diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /app-forensics/aide |
reinit the tree, so we can have metadata
Diffstat (limited to 'app-forensics/aide')
-rw-r--r-- | app-forensics/aide/Manifest | 11 | ||||
-rw-r--r-- | app-forensics/aide/aide-0.16.ebuild | 141 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.16-add-missing-include.patch | 24 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch | 23 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch | 23 | ||||
-rw-r--r-- | app-forensics/aide/files/aide.conf | 115 | ||||
-rw-r--r-- | app-forensics/aide/files/aide.cron | 192 | ||||
-rw-r--r-- | app-forensics/aide/files/aideinit | 145 | ||||
-rw-r--r-- | app-forensics/aide/metadata.xml | 19 |
9 files changed, 693 insertions, 0 deletions
diff --git a/app-forensics/aide/Manifest b/app-forensics/aide/Manifest new file mode 100644 index 000000000000..9079b903a4bf --- /dev/null +++ b/app-forensics/aide/Manifest @@ -0,0 +1,11 @@ +AUX aide-0.16-add-missing-include.patch 512 SHA256 1d42d7568b4a46478554bf9830359542208ba27c9f04b615dec31da2ffdcd1f6 SHA512 084be3c787a19f57bf140cd809df61edfd16a8798a1344adeee0aba0f4207c1e4a9c47c4c6d7606650e20cc202747208c0f0c00c21c0b68e1b739fb9d269da68 WHIRLPOOL 6a24037fdaa4dc2b216a213c2f3380060ca216cc9d705fc3e2c0b4c92f3f5ea9bff3e6e4a51ed8109608004ca037a07d9b973745cf4b58cf1a9a5e1263598071 +AUX aide-0.16-fix-LIBS-LDFLAGS-mixing.patch 874 SHA256 2ee350938116bc25a5cd8539035e0dd06323cb7cb51c3e93f3c1d72f0d7d6c08 SHA512 930967c1c7be54d10beb26e4281083a0f7cf500a5f161cf2af6c0a7b377e9bce092942a3a88c6cbb080e3eab500ec8a7bec1ff295f774ef70146240837961a8f WHIRLPOOL 8c4f20abf6d4b589b7f35a17329c111a58fa60ba1926ddc5a621369d17b1ad04a1781091f623489a0fa61ac9a206f631f602bd8040278e001b1c7fa6084df2a1 +AUX aide-0.16-fix-acl-configure-option.patch 728 SHA256 4a9c34863299028f952ee0a118c6b6cca59273e1217682471fcab8f60e2f0f1e SHA512 65b93cd01ebfe6696e35872bc012126794e5e1e5756c2ce041d9a914722806f6079274b0fbb64bc795488f530c33106deba204ee2982a5a8d485b7cd88382497 WHIRLPOOL 9918813e797fbe4d3b2de999c0b68f8da83ce0723af8e262e7e4eecebc72e55dd512e1e115512c29d5b8255a16a4558d83702e9d7e5b1a3d16e5933a192e2dc7 +AUX aide.conf 2713 SHA256 093c6397a4e26ab24127684eb8f9bb223ee5f2c2f9720e54c8ad8b425d52ba49 SHA512 cf6c17ab40b0bf9a0fb21ce015c6c35a8f7a595fdeb7d67e793424ed5243660a56cb33c1169038f4b116463cb055a48232f33db8ed497181be4e084449632b28 WHIRLPOOL 6526447bb7037dcf6e21b9bde649aa38f25590103e9546e323d246758ff332663996309c01727a3edd88214ef047d9b88d1bea4acbeb54f5cbd948b716162228 +AUX aide.cron 5997 SHA256 f4874c85d808c9f1726421c5f1146c4aa6a6bf831f61962c8265d5e7272f4558 SHA512 0931c1b9185e0b9a563c3589858b0ba20716344f29d6d1fc7226498f3c744af1d3c3fd72824f101f9b3e08710f443c9fdad312e28c0bcb93665d1dcb076f4b47 WHIRLPOOL 0eab354620d184c947076db26c6f83ca7ef13eb77b8f41603b26864c7644b6a96b4a23090b156e7c8680e736b2beffb2038030af51c497a5cc853daede92f1db +AUX aideinit 2949 SHA256 1b4a01b8f50eb0b9217df55686ccd103ea92fca3892fe3a6a0364f83cae3548f SHA512 a6bce52432251458b977fb363d5801206c273fb9404c55f7bcb82b9d5a65aa19d1660d61d457c9af87f1a8fada95e2f8203489b1876b2b2a259e6374e15cdc57 WHIRLPOOL ef6237e12ed06c0a121ce96d5e0d4f4aea339f70907c2e4091cab988969a489a961bfbdd61cbcf6c2e7f90936d8cac39ea04e5fc8a75ac9e35c9608f443992c0 +DIST aide-0.16.tar.gz 391009 SHA256 a81c53a131c4fd130b169b3a26ac35386a2f6e1e014f12807524cc273ed97345 SHA512 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7 WHIRLPOOL d9ecba06d8367ed2ef622ee6b3ccf6a0ed37bad52548063c5c153bd31b856ed8a3379e6057cc1d4aebd29473ded71e9190c8c17dbeaa65eec3365be1d43d5f46 +EBUILD aide-0.16.ebuild 3664 SHA256 b5502339c66ad5f3d3cc62ce4f9e3439ebe8a81ee75aa6dfa11c8326c46284a9 SHA512 703646999c5c5d4826bb71da4ba0c1f60d6877b3a58d024396b1c2795b9cabf1c537a47b6c0492350f136785684e2e848d37ed087087ee4042b9ec8c9f00c552 WHIRLPOOL 3d8945386ae80b4f06febfb2a63454fec0b0593f1cb0688e32fe372f00f90a61a6cd1443c673e26c9932f818b8d2e17a87360c246ca8e690d96218f426596757 +MISC ChangeLog 3787 SHA256 1941d2d94157d549e77bfa9e4fe2fdf11b98366be2932faba96f2d0775dbc80d SHA512 41f9be7269af6ff34f30147cd59efcdca69a5d765513034c88d895590b51d5de529b059851253aa1b2005cd18f8581b3aee6341df38edb7c394fda21fc362745 WHIRLPOOL 0097cc928acf07a30a180cafe2825a89847995cac4e67afc7ed4491b660e08f5092d55cf9d1b36eece8ffb5270cf084da43e2774e983a4297989f5b253c5bb12 +MISC ChangeLog-2015 12383 SHA256 211a2bd2eb42e132c16d3557996ad9298bf5e8fe99991bbdc51d25d44f61b362 SHA512 38af0d8fdd593f30b1f47b3f4051451f5db42f3b4cc9d104482aed79fb0ef2cf1b748c7bedf95b8f0e814ac65e3ff7291e19b1251daf074b7f3956e8a01a4884 WHIRLPOOL 899403ca9ff993d1c1ae8faa2ce5d830f88fcb000d4db7874d020b311154db5960b7d424fb7ed1123f119ae623d9020de76faf80bae70ba69264a9cef1a56c84 +MISC metadata.xml 631 SHA256 edbabddc6d1e2ec3e2cdf7ff08a956eaafc489e2fd9e56e9de8c0dd65a25134c SHA512 9f6eb547a55e72d2b75d3145282127abfdc737c68526995e628b98f2dd7930732eff9dbc492ddd4425e4090e8449a89c585b563618415d05dee6777273c5d4f6 WHIRLPOOL 0c8f6878559cb9412e64bc82f13ef0f761d579367aac102e9aa2071c1ef810900217fd392e3a738a2639bf1409e194c8c909c4ebf97b1b4affa6bb2565b4498f diff --git a/app-forensics/aide/aide-0.16.ebuild b/app-forensics/aide/aide-0.16.ebuild new file mode 100644 index 000000000000..cebc5fea7321 --- /dev/null +++ b/app-forensics/aide/aide-0.16.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools readme.gentoo-r1 + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="acl audit curl e2fs mhash postgres prelink selinux static xattr zlib" + +COMMON_DEPEND=" + !mhash? ( + dev-libs/libgcrypt:0= + dev-libs/libgpg-error + ) + mhash? ( app-crypt/mhash ) + dev-libs/libpcre + acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + e2fs? ( sys-fs/e2fsprogs ) + postgres? ( dev-db/postgresql:= ) + prelink? ( dev-libs/elfutils ) + selinux? ( sys-libs/libselinux ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib ) +" +RDEPEND=" + !static? ( ${COMMON_DEPEND} ) + prelink? ( sys-devel/prelink ) + selinux? ( sec-policy/selinux-aide ) +" +DEPEND="${COMMON_DEPEND} + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + static? ( + !mhash? ( + dev-libs/libgcrypt:0[static-libs] + dev-libs/libgpg-error[static-libs] + ) + mhash? ( app-crypt/mhash[static-libs] ) + dev-libs/libpcre[static-libs] + acl? ( virtual/acl[static-libs] ) + e2fs? ( sys-fs/e2fsprogs[static-libs] ) + prelink? ( dev-libs/elfutils[static-libs] ) + selinux? ( sys-libs/libselinux[static-libs] ) + xattr? ( sys-apps/attr[static-libs] ) + zlib? ( sys-libs/zlib[static-libs] ) + ) +" + +REQUIRED_USE=" + postgres? ( !mhash ) + static? ( !audit !curl !postgres ) +" + +HTML_DOCS=( doc/manual.html ) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'. +Please edit it to meet your needs. Refer to aide.conf(5) manual page +for more information. + +A helper script, aideinit, was installed and can be used to make AIDE +management easier. Please run 'aideinit --help' for more information. +" + +PATCHES=( + "${FILESDIR}/${P}-add-missing-include.patch" + "${FILESDIR}/${P}-fix-LIBS-LDFLAGS-mixing.patch" + "${FILESDIR}/${P}-fix-acl-configure-option.patch" +) + +src_prepare() { + default_src_prepare + sed -i -e 's| -Werror||g' configure.ac || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + --sysconfdir="${EPREFIX}/etc/${PN}" + --with-confighmactype="sha512" # Override default weak MD5 hash. + --with-dbhmackey="sha512" # Override default weak MD5 hash. + # Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/ + # This doesn't affect anything because there are no localizations yet. + --without-locale + $(use_enable static) + $(use_with zlib) + $(use_with curl) + $(use_with acl posix-acl) + $(use_with selinux) + $(use_with prelink prelink "${EPREFIX}/usr/sbin/prelink") + $(use_with xattr) + $(use_with e2fs e2fsattrs) + $(use_with mhash mhash) + $(use_with !mhash gcrypt) + $(use_with postgres psql) + $(use_with audit) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default_src_install + readme.gentoo_create_doc + + insinto /etc/${PN} + doins "${FILESDIR}"/aide.conf + + dosbin "${FILESDIR}"/aideinit + dodoc "${FILESDIR}"/aide.cron + + keepdir /var/{lib,log}/${PN} +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use postgres; then + elog + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "in your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/files/aide-0.16-add-missing-include.patch b/app-forensics/aide/files/aide-0.16-add-missing-include.patch new file mode 100644 index 000000000000..75f0403c968e --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-add-missing-include.patch @@ -0,0 +1,24 @@ +commit 1cbb888d55388d6bb88141c946bd6993b3e9872f +Author: Ilya Tumaykin <itumaykin@gmail.com> +Date: Tue May 23 17:24:29 2017 +0300 + +db: add missing include + +url_fclose() function used in this file is defined in fopen.h. +See https://sourceforge.net/p/aide/bugs/99/ + +diff --git a/src/db.c b/src/db.c +index dd133d4..858240d 100644 +--- a/src/db.c ++++ b/src/db.c +@@ -28,6 +28,10 @@ + #include "db_disk.h" + #include "md.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch b/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch new file mode 100644 index 000000000000..453abe5f1eae --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch @@ -0,0 +1,23 @@ +commit 6da37687ba7cf259ac19cae2e1c16115b6848143 +Author: Ilya Tumaykin <itumaykin@gmail.com> +Date: Thu May 25 13:34:55 2017 +0300 + +build: fix incorrect LIBS/LDFLAGS mixing + +Otherwise build with LDFLAGS='-Wl,--as-needed' and curl support fails. +See https://bugs.gentoo.org/show_bug.cgi?id=271326 +and https://sourceforge.net/p/aide/bugs/96/ + +diff --git a/configure.ac b/configure.ac +index 3598ebe..0c5cb0c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -713,7 +713,7 @@ if test x$with_curl = xyes; then + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS" ++ LIBS="$LIBS $CURL_LIBS" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) diff --git a/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch new file mode 100644 index 000000000000..a989e379039c --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch @@ -0,0 +1,23 @@ +commit 3d9746bccbb50809e4c3de90ab5145a17af39aeb +Author: Ilya Tumaykin <itumaykin@gmail.com> +Date: Thu May 25 14:38:02 2017 +0300 + +build: respect user choice for posix-acl configure option + +Otherwise acl support is enabled automagically, which is bad. +See https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Automagic_dependencies +and https://sourceforge.net/p/aide/bugs/97/ + +diff --git a/configure.ac b/configure.ac +index 3598ebe..c45bbee 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -450,7 +450,7 @@ AC_MSG_CHECKING(for posix-acl-support) + AC_ARG_WITH([posix-acl], + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], +- [], ++ [with_posix_acl_support="$withval"], + [with_posix_acl_support=no] + ) + diff --git a/app-forensics/aide/files/aide.conf b/app-forensics/aide/files/aide.conf new file mode 100644 index 000000000000..cef1813db9f8 --- /dev/null +++ b/app-forensics/aide/files/aide.conf @@ -0,0 +1,115 @@ +# AIDE conf + +database=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Here are all the things we can check - these are the default rules +# +#p: permissions +#i: inode +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#md5: md5 checksum +#sha1: sha1 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum +#R: p+i+n+u+g+s+m+c+md5 +#L: p+i+n+u+g +#E: Empty group +#>: Growing logfile p+u+g+i+n+S +#haval: haval checksum +#gost: gost checksum +#crc32: crc32 checksum + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha1 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha1 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha1 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib Binlib +/usr/lib Binlib +/usr/local/lib Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L diff --git a/app-forensics/aide/files/aide.cron b/app-forensics/aide/files/aide.cron new file mode 100644 index 000000000000..c28b78f8e9db --- /dev/null +++ b/app-forensics/aide/files/aide.cron @@ -0,0 +1,192 @@ +#!/bin/bash +# Modified: Benjamin Smee +# Date: Fri Sep 10 11:35:41 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Set this to suppress mailings when there's nothing to report +QUIETREPORTS=1 + +# This parameter defines which aide command to run from the cron script. +# Sensible values are "update" and "check". +# Default is "check", ensuring backwards compatibility. +# Since "update" does not take any longer, it is recommended to use "update", +# so that a new database is created every day. The new database needs to be +# manually copied over the current one, though. +COMMAND=update + +# This parameter defines how many lines to return per e-mail. Output longer +# than this value will be truncated in the e-mail sent out. +LINES=1000 + +# This parameter gives a grep regular expression. If given, all output lines +# that _don't_ match the regexp are listed first in the script's output. This +# allows to easily remove noise from the aide report. +NOISE="(/var/cache/|/var/lib/|/var/tmp)" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +LOGDIR="/var/log/aide" +LOGFILE="aide.log" +CONFFILE="/etc/aide/aide.conf" +ERRORLOG="aide_error.log" +MAILLOG="aide_mail.log" +ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` + +[ -f /usr/bin/aide ] || exit 0 + +DATABASE=`grep "^database=file:/" $CONFFILE | head -n 1 | cut --delimiter=: --fields=2` +FQDN=`hostname -f` +DATE=`date +"at %Y-%m-%d %H:%M"` + +# default values + +DATABASE="${DATABASE:-/var/lib/aide/aide.db}" + +AIDEARGS="-V4" + +if [ ! -f $DATABASE ]; then + /usr/sbin/sendmail $MAILTO <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +Fatal error: The AIDE database does not exist! +This may mean you haven't created it, or it may mean that someone has removed it. +EOF + exit 0 +fi + +# Removed so no deps on debianutils - strerror +#[ -f "$LOGDIR/$LOGFILE" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null +#[ -f "$LOGDIR/$ERRORLOG" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null + +aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" +RETVAL=$? + +if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then + # Bail now because there was no output and QUIETREPORTS is set + exit 0 +fi + +MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` + +(cat << EOF +This is an automated report generated by the Advanced Intrusion Detection +Environment on $FQDN ${DATE}. + +EOF + +# include error log in daily report e-mail + +if [ "$RETVAL" != "0" ]; then + cat > "$LOGDIR/$ERRORLOG" << EOF + +***************************************************************************** +* aide returned a non-zero exit value * +***************************************************************************** + +EOF + echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" +else + touch "$LOGDIR/$ERRORLOG" +fi +< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" +rm -f "$ERRORTMP" + +if [ -s "$LOGDIR/$ERRORLOG" ]; then + errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` + if [ ${errorlines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned many errors. * +* the error log output has been truncated in this mail * +**************************************************************************** + +EOF + echo "Error output is $errorlines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$ERRORLOG" + echo "The full output can be found in $LOGDIR/$ERRORLOG." + else + echo "Errors produced ($errorlines lines):" + cat "$LOGDIR/$ERRORLOG" + fi +else + echo "AIDE produced no errors." +fi + +# include de-noised log + +if [ -n "$NOISE" ]; then + NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` + NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` + sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ + grep '^\(changed\|removed\|added\):' | \ + grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 + + if [ -n "$NOISE" ]; then + < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP + rm -f $NOISETMP2 + echo "De-Noised output removes everything matching $NOISE." + else + mv $NOISETMP2 $NOISETMP + echo "No noise expression was given." + fi + + if [ -s "$NOISETMP" ]; then + loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "De-Noised output is $loglines lines, truncated to $LINES." + < $NOISETMP head -$LINES + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "De-Noised output of the daily AIDE run ($loglines lines):" + cat $NOISETMP + fi + else + echo "AIDE detected no changes after removing noise." + fi + rm -f $NOISETMP + echo "============================================================================" +fi + +# include non-de-noised log + +if [ -s "$LOGDIR/$LOGFILE" ]; then + loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "Output is $loglines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$LOGFILE" + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "Output of the daily AIDE run ($loglines lines):" + cat "$LOGDIR/$LOGFILE" + fi +else + echo "AIDE detected no changes." +fi +) > ${MAILTMP} + +( +cat <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +EOF +cat ${MAILTMP} +) | /usr/sbin/sendmail $MAILTO + +rm -f "$MAILTMP" diff --git a/app-forensics/aide/files/aideinit b/app-forensics/aide/files/aideinit new file mode 100644 index 000000000000..6a3c60c37837 --- /dev/null +++ b/app-forensics/aide/files/aideinit @@ -0,0 +1,145 @@ +#!/bin/sh +# Copyright 2003 Mike Markley <mike@markley.org> +# This script is free for any purpose whatseoever so long as the above +# copyright notice remains in place. +# +# Modified for Gentoo: Benjamin Smee +# Date: Fri Sep 10 11:36:04 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Defaults +#MAILTO="${MAILTO:-root}" + +# Options +opt_f=0 +opt_y=0 +opt_c=0 +opt_b=0 +config="/etc/aide/aide.conf" + +aideinit_usage() { + echo "Usage: $0 [options] -- [aide options]" + echo " -y|--yes Overwrite output file" + echo " -f|--force Force overwrite of database" + echo " -c|--config Specify alternate config file" + echo " -o|--output Specify alternate output file" + echo " -d|--database Specify alternate database file" + echo " -b|--background Run in the background" +} + +while [ -n "$1" ]; do + case "$1" in + -h|--help) + aideinit_usage + exit 0 + ;; + -f|--force) + opt_f=1 + shift + ;; + -y|--yes) + opt_y=1 + shift + ;; + -b|--background) + opt_b=1 + shift + ;; + -o|--output) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + outfile=$1 + shift + ;; + -d|--database) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + dbfile=$1 + shift + ;; + -c|--config) + opt_c=1 + shift + [ -z "$1" ] && aideinit_usage && exit 1 + config=$1 + shift + ;; + --) + shift + break 2 + ;; + *) + echo "Unknown option $1 (use -- to delimit aideinit and aide options)" + exit + ;; + esac +done + +if [ ! -f "$config" ]; then + echo "$0: $config: file not found" + exit 1 +fi + +if [ -z "$outfile" ]; then + outfile=`egrep "database_out=file:" $config | cut -d: -f2` + [ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new" +fi +if [ -z "$dbfile" ]; then + dbfile=`egrep "database=file:" $config | cut -d: -f2` + [ -z "$dbfile" ] && dbfile="/var/lib/aide/aide.db" +fi + +if [ -f $outfile ]; then + if [ $opt_y -eq 0 ]; then + echo -n "Overwrite existing $outfile [Yn]? " + read yn + case "$yn" in + [Nn]*) + exit 0 + ;; + esac + fi +fi + +extraflags="" + +if [ $opt_c -eq 1 ]; then + extraflags="$extraflags --config $config" +fi + +if [ $opt_b -eq 1 ]; then + (aide --init $extraflags $@ >/var/log/aide/aideinit.log 2>/var/log/aide/aideinit.errors + if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo "$dbfile exists and -f was not specified" >> /var/log/aide/aideinit.errors + fi + lines=`wc -l /var/log/aide/aideinit.errors | awk '{ print $1 }'` + if [ "$lines" -gt 0 ]; then + (echo "AIDE init errors:"; cat /var/log/aide/aideinit.errors) | /bin/mail -s "AIDE initialization problem" $MAILTO + else + cp -f $outfile $dbfile + fi) & + exit 0 +fi + +echo "Running aide --init..." +aide --init $extraflags $@ + +return=$? +if [ $return -ne 0 ]; then + echo "Something didn't quite go right; see $outfile for details" >&2 + exit $return +fi + +if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo -n "Overwrite $dbfile [yN]? " + read yn + case "$yn" in + [yY]*) + cp -f $outfile $dbfile + ;; + esac +else + cp -f $outfile $dbfile +fi diff --git a/app-forensics/aide/metadata.xml b/app-forensics/aide/metadata.xml new file mode 100644 index 000000000000..a03a8cb8d7a2 --- /dev/null +++ b/app-forensics/aide/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>itumaykin+gentoo@gmail.com</email> + <name>Coacher</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="e2fs">Enable support for checking file attributes on ext2/ext3/ext4 filesystems</flag> + <flag name="prelink">Bypass prelinking when calculating checksums</flag> + </use> + <upstream> + <remote-id type="sourceforge">aide</remote-id> + </upstream> +</pkgmetadata> |