diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index ce1812d..266719d 100644 --- a/.gitignore +++ b/.gitignore @@ -10,14 +10,3 @@ aide-0.14.tar.gz aide-0.14.tar.gz.asc /aide-0.15.1.tar.gz /aide-0.15.1.tar.gz.asc -/aide-0.16b1.tar.gz -/aide-0.16rc1.tar.gz -/aide-0.16.tar.gz -/aide-0.18.4.tar.gz -/aide-0.18.6.tar.gz -/aide-0.18.8.tar.gz -/aide-0.18.8.tar.gz.asc -/aide-0.19.1.tar.gz -/aide-0.19.1.tar.gz.asc -/aide-0.19.2.tar.gz -/aide-0.19.2.tar.gz.asc diff --git a/aide-0.14-man.patch b/aide-0.14-man.patch new file mode 100644 index 0000000..8192636 --- /dev/null +++ b/aide-0.14-man.patch @@ -0,0 +1,15 @@ +diff -ur aide.orig/doc/aide.1.in aide/doc/aide.1.in +--- aide.orig/doc/aide.1.in 2010-02-24 13:53:49.000000000 -0500 ++++ aide/doc/aide.1.in 2010-02-24 13:57:44.000000000 -0500 +@@ -75,9 +75,9 @@ + .SH FILES + .B @sysconfdir@/aide.conf + Default aide configuration file. +-.B @sysconfdir@/aide.db ++.B @localstatedir@/lib/aide.db + Default aide database. +-.B @sysconfdir@/aide.db.new ++.B @localstatedir@/lib/aide.db.new + Default aide output database. + .SH SEE ALSO + .BR aide.conf (5) diff --git a/aide-0.15.1-fipsfix.patch b/aide-0.15.1-fipsfix.patch new file mode 100644 index 0000000..2b80c39 --- /dev/null +++ b/aide-0.15.1-fipsfix.patch @@ -0,0 +1,103 @@ +diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c +--- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100 +@@ -484,9 +484,28 @@ int main(int argc,char**argv) + #endif + umask(0177); + init_sighandler(); +- + setdefaults_before_config(); + ++#if WITH_GCRYPT ++ error(255,"Gcrypt library initialization\n"); ++ /* ++ * Initialize libgcrypt as per ++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ * ++ * ++ */ ++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); ++ gcry_control(GCRYCTL_INIT_SECMEM, 1); ++ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ++#endif /* WITH_GCRYPT */ ++ ++ + if(read_param(argc,argv)==RETFAIL){ + error(0, _("Invalid argument\n") ); + exit(INVALID_ARGUMENT_ERROR); +@@ -641,6 +660,9 @@ int main(int argc,char**argv) + } + #endif + } ++#ifdef WITH_GCRYPT ++ gcry_control(GCRYCTL_TERM_SECMEM, 0); ++#endif /* WITH_GCRYPT */ + return RETOK; + } + const char* aide_key_3=CONFHMACKEY_03; +diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c +--- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100 +@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- error(255,"Gcrypt library initialization\n"); +- if(!gcry_check_version(GCRYPT_VERSION)) { +- error(0,"libgcrypt version mismatch\n"); +- exit(VERSION_MISMATCH_ERROR); +- } +- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); +- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } +@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { + + /*. There might be more hashes in the library. Add those here.. */ + +- gcry_md_reset(md->mdh); ++ gcry_md_close(md->mdh); + #endif + + #ifdef WITH_MHASH +diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c +--- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100 +@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s) + return(AIDE_SYSLOG_FACILITY); + } + +-/* We need these dummy stubs to fool the linker into believing that +- we do not need them at link time */ +- +-void* dlopen(char*filename,int flag) +-{ +- return NULL; +-} +- +-void* dlsym(void*handle,char*symbol) +-{ +- return NULL; +-} +- +-void* dlclose(void*handle) +-{ +- return NULL; +-} +- +-const char* dlerror(void) +-{ +- return NULL; +-} +- + const char* aide_key_2=CONFHMACKEY_02; + const char* db_key_2=DBHMACKEY_02; diff --git a/aide.conf b/aide.conf index 56ba1da..cd95c01 100644 --- a/aide.conf +++ b/aide.conf @@ -4,7 +4,7 @@ @@define LOGDIR /var/log/aide # The location of the database to be read. -database_in=file:@@{DBDIR}/aide.db.gz +database=file:@@{DBDIR}/aide.db.gz # The location of the database to be written. #database_out=sql:host:port:database:login_name:passwd:table @@ -14,49 +14,19 @@ database_out=file:@@{DBDIR}/aide.db.new.gz # Whether to gzip the output to database gzip_dbout=yes -# Database attributes to include in report (H = all compiled hashsums, default) -database_attrs=H - -# Add metadata to database (version info, timestamps) -database_add_metadata=yes - -# Warn about unrestricted rules during config check (default: false) -config_check_warn_unrestricted_rules=false - -# Number of workers for parallel processing (default: 1, can use percentage) -num_workers=1 - # Default. -log_level=warning -report_level=changed_attributes - -# Report format (plain or json) -report_format=plain - -# Group files in report by added/removed/changed -report_grouped=yes - -# Summarize changes in report -report_summarize_changes=yes - -# Don't report if no differences found -report_quiet=no - -# Report encoding (base64 is default, base16 available) -report_base16=no +verbose=5 report_url=file:@@{LOGDIR}/aide.log report_url=stdout #report_url=stderr -#report_url=syslog:LOG_AUTH +#NOT IMPLEMENTED report_url=mailto:root@foo.com +#NOT IMPLEMENTED report_url=syslog:LOG_AUTH # These are the default rules. # -#ftype: file type -#fstype: file system type (Linux-only) #p: permissions -#i: inode -#l: link name (symbolic links only) +#i: inode: #n: number of links #u: user #g: group @@ -65,78 +35,55 @@ report_url=stdout #m: mtime #a: atime #c: ctime +#S: check for growing size #acl: Access Control Lists #selinux SELinux security context #xattrs: Extended file attributes -#e2fsattrs: file attributes on Linux file system -#caps: file capabilities (Linux-only) - -# Hashsums attributes (regular files only) +#md5: md5 checksum +#sha1: sha1 checksum #sha256: sha256 checksum #sha512: sha512 checksum -#sha512_256: SHA-512 checksum truncated to 256 output bits -#sha3_256: SHA3-256 checksum (modern) -#sha3_512: SHA3-512 checksum (modern) -#stribog256: GOST R 34.11-2012, 256 bit -#stribog512: GOST R 34.11-2012, 512 bit +#rmd160: rmd160 checksum +#tiger: tiger checksum -# DEPRECATED (will be removed in future versions): -#md5: md5 checksum (deprecated since v0.19) -#sha1: sha1 checksum (deprecated since v0.19) -#rmd160: rmd160 checksum (deprecated since v0.19) -#gost: gost checksum (deprecated since v0.19) +#haval: haval checksum (MHASH only) +#gost: gost checksum (MHASH only) +#crc32: crc32 checksum (MHASH only) +#whirlpool: whirlpool checksum (MHASH only) -# REMOVED in AIDE v0.19: -#S: check for growing size (use 'growing+s' instead) -#tiger: tiger checksum (removed) -#haval: haval checksum (removed) -#crc32: crc32 checksum (removed) -#crc32b: crc32b checksum (removed) -#whirlpool: whirlpool checksum (removed) +FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 -# Special attributes for advanced use cases: -#I: ignore changed filename - detects moved files by inode -#growing: ignore growing file size/timestamps for logs -#compressed: ignore compression - compares uncompressed content -#ANF: allow new files - new files ignored in report -#ARF: allow removed files - missing files ignored in report - -# Default groups in AIDE v0.19: -# R = p+ftype+i+l+n+u+g+s+m+c+sha3_256+X -# L = p+ftype+i+l+n+u+g+X -# > = Growing file p+ftype+l+u+g+i+n+s+growing+X -# H = all compiled in (and not deprecated) hashsums -# X = acl+selinux+xattrs+e2fsattrs+caps (if compiled in) -# E = Empty group -# Use 'aide --version' to list the default compound groups. +#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 +#L: p+i+n+u+g+acl+selinux+xattrs +#E: Empty group +#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs # You can create custom rules like this. -# Note: Removed deprecated/removed hashsums (tiger, haval, crc32, crc32b, whirlpool, md5, sha1, rmd160, gost) -ALLXTRAHASHES = sha256+sha512+sha512_256+sha3_256+sha3_512+stribog256+stribog512 -# Everything but access time (Ie. all changes) - updated with modern hashsums +# With MHASH... +# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 +ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger +# Everything but access time (Ie. all changes) EVERYTHING = R+ALLXTRAHASHES -# Base + sha512 (strong) -NORMAL = R+sha512-m-c +# Sane, with multiple hashes +# NORMAL = R+rmd160+sha256+whirlpool +NORMAL = FIPSR+sha512 -# Content only - added file type and strong hash -CONTENT = ftype+sha512 +# For directories, don't bother doing hashes +DIR = p+i+n+u+g+acl+selinux+xattrs -# For directories, don't bother doing hashes - added file type and link name -DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs +# Access control only +PERMS = p+i+u+g+acl+selinux -# Access control only - added file type and link name -PERMS = ftype+p+u+g+acl+selinux+xattrs +# Logfile are special, in that they often change +LOG = > -# Logfiles are special, in that they often change due to log rotation -# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes -# Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques -# Don't track: size, inodes, timestamps, checksums and some special attributes (these change frequently with log rotation) -LOG = p+ftype+u+g+n+ANF+ARF+selinux+xattrs +# Just do sha256 and sha512 hashes +LSPP = FIPSR+sha512 # Some files get updated automatically, so the inode/ctime/mtime change -# but we want to know when the data inside them changes - updated with modern hash -DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 +# but we want to know when the data inside them changes +DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 # Next decide what directories/files you want in the database. @@ -145,220 +92,124 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 /sbin NORMAL /lib NORMAL /lib64 NORMAL -# Monitor /opt selectively to avoid noise from auto-updating applications -/opt CONTENT +/opt NORMAL /usr NORMAL +/root NORMAL # These are too volatile !/usr/src !/usr/tmp -# Admins dot files constantly change, just check perms -/root/\..* PERMS -!/root/.xauth* -/root NORMAL - # Check only permissions, inode, user and group for /etc, but # cover some important files closely. +/etc PERMS !/etc/mtab # Ignore backup files !/etc/.*~ +/etc/exports NORMAL +/etc/fstab NORMAL +/etc/passwd NORMAL +/etc/group NORMAL +/etc/gshadow NORMAL +/etc/shadow NORMAL +/etc/security/opasswd NORMAL -# trusted databases -/etc/hosts$ NORMAL -/etc/host.conf$ NORMAL -/etc/hostname$ NORMAL -/etc/issue$ NORMAL -/etc/issue.net$ NORMAL -/etc/protocols$ NORMAL -/etc/services$ NORMAL -/etc/localtime$ NORMAL -/etc/alternatives NORMAL -/etc/mime.types$ NORMAL -/etc/terminfo NORMAL -/etc/exports$ NORMAL -/etc/fstab$ NORMAL -/etc/passwd$ NORMAL -/etc/group$ NORMAL -/etc/gshadow$ NORMAL -/etc/shadow$ NORMAL -/etc/subgid$ NORMAL -/etc/subuid$ NORMAL -/etc/skel NORMAL -/etc/sssd NORMAL -/etc/swid NORMAL -/etc/system-release-cpe$ NORMAL -/etc/tmux.conf$ NORMAL -/etc/xattr.conf$ NORMAL +/etc/hosts.allow NORMAL +/etc/hosts.deny NORMAL -# networking -/etc/firewalld NORMAL -!/etc/NetworkManager/system-connections -/etc/NetworkManager NORMAL -/etc/networks$ NORMAL -/etc/dhcp NORMAL -/etc/wpa_supplicant NORMAL -/etc/resolv.conf$ DATAONLY +/etc/sudoers NORMAL +/etc/skel NORMAL -# logins and accounts -/etc/login.defs$ NORMAL -/etc/libuser.conf$ NORMAL -/var/log/faillog$ PERMS -/var/log/lastlog$ PERMS -/var/run/faillock PERMS -/etc/pam.d NORMAL -/etc/security NORMAL -/etc/securetty$ NORMAL -/etc/polkit-1 NORMAL -/etc/sudo.conf$ NORMAL -/etc/sudoers$ NORMAL -/etc/sudoers.d NORMAL +/etc/logrotate.d NORMAL + +/etc/resolv.conf DATAONLY + +/etc/nscd.conf NORMAL +/etc/securetty NORMAL # Shell/X starting files -/etc/profile$ NORMAL -/etc/profile.d NORMAL -/etc/bashrc$ NORMAL -/etc/bash_completion.d NORMAL -/etc/zprofile$ NORMAL -/etc/zshrc$ NORMAL -/etc/zlogin$ NORMAL -/etc/zlogout$ NORMAL -/etc/X11 NORMAL -/etc/shells$ NORMAL +/etc/profile NORMAL +/etc/bashrc NORMAL +/etc/bash_completion.d/ NORMAL +/etc/login.defs NORMAL +/etc/zprofile NORMAL +/etc/zshrc NORMAL +/etc/zlogin NORMAL +/etc/zlogout NORMAL +/etc/profile.d/ NORMAL +/etc/X11/ NORMAL # Pkg manager -/etc/dnf NORMAL -/etc/yum.repos.d NORMAL - -# auditing -# AIDE produces an audit record, so this becomes perpetual motion. -/var/log/audit PERMS -/etc/audit NORMAL -/etc/libaudit.conf$ NORMAL -/etc/aide.conf$ NORMAL - -# System logs with proper logrotate handling -/etc/rsyslog.conf$ NORMAL -/etc/rsyslog.d NORMAL -/etc/logrotate.conf$ NORMAL -/etc/logrotate.d NORMAL -/etc/systemd/journald.conf$ NORMAL - -# Log directory -/var/log LOG -# Journal files - exclude xattrs and link count due to systemd journal's user.crtime_usec extended attribute changes and new directory creation -/var/log/journal LOG-xattrs-n - +/etc/yum.conf NORMAL +/etc/yumex.conf NORMAL +/etc/yumex.profiles.conf NORMAL +/etc/yum/ NORMAL +/etc/yum.repos.d/ NORMAL +/var/log LOG /var/run/utmp LOG - -# secrets -/etc/pkcs11 NORMAL -/etc/pki NORMAL -/etc/ssl NORMAL -/etc/certmonger NORMAL -/var/lib/systemd/random-seed$ PERMS - -# init system -/etc/systemd NORMAL -/etc/sysconfig NORMAL -/etc/rc.d NORMAL -/etc/tmpfiles.d NORMAL -/etc/machine-id$ NORMAL - -# boot config -/etc/default NORMAL -/etc/grub.d NORMAL -/etc/grub2.cfg$ NORMAL -/etc/dracut.conf$ NORMAL -/etc/dracut.conf.d NORMAL - -# glibc linker -/etc/ld.so.cache$ NORMAL -/etc/ld.so.conf$ NORMAL -/etc/ld.so.conf.d NORMAL -/etc/ld.so.preload$ NORMAL - -# kernel config -/etc/sysctl.conf$ NORMAL -/etc/sysctl.d NORMAL -/etc/modprobe.d NORMAL -/etc/modules-load.d NORMAL -/etc/depmod.d NORMAL -/etc/udev NORMAL -/etc/crypttab$ NORMAL - -#### Daemons #### - -# cron jobs -/var/spool/at CONTENT -/etc/at.allow$ CONTENT -/etc/at.deny$ CONTENT -/etc/anacrontab$ NORMAL -/etc/cron.allow$ NORMAL -/etc/cron.deny$ NORMAL -/etc/cron.d NORMAL -/etc/cron.daily NORMAL -/etc/cron.hourly NORMAL -/etc/cron.monthly NORMAL -/etc/cron.weekly NORMAL -/etc/crontab$ NORMAL -/var/spool/cron/root CONTENT - -# time keeping -/etc/chrony.conf$ NORMAL -/etc/chrony.keys$ NORMAL - -# mail -/etc/aliases$ NORMAL -/etc/aliases.db$ NORMAL -/etc/postfix NORMAL - -# ssh -/etc/ssh/sshd_config$ NORMAL -/etc/ssh/ssh_config$ NORMAL - -# stunnel -/etc/stunnel NORMAL - -# ftp -/etc/vsftpd CONTENT - -# printing -/etc/cups NORMAL -/etc/cupshelpers NORMAL -/etc/avahi NORMAL - -# web server -/etc/httpd NORMAL - -# dns -/etc/named NORMAL -/etc/named.conf$ NORMAL -/etc/named.iscdlv.key$ NORMAL -/etc/named.rfc1912.zones$ NORMAL -/etc/named.root.key$ NORMAL - -# xinetd -/etc/xinetd.conf$ NORMAL -/etc/xinetd.d NORMAL - -# IPsec -/etc/ipsec.conf$ NORMAL -/etc/ipsec.secrets$ NORMAL -/etc/ipsec.d NORMAL - -# USBGuard -/etc/usbguard NORMAL - -# Now everything else -/etc PERMS - # This gets new/removes-old filenames daily !/var/log/sa # As we are checking it, we've truncated yesterdays size to zero. !/var/log/aide.log +# LSPP rules... +# AIDE produces an audit record, so this becomes perpetual motion. +# /var/log/audit/ LSPP +/etc/audit/ LSPP +/etc/libaudit.conf LSPP +/usr/sbin/stunnel LSPP +/var/spool/at LSPP +/etc/at.allow LSPP +/etc/at.deny LSPP +/etc/cron.allow LSPP +/etc/cron.deny LSPP +/etc/cron.d/ LSPP +/etc/cron.daily/ LSPP +/etc/cron.hourly/ LSPP +/etc/cron.monthly/ LSPP +/etc/cron.weekly/ LSPP +/etc/crontab LSPP +/var/spool/cron/root LSPP + +/etc/login.defs LSPP +/etc/securetty LSPP +/var/log/faillog LSPP +/var/log/lastlog LSPP + +/etc/hosts LSPP +/etc/sysconfig LSPP + +/etc/inittab LSPP +/etc/grub/ LSPP +/etc/rc.d LSPP + +/etc/ld.so.conf LSPP + +/etc/localtime LSPP + +/etc/sysctl.conf LSPP + +/etc/modprobe.conf LSPP + +/etc/pam.d LSPP +/etc/security LSPP +/etc/aliases LSPP +/etc/postfix LSPP + +/etc/ssh/sshd_config LSPP +/etc/ssh/ssh_config LSPP + +/etc/stunnel LSPP + +/etc/vsftpd.ftpusers LSPP +/etc/vsftpd LSPP + +/etc/issue LSPP +/etc/issue.net LSPP + +/etc/cups LSPP + # With AIDE's default verbosity level of 5, these would give lots of # warnings upon tree traversal. It might change with future version. # @@ -366,7 +217,7 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 #=/home DIR # Ditto /var/log/sa reason... -!/var/log/httpd -# /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation -!/boot/grub2/grubenv +!/var/log/and-httpd +# Admins dot files constantly change, just check perms +/root/\..* PERMS diff --git a/aide.rpmlintrc b/aide.rpmlintrc deleted file mode 100644 index 67d2667..0000000 --- a/aide.rpmlintrc +++ /dev/null @@ -1,15 +0,0 @@ -# RPMlint configuration for aide package -# These warnings are expected and intentional for security reasons - -# AIDE log directory has restricted permissions (700) for security -# Log files may contain sensitive security information -addFilter("aide.* non-standard-dir-perm /var/log/aide 700") - -# AIDE configuration file has restricted permissions (600) for security -# Configuration reveals what files/directories are monitored -addFilter("aide.* non-readable /etc/aide.conf 600") - -# FSF address in COPYING file is outdated - this is an upstream issue -# The license text contains the old FSF address format -addFilter("aide.* incorrect-fsf-address /usr/share/licenses/aide/COPYING") - diff --git a/aide.spec b/aide.spec index 7b1c7a4..e11ce7f 100644 --- a/aide.spec +++ b/aide.spec @@ -1,86 +1,244 @@ -Summary: Intrusion detection environment -Name: aide -Version: 0.19.2 -Release: %autorelease -URL: https://github.com/aide/aide -License: GPL-2.0-or-later +# segfaults +%{!?_with_curl: %{!?_without_curl: %global _without_curl --without-curl}} -Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz -Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc -# gpg2 --recv-keys 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 -# gpg2 --export --export-options export-minimal 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 >gpgkey-aide.gpg -Source2: gpgkey-aide.gpg -Source3: aide.conf -Source4: README.quickstart -Source5: aide.logrotate - -BuildRequires: gcc -BuildRequires: make -BuildRequires: bison flex -BuildRequires: pcre2-devel -BuildRequires: libgpg-error-devel nettle-devel -BuildRequires: zlib-devel -BuildRequires: libcurl-devel -BuildRequires: libacl-devel -BuildRequires: pkgconfig(libselinux) -BuildRequires: libattr-devel -BuildRequires: e2fsprogs-devel -BuildRequires: audit-libs-devel -BuildRequires: autoconf automake libtool -# For verifying signatures -BuildRequires: gnupg2 -# For being able to run 'make check' -BuildRequires: check-devel - - -Requires: logrotate +Summary: Intrusion detection environment +Name: aide +Version: 0.15.1 +Release: 5%{?dist} +URL: http://sourceforge.net/projects/aide +License: GPLv2+ +Group: Applications/System +Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz +Source1: aide.conf +Source2: README.quickstart +Source3: aide.logrotate +# Customize the database file location in the man page. +Patch1: aide-0.14-man.patch +# fix aide in FIPS mode +Patch2: aide-0.15.1-fipsfix.patch +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) +BuildRequires: mktemp +BuildRequires: prelink elfutils-libelf-devel +%if 0%{?rhel} == 0 +Buildrequires: mhash-devel +%endif +Buildrequires: zlib-devel libgcrypt-devel +Buildrequires: flex bison +Buildrequires: libattr-devel e2fsprogs-devel +Buildrequires: libacl-devel libselinux-devel +Buildrequires: audit-libs-devel >= 1.2.8-2 +%if "%{?_with_curl}x" != "x" +Buildrequires: curl-devel +%endif %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. + %prep -%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p1 -cp -a %{SOURCE4} . +%setup -q +%patch1 -p1 -b .man +%patch2 -p1 -b .fipsfix %build -#autoreconf -ivf -%configure \ - --disable-static \ - --with-config_file=%{_sysconfdir}/aide.conf \ - --without-gcrypt \ - --with-nettle \ - --with-zlib \ - --with-curl \ - --with-posix-acl \ - --with-selinux \ - --with-xattr \ - --with-e2fsattrs \ - --with-audit -%make_build +%configure --with-config_file=%{_sysconfdir}/aide.conf \ + --with-zlib \ + --disable-static \ +%if 0%{?rhel} == 0 + --with-mhash \ +%endif + %{?_with_curl} %{?_without_curl} \ + --with-posix-acl \ + --with-selinux \ + --with-prelink \ + --with-xattr \ + --with-e2fsattrs \ + --with-audit + +make -%check -make check %install -%make_install bindir=%{_sbindir} -install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{SOURCE3} -install -Dpm0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/aide -mkdir -p %{buildroot}%{_localstatedir}/log/aide -mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide +rm -rf $RPM_BUILD_ROOT +make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} +install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir} +mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide +install -p %{SOURCE2} README.quickstart +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide + +%clean +rm -rf $RPM_BUILD_ROOT + %files -%license COPYING -%doc AUTHORS ChangeLog NEWS README +%defattr(0644,root,root,0755) +%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/ %doc README.quickstart -%{_sbindir}/aide -%{_mandir}/man1/*.1* -%{_mandir}/man5/*.5* +%attr(0700,root,root) %{_sbindir}/aide +%{_mandir}/man1/* +%{_mandir}/man5/* %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf %config(noreplace) %{_sysconfdir}/logrotate.d/aide %dir %attr(0700,root,root) %{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide + %changelog -%autochangelog +* Wed Feb 13 2013 Fedora Release Engineering - 0.15.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 22 2012 Daniel Kopecek - 0.15.1-4 +- added patch to fix aide in FIPS mode +- use only FIPS approved digest algorithms in aide.conf so that + aide works by default in FIPS mode + +* Wed Jul 18 2012 Fedora Release Engineering - 0.15.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jan 12 2012 Fedora Release Engineering - 0.15.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 11 2010 Steve Grubb - 0.15.1-1 +- New upstream release + +* Tue May 18 2010 Steve Grubb - 0.14-5 +- Apply 2 upstream bug fixes + +* Tue May 18 2010 Steve Grubb - 0.14-4 +- Use upstream's patch to fix bz 590566 + +* Sat May 15 2010 Steve Grubb - 0.14-3 +- Fix bz 590561 aide does not detect the change of SElinux context +- Fix bz 590566 aide reports a changed file when it has not been changed + +* Wed Apr 28 2010 Steve Grubb - 0.14-2 +- Fix bz 574764 by replacing abort calls with exit +- Apply libgcrypt init patch + +* Tue Mar 16 2010 Steve Grubb - 0.14-1 +- New upstream release final 0.14 + +* Thu Feb 25 2010 Steve Grubb - 0.14-0.4.rc3 +- New upstream release + +* Thu Feb 25 2010 Steve Grubb - 0.14-0.3.rc2 +- New upstream release + +* Tue Feb 23 2010 Steve Grubb - 0.14-0.2.rc1 +- Fix dirent detection on 64bit systems + +* Mon Feb 22 2010 Steve Grubb - 0.14-0.1.rc1 +- New upstream release + +* Fri Feb 19 2010 Steve Grubb - 0.13.1-16 +- Add logrotate script and spec file cleanups + +* Fri Dec 11 2009 Steve Grubb - 0.13.1-15 +- Get rid of .dedosify files + +* Wed Dec 09 2009 Steve Grubb - 0.13.1-14 +- Revise patch for Initialize libgcrypt correctly (#530485) + +* Sat Nov 07 2009 Steve Grubb - 0.13.1-13 +- Initialize libgcrypt correctly (#530485) + +* Fri Aug 21 2009 Tomas Mraz - 0.13.1-12 +- rebuilt with new audit + +* Wed Aug 19 2009 Steve Grubb 0.13.1-11 +- rebuild for new audit-libs +- Correct regex for root's dot files (#509370) + +* Fri Jul 24 2009 Fedora Release Engineering - 0.13.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 08 2009 Steve Grubb - 0.13.1-9 +- Make aide smarter about prelinked files (Peter Vrabec) +- Add /lib64 to default config + +* Mon Feb 23 2009 Fedora Release Engineering - 0.13.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jan 30 2009 Steve Grubb - 0.13.1-6 +- enable xattr support and update config file + +* Fri Sep 26 2008 Tom "spot" Callaway - 0.13.1-5 +- fix selcon patch to apply without fuzz + +* Fri Feb 15 2008 Steve Conklin +- rebuild for gcc4.3 + +* Tue Aug 21 2007 Michael Schwendt +- rebuilt + +* Sun Jul 22 2007 Michael Schwendt - 0.13.1-2 +- Apply Steve Conklin's patch to increase displayed portion of + selinux context. + +* Sun Dec 17 2006 Michael Schwendt - 0.13.1-1 +- Update to 0.13.1 release. + +* Sun Dec 10 2006 Michael Schwendt - 0.13-1 +- Update to 0.13 release. +- Include default aide.conf from RHEL5 as doc example file. + +* Sun Oct 29 2006 Michael Schwendt - 0.12-3.20061027cvs +- CAUTION! This changes the database format and results in a report of + false inconsistencies until an old database file is updated. +- Check out CVS 20061027 which now contains Red Hat's + acl/xattr/selinux/audit patches. +- Patches merged upstream. +- Update manual page substitutions. + +* Mon Oct 23 2006 Michael Schwendt - 0.12-2 +- Add "memory leaks and performance updates" patch as posted + to aide-devel by Steve Grubb. + +* Sat Oct 07 2006 Michael Schwendt - 0.12-1 +- Update to 0.12 release. +- now offers --disable-static, so -no-static patch is obsolete +- fill last element of getopt struct array with zeroes + +* Mon Oct 02 2006 Michael Schwendt - 0.11-3 +- rebuilt + +* Mon Sep 11 2006 Michael Schwendt - 0.11-2 +- rebuilt + +* Sun Feb 19 2006 Michael Schwendt - 0.11-1 +- Update to 0.11 release. +- useless-includes patch merged upstream. +- old Russian man pages not available anymore. +- disable static linking. + +* Fri Apr 7 2005 Michael Schwendt +- rebuilt + +* Fri Nov 28 2003 Michael Schwendt - 0:0.10-0.fdr.1 +- Update to 0.10 release. +- memleaks patch merged upstream. +- rootpath patch merged upstream. +- fstat patch not needed anymore. +- Updated URL. + +* Thu Nov 13 2003 Michael Schwendt - 0:0.10-0.fdr.0.2.cvs20031104 +- Added buildreq m4 to work around incomplete deps of bison package. + +* Tue Nov 04 2003 Michael Schwendt - 0:0.10-0.fdr.0.1.cvs20031104 +- Only tar.gz available upstream. +- byacc not needed when bison -y is available. +- Installed Russian manual pages. +- Updated with changes from CVS (2003-11-04). +- getopt patch merged upstream. +- bison-1.35 patch incorporated upstream. + +* Tue Sep 09 2003 Michael Schwendt - 0:0.9-0.fdr.0.2.20030902 +- Added fixes for further memleaks. + +* Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 +- Initial package version. + diff --git a/ci.fmf b/ci.fmf deleted file mode 100644 index a36dc28..0000000 --- a/ci.fmf +++ /dev/null @@ -1,12 +0,0 @@ -#e2e test plan -/e2e: - plan: - import: - url: https://github.com/RedHat-SP-Security/aide-plans.git - name: /generic/e2e_ci - -/rpmverify: - plan: - import: - url: https://github.com/RedHat-SP-Security/aide-plans.git - name: /generic/rpmverify diff --git a/gpgkey-aide.gpg b/gpgkey-aide.gpg deleted file mode 100644 index efb0119..0000000 Binary files a/gpgkey-aide.gpg and /dev/null differ diff --git a/sources b/sources index 0b47fd8..cea29b0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (aide-0.19.2.tar.gz) = 08506c2302e34794fa08a27caaa1e714ba736d46351c577234f2c3d2623ea82b243b3318061a369a46d6961a782f42fbb8edd42d1d4de6949e7fc30c87865830 -SHA512 (aide-0.19.2.tar.gz.asc) = ebc04f22a49ec6b378dca4930574edcd46919281297bc1d5e09f5839a6fab3a38762462b7d852a82b7045313f9c24208bfff49a561d8afd04e9116be7096169a +d0b72535ff68b93a648e4d08b0ed7f07 aide-0.15.1.tar.gz +aa8e08c35c13786b2abb3afe6e6a8024 aide-0.15.1.tar.gz.asc