diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 266719d..ce1812d 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,14 @@ aide-0.14.tar.gz aide-0.14.tar.gz.asc /aide-0.15.1.tar.gz /aide-0.15.1.tar.gz.asc +/aide-0.16b1.tar.gz +/aide-0.16rc1.tar.gz +/aide-0.16.tar.gz +/aide-0.18.4.tar.gz +/aide-0.18.6.tar.gz +/aide-0.18.8.tar.gz +/aide-0.18.8.tar.gz.asc +/aide-0.19.1.tar.gz +/aide-0.19.1.tar.gz.asc +/aide-0.19.2.tar.gz +/aide-0.19.2.tar.gz.asc diff --git a/aide-0.14-man.patch b/aide-0.14-man.patch deleted file mode 100644 index 8192636..0000000 --- a/aide-0.14-man.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur aide.orig/doc/aide.1.in aide/doc/aide.1.in ---- aide.orig/doc/aide.1.in 2010-02-24 13:53:49.000000000 -0500 -+++ aide/doc/aide.1.in 2010-02-24 13:57:44.000000000 -0500 -@@ -75,9 +75,9 @@ - .SH FILES - .B @sysconfdir@/aide.conf - Default aide configuration file. --.B @sysconfdir@/aide.db -+.B @localstatedir@/lib/aide.db - Default aide database. --.B @sysconfdir@/aide.db.new -+.B @localstatedir@/lib/aide.db.new - Default aide output database. - .SH SEE ALSO - .BR aide.conf (5) diff --git a/aide-0.15.1-fipsfix.patch b/aide-0.15.1-fipsfix.patch deleted file mode 100644 index 2b80c39..0000000 --- a/aide-0.15.1-fipsfix.patch +++ /dev/null @@ -1,103 +0,0 @@ -diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c ---- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100 -@@ -484,9 +484,28 @@ int main(int argc,char**argv) - #endif - umask(0177); - init_sighandler(); -- - setdefaults_before_config(); - -+#if WITH_GCRYPT -+ error(255,"Gcrypt library initialization\n"); -+ /* -+ * Initialize libgcrypt as per -+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html -+ * -+ * -+ */ -+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); -+ gcry_control(GCRYCTL_INIT_SECMEM, 1); -+ -+ if(!gcry_check_version(GCRYPT_VERSION)) { -+ error(0,"libgcrypt version mismatch\n"); -+ exit(VERSION_MISMATCH_ERROR); -+ } -+ -+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -+#endif /* WITH_GCRYPT */ -+ -+ - if(read_param(argc,argv)==RETFAIL){ - error(0, _("Invalid argument\n") ); - exit(INVALID_ARGUMENT_ERROR); -@@ -641,6 +660,9 @@ int main(int argc,char**argv) - } - #endif - } -+#ifdef WITH_GCRYPT -+ gcry_control(GCRYCTL_TERM_SECMEM, 0); -+#endif /* WITH_GCRYPT */ - return RETOK; - } - const char* aide_key_3=CONFHMACKEY_03; -diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c ---- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100 -@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { - } - #endif - #ifdef WITH_GCRYPT -- error(255,"Gcrypt library initialization\n"); -- if(!gcry_check_version(GCRYPT_VERSION)) { -- error(0,"libgcrypt version mismatch\n"); -- exit(VERSION_MISMATCH_ERROR); -- } -- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); -- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ -+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ - error(0,"gcrypt_md_open failed\n"); - exit(IO_ERROR); - } -@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { - - /*. There might be more hashes in the library. Add those here.. */ - -- gcry_md_reset(md->mdh); -+ gcry_md_close(md->mdh); - #endif - - #ifdef WITH_MHASH -diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c ---- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100 -@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s) - return(AIDE_SYSLOG_FACILITY); - } - --/* We need these dummy stubs to fool the linker into believing that -- we do not need them at link time */ -- --void* dlopen(char*filename,int flag) --{ -- return NULL; --} -- --void* dlsym(void*handle,char*symbol) --{ -- return NULL; --} -- --void* dlclose(void*handle) --{ -- return NULL; --} -- --const char* dlerror(void) --{ -- return NULL; --} -- - const char* aide_key_2=CONFHMACKEY_02; - const char* db_key_2=DBHMACKEY_02; diff --git a/aide.conf b/aide.conf index cd95c01..56ba1da 100644 --- a/aide.conf +++ b/aide.conf @@ -4,7 +4,7 @@ @@define LOGDIR /var/log/aide # The location of the database to be read. -database=file:@@{DBDIR}/aide.db.gz +database_in=file:@@{DBDIR}/aide.db.gz # The location of the database to be written. #database_out=sql:host:port:database:login_name:passwd:table @@ -14,19 +14,49 @@ database_out=file:@@{DBDIR}/aide.db.new.gz # Whether to gzip the output to database gzip_dbout=yes +# Database attributes to include in report (H = all compiled hashsums, default) +database_attrs=H + +# Add metadata to database (version info, timestamps) +database_add_metadata=yes + +# Warn about unrestricted rules during config check (default: false) +config_check_warn_unrestricted_rules=false + +# Number of workers for parallel processing (default: 1, can use percentage) +num_workers=1 + # Default. -verbose=5 +log_level=warning +report_level=changed_attributes + +# Report format (plain or json) +report_format=plain + +# Group files in report by added/removed/changed +report_grouped=yes + +# Summarize changes in report +report_summarize_changes=yes + +# Don't report if no differences found +report_quiet=no + +# Report encoding (base64 is default, base16 available) +report_base16=no report_url=file:@@{LOGDIR}/aide.log report_url=stdout #report_url=stderr -#NOT IMPLEMENTED report_url=mailto:root@foo.com -#NOT IMPLEMENTED report_url=syslog:LOG_AUTH +#report_url=syslog:LOG_AUTH # These are the default rules. # +#ftype: file type +#fstype: file system type (Linux-only) #p: permissions -#i: inode: +#i: inode +#l: link name (symbolic links only) #n: number of links #u: user #g: group @@ -35,55 +65,78 @@ report_url=stdout #m: mtime #a: atime #c: ctime -#S: check for growing size #acl: Access Control Lists #selinux SELinux security context #xattrs: Extended file attributes -#md5: md5 checksum -#sha1: sha1 checksum +#e2fsattrs: file attributes on Linux file system +#caps: file capabilities (Linux-only) + +# Hashsums attributes (regular files only) #sha256: sha256 checksum #sha512: sha512 checksum -#rmd160: rmd160 checksum -#tiger: tiger checksum +#sha512_256: SHA-512 checksum truncated to 256 output bits +#sha3_256: SHA3-256 checksum (modern) +#sha3_512: SHA3-512 checksum (modern) +#stribog256: GOST R 34.11-2012, 256 bit +#stribog512: GOST R 34.11-2012, 512 bit -#haval: haval checksum (MHASH only) -#gost: gost checksum (MHASH only) -#crc32: crc32 checksum (MHASH only) -#whirlpool: whirlpool checksum (MHASH only) +# DEPRECATED (will be removed in future versions): +#md5: md5 checksum (deprecated since v0.19) +#sha1: sha1 checksum (deprecated since v0.19) +#rmd160: rmd160 checksum (deprecated since v0.19) +#gost: gost checksum (deprecated since v0.19) -FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 +# REMOVED in AIDE v0.19: +#S: check for growing size (use 'growing+s' instead) +#tiger: tiger checksum (removed) +#haval: haval checksum (removed) +#crc32: crc32 checksum (removed) +#crc32b: crc32b checksum (removed) +#whirlpool: whirlpool checksum (removed) -#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 -#L: p+i+n+u+g+acl+selinux+xattrs -#E: Empty group -#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs +# Special attributes for advanced use cases: +#I: ignore changed filename - detects moved files by inode +#growing: ignore growing file size/timestamps for logs +#compressed: ignore compression - compares uncompressed content +#ANF: allow new files - new files ignored in report +#ARF: allow removed files - missing files ignored in report + +# Default groups in AIDE v0.19: +# R = p+ftype+i+l+n+u+g+s+m+c+sha3_256+X +# L = p+ftype+i+l+n+u+g+X +# > = Growing file p+ftype+l+u+g+i+n+s+growing+X +# H = all compiled in (and not deprecated) hashsums +# X = acl+selinux+xattrs+e2fsattrs+caps (if compiled in) +# E = Empty group +# Use 'aide --version' to list the default compound groups. # You can create custom rules like this. -# With MHASH... -# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 -ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger -# Everything but access time (Ie. all changes) +# Note: Removed deprecated/removed hashsums (tiger, haval, crc32, crc32b, whirlpool, md5, sha1, rmd160, gost) +ALLXTRAHASHES = sha256+sha512+sha512_256+sha3_256+sha3_512+stribog256+stribog512 +# Everything but access time (Ie. all changes) - updated with modern hashsums EVERYTHING = R+ALLXTRAHASHES -# Sane, with multiple hashes -# NORMAL = R+rmd160+sha256+whirlpool -NORMAL = FIPSR+sha512 +# Base + sha512 (strong) +NORMAL = R+sha512-m-c -# For directories, don't bother doing hashes -DIR = p+i+n+u+g+acl+selinux+xattrs +# Content only - added file type and strong hash +CONTENT = ftype+sha512 -# Access control only -PERMS = p+i+u+g+acl+selinux +# For directories, don't bother doing hashes - added file type and link name +DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs -# Logfile are special, in that they often change -LOG = > +# Access control only - added file type and link name +PERMS = ftype+p+u+g+acl+selinux+xattrs -# Just do sha256 and sha512 hashes -LSPP = FIPSR+sha512 +# Logfiles are special, in that they often change due to log rotation +# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes +# Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques +# Don't track: size, inodes, timestamps, checksums and some special attributes (these change frequently with log rotation) +LOG = p+ftype+u+g+n+ANF+ARF+selinux+xattrs # Some files get updated automatically, so the inode/ctime/mtime change -# but we want to know when the data inside them changes -DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 +# but we want to know when the data inside them changes - updated with modern hash +DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Next decide what directories/files you want in the database. @@ -92,124 +145,220 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 /sbin NORMAL /lib NORMAL /lib64 NORMAL -/opt NORMAL +# Monitor /opt selectively to avoid noise from auto-updating applications +/opt CONTENT /usr NORMAL -/root NORMAL # These are too volatile !/usr/src !/usr/tmp +# Admins dot files constantly change, just check perms +/root/\..* PERMS +!/root/.xauth* +/root NORMAL + # Check only permissions, inode, user and group for /etc, but # cover some important files closely. -/etc PERMS !/etc/mtab # Ignore backup files !/etc/.*~ -/etc/exports NORMAL -/etc/fstab NORMAL -/etc/passwd NORMAL -/etc/group NORMAL -/etc/gshadow NORMAL -/etc/shadow NORMAL -/etc/security/opasswd NORMAL -/etc/hosts.allow NORMAL -/etc/hosts.deny NORMAL +# trusted databases +/etc/hosts$ NORMAL +/etc/host.conf$ NORMAL +/etc/hostname$ NORMAL +/etc/issue$ NORMAL +/etc/issue.net$ NORMAL +/etc/protocols$ NORMAL +/etc/services$ NORMAL +/etc/localtime$ NORMAL +/etc/alternatives NORMAL +/etc/mime.types$ NORMAL +/etc/terminfo NORMAL +/etc/exports$ NORMAL +/etc/fstab$ NORMAL +/etc/passwd$ NORMAL +/etc/group$ NORMAL +/etc/gshadow$ NORMAL +/etc/shadow$ NORMAL +/etc/subgid$ NORMAL +/etc/subuid$ NORMAL +/etc/skel NORMAL +/etc/sssd NORMAL +/etc/swid NORMAL +/etc/system-release-cpe$ NORMAL +/etc/tmux.conf$ NORMAL +/etc/xattr.conf$ NORMAL -/etc/sudoers NORMAL -/etc/skel NORMAL +# networking +/etc/firewalld NORMAL +!/etc/NetworkManager/system-connections +/etc/NetworkManager NORMAL +/etc/networks$ NORMAL +/etc/dhcp NORMAL +/etc/wpa_supplicant NORMAL +/etc/resolv.conf$ DATAONLY -/etc/logrotate.d NORMAL - -/etc/resolv.conf DATAONLY - -/etc/nscd.conf NORMAL -/etc/securetty NORMAL +# logins and accounts +/etc/login.defs$ NORMAL +/etc/libuser.conf$ NORMAL +/var/log/faillog$ PERMS +/var/log/lastlog$ PERMS +/var/run/faillock PERMS +/etc/pam.d NORMAL +/etc/security NORMAL +/etc/securetty$ NORMAL +/etc/polkit-1 NORMAL +/etc/sudo.conf$ NORMAL +/etc/sudoers$ NORMAL +/etc/sudoers.d NORMAL # Shell/X starting files -/etc/profile NORMAL -/etc/bashrc NORMAL -/etc/bash_completion.d/ NORMAL -/etc/login.defs NORMAL -/etc/zprofile NORMAL -/etc/zshrc NORMAL -/etc/zlogin NORMAL -/etc/zlogout NORMAL -/etc/profile.d/ NORMAL -/etc/X11/ NORMAL +/etc/profile$ NORMAL +/etc/profile.d NORMAL +/etc/bashrc$ NORMAL +/etc/bash_completion.d NORMAL +/etc/zprofile$ NORMAL +/etc/zshrc$ NORMAL +/etc/zlogin$ NORMAL +/etc/zlogout$ NORMAL +/etc/X11 NORMAL +/etc/shells$ NORMAL # Pkg manager -/etc/yum.conf NORMAL -/etc/yumex.conf NORMAL -/etc/yumex.profiles.conf NORMAL -/etc/yum/ NORMAL -/etc/yum.repos.d/ NORMAL +/etc/dnf NORMAL +/etc/yum.repos.d NORMAL + +# auditing +# AIDE produces an audit record, so this becomes perpetual motion. +/var/log/audit PERMS +/etc/audit NORMAL +/etc/libaudit.conf$ NORMAL +/etc/aide.conf$ NORMAL + +# System logs with proper logrotate handling +/etc/rsyslog.conf$ NORMAL +/etc/rsyslog.d NORMAL +/etc/logrotate.conf$ NORMAL +/etc/logrotate.d NORMAL +/etc/systemd/journald.conf$ NORMAL + +# Log directory +/var/log LOG +# Journal files - exclude xattrs and link count due to systemd journal's user.crtime_usec extended attribute changes and new directory creation +/var/log/journal LOG-xattrs-n + -/var/log LOG /var/run/utmp LOG + +# secrets +/etc/pkcs11 NORMAL +/etc/pki NORMAL +/etc/ssl NORMAL +/etc/certmonger NORMAL +/var/lib/systemd/random-seed$ PERMS + +# init system +/etc/systemd NORMAL +/etc/sysconfig NORMAL +/etc/rc.d NORMAL +/etc/tmpfiles.d NORMAL +/etc/machine-id$ NORMAL + +# boot config +/etc/default NORMAL +/etc/grub.d NORMAL +/etc/grub2.cfg$ NORMAL +/etc/dracut.conf$ NORMAL +/etc/dracut.conf.d NORMAL + +# glibc linker +/etc/ld.so.cache$ NORMAL +/etc/ld.so.conf$ NORMAL +/etc/ld.so.conf.d NORMAL +/etc/ld.so.preload$ NORMAL + +# kernel config +/etc/sysctl.conf$ NORMAL +/etc/sysctl.d NORMAL +/etc/modprobe.d NORMAL +/etc/modules-load.d NORMAL +/etc/depmod.d NORMAL +/etc/udev NORMAL +/etc/crypttab$ NORMAL + +#### Daemons #### + +# cron jobs +/var/spool/at CONTENT +/etc/at.allow$ CONTENT +/etc/at.deny$ CONTENT +/etc/anacrontab$ NORMAL +/etc/cron.allow$ NORMAL +/etc/cron.deny$ NORMAL +/etc/cron.d NORMAL +/etc/cron.daily NORMAL +/etc/cron.hourly NORMAL +/etc/cron.monthly NORMAL +/etc/cron.weekly NORMAL +/etc/crontab$ NORMAL +/var/spool/cron/root CONTENT + +# time keeping +/etc/chrony.conf$ NORMAL +/etc/chrony.keys$ NORMAL + +# mail +/etc/aliases$ NORMAL +/etc/aliases.db$ NORMAL +/etc/postfix NORMAL + +# ssh +/etc/ssh/sshd_config$ NORMAL +/etc/ssh/ssh_config$ NORMAL + +# stunnel +/etc/stunnel NORMAL + +# ftp +/etc/vsftpd CONTENT + +# printing +/etc/cups NORMAL +/etc/cupshelpers NORMAL +/etc/avahi NORMAL + +# web server +/etc/httpd NORMAL + +# dns +/etc/named NORMAL +/etc/named.conf$ NORMAL +/etc/named.iscdlv.key$ NORMAL +/etc/named.rfc1912.zones$ NORMAL +/etc/named.root.key$ NORMAL + +# xinetd +/etc/xinetd.conf$ NORMAL +/etc/xinetd.d NORMAL + +# IPsec +/etc/ipsec.conf$ NORMAL +/etc/ipsec.secrets$ NORMAL +/etc/ipsec.d NORMAL + +# USBGuard +/etc/usbguard NORMAL + +# Now everything else +/etc PERMS + # This gets new/removes-old filenames daily !/var/log/sa # As we are checking it, we've truncated yesterdays size to zero. !/var/log/aide.log -# LSPP rules... -# AIDE produces an audit record, so this becomes perpetual motion. -# /var/log/audit/ LSPP -/etc/audit/ LSPP -/etc/libaudit.conf LSPP -/usr/sbin/stunnel LSPP -/var/spool/at LSPP -/etc/at.allow LSPP -/etc/at.deny LSPP -/etc/cron.allow LSPP -/etc/cron.deny LSPP -/etc/cron.d/ LSPP -/etc/cron.daily/ LSPP -/etc/cron.hourly/ LSPP -/etc/cron.monthly/ LSPP -/etc/cron.weekly/ LSPP -/etc/crontab LSPP -/var/spool/cron/root LSPP - -/etc/login.defs LSPP -/etc/securetty LSPP -/var/log/faillog LSPP -/var/log/lastlog LSPP - -/etc/hosts LSPP -/etc/sysconfig LSPP - -/etc/inittab LSPP -/etc/grub/ LSPP -/etc/rc.d LSPP - -/etc/ld.so.conf LSPP - -/etc/localtime LSPP - -/etc/sysctl.conf LSPP - -/etc/modprobe.conf LSPP - -/etc/pam.d LSPP -/etc/security LSPP -/etc/aliases LSPP -/etc/postfix LSPP - -/etc/ssh/sshd_config LSPP -/etc/ssh/ssh_config LSPP - -/etc/stunnel LSPP - -/etc/vsftpd.ftpusers LSPP -/etc/vsftpd LSPP - -/etc/issue LSPP -/etc/issue.net LSPP - -/etc/cups LSPP - # With AIDE's default verbosity level of 5, these would give lots of # warnings upon tree traversal. It might change with future version. # @@ -217,7 +366,7 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 #=/home DIR # Ditto /var/log/sa reason... -!/var/log/and-httpd +!/var/log/httpd +# /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation +!/boot/grub2/grubenv -# Admins dot files constantly change, just check perms -/root/\..* PERMS diff --git a/aide.rpmlintrc b/aide.rpmlintrc new file mode 100644 index 0000000..67d2667 --- /dev/null +++ b/aide.rpmlintrc @@ -0,0 +1,15 @@ +# RPMlint configuration for aide package +# These warnings are expected and intentional for security reasons + +# AIDE log directory has restricted permissions (700) for security +# Log files may contain sensitive security information +addFilter("aide.* non-standard-dir-perm /var/log/aide 700") + +# AIDE configuration file has restricted permissions (600) for security +# Configuration reveals what files/directories are monitored +addFilter("aide.* non-readable /etc/aide.conf 600") + +# FSF address in COPYING file is outdated - this is an upstream issue +# The license text contains the old FSF address format +addFilter("aide.* incorrect-fsf-address /usr/share/licenses/aide/COPYING") + diff --git a/aide.spec b/aide.spec index e11ce7f..7b1c7a4 100644 --- a/aide.spec +++ b/aide.spec @@ -1,244 +1,86 @@ -# segfaults -%{!?_with_curl: %{!?_without_curl: %global _without_curl --without-curl}} +Summary: Intrusion detection environment +Name: aide +Version: 0.19.2 +Release: %autorelease +URL: https://github.com/aide/aide +License: GPL-2.0-or-later -Summary: Intrusion detection environment -Name: aide -Version: 0.15.1 -Release: 5%{?dist} -URL: http://sourceforge.net/projects/aide -License: GPLv2+ -Group: Applications/System -Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz -Source1: aide.conf -Source2: README.quickstart -Source3: aide.logrotate -# Customize the database file location in the man page. -Patch1: aide-0.14-man.patch -# fix aide in FIPS mode -Patch2: aide-0.15.1-fipsfix.patch -Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) -BuildRequires: mktemp -BuildRequires: prelink elfutils-libelf-devel -%if 0%{?rhel} == 0 -Buildrequires: mhash-devel -%endif -Buildrequires: zlib-devel libgcrypt-devel -Buildrequires: flex bison -Buildrequires: libattr-devel e2fsprogs-devel -Buildrequires: libacl-devel libselinux-devel -Buildrequires: audit-libs-devel >= 1.2.8-2 -%if "%{?_with_curl}x" != "x" -Buildrequires: curl-devel -%endif +Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc +# gpg2 --recv-keys 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 +# gpg2 --export --export-options export-minimal 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 >gpgkey-aide.gpg +Source2: gpgkey-aide.gpg +Source3: aide.conf +Source4: README.quickstart +Source5: aide.logrotate + +BuildRequires: gcc +BuildRequires: make +BuildRequires: bison flex +BuildRequires: pcre2-devel +BuildRequires: libgpg-error-devel nettle-devel +BuildRequires: zlib-devel +BuildRequires: libcurl-devel +BuildRequires: libacl-devel +BuildRequires: pkgconfig(libselinux) +BuildRequires: libattr-devel +BuildRequires: e2fsprogs-devel +BuildRequires: audit-libs-devel +BuildRequires: autoconf automake libtool +# For verifying signatures +BuildRequires: gnupg2 +# For being able to run 'make check' +BuildRequires: check-devel + + +Requires: logrotate %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. - %prep -%setup -q -%patch1 -p1 -b .man -%patch2 -p1 -b .fipsfix +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -p1 +cp -a %{SOURCE4} . %build -%configure --with-config_file=%{_sysconfdir}/aide.conf \ - --with-zlib \ - --disable-static \ -%if 0%{?rhel} == 0 - --with-mhash \ -%endif - %{?_with_curl} %{?_without_curl} \ - --with-posix-acl \ - --with-selinux \ - --with-prelink \ - --with-xattr \ - --with-e2fsattrs \ - --with-audit - -make +#autoreconf -ivf +%configure \ + --disable-static \ + --with-config_file=%{_sysconfdir}/aide.conf \ + --without-gcrypt \ + --with-nettle \ + --with-zlib \ + --with-curl \ + --with-posix-acl \ + --with-selinux \ + --with-xattr \ + --with-e2fsattrs \ + --with-audit +%make_build +%check +make check %install -rm -rf $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} -install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir} -mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide -install -p %{SOURCE2} README.quickstart -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d -install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide - -%clean -rm -rf $RPM_BUILD_ROOT - +%make_install bindir=%{_sbindir} +install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{SOURCE3} +install -Dpm0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/aide +mkdir -p %{buildroot}%{_localstatedir}/log/aide +mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %files -%defattr(0644,root,root,0755) -%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/ +%license COPYING +%doc AUTHORS ChangeLog NEWS README %doc README.quickstart -%attr(0700,root,root) %{_sbindir}/aide -%{_mandir}/man1/* -%{_mandir}/man5/* +%{_sbindir}/aide +%{_mandir}/man1/*.1* +%{_mandir}/man5/*.5* %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf %config(noreplace) %{_sysconfdir}/logrotate.d/aide %dir %attr(0700,root,root) %{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide - %changelog -* Wed Feb 13 2013 Fedora Release Engineering - 0.15.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Thu Nov 22 2012 Daniel Kopecek - 0.15.1-4 -- added patch to fix aide in FIPS mode -- use only FIPS approved digest algorithms in aide.conf so that - aide works by default in FIPS mode - -* Wed Jul 18 2012 Fedora Release Engineering - 0.15.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jan 12 2012 Fedora Release Engineering - 0.15.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Nov 11 2010 Steve Grubb - 0.15.1-1 -- New upstream release - -* Tue May 18 2010 Steve Grubb - 0.14-5 -- Apply 2 upstream bug fixes - -* Tue May 18 2010 Steve Grubb - 0.14-4 -- Use upstream's patch to fix bz 590566 - -* Sat May 15 2010 Steve Grubb - 0.14-3 -- Fix bz 590561 aide does not detect the change of SElinux context -- Fix bz 590566 aide reports a changed file when it has not been changed - -* Wed Apr 28 2010 Steve Grubb - 0.14-2 -- Fix bz 574764 by replacing abort calls with exit -- Apply libgcrypt init patch - -* Tue Mar 16 2010 Steve Grubb - 0.14-1 -- New upstream release final 0.14 - -* Thu Feb 25 2010 Steve Grubb - 0.14-0.4.rc3 -- New upstream release - -* Thu Feb 25 2010 Steve Grubb - 0.14-0.3.rc2 -- New upstream release - -* Tue Feb 23 2010 Steve Grubb - 0.14-0.2.rc1 -- Fix dirent detection on 64bit systems - -* Mon Feb 22 2010 Steve Grubb - 0.14-0.1.rc1 -- New upstream release - -* Fri Feb 19 2010 Steve Grubb - 0.13.1-16 -- Add logrotate script and spec file cleanups - -* Fri Dec 11 2009 Steve Grubb - 0.13.1-15 -- Get rid of .dedosify files - -* Wed Dec 09 2009 Steve Grubb - 0.13.1-14 -- Revise patch for Initialize libgcrypt correctly (#530485) - -* Sat Nov 07 2009 Steve Grubb - 0.13.1-13 -- Initialize libgcrypt correctly (#530485) - -* Fri Aug 21 2009 Tomas Mraz - 0.13.1-12 -- rebuilt with new audit - -* Wed Aug 19 2009 Steve Grubb 0.13.1-11 -- rebuild for new audit-libs -- Correct regex for root's dot files (#509370) - -* Fri Jul 24 2009 Fedora Release Engineering - 0.13.1-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Mon Jun 08 2009 Steve Grubb - 0.13.1-9 -- Make aide smarter about prelinked files (Peter Vrabec) -- Add /lib64 to default config - -* Mon Feb 23 2009 Fedora Release Engineering - 0.13.1-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Fri Jan 30 2009 Steve Grubb - 0.13.1-6 -- enable xattr support and update config file - -* Fri Sep 26 2008 Tom "spot" Callaway - 0.13.1-5 -- fix selcon patch to apply without fuzz - -* Fri Feb 15 2008 Steve Conklin -- rebuild for gcc4.3 - -* Tue Aug 21 2007 Michael Schwendt -- rebuilt - -* Sun Jul 22 2007 Michael Schwendt - 0.13.1-2 -- Apply Steve Conklin's patch to increase displayed portion of - selinux context. - -* Sun Dec 17 2006 Michael Schwendt - 0.13.1-1 -- Update to 0.13.1 release. - -* Sun Dec 10 2006 Michael Schwendt - 0.13-1 -- Update to 0.13 release. -- Include default aide.conf from RHEL5 as doc example file. - -* Sun Oct 29 2006 Michael Schwendt - 0.12-3.20061027cvs -- CAUTION! This changes the database format and results in a report of - false inconsistencies until an old database file is updated. -- Check out CVS 20061027 which now contains Red Hat's - acl/xattr/selinux/audit patches. -- Patches merged upstream. -- Update manual page substitutions. - -* Mon Oct 23 2006 Michael Schwendt - 0.12-2 -- Add "memory leaks and performance updates" patch as posted - to aide-devel by Steve Grubb. - -* Sat Oct 07 2006 Michael Schwendt - 0.12-1 -- Update to 0.12 release. -- now offers --disable-static, so -no-static patch is obsolete -- fill last element of getopt struct array with zeroes - -* Mon Oct 02 2006 Michael Schwendt - 0.11-3 -- rebuilt - -* Mon Sep 11 2006 Michael Schwendt - 0.11-2 -- rebuilt - -* Sun Feb 19 2006 Michael Schwendt - 0.11-1 -- Update to 0.11 release. -- useless-includes patch merged upstream. -- old Russian man pages not available anymore. -- disable static linking. - -* Fri Apr 7 2005 Michael Schwendt -- rebuilt - -* Fri Nov 28 2003 Michael Schwendt - 0:0.10-0.fdr.1 -- Update to 0.10 release. -- memleaks patch merged upstream. -- rootpath patch merged upstream. -- fstat patch not needed anymore. -- Updated URL. - -* Thu Nov 13 2003 Michael Schwendt - 0:0.10-0.fdr.0.2.cvs20031104 -- Added buildreq m4 to work around incomplete deps of bison package. - -* Tue Nov 04 2003 Michael Schwendt - 0:0.10-0.fdr.0.1.cvs20031104 -- Only tar.gz available upstream. -- byacc not needed when bison -y is available. -- Installed Russian manual pages. -- Updated with changes from CVS (2003-11-04). -- getopt patch merged upstream. -- bison-1.35 patch incorporated upstream. - -* Tue Sep 09 2003 Michael Schwendt - 0:0.9-0.fdr.0.2.20030902 -- Added fixes for further memleaks. - -* Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 -- Initial package version. - +%autochangelog diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..a36dc28 --- /dev/null +++ b/ci.fmf @@ -0,0 +1,12 @@ +#e2e test plan +/e2e: + plan: + import: + url: https://github.com/RedHat-SP-Security/aide-plans.git + name: /generic/e2e_ci + +/rpmverify: + plan: + import: + url: https://github.com/RedHat-SP-Security/aide-plans.git + name: /generic/rpmverify diff --git a/gpgkey-aide.gpg b/gpgkey-aide.gpg new file mode 100644 index 0000000..efb0119 Binary files /dev/null and b/gpgkey-aide.gpg differ diff --git a/sources b/sources index cea29b0..0b47fd8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -d0b72535ff68b93a648e4d08b0ed7f07 aide-0.15.1.tar.gz -aa8e08c35c13786b2abb3afe6e6a8024 aide-0.15.1.tar.gz.asc +SHA512 (aide-0.19.2.tar.gz) = 08506c2302e34794fa08a27caaa1e714ba736d46351c577234f2c3d2623ea82b243b3318061a369a46d6961a782f42fbb8edd42d1d4de6949e7fc30c87865830 +SHA512 (aide-0.19.2.tar.gz.asc) = ebc04f22a49ec6b378dca4930574edcd46919281297bc1d5e09f5839a6fab3a38762462b7d852a82b7045313f9c24208bfff49a561d8afd04e9116be7096169a