gentoo resync : 20.03.2022

4 files changed, 386 insertions, 0 deletions

diff --git a/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch
index a989e379039c..b860b39d73ee 100644
--- a/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch
+++ b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch
@@ -1,3 +1,5 @@
+Fixes upstream in master but not 0.17.x.
+
 commit 3d9746bccbb50809e4c3de90ab5145a17af39aeb
 Author: Ilya Tumaykin <itumaykin@gmail.com>
 Date:   Thu May 25 14:38:02 2017 +0300
diff --git a/app-forensics/aide/files/aide-0.17.4-bashism.patch b/app-forensics/aide/files/aide-0.17.4-bashism.patch
new file mode 100644
index 000000000000..e25463dbf772
--- /dev/null
+++ b/app-forensics/aide/files/aide-0.17.4-bashism.patch
@@ -0,0 +1,60 @@
+Fixed upstream, so backport to 0.17.4 of
+https://github.com/aide/aide/commit/5161886c49060228811eee6da319844ef62dff6d
+https://github.com/aide/aide/commit/007eb4f32e8874ce457b4f15d9789c2a9d61731b
+
+Fixed in master but not 0.17.x.
+--- a/configure.ac
++++ b/configure.ac
+@@ -329,7 +329,7 @@ fi
+ AC_CHECK_HEADERS(syslog.h inttypes.h fcntl.h ctype.h)
+ 
+ PCRELIB="-lpcre"
+-if test "$aide_static_choice" == "yes"; then
++if test "$aide_static_choice" = "yes"; then
+     PCRELIB="$PCRELIB -pthread"
+ fi
+ AC_CHECK_LIB(pcre, pcre_exec, [
+@@ -426,14 +426,14 @@ AS_IF([test "x$with_selinux_support" != xno],
+     AC_DEFINE(WITH_SELINUX,1,[use SELinux])
+     [AC_MSG_RESULT(yes)
+     if test "x$PKG_CONFIG" != xno && $PKG_CONFIG --exists libselinux; then
+-        if test "$aide_static_choice" == "yes"; then
++        if test "$aide_static_choice" = "yes"; then
+             SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static)
+         else
+             SELINUXLIB=$(${PKG_CONFIG} --libs libselinux)
+         fi
+     else
+     SELINUXLIB="-lselinux"
+-    if test "$aide_static_choice" == "yes"; then
++    if test "$aide_static_choice" = "yes"; then
+         saveLIBS=$LIBS
+         LIBS="-static $SELINUXLIB"
+         AC_SEARCH_LIBS([lgetfilecon_raw], [], [], [SELINUXLIB="$SELINUXLIB -lpthread"])
+@@ -555,7 +555,7 @@ AC_ARG_ENABLE([default_db],
+     [do not set default values for database_in and database_out config options]),
+     [enable_default_db=$enableval],[enable_default_db=yes])
+ 
+-if test "$enable_default_db" == "yes"; then
++if test "$enable_default_db" = "yes"; then
+ 
+ if test "x$sysconfdir" != x'${prefix}/etc'; then
+ 	evalled_sysconfdir=`eval echo "$sysconfdir"`
+@@ -592,7 +592,7 @@ AC_ARG_WITH([curl],
+   [use curl library for http, https and ftp database backend (default: no)]),
+  [with_curl=$withval], [with_curl=no])
+ AS_IF([test "x$with_curl" = "xyes"], [
+-       if test "$aide_static_choice" == "yes"; then
++       if test "$aide_static_choice" = "yes"; then
+            PKG_CHECK_MODULES_STATIC(CURL, [libcurl], , [AC_MSG_RESULT([libcurl not found by pkg-config - Try --without-curl or add directory containing libcurl.pc to PKG_CONFIG_PATH environment variable])])
+         else
+            PKG_CHECK_MODULES(CURL, [libcurl], , [AC_MSG_RESULT([libcurl not found by pkg-config - Try --without-curl or add directory containing libcurl.pc to PKG_CONFIG_PATH environment variable])])
+@@ -671,7 +671,7 @@ AS_IF([test "x$with_audit" != xno],
+ 		AC_MSG_ERROR(You don't have libaudit properly installed. Install it if you need it.)
+ 	)
+ 	AUDITLIB="-laudit"
+-	if test "$aide_static_choice" == "yes"; then
++	if test "$aide_static_choice" = "yes"; then
+ 		saveLIBS=$LIBS
+ 		LIBS="-static $AUDITLIB"
+ 		AC_CHECK_LIB([audit], [audit_log_user_message], [], [
diff --git a/app-forensics/aide/files/aide.conf-r2 b/app-forensics/aide/files/aide.conf-r2
new file mode 100644
index 000000000000..4bce675f7da3
--- /dev/null
+++ b/app-forensics/aide/files/aide.conf-r2
@@ -0,0 +1,136 @@
+# Example configuration file for AIDE
+# See more: man 5 aide.conf
+
+database_in=file:/var/lib/aide/aide.db
+database_out=file:/var/lib/aide/aide.db.new
+
+# Change this to "no" or remove it to not gzip output
+# (only useful on systems with few CPU cycles to spare)
+gzip_dbout=yes
+
+# Default: warning
+#log_level=info
+
+# Default: changed_attributes
+#report_level=added_removed_attributes
+
+report_url=file:/var/log/aide/aide.log
+report_url=stdout
+#report_url=stderr
+
+# Here are all the things we can check - these are the default rules
+#
+# p:   permissions
+# ftype: file type
+# i:   inode
+# l:   link name
+# n:   number of links
+# u:   user
+# g:   group
+# s:   size
+# b:   block count
+# m:   mtime (modification time)
+# a:   atime (access time)
+# c:   ctime (change time)
+# S:   check for growing size
+# I:   ignore changed filename
+# ANF: allow new files
+# ARF: allow removed files
+# md5: md5 checksum
+# sha1: sha1 checksum
+# sha256: sha256 checksum
+# sha512: sha512 checksum
+# rmd160: rmd160 checksum
+# tiger: tiger checksum
+# crc32:    crc32 checksum
+# R:   p+ftype+i+l+n+u+g+s+m+c+md5+X
+# L:   p+ftype+i+l+n+u+g+X
+# E:   Empty group
+# X:   acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled)
+# >:   Growing file p+ftype+l+u+g+i+n+S+X
+
+# Defines formerly set here have been moved to /etc/default/aide.
+
+# Custom rules
+Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
+ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
+Logs = p+i+n+u+g+S
+Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160
+Databases = p+n+u+g
+StaticDir = p+i+n+u+g
+ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
+
+# Next decide what directories/files you want in the database
+
+# Kernel, system map, etc.
+=/boot$ Binlib
+# Configs
+/etc ConfFiles
+!/etc/mtab
+# Binaries
+/bin Binlib
+/sbin Binlib
+/usr/bin Binlib
+/usr/sbin Binlib
+/usr/libexec Binlib
+/usr/local/bin Binlib
+/usr/local/sbin Binlib
+#/usr/games Binlib
+# Libraries
+/lib(64)? Binlib
+/usr/lib(64)? Binlib
+/usr/local/lib(64)? Binlib
+# Log files
+=/var/log$ StaticDir
+#!/var/log/ksymoops
+/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
+/var/log/aide/error.log(.[0-9])?(.gz)? Databases
+#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
+!/var/log/aide
+/var/log Logs
+# Devices
+!/dev/pts
+# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr,
+# you may uncomment this to get rid of them. They're harmless but sometimes
+# annoying.
+#!/dev/cpu/mtrr
+#!/dev/xconsole
+/dev Devices
+# Other miscellaneous files
+/var/run$ StaticDir
+!/var/run
+# Test only the directory when dealing with /proc
+/proc$ StaticDir
+!/proc
+
+# You can look through these examples to get further ideas
+
+# MD5 sum files - especially useful with debsums -g
+#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1
+
+# Check crontabs
+#/var/spool/anacron/cron.daily Databases
+#/var/spool/anacron/cron.monthly Databases
+#/var/spool/anacron/cron.weekly Databases
+#/var/spool/cron Databases
+#/var/spool/cron/crontabs Databases
+
+# manpages can be trojaned, especially depending on *roff implementation
+#/usr/man ManPages
+#/usr/share/man ManPages
+#/usr/local/man ManPages
+
+# docs
+#/usr/doc ManPages
+#/usr/share/doc ManPages
+
+# check users' home directories
+#/home Binlib
+
+# check sources for modifications
+#/usr/src L
+#/usr/local/src L
+
+# Check headers for same
+#/usr/include L
+#/usr/local/include L
diff --git a/app-forensics/aide/files/aide.cron-r2 b/app-forensics/aide/files/aide.cron-r2
new file mode 100644
index 000000000000..b8a78ba2a856
--- /dev/null
+++ b/app-forensics/aide/files/aide.cron-r2
@@ -0,0 +1,188 @@
+#!/bin/bash
+# Modified: Benjamin Smee
+# Date: Fri Sep 10 11:35:41 BST 2004
+
+# This is the email address reports get mailed to
+MAILTO=root@localhost
+
+# Set this to suppress mailings when there's nothing to report
+QUIETREPORTS=1
+
+# This parameter defines which aide command to run from the cron script.
+# Sensible values are "update" and "check".
+# Default is "check", ensuring backwards compatibility.
+# Since "update" does not take any longer, it is recommended to use "update",
+# so that a new database is created every day. The new database needs to be
+# manually copied over the current one, though.
+COMMAND=update
+
+# This parameter defines how many lines to return per e-mail. Output longer
+# than this value will be truncated in the e-mail sent out.
+LINES=1000
+
+# This parameter gives a grep regular expression. If given, all output lines
+# that _don't_ match the regexp are listed first in the script's output. This
+# allows to easily remove noise from the aide report.
+NOISE="(/var/cache/|/var/lib/|/var/tmp)"
+PATH="/bin:/usr/bin:/sbin:/usr/sbin"
+LOGDIR="/var/log/aide"
+LOGFILE="aide.log"
+CONFFILE="/etc/aide/aide.conf"
+ERRORLOG="aide_error.log"
+MAILLOG="aide_mail.log"
+ERRORTMP=$(mktemp "${ERRORLOG}.XXXXXX")
+
+[ -f /usr/bin/aide ] || exit 0
+
+DATABASE=$(grep "^database=file:/" $CONFFILE | head -n 1 | cut --delimiter=: --fields=2)
+FQDN=$(hostname -f)
+DATE=$(date +"at %Y-%m-%d %H:%M")
+
+# default values
+
+DATABASE="${DATABASE:-/var/lib/aide/aide.db}"
+
+AIDEARGS=""
+
+if [ ! -f "$DATABASE" ]; then
+	/usr/sbin/sendmail $MAILTO <<EOF
+Subject: Daily AIDE report for $FQDN
+From: root@${FQDN}
+To: ${MAILTO}
+Fatal error: The AIDE database does not exist!
+This may mean you haven't created it, or it may mean that someone has removed it.
+EOF
+	exit 0
+fi
+
+aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP"
+RETVAL=$?
+
+if [ -n "$QUIETREPORTS" ] && ! [ -s "$LOGDIR/$LOGFILE" ] && ! [ -s "$ERRORTMP" ] ; then
+	# Bail now because there was no output and QUIETREPORTS is set
+	exit 0
+fi
+
+MAILTMP=$(mktemp "${MAILLOG}.XXXXXX")
+
+(cat << EOF
+This is an automated report generated by the Advanced Intrusion Detection
+Environment on $FQDN ${DATE}.
+
+EOF
+
+# include error log in daily report e-mail
+
+if [ "$RETVAL" != "0" ]; then
+	cat > "$LOGDIR/$ERRORLOG" << EOF
+
+*****************************************************************************
+*                    aide returned a non-zero exit value                    *
+*****************************************************************************
+
+EOF
+	echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG"
+else
+	touch "$LOGDIR/$ERRORLOG"
+fi
+< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG"
+rm -f "$ERRORTMP"
+
+if [ -s "$LOGDIR/$ERRORLOG" ]; then
+	errorlines=$(wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }')
+	if [ "${errorlines:=0}" -gt $LINES ]; then
+		cat << EOF
+
+****************************************************************************
+*                      aide has returned many errors.                      *
+*           the error log output has been truncated in this mail           *
+****************************************************************************
+
+EOF
+		echo "Error output is $errorlines lines, truncated to $LINES."
+		head -$LINES "$LOGDIR/$ERRORLOG"
+		echo "The full output can be found in $LOGDIR/$ERRORLOG."
+	else
+		echo "Errors produced  ($errorlines lines):"
+		cat "$LOGDIR/$ERRORLOG"
+	fi
+else
+	echo "AIDE produced no errors."
+fi
+
+# include de-noised log
+
+if [ -n "$NOISE" ]; then
+	NOISETMP=$(mktemp "aidenoise.XXXXXX")
+	NOISETMP2=$(mktemp "aidenoise.XXXXXX")
+	sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \
+	grep '^\(changed\|removed\|added\):' | \
+	grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > "$NOISETMP2"
+
+	if [ -n "$NOISE" ]; then
+		< "$NOISETMP2" grep -v "^\(changed\|removed\|added\):$NOISE" > "$NOISETMP"
+		rm -f "$NOISETMP2"
+		echo "De-Noised output removes everything matching $NOISE."
+	else
+		mv "$NOISETMP2" "$NOISETMP"
+		echo "No noise expression was given."
+	fi
+
+	if [ -s "$NOISETMP" ]; then
+		loglines=$(< "$NOISETMP" wc -l | awk '{ print $1 }')
+		if [ "${loglines:=0}" -gt $LINES ]; then
+			cat << EOF
+
+****************************************************************************
+*   aide has returned long output which has been truncated in this mail    *
+****************************************************************************
+
+EOF
+			echo "De-Noised output is $loglines lines, truncated to $LINES."
+			< "$NOISETMP" head -$LINES
+			echo "The full output can be found in $LOGDIR/$LOGFILE."
+		else
+			echo "De-Noised output of the daily AIDE run ($loglines lines):"
+			cat "$NOISETMP"
+		fi
+	else
+		echo "AIDE detected no changes after removing noise."
+	fi
+	rm -f "$NOISETMP"
+	echo "============================================================================"
+fi
+
+# include non-de-noised log
+
+if [ -s "$LOGDIR/$LOGFILE" ]; then
+	loglines=$(wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }')
+	if [ "${loglines:=0}" -gt $LINES ]; then
+		cat << EOF
+
+****************************************************************************
+*   aide has returned long output which has been truncated in this mail    *
+****************************************************************************
+
+EOF
+		echo "Output is $loglines lines, truncated to $LINES."
+		head -$LINES "$LOGDIR/$LOGFILE"
+		echo "The full output can be found in $LOGDIR/$LOGFILE."
+	else
+		echo "Output of the daily AIDE run ($loglines lines):"
+		cat "$LOGDIR/$LOGFILE"
+	fi
+else
+	echo "AIDE detected no changes."
+fi
+) > "${MAILTMP}"
+
+(
+cat <<EOF
+Subject: Daily AIDE report for $FQDN
+From: root@${FQDN}
+To: ${MAILTO}
+EOF
+cat "${MAILTMP}"
+) | /usr/sbin/sendmail $MAILTO
+
+rm -f "$MAILTMP"