Date: Tue, 4 Jan 2000 17:52:47 -0800 (PST) From: Cy.Schubert@uumail.gov.bc.ca To: FreeBSD-gnats-submit@freebsd.org Subject: ports/15894: New AIDE 0.5 Port Message-ID: <200001050152.RAA71263@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help
>Number: 15894 >Category: ports >Synopsis: New AIDE 0.5 Port >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jan 4 18:00:02 PST 2000 >Closed-Date: >Last-Modified: >Originator: Cy Schubert >Release: FreeBSD 3.4-RELEASE i386 >Organization: ITSD Province of BC >Environment: FreeBSD cwsys 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Tue Dec 21 04:39:50 PST 1999 root@:/opt2/cvs-340/src/sys/compile/CWSYS i386 >Description: Aide is a replacement and extension for Tripwire. >How-To-Repeat: N/A >Fix: Shar archive follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # aide-000104 # aide-000104/files # aide-000104/files/md5 # aide-000104/files/aide.conf.freebsd # aide-000104/pkg # aide-000104/pkg/COMMENT # aide-000104/pkg/DESCR # aide-000104/pkg/PLIST # aide-000104/Makefile # echo c - aide-000104 mkdir -p aide-000104 > /dev/null 2>&1 echo c - aide-000104/files mkdir -p aide-000104/files > /dev/null 2>&1 echo x - aide-000104/files/md5 sed 's/^X//' >aide-000104/files/md5 << 'END-of-aide-000104/files/md5' XMD5 (aide-0.5.tar.gz) = 4615593338a1d860459f44a55b484dba END-of-aide-000104/files/md5 echo x - aide-000104/files/aide.conf.freebsd sed 's/^X//' >aide-000104/files/aide.conf.freebsd << 'END-of-aide-000104/files/aide.conf.freebsd' X# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $ X# X# tripwire.config X# Generic version for FreeBSD based on Tripwire's tw.config X# Will need editing...see comments below X# X# This file contains a list of files and directories that System X# Preener will scan. Information collected from these files will be X# stored in the tripwire.database file. X# X# Format: [!|=] entry [ignore-flags] X# X# where: '!' signifies the entry is to be pruned (inclusive) from X# the list of files to be scanned. X# '=' signifies the entry is to be added, but if it is X# a directory, then all its contents are pruned X# (useful for /tmp). X# X# where: entry is the absolute pathname of a file or a directory X# X# where ignore-flags are in the format: X# [template][ [+|-][pinugsam...] ... ] X# X# - : ignore the following atributes X# + : do not ignore the following attributes X# X# p : permission and file mode bits a: access timestamp X# i : inode number m: modification timestamp X# n : number of links (ref count) c: inode creation timestamp X# u : user id of owner md5: MD5 signature X# g : group id of owner tiger: tiger signature X# s : size of file rmd160: RMD160 signature X# sha1: SHA1 signature X# X# X# Ex: The following entry will scan all the files in /etc, and report X# any changes in mode bits, inode number, reference count, uid, X# gid, modification and creation timestamp, and the signatures. X# However, it will ignore any changes in the access timestamp. X# X# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a X# X# The following templates have been pre-defined to make these long ignore X# mask descriptions unecessary. X# X# Templates: X# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a) X# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1) X# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1) X# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1) X# X# By default, Tripwire uses the R template -- it ignores X# only the access timestamp. X# X# You can use templates with modifiers, like: X# Ex: /etc/lp E+u+g X# X# Example configuration file: X# /etc R # all system files X# !/etc/lp R # ...but not those logs X# =/tmp N # just the directory, not its files X# X# Note the difference between pruning (via "!") and ignoring everything X# (via "E" template): Ignoring everything in a directory still monitors X# for added and deleted files. Pruning a directory will prevent Tripwire X# from even looking in the specified directory. X# X# X# Tripwire running slowly? Modify your tripwire.config entries to X# ignore the (signature 2) attribute when this computationally-exorbitant X# protection is not needed. (See README and design document for further X# details.) X# X Xdatabase=file:///var/log/aide/databases/aide.db Xdatabase_out=file:///var/log/aide/databases/aide.db.new X X X# First, root's traditional "home". Note that FreeBSD's root's home (/root) X# is protected by R-tiger-rmd160-sha1 protections in the default config file. X=/ L X/.rhosts R X/.profile R X/.cshrc R X/.login R X/.exrc R X/.logout R X/.forward R X X# Unix itself X/kernel R X X# /bin X/bin R-tiger-rmd160-sha1 X X# /dev X/dev L X X# /etc X/etc R-tiger-rmd160-sha1 X/etc/aliases L X/etc/dumpdates L X/etc/motd L X X# my passwd database should be static at time of system build. yours may X# not be, if not, uncomment the lines below. X X# /etc/passwd L X# /etc/master.passwd L X# /etc/pwd.db L X# /etc/spwd.db L X X# /home X=/home L-c X X# /lkm X/lkm R-tiger-rmd160-sha1 X X# /root X/root R-tiger-rmd160-sha1 X/root/.history L X X# /sbin X/sbin R-tiger-rmd160-sha1 X X# /stand X/stand R-tiger-rmd160-sha1 X X# /usr/bin X/usr/bin R-tiger-rmd160-sha1 X X/usr/include R-tiger-rmd160-sha1 X X/usr/lib R-tiger-rmd160-sha1 X X/usr/libdata R-tiger-rmd160-sha1 X X/usr/libexec R-tiger-rmd160-sha1 X X/usr/local/bin R-tiger-rmd160-sha1 X X/usr/local/etc L X X/usr/local/lib R-tiger-rmd160-sha1 X X/usr/local/libexec R-tiger-rmd160-sha1 X X/usr/local/sbin R-tiger-rmd160-sha1 X X/usr/local/share R-tiger-rmd160-sha1 X X/usr/sbin R-tiger-rmd160-sha1 X X/usr/share R-tiger-rmd160-sha1 X X########################################### END-of-aide-000104/files/aide.conf.freebsd echo c - aide-000104/pkg mkdir -p aide-000104/pkg > /dev/null 2>&1 echo x - aide-000104/pkg/COMMENT sed 's/^X//' >aide-000104/pkg/COMMENT << 'END-of-aide-000104/pkg/COMMENT' XAide is a replacement and extension for Tripwire. END-of-aide-000104/pkg/COMMENT echo x - aide-000104/pkg/DESCR sed 's/^X//' >aide-000104/pkg/DESCR << 'END-of-aide-000104/pkg/DESCR' X******************************************************************* X X Advanced Intrusion Detection Environment X X Version 0.5 X X******************************************************************* X XIntroduction X XThis piece of software was written as a replacement and extension Xfor Tripwire. Tripwire is an excellent program in itself but lacks Xsome features and is a closed product. X XCurrent Features: XMultiple integrity checking algorithms (Even more with mhash support) XAbility to output the database to stdout/file XEasy configuration through a powerful configuration file X XPlanned Features: XMultiple database retrieval backends XEncrypted databases XCompressed databases(zlib bzip2 support) XWindows NT port XEmail report XMore elaborate report options XRecurse=n XInteractive db update X XDocumentation X XDocumentation is in doc/ directory. XThe manual pages are a good place to start. XAlso see http://www.cs.tut.fi/~rammer/aide/manual.html X XRequirements X XOnce compiled aide is an independent program it does not need Xany shared libraries or other programs to function. X XCurrently AIDE requires the following software to compile. XA C-compiler (such as GCC) XGNU flex XGNU yacc XGNU make X XIf you want to use mhash support the you must have Mhash library Xversion 0.6.1 or newer installed. You can get it from Xhttp://schumann.cx/mhash/ XWith mhash support you have many more digest algorithms. X X XTo compile you have to give the following commands: Xtar zxvf aide-version.tar.gz To unpack the archive Xcd aide-version Cd to the newly created dir X./configure --help To see what configuration options are X available X./configure [some options] To configure the compilation X The options are optional. Xmake Do the actual compilation. Xmake install Install the sofware. X You do not have to do this. X You should instead put it on read-only X media or otherwise secure the binary. X XTo do development work you should have recent versions of: Xautomake Xautoconf Xautoheader X XDisclaimer X XAll trademarks are the property of their respective owners. XNo animals were harmed while making this webpage or this piece of Xsoftware. XAlthough some pizza delivery guy's feelings were hurt. X X******************************************************* XIf there is something that ought to be said here Xplease send your comments to rammer@cs.tut.fi. X******************************************************* END-of-aide-000104/pkg/DESCR echo x - aide-000104/pkg/PLIST sed 's/^X//' >aide-000104/pkg/PLIST << 'END-of-aide-000104/pkg/PLIST' Xbin/aide END-of-aide-000104/pkg/PLIST echo x - aide-000104/Makefile sed 's/^X//' >aide-000104/Makefile << 'END-of-aide-000104/Makefile' X# ex:ts=8 X# New ports collection makefile for: aide X# Version required: 0.5 X# Date created: Tue Jan 4 11:45:29 PST 2000 X# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) X# X# $FreeBSD: ports/net/rsync/Makefile,v 1.25 1999/10/12 04:57:10 obrien Exp $ X# X XDISTNAME= aide-0.5 XCATEGORIES= security XMASTER_SITES= ftp://ftp.cs.tut.fi/pub/src/gnu/ \ X http://www.cs.tut.fi/~rammer/ X XMAINTAINER= Cy.Schubert@uumail.gov.bc.ca X XGNU_CONFIGURE= yes X XCONFIGURE_ARGS+= --prefix=${PREFIX} \ X --with-mhash \ X --with-zlib \ X XCONFIGURE_ENV+= LIBS='-L/usr/lib -L/usr/local/lib -lc_r' X XLIB_DEPENDS= mhash.1:${PORTSDIR}/security/mhash XMAN1= aide.1 XMAN5= aide.conf.5 X Xpost-install: X @ ${MKDIR} -p /var/adm/aide/databases X @ ${CP} ${FILESDIR}/aide.conf.freebsd /var/adm/aide/aide.conf X @ ${ECHO} Creating aide database X @ (cd /var/adm/aide; aide --init; mv databases/aide.db.new databases/aide.db) X.if defined(AIDE_FLOPPY) && ${AIDE_FLOPPY} == YES X @ disklabel -w -B /dev/rfd0c fd1440 X @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c X @ mount /dev/fd0c /mnt X @ ${CP} ${PREFIX}/bin/aide /mnt/aide X @ ${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf X @ ${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db X @ chmod 555 /mnt/aide X @ umount /mnt X @ ${ECHO} Do not forget to remove and write-protect the floppy. X.endif X X.include <bsd.port.mk> END-of-aide-000104/Makefile exit >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001050152.RAA71263>