
|
||||||
/root CONTENT_EX
|
|
||||||
|
|
||||||
# These are too volatile
|
|
||||||
!/usr/src
|
|
||||||
!/usr/tmp
|
|
||||||
|
|
||||||
# Otherwise get all of /usr.
|
|
||||||
/usr CONTENT_EX
|
|
||||||
|
|
||||||
# trusted databases
|
|
||||||
/etc/hosts$ CONTENT_EX
|
|
||||||
/etc/host.conf$ CONTENT_EX
|
|
||||||
/etc/hostname$ CONTENT_EX
|
|
||||||
/etc/issue$ CONTENT_EX
|
|
||||||
/etc/issue.net$ CONTENT_EX
|
|
||||||
/etc/protocols$ CONTENT_EX
|
|
||||||
/etc/services$ CONTENT_EX
|
|
||||||
/etc/localtime$ CONTENT_EX
|
|
||||||
/etc/alternatives CONTENT_EX
|
|
||||||
/etc/sysconfig CONTENT_EX
|
|
||||||
/etc/mime.types$ CONTENT_EX
|
|
||||||
/etc/terminfo CONTENT_EX
|
|
||||||
/etc/exports$ CONTENT_EX
|
|
||||||
/etc/fstab$ CONTENT_EX
|
|
||||||
/etc/passwd$ CONTENT_EX
|
|
||||||
/etc/group$ CONTENT_EX
|
|
||||||
/etc/gshadow$ CONTENT_EX
|
|
||||||
/etc/shadow$ CONTENT_EX
|
|
||||||
/etc/subgid$ CONTENT_EX
|
|
||||||
/etc/subuid$ CONTENT_EX
|
|
||||||
/etc/security/opasswd$ CONTENT_EX
|
|
||||||
/etc/skel CONTENT_EX
|
|
||||||
/etc/subuid$ CONTENT_EX
|
|
||||||
/etc/subgid$ CONTENT_EX
|
|
||||||
/etc/sssd CONTENT_EX
|
|
||||||
/etc/machine-id$ CONTENT_EX
|
|
||||||
/etc/swid CONTENT_EX
|
|
||||||
/etc/system-release-cpe$ CONTENT_EX
|
|
||||||
/etc/shells$ CONTENT_EX
|
|
||||||
/etc/tmux.conf$ CONTENT_EX
|
|
||||||
/etc/xattr.conf$ CONTENT_EX
|
|
||||||
|
|
||||||
|
|
||||||
# networking
|
|
||||||
/etc/hosts.allow$ CONTENT_EX
|
|
||||||
/etc/hosts.deny$ CONTENT_EX
|
|
||||||
/etc/firewalld CONTENT_EX
|
|
||||||
!/etc/NetworkManager/system-connections
|
|
||||||
/etc/NetworkManager CONTENT_EX
|
|
||||||
/etc/networks$ CONTENT_EX
|
|
||||||
/etc/dhcp CONTENT_EX
|
|
||||||
/etc/wpa_supplicant CONTENT_EX
|
|
||||||
/etc/resolv.conf$ DATAONLY
|
|
||||||
/etc/nscd.conf$ CONTENT_EX
|
|
||||||
|
|
||||||
# logins and accounts
|
|
||||||
/etc/login.defs$ CONTENT_EX
|
|
||||||
/etc/libuser.conf$ CONTENT_EX
|
|
||||||
/var/log/faillog$ PERMS
|
|
||||||
/var/log/lastlog$ PERMS
|
|
||||||
/var/run/faillock PERMS
|
|
||||||
/etc/pam.d CONTENT_EX
|
|
||||||
/etc/security CONTENT_EX
|
|
||||||
/etc/securetty$ CONTENT_EX
|
|
||||||
/etc/polkit-1 CONTENT_EX
|
|
||||||
/etc/sudo.conf$ CONTENT_EX
|
|
||||||
/etc/sudoers$ CONTENT_EX
|
|
||||||
/etc/sudoers.d CONTENT_EX
|
|
||||||
|
|
||||||
# Shell/X startup files
|
|
||||||
/etc/profile$ CONTENT_EX
|
|
||||||
/etc/profile.d CONTENT_EX
|
|
||||||
/etc/bashrc$ CONTENT_EX
|
|
||||||
/etc/bash_completion.d CONTENT_EX
|
|
||||||
/etc/zprofile$ CONTENT_EX
|
|
||||||
/etc/zshrc$ CONTENT_EX
|
|
||||||
/etc/zlogin$ CONTENT_EX
|
|
||||||
/etc/zlogout$ CONTENT_EX
|
|
||||||
/etc/X11 CONTENT_EX
|
|
||||||
|
|
||||||
# Pkg manager
|
|
||||||
/etc/dnf CONTENT_EX
|
|
||||||
/etc/yum.conf$ CONTENT_EX
|
|
||||||
/etc/yum CONTENT_EX
|
|
||||||
/etc/yum.repos.d CONTENT_EX
|
|
||||||
|
|
||||||
# This gets new/removes-old filenames daily
|
|
||||||
!/var/log/sa
|
|
||||||
# As we are checking it, we've truncated yesterdays size to zero.
|
|
||||||
!/var/log/aide.log
|
|
||||||
|
|
||||||
# auditing
|
|
||||||
# AIDE produces an audit record, so this becomes perpetual motion.
|
|
||||||
/var/log/audit PERMS
|
|
||||||
/etc/audit CONTENT_EX
|
|
||||||
/etc/libaudit.conf$ CONTENT_EX
|
|
||||||
/etc/aide.conf$ CONTENT_EX
|
|
||||||
|
|
||||||
# System logs
|
|
||||||
/etc/rsyslog.conf$ CONTENT_EX
|
|
||||||
/etc/rsyslog.d CONTENT_EX
|
|
||||||
/etc/logrotate.conf$ CONTENT_EX
|
|
||||||
/etc/logrotate.d CONTENT_EX
|
|
||||||
/etc/systemd/journald.conf$ CONTENT_EX
|
|
||||||
/var/log LOG+ANF+ARF
|
|
||||||
/var/run/utmp LOG
|
|
||||||
|
|
||||||
# secrets
|
|
||||||
/etc/pkcs11 CONTENT_EX
|
|
||||||
/etc/pki CONTENT_EX
|
|
||||||
/etc/crypto-policies CONTENT_EX
|
|
||||||
/etc/certmonger CONTENT_EX
|
|
||||||
/var/lib/systemd/random-seed$ PERMS
|
|
||||||
|
|
||||||
# init system
|
|
||||||
/etc/systemd CONTENT_EX
|
|
||||||
/etc/rc.d CONTENT_EX
|
|
||||||
/etc/tmpfiles.d CONTENT_EX
|
|
||||||
|
|
||||||
# boot config
|
|
||||||
/etc/default CONTENT_EX
|
|
||||||
/etc/grub.d CONTENT_EX
|
|
||||||
/etc/dracut.conf$ CONTENT_EX
|
|
||||||
/etc/dracut.conf.d CONTENT_EX
|
|
||||||
|
|
||||||
# glibc linker
|
|
||||||
/etc/ld.so.cache$ CONTENT_EX
|
|
||||||
/etc/ld.so.conf$ CONTENT_EX
|
|
||||||
/etc/ld.so.conf.d CONTENT_EX
|
|
||||||
/etc/ld.so.preload$ CONTENT_EX
|
|
||||||
|
|
||||||
# kernel config
|
|
||||||
/etc/sysctl.conf$ CONTENT_EX
|
|
||||||
/etc/sysctl.d CONTENT_EX
|
|
||||||
/etc/modprobe.d CONTENT_EX
|
|
||||||
/etc/modules-load.d CONTENT_EX
|
|
||||||
/etc/depmod.d CONTENT_EX
|
|
||||||
/etc/udev CONTENT_EX
|
|
||||||
/etc/crypttab$ CONTENT_EX
|
|
||||||
|
|
||||||
#### Daemons ####
|
|
||||||
|
|
||||||
# cron jobs
|
|
||||||
/var/spool/at CONTENT
|
|
||||||
/etc/at.allow$ CONTENT
|
|
||||||
/etc/at.deny$ CONTENT
|
|
||||||
/var/spool/anacron CONTENT
|
|
||||||
/etc/anacrontab$ CONTENT_EX
|
|
||||||
/etc/cron.allow$ CONTENT_EX
|
|
||||||
/etc/cron.deny$ CONTENT_EX
|
|
||||||
/etc/cron.d CONTENT_EX
|
|
||||||
/etc/cron.daily CONTENT_EX
|
|
||||||
/etc/cron.hourly CONTENT_EX
|
|
||||||
/etc/cron.monthly CONTENT_EX
|
|
||||||
/etc/cron.weekly CONTENT_EX
|
|
||||||
/etc/crontab$ CONTENT_EX
|
|
||||||
/var/spool/cron/root CONTENT
|
|
||||||
|
|
||||||
# time keeping
|
|
||||||
/etc/chrony.conf$ CONTENT_EX
|
|
||||||
/etc/chrony.keys$ CONTENT_EX
|
|
||||||
|
|
||||||
# mail
|
|
||||||
/etc/aliases$ CONTENT_EX
|
|
||||||
/etc/aliases.db$ CONTENT_EX
|
|
||||||
/etc/postfix CONTENT_EX
|
|
||||||
|
|
||||||
# ssh
|
|
||||||
/etc/ssh/sshd_config$ CONTENT_EX
|
|
||||||
/etc/ssh/ssh_config$ CONTENT_EX
|
|
||||||
|
|
||||||
# stunnel
|
|
||||||
/etc/stunnel CONTENT_EX
|
|
||||||
|
|
||||||
# printing
|
|
||||||
/etc/cups CONTENT_EX
|
|
||||||
/etc/cupshelpers CONTENT_EX
|
|
||||||
/etc/avahi CONTENT_EX
|
|
||||||
|
|
||||||
# web server
|
|
||||||
/etc/httpd CONTENT_EX
|
|
||||||
|
|
||||||
# dns
|
|
||||||
/etc/named CONTENT_EX
|
|
||||||
/etc/named.conf$ CONTENT_EX
|
|
||||||
/etc/named.iscdlv.key$ CONTENT_EX
|
|
||||||
/etc/named.rfc1912.zones$ CONTENT_EX
|
|
||||||
/etc/named.root.key$ CONTENT_EX
|
|
||||||
|
|
||||||
# xinetd
|
|
||||||
/etc/xinetd.conf$ CONTENT_EX
|
|
||||||
/etc/xinetd.d CONTENT_EX
|
|
||||||
|
|
||||||
# IPsec
|
|
||||||
/etc/ipsec.conf$ CONTENT_EX
|
|
||||||
/etc/ipsec.secrets$ CONTENT_EX
|
|
||||||
/etc/ipsec.d CONTENT_EX
|
|
||||||
|
|
||||||
# USB guard
|
|
||||||
/etc/usbguard CONTENT_EX
|
|
||||||
|
|
||||||
# Ignore some files
|
|
||||||
!/etc/mtab$
|
|
||||||
!/etc/.*~
|
|
||||||
|
|
||||||
# Now everything else
|
|
||||||
/etc PERMS
|
|
||||||
|
|
||||||
|
|
||||||
# With AIDE's default verbosity level of 5, these would give lots of
|
|
||||||
# warnings upon tree traversal. It might change with future version.
|
|
||||||
#
|
|
||||||
#=/lost\+found DIR
|
|
||||||
#=/home DIR
|
|
||||||
|
|
||||||
# Ditto /var/log/sa reason...
|
|
||||||
!/var/log/and-httpd
|
|
||||||
|
|
||||||
# Admins dot files constantly change, just check perms
|
|
||||||
/root/\..* PERMS
|
|
||||||
!/root/.xauth*
|
|
@ -1,31 +0,0 @@
|
|||||||
diff --up ./src/compare_db.c ./src/compare_db.c
|
|
||||||
--- ./src/compare_db.c
|
|
||||||
+++ ./src/compare_db.c
|
|
||||||
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
|
|
||||||
} else {
|
|
||||||
*values = malloc(1 * sizeof (char*));
|
|
||||||
if (DB_FTYPE&attr) {
|
|
||||||
- easy_string(get_file_type_string(line->perm))
|
|
||||||
+ char *file_type = get_file_type_string(line->perm);
|
|
||||||
+ if (!file_type) {
|
|
||||||
+ error(2,"%s: ", file_type);
|
|
||||||
+ }
|
|
||||||
+ easy_string(file_type)
|
|
||||||
} else if (DB_LINKNAME&attr) {
|
|
||||||
easy_string(line->linkname)
|
|
||||||
easy_number((DB_SIZE|DB_SIZEG),size,"%li")
|
|
||||||
diff -up ./src/db_file.c ./src/db_file.c
|
|
||||||
--- ./src/db_file.c
|
|
||||||
+++ ./src/db_file.c
|
|
||||||
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
|
|
||||||
|
|
||||||
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
|
|
||||||
|
|
||||||
+ if (*db_order == NULL){
|
|
||||||
+ error(1,"malloc for *db_order failed in %s", __func__);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
while ((i=db_scan())!=TNEWLINE){
|
|
||||||
switch (i) {
|
|
||||||
|
|
||||||
|
|
34
aide-verbose.patch
Normal file
34
aide-verbose.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
diff -up ./src/conf_eval.c.verbose ./src/conf_eval.c
|
||||||
|
--- ./src/conf_eval.c.verbose 2023-04-01 18:25:38.000000000 +0200
|
||||||
|
+++ ./src/conf_eval.c 2024-05-15 00:08:41.040033220 +0200
|
||||||
|
@@ -187,6 +187,7 @@ static void set_database_attr_option(DB_
|
||||||
|
static void eval_config_statement(config_option_statement statement, int linenumber, char *filename, char* linebuf) {
|
||||||
|
char *str;
|
||||||
|
bool b;
|
||||||
|
+ long num;
|
||||||
|
DB_ATTR_TYPE attr;
|
||||||
|
switch (statement.option) {
|
||||||
|
ATTRIBUTE_CONFIG_OPTION_CASE(REPORT_IGNORE_ADDED_ATTRS_OPTION, report_ignore_added_attrs)
|
||||||
|
@@ -298,8 +299,20 @@ static void eval_config_statement(config
|
||||||
|
LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_CONFIG, "set 'config_version' option to '%s'", str)
|
||||||
|
break;
|
||||||
|
case VERBOSE_OPTION:
|
||||||
|
- log_msg(LOG_LEVEL_ERROR, "%s:%d: 'verbose' option is no longer supported, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf);
|
||||||
|
- exit(INVALID_CONFIGURELINE_ERROR);
|
||||||
|
+ log_msg(LOG_LEVEL_CONFIG, "%s:%d: 'verbose' option is deprecated, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf);
|
||||||
|
+ str = eval_string_expression(statement.e, linenumber, filename, linebuf);
|
||||||
|
+ num = strtol(str, NULL, 10);
|
||||||
|
+
|
||||||
|
+ if (num < 0 || num > 255) {
|
||||||
|
+ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, "invalid verbose level: '%s'", str);
|
||||||
|
+ exit(INVALID_CONFIGURELINE_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (num >= 10) {
|
||||||
|
+ set_log_level(LOG_LEVEL_DEBUG);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(str);
|
||||||
|
break;
|
||||||
|
case LIMIT_CMDLINE_OPTION:
|
||||||
|
/* command-line options are ignored here */
|
224
aide.conf
Normal file
224
aide.conf
Normal file
@ -0,0 +1,224 @@
|
|||||||
|
# Example configuration file for AIDE.
|
||||||
|
|
||||||
|
@@define DBDIR /var/lib/aide
|
||||||
|
@@define LOGDIR /var/log/aide
|
||||||
|
|
||||||
|
# The location of the database to be read.
|
||||||
|
database_in=file:@@{DBDIR}/aide.db.gz
|
||||||
|
|
||||||
|
# The location of the database to be written.
|
||||||
|
#database_out=sql:host:port:database:login_name:passwd:table
|
||||||
|
#database_out=file:aide.db.new
|
||||||
|
database_out=file:@@{DBDIR}/aide.db.new.gz
|
||||||
|
|
||||||
|
# Whether to gzip the output to database
|
||||||
|
gzip_dbout=yes
|
||||||
|
|
||||||
|
# Default.
|
||||||
|
log_level=warning
|
||||||
|
report_level=changed_attributes
|
||||||
|
|
||||||
|
report_url=file:@@{LOGDIR}/aide.log
|
||||||
|
report_url=stdout
|
||||||
|
#report_url=stderr
|
||||||
|
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
||||||
|
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
|
||||||
|
|
||||||
|
# These are the default rules.
|
||||||
|
#
|
||||||
|
#p: permissions
|
||||||
|
#i: inode:
|
||||||
|
#n: number of links
|
||||||
|
#u: user
|
||||||
|
#g: group
|
||||||
|
#s: size
|
||||||
|
#b: block count
|
||||||
|
#m: mtime
|
||||||
|
#a: atime
|
||||||
|
#c: ctime
|
||||||
|
#S: check for growing size
|
||||||
|
#acl: Access Control Lists
|
||||||
|
#selinux SELinux security context
|
||||||
|
#xattrs: Extended file attributes
|
||||||
|
#md5: md5 checksum
|
||||||
|
#sha1: sha1 checksum
|
||||||
|
#sha256: sha256 checksum
|
||||||
|
#sha512: sha512 checksum
|
||||||
|
#rmd160: rmd160 checksum
|
||||||
|
#tiger: tiger checksum
|
||||||
|
|
||||||
|
#haval: haval checksum (MHASH only)
|
||||||
|
#gost: gost checksum (MHASH only)
|
||||||
|
#crc32: crc32 checksum (MHASH only)
|
||||||
|
#whirlpool: whirlpool checksum (MHASH only)
|
||||||
|
|
||||||
|
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
|
||||||
|
|
||||||
|
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
||||||
|
#L: p+i+n+u+g+acl+selinux+xattrs
|
||||||
|
#E: Empty group
|
||||||
|
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
|
||||||
|
|
||||||
|
# You can create custom rules like this.
|
||||||
|
# With MHASH...
|
||||||
|
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
||||||
|
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||||
|
# Everything but access time (Ie. all changes)
|
||||||
|
EVERYTHING = R+ALLXTRAHASHES
|
||||||
|
|
||||||
|
# Sane, with multiple hashes
|
||||||
|
# NORMAL = R+rmd160+sha256+whirlpool
|
||||||
|
NORMAL = FIPSR+sha512
|
||||||
|
|
||||||
|
# For directories, don't bother doing hashes
|
||||||
|
DIR = p+i+n+u+g+acl+selinux+xattrs
|
||||||
|
|
||||||
|
# Access control only
|
||||||
|
PERMS = p+i+u+g+acl+selinux
|
||||||
|
|
||||||
|
# Logfile are special, in that they often change
|
||||||
|
LOG = >
|
||||||
|
|
||||||
|
# Just do sha256 and sha512 hashes
|
||||||
|
LSPP = FIPSR+sha512
|
||||||
|
|
||||||
|
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||||
|
# but we want to know when the data inside them changes
|
||||||
|
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
|
||||||
|
|
||||||
|
# Next decide what directories/files you want in the database.
|
||||||
|
|
||||||
|
/boot NORMAL
|
||||||
|
/bin NORMAL
|
||||||
|
/sbin NORMAL
|
||||||
|
/lib NORMAL
|
||||||
|
/lib64 NORMAL
|
||||||
|
/opt NORMAL
|
||||||
|
/usr NORMAL
|
||||||
|
/root NORMAL
|
||||||
|
# These are too volatile
|
||||||
|
!/usr/src
|
||||||
|
!/usr/tmp
|
||||||
|
|
||||||
|
# Check only permissions, inode, user and group for /etc, but
|
||||||
|
# cover some important files closely.
|
||||||
|
/etc PERMS
|
||||||
|
!/etc/mtab
|
||||||
|
# Ignore backup files
|
||||||
|
!/etc/.*~
|
||||||
|
/etc/exports NORMAL
|
||||||
|
/etc/fstab NORMAL
|
||||||
|
/etc/passwd NORMAL
|
||||||
|
/etc/group NORMAL
|
||||||
|
/etc/gshadow NORMAL
|
||||||
|
/etc/shadow NORMAL
|
||||||
|
/etc/security/opasswd NORMAL
|
||||||
|
|
||||||
|
/etc/hosts.allow NORMAL
|
||||||
|
/etc/hosts.deny NORMAL
|
||||||
|
|
||||||
|
/etc/sudoers NORMAL
|
||||||
|
/etc/skel NORMAL
|
||||||
|
|
||||||
|
/etc/logrotate.d NORMAL
|
||||||
|
|
||||||
|
/etc/resolv.conf DATAONLY
|
||||||
|
|
||||||
|
/etc/nscd.conf NORMAL
|
||||||
|
/etc/securetty NORMAL
|
||||||
|
|
||||||
|
# Shell/X starting files
|
||||||
|
/etc/profile NORMAL
|
||||||
|
/etc/bashrc NORMAL
|
||||||
|
/etc/bash_completion.d/ NORMAL
|
||||||
|
/etc/login.defs NORMAL
|
||||||
|
/etc/zprofile NORMAL
|
||||||
|
/etc/zshrc NORMAL
|
||||||
|
/etc/zlogin NORMAL
|
||||||
|
/etc/zlogout NORMAL
|
||||||
|
/etc/profile.d/ NORMAL
|
||||||
|
/etc/X11/ NORMAL
|
||||||
|
|
||||||
|
# Pkg manager
|
||||||
|
/etc/yum.conf NORMAL
|
||||||
|
/etc/yumex.conf NORMAL
|
||||||
|
/etc/yumex.profiles.conf NORMAL
|
||||||
|
/etc/yum/ NORMAL
|
||||||
|
/etc/yum.repos.d/ NORMAL
|
||||||
|
|
||||||
|
/var/log LOG
|
||||||
|
/var/run/utmp LOG
|
||||||
|
|
||||||
|
# This gets new/removes-old filenames daily
|
||||||
|
!/var/log/sa
|
||||||
|
# As we are checking it, we've truncated yesterdays size to zero.
|
||||||
|
!/var/log/aide.log
|
||||||
|
|
||||||
|
# LSPP rules...
|
||||||
|
# AIDE produces an audit record, so this becomes perpetual motion.
|
||||||
|
# /var/log/audit/ LSPP
|
||||||
|
/etc/audit/ LSPP
|
||||||
|
/etc/libaudit.conf LSPP
|
||||||
|
/usr/sbin/stunnel LSPP
|
||||||
|
/var/spool/at LSPP
|
||||||
|
/etc/at.allow LSPP
|
||||||
|
/etc/at.deny LSPP
|
||||||
|
/etc/cron.allow LSPP
|
||||||
|
/etc/cron.deny LSPP
|
||||||
|
/etc/cron.d/ LSPP
|
||||||
|
/etc/cron.daily/ LSPP
|
||||||
|
/etc/cron.hourly/ LSPP
|
||||||
|
/etc/cron.monthly/ LSPP
|
||||||
|
/etc/cron.weekly/ LSPP
|
||||||
|
/etc/crontab LSPP
|
||||||
|
/var/spool/cron/root LSPP
|
||||||
|
|
||||||
|
/etc/login.defs LSPP
|
||||||
|
/etc/securetty LSPP
|
||||||
|
/var/log/faillog LSPP
|
||||||
|
/var/log/lastlog LSPP
|
||||||
|
|
||||||
|
/etc/hosts LSPP
|
||||||
|
/etc/sysconfig LSPP
|
||||||
|
|
||||||
|
/etc/inittab LSPP
|
||||||
|
/etc/grub/ LSPP
|
||||||
|
/etc/rc.d LSPP
|
||||||
|
|
||||||
|
/etc/ld.so.conf LSPP
|
||||||
|
|
||||||
|
/etc/localtime LSPP
|
||||||
|
|
||||||
|
/etc/sysctl.conf LSPP
|
||||||
|
|
||||||
|
/etc/modprobe.conf LSPP
|
||||||
|
|
||||||
|
/etc/pam.d LSPP
|
||||||
|
/etc/security LSPP
|
||||||
|
/etc/aliases LSPP
|
||||||
|
/etc/postfix LSPP
|
||||||
|
|
||||||
|
/etc/ssh/sshd_config LSPP
|
||||||
|
/etc/ssh/ssh_config LSPP
|
||||||
|
|
||||||
|
/etc/stunnel LSPP
|
||||||
|
|
||||||
|
/etc/vsftpd.ftpusers LSPP
|
||||||
|
/etc/vsftpd LSPP
|
||||||
|
|
||||||
|
/etc/issue LSPP
|
||||||
|
/etc/issue.net LSPP
|
||||||
|
|
||||||
|
/etc/cups LSPP
|
||||||
|
|
||||||
|
# With AIDE's default verbosity level of 5, these would give lots of
|
||||||
|
# warnings upon tree traversal. It might change with future version.
|
||||||
|
#
|
||||||
|
#=/lost\+found DIR
|
||||||
|
#=/home DIR
|
||||||
|
|
||||||
|
# Ditto /var/log/sa reason...
|
||||||
|
!/var/log/and-httpd
|
||||||
|
|
||||||
|
# Admins dot files constantly change, just check perms
|
||||||
|
/root/\..* PERMS
|
@ -1,9 +1,9 @@
|
|||||||
Summary: Intrusion detection environment
|
Summary: Intrusion detection environment
|
||||||
Name: aide
|
Name: aide
|
||||||
Version: 0.16
|
Version: 0.18.6
|
||||||
Release: 14%{?dist}.1
|
Release: 6%{?dist}
|
||||||
URL: http://sourceforge.net/projects/aide
|
URL: http://sourceforge.net/projects/aide
|
||||||
License: GPLv2+
|
License: GPL-2.0-or-later
|
||||||
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
|
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
|
||||||
Source1: aide.conf
|
Source1: aide.conf
|
||||||
Source2: README.quickstart
|
Source2: README.quickstart
|
||||||
@ -12,48 +12,42 @@ Source3: aide.logrotate
|
|||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: bison flex
|
BuildRequires: bison flex
|
||||||
BuildRequires: pcre-devel
|
BuildRequires: pcre2-devel
|
||||||
BuildRequires: libgpg-error-devel libgcrypt-devel
|
BuildRequires: libgpg-error-devel gnutls-devel
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
BuildRequires: libcurl-devel
|
BuildRequires: libcurl-devel
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: pkgconfig(libselinux)
|
BuildRequires: pkgconfig(libselinux)
|
||||||
BuildRequires: libattr-devel
|
BuildRequires: libattr-devel
|
||||||
BuildRequires: e2fsprogs-devel
|
BuildRequires: e2fsprogs-devel
|
||||||
Buildrequires: audit-libs-devel
|
BuildRequires: audit-libs-devel
|
||||||
|
BuildRequires: autoconf autoconf-archive
|
||||||
|
BuildRequires: automake libtool
|
||||||
|
|
||||||
Requires: libgcrypt >= 1.8.5
|
Patch1: aide-verbose.patch
|
||||||
|
Patch2: gnutls.patch
|
||||||
|
|
||||||
# Customize the database file location in the man page.
|
|
||||||
Patch1: aide-0.16rc1-man.patch
|
|
||||||
# fix aide in FIPS mode
|
|
||||||
Patch2: aide-0.16b1-fipsfix.patch
|
|
||||||
|
|
||||||
Patch3: aide-0.15-syslog-format.patch
|
|
||||||
Patch4: aide-0.16-crypto-disable-haval-and-others.patch
|
|
||||||
Patch5: coverity.patch
|
|
||||||
Patch6: aide-0.16-crash-elf.patch
|
|
||||||
|
|
||||||
# 1676487 - Null pointer dereference fix spotted by coverity
|
|
||||||
Patch7: coverity2.patch
|
|
||||||
|
|
||||||
# 2041956 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
|
|
||||||
Patch8: aide-0.16-CVE-2021-45417.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
AIDE (Advanced Intrusion Detection Environment) is a file integrity
|
AIDE (Advanced Intrusion Detection Environment) is a file integrity
|
||||||
checker and intrusion detection program.
|
checker and intrusion detection program.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1
|
|
||||||
|
|
||||||
|
%setup
|
||||||
|
#%%autosetup -p1
|
||||||
cp -a %{S:2} .
|
cp -a %{S:2} .
|
||||||
|
|
||||||
|
%patch -P 1 -p1 -b .verbose
|
||||||
|
%patch -P 2 -p1 -b .gnutls
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
autoreconf -ivf
|
||||||
%configure \
|
%configure \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--with-config_file=%{_sysconfdir}/aide.conf \
|
--with-config_file=%{_sysconfdir}/aide.conf \
|
||||||
--with-gcrypt \
|
--with-gnutls \
|
||||||
|
--without-gcrypt \
|
||||||
--with-zlib \
|
--with-zlib \
|
||||||
--with-curl \
|
--with-curl \
|
||||||
--with-posix-acl \
|
--with-posix-acl \
|
||||||
@ -61,7 +55,6 @@ cp -a %{S:2} .
|
|||||||
--with-xattr \
|
--with-xattr \
|
||||||
--with-e2fsattrs \
|
--with-e2fsattrs \
|
||||||
--with-audit
|
--with-audit
|
||||||
|
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -73,7 +66,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
|
|||||||
|
|
||||||
%files
|
%files
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc AUTHORS ChangeLog NEWS README doc/manual.html contrib/
|
%doc AUTHORS ChangeLog NEWS README contrib/
|
||||||
%doc README.quickstart
|
%doc README.quickstart
|
||||||
%{_sbindir}/aide
|
%{_sbindir}/aide
|
||||||
%{_mandir}/man1/*.1*
|
%{_mandir}/man1/*.1*
|
||||||
@ -84,57 +77,93 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
|
|||||||
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
|
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.16.14.1
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.18.6-6
|
||||||
- backported fix for CVE-2021-45417
|
- Bump release for June 2024 mass rebuild
|
||||||
resolves: rhbz#2041956
|
|
||||||
|
|
||||||
* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
|
* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.18.6-5
|
||||||
- strict require for libgcrypt
|
REDHAT 10.0 ERRATUM
|
||||||
resolves: rhbz#1852407
|
- fix verbose patch
|
||||||
|
- get rid of libgcrypt
|
||||||
|
Resolves: RHEL-36780
|
||||||
|
|
||||||
* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
|
* Mon Feb 12 2024 Radovan Sroka <rsroka@redhat.com> - 0.18.6-4
|
||||||
- RHEL 8.3
|
- rebase to 0.18.6
|
||||||
- minor edit of aide.conf to make it consistent
|
|
||||||
resolves: rhbz#1740754
|
|
||||||
|
|
||||||
* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
|
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.6-3
|
||||||
- RHEL 8.3
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
- minor edit of aide.conf
|
|
||||||
resolves: rhbz#1740754
|
|
||||||
- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
|
|
||||||
resolves: rhbz#1806323
|
|
||||||
|
|
||||||
* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
|
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.6-2
|
||||||
- rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
- minor edit of aide.conf
|
|
||||||
|
|
||||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
|
* Tue Oct 24 2023 Radovan Sroka <rsroka@redhat.com> - 0.18.6-1
|
||||||
- respin
|
- rebase to 0.18.6
|
||||||
- minor edit of aide.conf
|
|
||||||
|
|
||||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
|
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.4-3
|
||||||
- Null pointer dereference fix spotted by coverity
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
resolves: rhbz#1676487
|
|
||||||
- aide.conf needs updates for RHEL 8
|
|
||||||
resolves: rhbz#1708015
|
|
||||||
|
|
||||||
* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
|
* Wed Jun 21 2023 Radovan Sroka <rsroka@redhat.com> - 0.18.4-1
|
||||||
- fixed wrong line wrapping of messages in the syslog format
|
- aide-0.18.4 is available
|
||||||
resolves: rhbz#1628153
|
Resolves: rhbz#1910486
|
||||||
- fixed coverity issues
|
- Please port your pcre dependency to pcre2. Pcre has been deprecated
|
||||||
resolves: rhbz#1602441
|
Resolves: rhbz#2128267
|
||||||
- fixed crash when processing .dynamic section
|
|
||||||
resolves: rhbz#1597250
|
|
||||||
|
|
||||||
* Wed Aug 29 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-7
|
* Tue Jun 13 2023 Radovan Sroka <rsroka@redhat.com> - 0.16-23
|
||||||
- fixed crypto problem with libgcrypt (fips)
|
- migrated to SPDX license
|
||||||
- resolves: rhbz#1623045
|
|
||||||
|
|
||||||
* Wed Aug 22 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-6
|
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-22
|
||||||
- ported syslog format from rhel7
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
resolves: rhbz#1584136
|
|
||||||
- fixed crypto problem with libgcrypt
|
* Fri Nov 25 2022 Florian Weimer <fweimer@redhat.com> - 0.16-21
|
||||||
resolves: rhbz#1584120
|
- Apply upstream patches to port configure to C99
|
||||||
|
|
||||||
|
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-20
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-19
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-18
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-17
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-16
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-15
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> 0.16-14
|
||||||
|
- AIDE breaks when setting report_ignore_e2fsattrs
|
||||||
|
Resolves: rhbz#1850276
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-13
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 31 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-12
|
||||||
|
- backport some patches
|
||||||
|
Resolves: rhbz#1717140
|
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-11
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Feb 20 2019 Daniel Kopecek <dkopecek@redhat.com> - 0.16-10
|
||||||
|
- Fix building with curl
|
||||||
|
Resolves: rhbz#1674637
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 0.16-8
|
||||||
|
- Rebuild with fixed binutils
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.16-6
|
||||||
|
- Rebuild
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
11
ci_tests.fmf
Normal file
11
ci_tests.fmf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
/e2e:
|
||||||
|
plan:
|
||||||
|
import:
|
||||||
|
url: https://github.com/RedHat-SP-Security/aide-plans.git
|
||||||
|
name: /generic/e2e_ci
|
||||||
|
|
||||||
|
/rpmverify:
|
||||||
|
plan:
|
||||||
|
import:
|
||||||
|
url: https://github.com/RedHat-SP-Security/aide-plans.git
|
||||||
|
name: /generic/rpmverify
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
|
487
gnutls.patch
Normal file
487
gnutls.patch
Normal file
@ -0,0 +1,487 @@
|
|||||||
|
diff -up ./configure.ac.gnutls ./configure.ac
|
||||||
|
--- ./configure.ac.gnutls 2023-06-13 20:53:43.000000000 +0200
|
||||||
|
+++ ./configure.ac 2024-05-14 19:09:47.419448389 +0200
|
||||||
|
@@ -350,6 +350,10 @@ AC_MSG_CHECKING(for Mhash)
|
||||||
|
AC_ARG_WITH([mhash], AS_HELP_STRING([--with-mhash], [use Mhash (default: check)]), [with_mhash=$withval], [with_mhash=check])
|
||||||
|
AC_MSG_RESULT([$with_mhash])
|
||||||
|
|
||||||
|
+AC_MSG_CHECKING(for GnuTLS)
|
||||||
|
+AC_ARG_WITH([gnutls], AS_HELP_STRING([--with-gnutls], [use GnuTLS library (default: check)]), [with_gnutls=$withval], [with_gnutls=check])
|
||||||
|
+AC_MSG_RESULT([$with_gnutls])
|
||||||
|
+
|
||||||
|
AC_MSG_CHECKING(for GNU crypto library)
|
||||||
|
AC_ARG_WITH([gcrypt], AS_HELP_STRING([--with-gcrypt], [use GNU crypto library (default: check)]), [with_gcrypt=$withval], [with_gcrypt=check])
|
||||||
|
AC_MSG_RESULT([$with_gcrypt])
|
||||||
|
@@ -363,19 +367,29 @@ AS_IF([test x"$with_mhash" = xyes], [
|
||||||
|
)],AC_DEFINE(HAVE_MHASH_WHIRLPOOL,1,[mhash has whirlpool]))
|
||||||
|
AS_IF([test x"$with_gcrypt" = xcheck], [
|
||||||
|
with_gcrypt=no
|
||||||
|
+ with_gnutls=no
|
||||||
|
])
|
||||||
|
])
|
||||||
|
AIDE_PKG_CHECK_MODULES_OPTIONAL(gcrypt, GCRYPT, libgcrypt)
|
||||||
|
+AIDE_PKG_CHECK_MODULES_OPTIONAL(gnutls, GNUTLS, gnutls)
|
||||||
|
AS_IF([test x"$with_mhash" != xno && test x"$with_gcrypt" != xno], [
|
||||||
|
AC_MSG_ERROR([Using gcrypt together with mhash makes no sense. To disable mhash use --without-mhash])
|
||||||
|
])
|
||||||
|
-AS_IF([test x"$with_mhash" = xno && test x"$with_gcrypt" = xno], [
|
||||||
|
- AC_MSG_ERROR([AIDE requires mhash or libcrypt for hashsum calculation])
|
||||||
|
+AS_IF([test x"$with_mhash" != xno && test x"$with_gnutls" != xno], [
|
||||||
|
+ AC_MSG_ERROR([Using gnutls together with mhash makes no sense. To disable mhash use --without-mhash])
|
||||||
|
+])
|
||||||
|
+AS_IF([test x"$with_gcrypt" != xno && test x"$with_gnutls" != xno], [
|
||||||
|
+ AC_MSG_ERROR([Using gnutls together with gcrypt makes no sense. To disable gcrypt use --without-gcrypt])
|
||||||
|
+])
|
||||||
|
+AS_IF([test x"$with_mhash" = xno && test x"$with_gcrypt" = xno && test x"$with_gnutls" == xno], [
|
||||||
|
+ AC_MSG_ERROR([AIDE requires mhash, gnutls or libcrypt for hashsum calculation])
|
||||||
|
])
|
||||||
|
compoptionstring="${compoptionstring}use Mhash: $with_mhash\\n"
|
||||||
|
AM_CONDITIONAL(HAVE_MHASH, [test "x$MHASH_LIBS" != "x"])
|
||||||
|
compoptionstring="${compoptionstring}use GNU crypto library: $with_gcrypt\\n"
|
||||||
|
AM_CONDITIONAL(HAVE_GCRYPT, [test "x$GCRYPT_LIBS" != "x"])
|
||||||
|
+compoptionstring="${compoptionstring}use GnuTLS: $with_gnutls\\n"
|
||||||
|
+AM_CONDITIONAL(HAVE_GNUTLS, [test "x$GNUTLS_LIBS" != "x"])
|
||||||
|
|
||||||
|
AIDE_PKG_CHECK(audit, Linux Auditing Framework, no, AUDIT, audit)
|
||||||
|
|
||||||
|
diff -up ./doc/aide.conf.5.gnutls ./doc/aide.conf.5
|
||||||
|
--- ./doc/aide.conf.5.gnutls 2023-08-01 10:47:59.000000000 +0200
|
||||||
|
+++ ./doc/aide.conf.5 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -866,6 +866,7 @@ haval256 checksum
|
||||||
|
.TP
|
||||||
|
.B "crc32"
|
||||||
|
crc32 checksum
|
||||||
|
+(\fIlibmhash\fR and \fIlibgcrypt\fR only)
|
||||||
|
.TP
|
||||||
|
.B "crc32b"
|
||||||
|
crc32 checksum
|
||||||
|
@@ -876,14 +877,15 @@ GOST R 34.11-94 checksum
|
||||||
|
.TP
|
||||||
|
.B "whirlpool"
|
||||||
|
whirlpool checksum
|
||||||
|
+(\fIlibgcrypt\fR and \fIlibmhash\fRonly)
|
||||||
|
.TP
|
||||||
|
.B "stribog256"
|
||||||
|
GOST R 34.11-2012, 256 bit checksum
|
||||||
|
-(\fIlibgcrypt\fR only, added in AIDE v0.17)
|
||||||
|
+(\fIlibgcrypt\fR and \fIgnutls\fR only, added in AIDE v0.17)
|
||||||
|
.TP
|
||||||
|
.B "stribog512"
|
||||||
|
GOST R 34.11-2012, 512 bit checksum
|
||||||
|
-(\fIlibgcrypt\fR only, added in AIDE v0.17)
|
||||||
|
+(\fIlibgcrypt\fR and \fIgnutls\fR only, added in AIDE v0.17)
|
||||||
|
.PP
|
||||||
|
|
||||||
|
Use 'aide --version' to show which hashsums are available.
|
||||||
|
diff -up ./include/md.h.gnutls ./include/md.h
|
||||||
|
--- ./include/md.h.gnutls 2023-04-01 18:25:38.000000000 +0200
|
||||||
|
+++ ./include/md.h 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -29,6 +29,10 @@
|
||||||
|
#ifdef WITH_GCRYPT
|
||||||
|
#include <gcrypt.h>
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+#endif
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include "attributes.h"
|
||||||
|
#include "hashsum.h"
|
||||||
|
@@ -61,6 +65,10 @@ typedef struct md_container {
|
||||||
|
gcry_md_hd_t mdh;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+ gnutls_hash_hd_t gnutls_mdh[num_hashes];
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
} md_container;
|
||||||
|
|
||||||
|
typedef struct md_hashsums {
|
||||||
|
diff -up ./Makefile.am.gnutls ./Makefile.am
|
||||||
|
--- ./Makefile.am.gnutls 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
+++ ./Makefile.am 2024-05-14 19:23:09.347757387 +0200
|
||||||
|
@@ -64,17 +64,35 @@ if HAVE_CURL
|
||||||
|
aide_SOURCES += include/fopen.h src/fopen.c
|
||||||
|
endif
|
||||||
|
|
||||||
|
-aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS}
|
||||||
|
-aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS}
|
||||||
|
+aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS} ${GNUTLS_CFLAGS}
|
||||||
|
+aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GNUTLS_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS}
|
||||||
|
|
||||||
|
if HAVE_CHECK
|
||||||
|
-TESTS = check_aide
|
||||||
|
-check_PROGRAMS = check_aide
|
||||||
|
+TESTS = check_aide check_md
|
||||||
|
+check_PROGRAMS = check_aide check_md
|
||||||
|
check_aide_SOURCES = tests/check_aide.c tests/check_aide.h \
|
||||||
|
tests/check_attributes.c src/attributes.c \
|
||||||
|
src/log.c src/util.c
|
||||||
|
-check_aide_CFLAGS = -I$(top_srcdir)/include $(CHECK_CFLAGS)
|
||||||
|
-check_aide_LDADD = -lm ${PCRE2_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} $(CHECK_LIBS)
|
||||||
|
+check_aide_CFLAGS = -I$(top_srcdir)/include $(CHECK_CFLAGS) ${GNUTLS_CFLAGS}
|
||||||
|
+check_aide_LDADD = -lm ${PCRE2_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} $(CHECK_LIBS) ${GNUTLS_LIBS}
|
||||||
|
+
|
||||||
|
+check_md_SOURCES = tests/check_md.c tests/check_md.h \
|
||||||
|
+ tests/check_hashes.c \
|
||||||
|
+ src/log.c src/util.c src/md.c src/base64.c src/hashsum.c src/attributes.c
|
||||||
|
+
|
||||||
|
+check_md_CFLAGS = -I$(top_srcdir)/include \
|
||||||
|
+ $(CHECK_CFLAGS) \
|
||||||
|
+ $(GCRYPT_CFLAGS) \
|
||||||
|
+ $(GNUTLS_CFLAGS) \
|
||||||
|
+ $(MHASH_CFLAGS) \
|
||||||
|
+ $(PCRE2_CFLAGS)
|
||||||
|
+check_md_LDADD = -lm \
|
||||||
|
+ $(CHECK_LIBS) \
|
||||||
|
+ ${GCRYPT_LIBS} \
|
||||||
|
+ ${GNUTLS_LIBS} \
|
||||||
|
+ ${MHASH_LIBS} \
|
||||||
|
+ ${PCRE2_LIBS}
|
||||||
|
+
|
||||||
|
endif # HAVE_CHECK
|
||||||
|
|
||||||
|
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
|
||||||
|
diff -up ./README.gnutls ./README
|
||||||
|
--- ./README.gnutls 2023-08-01 10:47:59.000000000 +0200
|
||||||
|
+++ ./README 2024-05-14 19:09:47.419448389 +0200
|
||||||
|
@@ -132,11 +132,15 @@
|
||||||
|
o GNU make.
|
||||||
|
o pkg-config
|
||||||
|
o PCRE2 library
|
||||||
|
- o Mhash (optional, but highly recommended). Mhash is currently
|
||||||
|
- available from http://mhash.sourceforge.net/. A static version of
|
||||||
|
- libmhash needs to be build using the --enable-static=yes
|
||||||
|
- configure option.
|
||||||
|
+
|
||||||
|
+ One of the following crypto libraries:
|
||||||
|
+
|
||||||
|
+ o Mhash. Mhash is currently available from
|
||||||
|
+ http://mhash.sourceforge.net/. A static version of libmhash needs
|
||||||
|
+ to be build using the --enable-static=yes configure option.
|
||||||
|
Aide requires at least mhash version 0.9.2
|
||||||
|
+ o GNU libgcrypt
|
||||||
|
+ o GnuTLS
|
||||||
|
|
||||||
|
o libcheck (optional, needed for 'make check', license: LGPL-2.1)
|
||||||
|
|
||||||
|
diff -up ./src/aide.c.gnutls ./src/aide.c
|
||||||
|
--- ./src/aide.c.gnutls 2023-06-13 20:52:39.000000000 +0200
|
||||||
|
+++ ./src/aide.c 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -66,6 +66,9 @@ char* after = NULL;
|
||||||
|
#include <gcrypt.h>
|
||||||
|
#define NEED_LIBGCRYPT_VERSION "1.8.0"
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
static void usage(int exitvalue)
|
||||||
|
{
|
||||||
|
@@ -522,9 +525,6 @@ static void setdefaults_before_config()
|
||||||
|
DB_ATTR_TYPE common_attrs = ATTR(attr_perm)|ATTR(attr_ftype)|ATTR(attr_inode)|ATTR(attr_linkcount)|ATTR(attr_uid)|ATTR(attr_gid);
|
||||||
|
|
||||||
|
DB_ATTR_TYPE GROUP_R_HASHES=0LLU;
|
||||||
|
-#ifdef WITH_MHASH
|
||||||
|
- GROUP_R_HASHES=ATTR(attr_md5);
|
||||||
|
-#endif
|
||||||
|
#ifdef WITH_GCRYPT
|
||||||
|
if (gcry_fips_mode_active()) {
|
||||||
|
char* str;
|
||||||
|
@@ -533,6 +533,8 @@ static void setdefaults_before_config()
|
||||||
|
} else {
|
||||||
|
GROUP_R_HASHES = ATTR(attr_md5);
|
||||||
|
}
|
||||||
|
+#else /* WITH_MHASH or WITH_GNUTLS */
|
||||||
|
+ GROUP_R_HASHES=ATTR(attr_md5);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
log_msg(LOG_LEVEL_INFO, "define default groups definitions");
|
||||||
|
diff -up ./src/hashsum.c.gnutls ./src/hashsum.c
|
||||||
|
--- ./src/hashsum.c.gnutls 2023-04-01 18:25:38.000000000 +0200
|
||||||
|
+++ ./src/hashsum.c 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -29,6 +29,9 @@
|
||||||
|
#ifdef WITH_GCRYPT
|
||||||
|
#include <gcrypt.h>
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
hashsum_t hashsums[] = {
|
||||||
|
{ attr_md5, 16 },
|
||||||
|
@@ -86,6 +89,24 @@ int algorithms[] = { /* order must match
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+int algorithms[] = { /* order must match hashsums array */
|
||||||
|
+ GNUTLS_DIG_MD5,
|
||||||
|
+ GNUTLS_DIG_SHA1,
|
||||||
|
+ GNUTLS_DIG_SHA256,
|
||||||
|
+ GNUTLS_DIG_SHA512,
|
||||||
|
+ GNUTLS_DIG_RMD160,
|
||||||
|
+ -1, /* TIGER is not available */
|
||||||
|
+ -1, /* CRC32 is not available */
|
||||||
|
+ -1, /* CRC32B is not available */
|
||||||
|
+ -1, /* GCRY_MD_HAVAL is not available */
|
||||||
|
+ -1, /* WHIRLPOOL is not available */
|
||||||
|
+ -1, /* GNUTLS_DIG_GOSTR_94 gives different results than Gcrypt */
|
||||||
|
+ GNUTLS_DIG_STREEBOG_256,
|
||||||
|
+ GNUTLS_DIG_STREEBOG_512,
|
||||||
|
+};
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
DB_ATTR_TYPE get_hashes(bool include_unsupported) {
|
||||||
|
DB_ATTR_TYPE attr = 0LLU;
|
||||||
|
for (int i = 0; i < num_hashes; ++i) {
|
||||||
|
diff -up ./src/md.c.gnutls ./src/md.c
|
||||||
|
--- ./src/md.c.gnutls 2023-04-01 18:25:38.000000000 +0200
|
||||||
|
+++ ./src/md.c 2024-05-14 19:28:09.651209390 +0200
|
||||||
|
@@ -40,6 +40,11 @@
|
||||||
|
#include <gcrypt.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
Initialise md_container according its todo_attr field
|
||||||
|
*/
|
||||||
|
@@ -90,6 +95,22 @@ int init_md(struct md_container* md, con
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
|
||||||
|
+ DB_ATTR_TYPE h = ATTR(hashsums[i].attribute);
|
||||||
|
+ if (h&md->todo_attr) {
|
||||||
|
+ if(gnutls_hash_init(&(md->gnutls_mdh[i]),algorithms[i])>=0){
|
||||||
|
+ md->calc_attr|=h;
|
||||||
|
+ } else {
|
||||||
|
+ log_msg(LOG_LEVEL_WARNING,"%s: gnutls_hash_init (%s) failed for '%s'", filename, attributes[hashsums[i].attribute].db_name, filename);
|
||||||
|
+ md->todo_attr&=~h;
|
||||||
|
+ md->gnutls_mdh[i] = NULL;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ md->gnutls_mdh[i] = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
char *str;
|
||||||
|
log_msg(LOG_LEVEL_DEBUG, "%s> initialized md_container: %s (%p)", filename, str = diff_attributes(0, md->calc_attr), md);
|
||||||
|
free(str);
|
||||||
|
@@ -120,6 +141,13 @@ int update_md(struct md_container* md,vo
|
||||||
|
#ifdef WITH_GCRYPT
|
||||||
|
gcry_md_write(md->mdh, data, size);
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
|
||||||
|
+ if(md->gnutls_mdh[i] != NULL){
|
||||||
|
+ gnutls_hash(md->gnutls_mdh[i], data, size);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
return RETOK;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -163,6 +191,14 @@ int close_md(struct md_container* md, md
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_GNUTLS
|
||||||
|
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
|
||||||
|
+ if(md->gnutls_mdh[i] != NULL){
|
||||||
|
+ gnutls_hash_deinit(md->gnutls_mdh[i], hs?hs->hashsums[i]:NULL);
|
||||||
|
+ md->gnutls_mdh[i] = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif /* WITH_MHASH */
|
||||||
|
if (hs) {
|
||||||
|
hs->attrs = md->calc_attr;
|
||||||
|
}
|
||||||
|
diff -up ./tests/check_hashes.c.gnutls ./tests/check_hashes.c
|
||||||
|
--- ./tests/check_hashes.c.gnutls 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
+++ ./tests/check_hashes.c 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -0,0 +1,111 @@
|
||||||
|
+/*
|
||||||
|
+ * AIDE (Advanced Intrusion Detection Environment)
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2024 Jakub Jelen
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU General Public License as
|
||||||
|
+ * published by the Free Software Foundation; either version 2 of the
|
||||||
|
+ * License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful, but
|
||||||
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include "config.h"
|
||||||
|
+
|
||||||
|
+#include <check.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+
|
||||||
|
+#include "hashsum.h"
|
||||||
|
+#include "md.h"
|
||||||
|
+
|
||||||
|
+typedef struct {
|
||||||
|
+ const char *input;
|
||||||
|
+ ssize_t input_len;
|
||||||
|
+ md_hashsums expected;
|
||||||
|
+} diff_digests_t;
|
||||||
|
+
|
||||||
|
+static diff_digests_t diff_digests_tests[] = {
|
||||||
|
+ { "", 0, {{
|
||||||
|
+ "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e",
|
||||||
|
+ "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
|
||||||
|
+ "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55",
|
||||||
|
+ "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
|
||||||
|
+ "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31",
|
||||||
|
+ "\x24\xf0\x13\x0c\x63\xac\x93\x32\x16\x16\x6e\x76\xb1\xbb\x92\x5f\xf3\x73\xde\x2d\x49\x58\x4e\x7a",
|
||||||
|
+ "\x00\x00\x00\x00",
|
||||||
|
+ "\x00\x00\x00\x00",
|
||||||
|
+ "\x4f\x69\x38\x53\x1f\x0b\xc8\x99\x1f\x62\xda\x7b\xbd\x6f\x7d\xe3\xfa\xd4\x45\x62\xb8\xc6\xf4\xeb\xf1\x46\xd5\xb4\xe4\x6f\x7c\x17",
|
||||||
|
+ "\x19\xfa\x61\xd7\x55\x22\xa4\x66\x9b\x44\xe3\x9c\x1d\x2e\x17\x26\xc5\x30\x23\x21\x30\xd4\x07\xf8\x9a\xfe\xe0\x96\x49\x97\xf7\xa7\x3e\x83\xbe\x69\x8b\x28\x8f\xeb\xcf\x88\xe3\xe0\x3c\x4f\x07\x57\xea\x89\x64\xe5\x9b\x63\xd9\x37\x08\xb1\x38\xcc\x42\xa6\x6e\xb3",
|
||||||
|
+ "\xce\x85\xb9\x9c\xc4\x67\x52\xff\xfe\xe3\x5c\xab\x9a\x7b\x02\x78\xab\xb4\xc2\xd2\x05\x5c\xff\x68\x5a\xf4\x91\x2c\x49\x49\x0f\x8d",
|
||||||
|
+ "\x3f\x53\x9a\x21\x3e\x97\xc8\x02\xcc\x22\x9d\x47\x4c\x6a\xa3\x2a\x82\x5a\x36\x0b\x2a\x93\x3a\x94\x9f\xd9\x25\x20\x8d\x9c\xe1\xbb",
|
||||||
|
+ "\x8e\x94\x5d\xa2\x09\xaa\x86\x9f\x04\x55\x92\x85\x29\xbc\xae\x46\x79\xe9\x87\x3a\xb7\x07\xb5\x53\x15\xf5\x6c\xeb\x98\xbe\xf0\xa7\x36\x2f\x71\x55\x28\x35\x6e\xe8\x3c\xda\x5f\x2a\xac\x4c\x6a\xd2\xba\x3a\x71\x5c\x1b\xcd\x81\xcb\x8e\x9f\x90\xbf\x4c\x1c\x1a\x8a" }
|
||||||
|
+ }},
|
||||||
|
+ { "hello", 5, {{
|
||||||
|
+ "\x5d\x41\x40\x2a\xbc\x4b\x2a\x76\xb9\x71\x9d\x91\x10\x17\xc5\x92",
|
||||||
|
+ "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
|
||||||
|
+ "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24",
|
||||||
|
+ "\x9b\x71\xd2\x24\xbd\x62\xf3\x78\x5d\x96\xd4\x6a\xd3\xea\x3d\x73\x31\x9b\xfb\xc2\x89\x0c\xaa\xda\xe2\xdf\xf7\x25\x19\x67\x3c\xa7\x23\x23\xc3\xd9\x9b\xa5\xc1\x1d\x7c\x7a\xcc\x6e\x14\xb8\xc5\xda\x0c\x46\x63\x47\x5c\x2e\x5c\x3a\xde\xf4\x6f\x73\xbc\xde\xc0\x43",
|
||||||
|
+ "\x10\x8f\x07\xb8\x38\x24\x12\x61\x2c\x04\x8d\x07\xd1\x3f\x81\x41\x18\x44\x5a\xcd",
|
||||||
|
+ "\xa7\x88\x62\x33\x6f\x7f\xfd\x2c\x8a\x38\x74\xf8\x9b\x1b\x74\xf2\xf2\x7b\xdb\xca\x39\x66\x02\x54",
|
||||||
|
+#ifdef WITH_MHASH
|
||||||
|
+ "\x3d\x65\x31\x19",
|
||||||
|
+#else
|
||||||
|
+ "\x36\x10\xa6\x86",
|
||||||
|
+#endif
|
||||||
|
+ "\x86\xa6\x10\x36",
|
||||||
|
+ "\x26\x71\x8e\x4f\xb0\x55\x95\xcb\x87\x03\xa6\x72\xa8\xae\x91\xee\xa0\x71\xca\xc5\xe7\x42\x61\x73\xd4\xc2\x5a\x61\x1c\x4b\x80\x22",
|
||||||
|
+ "\x0a\x25\xf5\x5d\x73\x08\xec\xa6\xb9\x56\x7a\x7e\xd3\xbd\x1b\x46\x32\x7f\x0f\x1f\xfd\xc8\x04\xdd\x8b\xb5\xaf\x40\xe8\x8d\x78\xb8\x8d\xf0\xd0\x02\xa8\x9e\x2f\xdb\xd5\x87\x6c\x52\x3f\x1b\x67\xbc\x44\xe9\xf8\x70\x47\x59\x8e\x75\x48\x29\x8e\xa1\xc8\x1c\xfd\x73",
|
||||||
|
+ "\xa7\xeb\x5d\x08\xdd\xf2\x36\x3f\x1e\xa0\x31\x7a\x80\x3f\xce\xf8\x1d\x33\x86\x3c\x8b\x2f\x9f\x6d\x7d\x14\x95\x1d\x22\x9f\x45\x67",
|
||||||
|
+ "\x3f\xb0\x70\x0a\x41\xce\x6e\x41\x41\x3b\xa7\x64\xf9\x8b\xf2\x13\x5b\xa6\xde\xd5\x16\xbe\xa2\xfa\xe8\x42\x9c\xc5\xbd\xd4\x6d\x6d",
|
||||||
|
+ "\x8d\xf4\x14\x26\x09\x66\xbe\xb7\xb3\x4d\x92\x07\x63\x07\x9e\x15\xdf\x1f\x63\x29\x7e\xb3\xdd\x43\x11\xe8\xb5\x85\xd4\xbf\x2f\x59\x23\x21\x4f\x1d\xfe\xd3\xfd\xee\x4a\xaf\x01\x83\x30\xa1\x2a\xcd\xe0\xef\xcc\x33\x8e\xb5\x29\x22\xf3\xe5\x71\x21\x2d\x42\xc8\xde" }
|
||||||
|
+ }},
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int num_diff_digests_tests = sizeof diff_digests_tests / sizeof(diff_digests_t);
|
||||||
|
+
|
||||||
|
+START_TEST (test_diff_digests) {
|
||||||
|
+ const char *filename = "filename"; /* used only in the debug logs */
|
||||||
|
+ md_hashsums hs = {0};
|
||||||
|
+ struct md_container *mdc = calloc(1, sizeof(struct md_container));
|
||||||
|
+ mdc->todo_attr = get_hashes(false);
|
||||||
|
+
|
||||||
|
+#ifdef WITH_GCRYPT
|
||||||
|
+ gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
|
||||||
|
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ init_md(mdc, filename);
|
||||||
|
+ update_md(mdc, (void *)diff_digests_tests[_i].input, diff_digests_tests[_i].input_len);
|
||||||
|
+ close_md(mdc, &hs, filename);
|
||||||
|
+ free(mdc);
|
||||||
|
+
|
||||||
|
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
|
||||||
|
+ DB_ATTR_TYPE attr = ATTR(hashsums[i].attribute);
|
||||||
|
+ if (algorithms[i] >= 0 && hs.attrs&attr) {
|
||||||
|
+ ck_assert_mem_eq(diff_digests_tests[_i].expected.hashsums[i], hs.hashsums[i], hashsums[i].length);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+END_TEST
|
||||||
|
+
|
||||||
|
+Suite *make_md_suite(void) {
|
||||||
|
+
|
||||||
|
+ Suite *s = suite_create ("md");
|
||||||
|
+
|
||||||
|
+ TCase *tc_diff_digests = tcase_create ("diff_digests");
|
||||||
|
+
|
||||||
|
+ tcase_add_loop_test (tc_diff_digests, test_diff_digests, 0, num_diff_digests_tests);
|
||||||
|
+
|
||||||
|
+ suite_add_tcase (s, tc_diff_digests);
|
||||||
|
+
|
||||||
|
+ return s;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
diff -up ./tests/check_md.c.gnutls ./tests/check_md.c
|
||||||
|
--- ./tests/check_md.c.gnutls 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
+++ ./tests/check_md.c 2024-05-14 19:09:47.420448380 +0200
|
||||||
|
@@ -0,0 +1,36 @@
|
||||||
|
+/*
|
||||||
|
+ * AIDE (Advanced Intrusion Detection Environment)
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2024 Jakub Jelen
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU General Public License as
|
||||||
|
+ * published by the Free Software Foundation; either version 2 of the
|
||||||
|
+ * License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful, but
|
||||||
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+
|
||||||
|
+#include "check_md.h"
|
||||||
|
+
|
||||||
|
+int main (void) {
|
||||||
|
+ int number_failed;
|
||||||
|
+ SRunner *sr;
|
||||||
|
+
|
||||||
|
+ sr = srunner_create (make_md_suite());
|
||||||
|
+
|
||||||
|
+ srunner_run_all (sr, CK_NORMAL);
|
||||||
|
+ number_failed = srunner_ntests_failed (sr);
|
||||||
|
+
|
||||||
|
+ srunner_free (sr);
|
||||||
|
+ return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||||
|
+}
|
||||||
|
diff -up ./tests/check_md.h.gnutls ./tests/check_md.h
|
||||||
|
--- ./tests/check_md.h.gnutls 2024-05-14 19:09:47.421448372 +0200
|
||||||
|
+++ ./tests/check_md.h 2024-05-14 19:09:47.421448372 +0200
|
||||||
|
@@ -0,0 +1,23 @@
|
||||||
|
+/*
|
||||||
|
+ * AIDE (Advanced Intrusion Detection Environment)
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2024 Jakub Jelen
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU General Public License as
|
||||||
|
+ * published by the Free Software Foundation; either version 2 of the
|
||||||
|
+ * License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful, but
|
||||||
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <check.h>
|
||||||
|
+
|
||||||
|
+Suite *make_md_suite(void);
|
Loading…
Reference in New Issue
Block a user