From owner-freebsd-security  Wed May 31 22:51:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ares.trc.adelaide.edu.au (ares.trc.adelaide.edu.au [129.127.246.5])
	by hub.freebsd.org (Postfix) with ESMTP id 4F9AF37B93A
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 May 2000 22:51:10 -0700 (PDT)
	(envelope-from glewis@ares.trc.adelaide.edu.au)
Received: (from glewis@localhost)
	by ares.trc.adelaide.edu.au (8.9.3/8.9.3) id PAA24639;
	Thu, 1 Jun 2000 15:21:00 +0930 (CST)
	(envelope-from glewis)
From: Greg Lewis <glewis@trc.adelaide.edu.au>
Message-Id: <200006010551.PAA24639@ares.trc.adelaide.edu.au>
Subject: Re: Recommendations for alternative tripwire options
In-Reply-To: <Pine.LNX.4.21.0005312208000.32087-100000@raq.tabernae.com> from
 Robert Gash at "May 31, 2000 10:15:08 pm"
To: Robert Gash <gashalot@gashalot.com>
Date: Thu, 1 Jun 2000 15:21:00 +0930 (CST)
Cc: freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL70 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Robert Gash wrote:
> AIDE 0.7 Compile Errors:
> -----------------------------------------------------
> gcc -DHAVE_CONFIG_H -I. -I/root/aide/aide-0.7/src
> -I.. -I/usr/local/include -I/root/aide/aide-0.7/include
> -I/root/aide/aide-0.7 -I/root/aide/aide-0.7/src  -g -O2 -c db_file.c
> db_file.c: In function `db_readline_file':
> db_file.c:215: warning: dereferencing `void *' pointer
> db_file.c:215: request for member `_file' in something not a structure or
> union
> gmake[3]: *** [db_file.o] Error 1
> -----------------------------------------------------

Edit src/db_file.c and change line 215 to be:

conf->db_gzin=gzdopen(fileno((FILE *) (conf->db_in)),"rb");

and you should find that things compile.  I've had problems with the
compressed database support in aide-0.7, but uncompressed databases work
as normal.

In terms of alternatives, the recent commits regarding mtree(8) are
supposed to make it useable as a tripwire alternative, but I've no direct
experience with using it as such and I can't quite recall if the changes
made it back into 4.0-STABLE yet (I think so).  There was an article on
Daemon News <http://www.daemonnews.org> about using mtree to perform
tripwire like functions a couple of issues ago I think.  HTH.

-- 
Greg Lewis 				glewis@trc.adelaide.edu.au
Computing Officer			+61 8 8303 5083
Teletraffic Research Centre


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message