Date: Fri, 14 Jul 2000 07:18:31 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: sada@FreeBSD.org Cc: Cy.Schubert@uumail.gov.bc.ca, freebsd-ports@FreeBSD.org, Will Andrews <andrews@technologist.com> Subject: Re: ports/15894: new port: security/aide Message-ID: <200007141418.e6EEIcn08530@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 10 Jul 2000 08:23:40 PDT." <200007101523.IAA89450@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Enclosed is a completely new aide 0.7 port. I am submitting patches to the mhash port to support this port. This new aide will not compile without the new mhash port. # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # aide # aide/files # aide/files/aide.conf.freebsd # aide/files/md5 # aide/pkg # aide/pkg/COMMENT # aide/pkg/DESCR # aide/pkg/PLIST # aide/Makefile # aide/patches # aide/patches/patch-aa # echo c - aide mkdir -p aide > /dev/null 2>&1 echo c - aide/files mkdir -p aide/files > /dev/null 2>&1 echo x - aide/files/aide.conf.freebsd sed 's/^X//' >aide/files/aide.conf.freebsd << 'END-of-aide/files/aide.co nf.freebsd' X# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $ X# X# tripwire.config X# Generic version for FreeBSD based on Tripwire's tw.config X# Will need editing...see comments below X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tripwire.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam...] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner md5: MD5 signature X# g : group id of owner tiger: tiger signature X# s : size of file rmd160: RMD160 signature X# sha1: SHA1 signature X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: X# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a) X# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1) X# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1) X# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+u+g X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbita nt X# protection is not needed. (See README and design document for further X# details.) X# X Xdatabase=file:///var/log/aide/databases/aide.db Xdatabase_out=file:///var/log/aide/databases/aide.db.new X X X# First, root's traditional "home". Note that FreeBSD's root's home (/root) X# is protected by R-tiger-rmd160-sha1 protections in the default config file. X=/ L X/.rhosts R X/.profile R X/.cshrc R X/.login R X/.exrc R X/.logout R X/.forward R X X# Unix itself X/kernel R X X# /bin X/bin R-tiger-rmd160-sha1 X X# /dev X/dev L X X# /etc X/etc R-tiger-rmd160-sha1 X/etc/aliases L X/etc/dumpdates L X/etc/motd L X X# my passwd database should be static at time of system build. yours may X# not be, if not, uncomment the lines below. X X# /etc/passwd L X# /etc/master.passwd L X# /etc/pwd.db L X# /etc/spwd.db L X X# /home X=/home L-c X X# /lkm X/lkm R-tiger-rmd160-sha1 X X# /root X/root R-tiger-rmd160-sha1 X/root/.history L X X# /sbin X/sbin R-tiger-rmd160-sha1 X X# /stand X/stand R-tiger-rmd160-sha1 X X# /usr/bin X/usr/bin R-tiger-rmd160-sha1 X X/usr/include R-tiger-rmd160-sha1 X X/usr/lib R-tiger-rmd160-sha1 X X/usr/libdata R-tiger-rmd160-sha1 X X/usr/libexec R-tiger-rmd160-sha1 X X/usr/local/bin R-tiger-rmd160-sha1 X X/usr/local/etc L X X/usr/local/lib R-tiger-rmd160-sha1 X X/usr/local/libexec R-tiger-rmd160-sha1 X X/usr/local/sbin R-tiger-rmd160-sha1 X X/usr/local/share R-tiger-rmd160-sha1 X X/usr/sbin R-tiger-rmd160-sha1 X X/usr/share R-tiger-rmd160-sha1 X X########################################### END-of-aide/files/aide.conf.freebsd echo x - aide/files/md5 sed 's/^X//' >aide/files/md5 << 'END-of-aide/files/md5' XMD5 (aide-0.7.tar.gz) = 0b2ed9eb3b608a19418800b87f5be848 END-of-aide/files/md5 echo c - aide/pkg mkdir -p aide/pkg > /dev/null 2>&1 echo x - aide/pkg/COMMENT sed 's/^X//' >aide/pkg/COMMENT << 'END-of-aide/pkg/COMMENT' XAide is a replacement and extension for Tripwire. END-of-aide/pkg/COMMENT echo x - aide/pkg/DESCR sed 's/^X//' >aide/pkg/DESCR << 'END-of-aide/pkg/DESCR' X******************************************************************* X X Advanced Intrusion Detection Environment X X Version 0.5 X X******************************************************************* X XIntroduction X XThis piece of software was written as a replacement and extension Xfor Tripwire. Tripwire is an excellent program in itself but lacks Xsome features and is a closed product. X XCurrent Features: XMultiple integrity checking algorithms (Even more with mhash support) XAbility to output the database to stdout/file XEasy configuration through a powerful configuration file X XPlanned Features: XMultiple database retrieval backends XEncrypted databases XCompressed databases(zlib bzip2 support) XWindows NT port XEmail report XMore elaborate report options XRecurse=n XInteractive db update X XDocumentation X XDocumentation is in doc/ directory. XThe manual pages are a good place to start. XAlso see http://www.cs.tut.fi/~rammer/aide/manual.html X XRequirements X XOnce compiled aide is an independent program it does not need Xany shared libraries or other programs to function. X XCurrently AIDE requires the following software to compile. XA C-compiler (such as GCC) XGNU flex XGNU yacc XGNU make X XIf you want to use mhash support the you must have Mhash library Xversion 0.6.1 or newer installed. You can get it from Xhttp://schumann.cx/mhash/ XWith mhash support you have many more digest algorithms. X X XTo compile you have to give the following commands: Xtar zxvf aide-version.tar.gz To unpack the archive Xcd aide-version Cd to the newly created dir X./configure --help To see what configuration options are X available X./configure [some options] To configure the compilation X The options are optional. Xmake Do the actual compilation. Xmake install Install the sofware. X You do not have to do this. X You should instead put it on read-only X media or otherwise secure the binary. X XTo do development work you should have recent versions of: Xautomake Xautoconf Xautoheader X XDisclaimer X XAll trademarks are the property of their respective owners. XNo animals were harmed while making this webpage or this piece of Xsoftware. XAlthough some pizza delivery guy's feelings were hurt. X X******************************************************* XIf there is something that ought to be said here Xplease send your comments to rammer@cs.tut.fi. X******************************************************* END-of-aide/pkg/DESCR echo x - aide/pkg/PLIST sed 's/^X//' >aide/pkg/PLIST << 'END-of-aide/pkg/PLIST' Xbin/aide Xetc/aide.conf END-of-aide/pkg/PLIST echo x - aide/Makefile sed 's/^X//' >aide/Makefile << 'END-of-aide/Makefile' X# ex:ts=8 X# New ports collection makefile for: aide X# Version required: 0.5 X# Date created: Tue Jan 4 11:45:29 PST 2000 X# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) X# X# $FreeBSD: ports/net/rsync/Makefile,v 1.25 1999/10/12 04:57:10 obrien Exp $ X# X XPORTNAME= aide XPORTVERSION= 0.7 XCATEGORIES= security XMASTER_SITES= http://www.cs.tut.fi/~rammer/ \ X ftp://ftp.cs.tut.fi/pub/src/gnu/ X XMAINTAINER= Cy.Schubert@uumail.gov.bc.ca X XGNU_CONFIGURE= yes X XCONFIGURE_ARGS+= --prefix=${PREFIX} \ X --with-mhash \ X --with-zlib \ X --with-config_file=/var/adm/aide/aide.conf X XCONFIGURE_ENV+= LIBS='-L/usr/lib -L/usr/local/lib -lc_r' X XLIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash XMAN1= aide.1 XMAN5= aide.conf.5 X Xpost-install: X @ ${MKDIR} -p /var/adm/aide/databases X @ ${CP} ${FILESDIR}/aide.conf.freebsd /var/adm/aide/aide.conf X @ ${ECHO} Creating aide database X @ (cd /var/adm/aide; aide --init; mv databases/aide.db.new databases/aide.db) X.if defined(AIDE_FLOPPY) && ${AIDE_FLOPPY} == YES X @ disklabel -w -B /dev/rfd0c fd1440 X @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c X @ mount /dev/fd0c /mnt X @ ${CP} ${PREFIX}/bin/aide /mnt/aide X @ ${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf X @ ${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db X @ chmod 555 /mnt/aide X @ umount /mnt X @ ${ECHO} Do not forget to remove and write-protect the floppy. X.endif X X.include <bsd.port.mk> END-of-aide/Makefile echo c - aide/patches mkdir -p aide/patches > /dev/null 2>&1 echo x - aide/patches/patch-aa sed 's/^X//' >aide/patches/patch-aa << 'END-of-aide/patches/patch-aa' X--- src/db_file.c.orig Thu Apr 20 05:44:56 2000 X+++ src/db_file.c Thu Jul 13 07:39:36 2000 X@@ -212,7 +212,7 @@ X if((retval=fork())==0){ X /* The child process */ X close(pipefd[0]); X- conf->db_gzin=gzdopen(fileno(conf->db_in),"rb"); X+ conf->db_gzin=gzdopen(fileno((FILE *)conf->db_in),"rb"); X /* WARNING This causes weird problems. Don't do it. X fclose(conf->db_in); X */ END-of-aide/patches/patch-aa exit Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <200007101523.IAA89450@freefall.freebsd.org>, sada@FreeBSD.org write s: > Synopsis: new port: security/aide > > State-Changed-From-To: open->analyzed > State-Changed-By: sada > State-Changed-When: Mon Jul 10 08:19:26 PDT 2000 > State-Changed-Why: > Could you shoten pkg/DESCR ? > Also portlint points out some more to be fixed. > Please look the porter's handbook: > <http://www.freebsd.org/porters-handbook/>; > > http://www.freebsd.org/cgi/query-pr.cgi?pr=15894 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007141418.e6EEIcn08530>