From 9fe78cd264037835d582112414bd086f985f4b4a Mon Sep 17 00:00:00 2001 From: cvsextras Date: Nov 08 2004 04:00:58 +0000 Subject: auto-import changelog data from aide-0.10-0.fdr.0.1.cvs20031104.rh90.src.rpm 0.10-0.fdr.0.1.cvs20031104 - Only tar.gz available upstream. - byacc not needed when bison -y is available. - Installed Russian manual pages. - Updated with changes from CVS (2003-11-04). - getopt patch merged upstream. - bison-1.35 patch incorporated upstream. 0.9-0.fdr.0.2.20030902 - Added fixes for further memleaks. 0.9-0.fdr.0.1.20030902 - Initial package version. --- diff --git a/.cvsignore b/.cvsignore index e69de29..0acc795 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +aide-0.9.tar.gz diff --git a/README.quickstart b/README.quickstart new file mode 100644 index 0000000..04aa12b --- /dev/null +++ b/README.quickstart @@ -0,0 +1,40 @@ +1) Customize /etc/aide.conf to your liking. In particular, add + important directories and files which you would like to be + covered by integrity checks. Avoid files which are expected + to change frequently or which don't affect the safety of your + system. + +2) Run "/usr/sbin/aide --init" to build the initial database. + With the default setup, that creates /var/lib/aide/aide.db.new.gz + +3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz + in a secure location, e.g. on separate read-only media (such as + CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures + of those files in a secure location, so you have means to verify + that nobody modified those files. + +4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz + which is the location of the input database. + +5) Run "/usr/sbin/aide --check" to check your system for inconsistencies + compared with the AIDE database. Prior to running a check manually, + ensure that the AIDE binary and database have not been modified + without your knowledge. + + Caution! + + With the default setup, an AIDE check is not run periodically as a + cron job. It cannot be guaranteed that the AIDE binaries, config + file and database are intact. It is not recommended that you run + automated AIDE checks without verifying AIDE yourself frequently. + In addition to that, AIDE does not implement any password or + encryption protection for its own files. + + It is up to you how to put a file integrity checker to good effect + and how to set up automated checks if you think its add a level of + safety (e.g. detecting failed/incomplete compromises or unauthorized + modification of special files). On a compromised system, the + intruder could disable the automated check. Or he could replace the + AIDE binary, config file and database easily when they are not + located on read-only media. + diff --git a/aide-cvs.patch b/aide-cvs.patch new file mode 100644 index 0000000..af588f6 --- /dev/null +++ b/aide-cvs.patch @@ -0,0 +1,937 @@ +diff -Naur aide-0.9-orig/ChangeLog aide-CVS-20030902/ChangeLog +--- aide-0.9-orig/ChangeLog 2002-06-04 09:34:42.000000000 +0200 ++++ aide-CVS-20030902/ChangeLog 2003-01-16 11:37:34.000000000 +0100 +@@ -1,3 +1,10 @@ ++2002-07-22 Rami Lehti ++ ++ * Fixed Unimplemented error message when conf md not compiled in ++ * Fixed error message about nonexistant files. ++ * Fixed --with-extra-includes --with-extra-libs handling (I hope) ++ * Fixed *stat handling ++ + 2002-06-04 Rami Lehti + + * Released 0.9 +diff -Naur aide-0.9-orig/doc/aide.1.ru aide-CVS-20030902/doc/aide.1.ru +--- aide-0.9-orig/doc/aide.1.ru 1970-01-01 01:00:00.000000000 +0100 ++++ aide-CVS-20030902/doc/aide.1.ru 2003-01-16 11:37:34.000000000 +0100 +@@ -0,0 +1,65 @@ ++.TH "aide" "1" ++.SH "��������" ++\fBaide\fP \- Advanced Intrusion Detection Environment ++.SH "���������" ++\fBaide\fP ++\%[\fBoptions\fP] ++\%\fBcommand\fP ++.SH "��������" ++\fBaide\fP ��� ������� ����������� ���������� ��������� � �������, ����� �������� ����������� �������� ������� ++ ++.SH "�������" ++.PP ++.IP --check, -C ++��������� ���� �� ������������������� ������. �� ������ �������������� ++������� ���� ����� ������ ����������. ��� ����� �������� �� ���������. ++���������� ���� ������ ���������� ��������� \fBaide\fP ����� ��������� ��������. ++.IP --init, -i ++������� ���� ������. �� ������ ������� ���� � ����������� �� � ������������ ++����� ����� �������������� ��������� --check. ++.IP --update, -u ++��������� ���� � ������ ����������, ���� ��� ����������, �������������. ++������� � �������� ���� ������ ���� ��������. ++.SH "���������" ++.IP --config=\fBconfigfile\fR , -c \fBconfigfile\fR ++���������������� ������ ����� ��������� �� �����\fBconfigfile\fR ������ "./aide.conf". ����� ������������ '-' ��� ����������� ������������ ����� ++.IP --before="\fBconfigparameters\fR" , -B "\fBconfigparameters\fR" ++���� �������� �������� ��� ���� ������� \fBconfigparameters\fR ����� ++������� ����������������� �����. �������� aide.conf (5) ++��� ����� ��������� ���������� � ���, ��� ����� ��������� �����. ++.IP --after="configparameters" , -A "configparameters" ++���� �������� �������� ��� ���� ������� \fBconfigparameters\fR ����� ++������ ����������������� �����. �������� aide.conf (5) ++��� ����� ��������� ���������� � ���, ��� ����� ��������� �����. ++.IP --verbose=verbosity_level,-Vverbosity_level ++������������ ������� ����������� ��������� \fBaide\fP. �������� ������ ���� ����� 0 � 255. ++�� ��������� ��� ����������� ������ 5. ��� ��������� �������� ��������������� � 20. ++���� �������� �������� �������� �������� � ���������������� �����. ++.IP --report=\fBreporter\fR,-r \fBreporter\fR ++\fBreporter\fR ��� URL ������� ��������� \fBaide\fP ���� �� �������� ���� �����. ++�������� aide.conf (5), ������ URL �� ������� ���������� ��������. ++.IP --version,-v ++\fBaide\fP ������� ����� ������. ++.IP --help,-h ++������� ����������� ���������� ���������. ++.PP ++.SH "�����" ++.B /etc/aide.conf ++����������� ���������������� ���� aide. ++.B /etc/aide.db ++����������� ���� ������ aide. ++.B /etc/aide.db.new ++����������� �������� (����� �����������) ���� aide. ++.SH "��. �����" ++.BR aide.conf (5) ++.BR http://www.cs.tut.fi/~rammer/aide/manual.html ++.SH "������" ++� ���� ������ ��������� �������� ������� ������. ���������� �������� � ��� ++rammer@cs.tut.fi. ����������� ��������������. �������������� � ���� ����������� ������. ++.SH DISCLAIMER ++All trademarks are the property of their respective owners. ++No animals were harmed while making this webpage or this piece of ++software. Although some pizza delivery guy's feelings were hurt. ++.BR ++.SH "�������" ++Translation by Stanislav I. Ievlev +diff -Naur aide-0.9-orig/doc/aide.conf.5.ru aide-CVS-20030902/doc/aide.conf.5.ru +--- aide-0.9-orig/doc/aide.conf.5.ru 1970-01-01 01:00:00.000000000 +0100 ++++ aide-CVS-20030902/doc/aide.conf.5.ru 2003-01-16 11:37:34.000000000 +0100 +@@ -0,0 +1,200 @@ ++.TH "aide.conf" "5" ++.SH "��������" ++aide.conf - ���������������� ���� ��� Advanced Intrusion Detection ++Environment ++.PP ++.SH "���������" ++\fBaide.conf\fP ��� ���������������� ���� ��� Advanced Intrusion ++Detection Environment. \fBaide.conf\fP �������� ������ ����������� ++������������ ��� �������� ��� �������� ���� ������ aide. ++.PP ++.SH "������ �����" ++\fBaide.conf\fP ������� ����������������� ����� ��������� Tripwire (tm). ++C ���������� �������� ����� ��������� tw.conf � aide.conf. ++.PP ++������ � Aide.conf ������������� � ��������. ������ � ��������� ������� ++� ������ ������������. ++.PP ++���������� ��� ���� ����� � \fBaide.conf\fP. ��-������, ��� ������ ������������ ++������� ������������ ��� ��������� ���������� � ����������/������ ����������. ++������ ��� ����� ������������ ��� ������ ������ ����������� � ����. ������- ++��� �������. ������ ������ ��� ����� ��������� ��� ����������������� aide. ++������ ������������ �� ����� # ������������ ��� ����������. ++.PP ++.SH "������ ������������" ++.PP ++��� ������ ����� ������ "��������=��������". �������� URLS ��� ������������ �� ++������� ���������. ++.PP ++.IP database ++��� URL ����������� �� ������������� ���� ��� ������. ����� �������������� ������ ++���� ������ ����� ����. ���� ������� ���������, �� ����� �������������� ������ ������. ++�������� �� ��������� "./aide.db". ++.IP database_out ++URL ��������� �������������� ��� ������ �����, ������ ��� ��������� ����. ++����� �������������� ������ ++���� ������ ����� ����. ���� ������� ���������, �� ����� �������������� ������ ������. ++�������� �� ���������"./aide.db.new". ++.IP verbose ++������� ����������� ��������� �� ������. ��� �������� ����� ���� ����� 0 � 255 ++������������. ���� �������� �������� ������ ���� ���. ������������ �������� ��������� ++������ ���. ���� ������������ --verbose ��� -V �� �������� �������������� �����, ++��� ���������. �������� �� ��������� 5. ���� ����������� ����������� � 20 �� ++���������� �������������� ��������� �� ����� ���������� --check ��� --update. ++.IP report_url ++�������������� ���� ����� ��������� �����. ����� �������������� ��������� ����� ++������� ����. ����� ����� �������������� �� ��� ���������. �� ��������� ��� ����������� �����. ++.IP gzip_dbout ++������������ ����� � ���� ��������� ������ gzip ��� ���. ���������� ++�������� yes, true, no � false. �� ��������� ������ �� ��������������. ++���� �������� �������� ������ ���� ��������� ������� � ���������� zlib. ++.IP "����������� �����" ++���� �������� �� ���� �� ���� �������������, �� �� ���������� ��� ����������� �����. ++�������� ������������ ����������. ��������� ����� ��������� ���. ++.LP ++<���������������� ������>| <���������> + <���������������� ������> ++ | <���������> - <���������������� ������> ++.IP ++�������� ����������� ������ �� ������� ���������������� �����. ++�������, ��� ��� ��������� ������� �� ���� ��� �������� � Tripwire(tm) ++.IP ++���������� ����� ����������� ������ ��������� "ignore_list". ���������������� ++������ ���������� � ��� �� ����� �������� � ������������� ������. ++.PP ++.SH "������ ������" ++.PP ++���������� ��� ���� ����� ������ (�������, �������������, ���������) ++������ ������������ � "/" ������� ������ ������ (/home/*). ������ ++������������ � "!" ��� ������������� ������. � ������ ������������ �� ����� "=" ++��� ������-���������. ������ ��������� �� ������ �������� ���������� ��� ++���������� ��������� �������������� ������� ����� ����� (� ��������� ������� ����) ++��� ������� ������� ������ "/" ���������� � ���������� ���������.�������� ���������� ��������� � ����������. ++�������� ������ ������������ �� ������� ��������� ���������. �������� ������� � ++doc/aide.conf �� ������� ��������. ++.PP ++.SH "������ �������" ++.PP ++.IP "@@define \fBVAR\fR \fBval\fR" ++��������� ���������� \fBVAR\fR �������� \fBval\fR. ++.IP "@@undef \fBVAR\fR" ++�������� �������� ���������� \fBVAR\fR. ++.IP "@@ifdef \fBVAR\fR, @@ifndef \fBVAR\fR" ++@@ifdef ������ ��������� ��������� if . ��� ������ ����������� � @@endif. ++������ ����� @@ifdef � @@endif ������������ ���� ���������� ++\fBVAR\fR ����������. ���� ���� ������� @@else �� ����� ����� ++@@ifdef � @@else ������������ ���� \fBVAR\fR ����������, � ��������� ������ ++������������ ����� ����� @@else � @@endif .��������� @@ifndef ����� ++������ �������� � @@ifdef �� � ��������� �������� �����. ++.IP "@@ifhost \fBhostname\fR, @@ifnhost \fBhostname\fR" ++@@ifhost �������� ��� @@ifdef ������ � ������� �� ���� ��������� ++����� �� \fBhostname\fR ����� ������ �� ������� ������� aide. ++\fBhostname\fR ��� ��� ������ ��� ����� ������ ++(hostname, �� �� hostname.aide.org). ++.IP "@{\fBVAR\fR}" ++��������� @@{\fBVAR\fR} ���������� ��������� ���������� \fBVAR\fR. ++���� ���������� \fBVAR\fR �� ����������,�� ������������ ������ ������. � ++Tripwire(tm) @@VAR �� ��������������. ++.IP "@@else" ++������ �������������� ����� ���������. ++.IP "@@endif" ++��������� ��������� ��������� if. ++.IP "@@include \fBVAR\fR" ++�������� ���� \fBVAR\fR. ���������� ����� ������������ ��� ���� �� �� ��� ++������ ����������������� �����. ++.PP ++.SH URLS ++�������������� ����� ���� ����� �� ���������. �������� URL �� ����� ���� ++������������ ��� �������� � �������� ++.IP stdout ++.IP stderr ++�������� ������ ���������� � stdout � stderr ��������������. ++.IP stdin ++������� ������ ������� � stdin. ++.IP file://\fBfilename\fR ++������� ������ ������� �� ����� � ������ \fBfilename\fR ��� ���� ������������ ��������. ++.IP fd:\fBnumber\fR ++������� ������ ������� �� ����������� � ������� \fBnumber\fR ��� ���� ������������ ��������. ++.PP ++.SH "����������� ������" ++.PP ++.IP "p: �����" ++.IP "i: inode" ++.IP "n: ���������� ������" ++.IP "u: ������������" ++.IP "g: ������" ++.IP "s: ������" ++.IP "m: ����� �����������" ++.IP "a: ����� �������" ++.IP "c: ����� ��������" ++.IP "S: �������� �� ����������/��������� �������" ++.IP "md5: md5 checksum" ++.IP "sha1: sha1 checksum" ++.IP "rmd160: rmd160 checksum" ++.IP "tiger: tiger checksum" ++.IP "R: p+i+n+u+g+s+m+c+md5" ++.IP "L: p+i+n+u+g" ++.IP "E: ������ ������" ++.IP ">: ��������� ��������������� ���-���� p+u+g+i+n+S" ++.IP "�������� �����, ���� ��� ������ �������� ��������� mhash" ++.IP "crc32: crc32 checksum" ++.IP "haval: haval checksum" ++.IP "gost: gost checksum" ++ ++ ++.PP ++.SH ������� ++.IP ++.B "/ R" ++.LP ++��� ��������� ��� ����� ����� ������. ��� ���� ������ ������ ���������� ��� ����������������� �����. ++.IP ++.B "!/dev" ++.LP ++������������ ��������� �������� /dev. ++.IP ++.B "=/tmp" ++.LP ++�������� ������ /tmp � ����, �� �� ��������� ��� �����������. ++.IP ++.B "\fBAll\fR=p+i+n+u+g+s+m+c+a+md5+sha1+tiger+rmd160" ++.LP ++��� ������ ��������� ������ \fBAll\fR. ��� �������� � ���� ��� ��������� � ��� ++��������� ����������� �����. ���� �� ������������� ������� ������������ ��� ++��������� ����������� �����, �� ������� �������� ��������� mhash ��� ������ � ++�������� +crc32+haval+gost � ����� ����������� ������ \fBAll\fR.�������� ��������, ++��� ��������� Mhash ����� ���� �������� ������ �� ����� ������. ++.PP ++.SH ������ ++.IP ++.B "=/foo R" ++.IP ++.B "/foo/bar R" ++.LP ++���� �������� ������� ��� ����� � /foo ��������� ��� ������������� /foo, ++��� ������������ /foo.* (��������, ��� � ������� ������ ������������ ���������� ���������). �������� �� � ���������������� ������ �������� ���������: ++ ++.IP ++.B "=/foo$ R" ++.IP ++.B "/foo/bar R" ++.LP ++�������, ��� ��������� ��������� ��������, ��������� /foo ����������� �� ++����������. ++.IP ++.B "=/foo R" ++ � ��� ������ ��������� �� ��������� � AIDE. ������ ����� ����������� ++.IP ++.B "/foo epug" ++.IP ++.B "/foo e+p+u+g" ++.PP ++.SH "��. �����" ++.BR aide (1) ++.BR http://www.cs.tut.fi/~rammer/aide/manual.html ++.SH DISCLAIMER ++All trademarks are the property of their respective owners. ++No animals were harmed while making this webpage or this piece of ++software. ++.SH "�������" ++Translation by Stanislav I. Ievlev ++ +diff -Naur aide-0.9-orig/doc/release.HOWTO aide-CVS-20030902/doc/release.HOWTO +--- aide-0.9-orig/doc/release.HOWTO 1970-01-01 01:00:00.000000000 +0100 ++++ aide-CVS-20030902/doc/release.HOWTO 2003-01-16 11:37:34.000000000 +0100 +@@ -0,0 +1,48 @@ ++This document is for the maintainer of AIDE. ++Currently that is Rami Lehti. ++ ++HOWTO do a release of aide. ++ ++From a clean CVS tree do ++sh autogen.sh ++./configure;make ++to create all necessary files. ++make dist ++to create the distribution ++ ++unpack it and see that it compiles without too many errors. ++ ++Tag the CVS tree with ++cvs tag RELEASE_ ++ ++create PGP signature ++gpg -a --detach-sign aide*tar.gz ++ ++copy it to ~/public_html/ ++and /share/ftpcs/pub/src/gnu ++chmod a+r ~/public_html/aide* /share/ftpcs/pub/src/gnu/aide* ++ ++Post an announcement to the mailinglist. ++ ++New version of AIDE released! ++*************************************** ++ ++The new version is ++ ++You can download it from ++ ++There are changes in this release, so ++it's to upgrade if you're using a version ++prior to ++ ++All comments and feedback is welcome! ++ ++Regards and best wishes, ++ ++Rami ++ ++The home URL of is http:// ++ ++Post an announcement to freshmeat.net ++Post an announcement to www.linuxsecurity.com by ++news@linuxsecurity.com or contribute@linuxsecurity.com +\ No newline at end of file +diff -Naur aide-0.9-orig/include/commandconf.h aide-CVS-20030902/include/commandconf.h +--- aide-0.9-orig/include/commandconf.h 2002-05-29 10:04:26.000000000 +0200 ++++ aide-CVS-20030902/include/commandconf.h 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/include/commandconf.h,v 1.11 2002/05/29 08:04:26 rammer Exp $ ++ * $Header: /aide/aide/include/commandconf.h,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -24,6 +24,7 @@ + #include "db_config.h" + + extern long conf_lineno; ++extern int newlinelastinconfig; + + int commandconf(const char mode,const char* line); + +diff -Naur aide-0.9-orig/README aide-CVS-20030902/README +--- aide-0.9-orig/README 2002-05-29 10:04:26.000000000 +0200 ++++ aide-CVS-20030902/README 2003-01-17 10:24:41.000000000 +0100 +@@ -2,7 +2,7 @@ + + Advanced Intrusion Detection Environment + +- Version 0.9 ++ Version 0.9.1 + + ******************************************************************* + +@@ -34,6 +34,8 @@ + Checksum of the binary at the start of the report + PGP support + @@ifdef foo || ( bar && baz ) ++Use newer autoconf ++Release more often + + + Documentation +diff -Naur aide-0.9-orig/src/aide.c aide-CVS-20030902/src/aide.c +--- aide-0.9-orig/src/aide.c 2002-05-31 14:47:07.000000000 +0200 ++++ aide-CVS-20030902/src/aide.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/aide.c,v 1.26 2002/05/31 12:47:07 rammer Exp $ ++ * $Header: /aide/aide/src/aide.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -472,6 +472,10 @@ + } + + if((conf->do_configmd||conf->config_check)&& conf->confmd!=0){ ++ /* The patch automatically adds a newline so will also have to add it. */ ++ if(newlinelastinconfig==0){ ++ mhash(conf->confmd,"\n",1); ++ }; + mhash(conf->confmd, NULL,0); + dig=(byte*)malloc(sizeof(byte)*mhash_get_block_size(conf->confhmactype)); + mhash_deinit(conf->confmd,(void*)dig); +@@ -546,7 +550,11 @@ + if(conf->confmd){ + error(0,"Config checked. Use the following to patch your config file.\n"); + error(0,"0a1\n"); +- error(0,"> @@begin_config %s\n%ia%i\n> @@end_config\n",digstr,conf_lineno-2,conf_lineno); ++ if(newlinelastinconfig==1){ ++ error(0,"> @@begin_config %s\n%ia%i\n> @@end_config\n",digstr,conf_lineno-1,conf_lineno+1); ++ }else { ++ error(0,"> @@begin_config %s\n%ia%i\n> @@end_config\n",digstr,conf_lineno,conf_lineno+2); ++ } + free(dig); + free(digstr); + } +diff -Naur aide-0.9-orig/src/commandconf.c aide-CVS-20030902/src/commandconf.c +--- aide-0.9-orig/src/commandconf.c 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/commandconf.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/commandconf.c,v 1.30 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/commandconf.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -241,7 +241,7 @@ + int err=0; + int* domd=0; + #ifdef WITH_MHASH +- MHASH* md; ++ MHASH* md=NULL; + void* key=NULL; + int keylen; + #endif +@@ -385,6 +385,10 @@ + + void update_db_out_order(int attr) + { ++ /* First we add those attributes that must be there */ ++ if (check_dboo(db_linkname)==RETOK) { ++ conf->db_out_order[conf->db_out_size++]=db_linkname; ++ } + if (check_dboo(db_attr)==RETOK) { + conf->db_out_order[conf->db_out_size++]=db_attr; + } +diff -Naur aide-0.9-orig/src/conf_lex.l aide-CVS-20030902/src/conf_lex.l +--- aide-0.9-orig/src/conf_lex.l 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/conf_lex.l 2003-01-16 11:37:34.000000000 +0100 +@@ -16,7 +16,7 @@ + + /* + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/conf_lex.l,v 1.8 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/conf_lex.l,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the +@@ -56,6 +56,7 @@ + int varbol=0; + + long conf_lineno=1; ++int newlinelastinconfig=0; + + #define MAX_INCLUDE_DEPTH 10 + YY_BUFFER_STATE include_stack[MAX_INCLUDE_DEPTH]; +@@ -250,6 +251,11 @@ + } + + <> { ++ if (yy_hold_char=='\n'){ ++ newlinelastinconfig=1; ++ }else { ++ newlinelastinconfig=0; ++ } + if ( --include_stack_ptr < 0 ) + { + yyterminate(); +@@ -266,6 +272,7 @@ + conf_switch_to_buffer( + include_stack[include_stack_ptr] ); + } ++ return TEOF; + } + + +@@ -329,7 +336,7 @@ + error(230,"recstop =\n"); + BEGIN CONFVALHUNT; + return (TRECSTOP); +-} ++} + + ^[\ \t]*"config_version"{E} { + error(230,"config_version =\n"); +@@ -362,6 +369,7 @@ + + [^\n] { return(conftext[0]); } + ++ + %% + + int confwrap(){ +diff -Naur aide-0.9-orig/src/conf_yacc.y aide-CVS-20030902/src/conf_yacc.y +--- aide-0.9-orig/src/conf_yacc.y 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/conf_yacc.y 2003-01-16 11:37:34.000000000 +0100 +@@ -2,7 +2,7 @@ + + /* + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/conf_yacc.y,v 1.9 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/conf_yacc.y,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the +@@ -62,6 +62,7 @@ + %token TEND_CONFIG + %token TBEGIN_DB + %token TEND_DB ++%token TEND_DBNOMD + %token TID + %token TSTRING + %token '=' +@@ -136,37 +137,47 @@ + + line : rule | equrule | negrule | definestmt | undefstmt + | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt +- | groupdef | TNEWLINE | db_in | db_out | db_new | verbose ++ | groupdef | db_in | db_out | db_new | verbose | config_version + | report | gzipdbout | recursion_stopper | warn_dead_symlinks + | acl_no_symlink_follow | beginconfigstmt | endconfigstmt +- | config_version ++ | TEOF { ++ newlinelastinconfig=1; ++ YYACCEPT; ++ } ; ++ | TNEWLINE + | TDBSPEC { + error(220,"Got @@dbspec.Stopping\n"); + YYACCEPT; +- } ++ } ; + | TBEGIN_DB { + error(220,"Got @@begin_db. Stopping\n"); + YYACCEPT; +- } ++ } ; + | TEND_DB { + conferror("Error while reading configuration"); +- } ++ } ; + | error { + conferror("Error while reading configuration"); + YYABORT; + } ; + +-rule : TSELRXRULE expr TNEWLINE ++rule : TSELRXRULE expr newlineoreof + { conf->selrxlst=append_rxlist($1,$2,conf->selrxlst); } ; + +-equrule : TEQURXRULE expr TNEWLINE ++equrule : TEQURXRULE expr newlineoreof + { conf->equrxlst=append_rxlist($1,$2,conf->equrxlst); } ; + +-negrule : TNEGRXRULE TNEWLINE ++negrule : TNEGRXRULE newlineoreof + { conf->negrxlst=append_rxlist($1,0,conf->negrxlst); } | +- TNEGRXRULE expr TNEWLINE ++ TNEGRXRULE expr newlineoreof + { conf->negrxlst=append_rxlist($1,0,conf->negrxlst); }; + ++newlineoreof : TNEWLINE | ++ TEOF { ++ newlinelastinconfig=0; ++ YYACCEPT; ++ } ; ++ + expr : expr '+' expr { $$ =$1 | $3 ; } | + expr '-' expr { $$ =$1 & (~$3 ); } | + primary { $$ =$1 ;} ; +@@ -180,7 +191,7 @@ + conferror("Error in expression"); + YYABORT; + } +- } ++ } ; + + other : TRIGHTS { $$ =$1 ;} | TUSER {$$ =$1 ;} + | TGROUP {$$ =$1 ;} | TINODE {$$ =$1 ;} +@@ -242,11 +253,11 @@ + beginconfigstmt : TBEGIN_CONFIG TSTRING { + conf->do_configmd=1; + conf->old_confmdstr=strdup($2); +-} ++} ; + + endconfigstmt : TEND_CONFIG { + YYACCEPT; +-} ++} ; + + acl_no_symlink_follow : TACLNOSYMLINKFOLLOW TTRUE { + #ifdef WITH_ACL +@@ -254,7 +265,7 @@ + #else + error(0,"ACL-support not compiled in.\n"); + #endif +-} ++} ; + + acl_no_symlink_follow : TACLNOSYMLINKFOLLOW TFALSE { + #ifdef WITH_ACL +@@ -262,15 +273,15 @@ + #else + error(0,"ACL-support not compiled in.\n"); + #endif +-} ++} ; + + warn_dead_symlinks : TWARNDEADSYMLINKS TTRUE { + conf->warn_dead_symlinks=1; +-} ++} ; + + warn_dead_symlinks : TWARNDEADSYMLINKS TFALSE { + conf->warn_dead_symlinks=0; +-} ++} ; + + gzipdbout : TGZIPDBOUT TTRUE { + #ifdef WITH_ZLIB +@@ -288,11 +299,11 @@ + recursion_stopper : TRECSTOP TSTRING { + /* FIXME implement me */ + +-} ++} ; + + config_version : TCONFIG_VERSION TSTRING { + conf->config_version=strdup($2); +-} ++} ; + + %% + +diff -Naur aide-0.9-orig/src/db_disk.c aide-CVS-20030902/src/db_disk.c +--- aide-0.9-orig/src/db_disk.c 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/db_disk.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/db_disk.c,v 1.13 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/db_disk.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -350,6 +350,38 @@ + error(255,"New start_path=%s\n",start_path); + + if (open_dir()==RETFAIL) { ++ /* open_dir failed so we need to know why and print ++ an errormessage if needed. ++ errno should still be the one from opendir() since it's global ++ */ ++ if(errno == ENOENT && r->old_data != NULL && ++ r->sel_rx_lst==NULL && r->neg_rx_lst==NULL && ++ r->equ_rx_lst==NULL) { ++ /* The path did not exist and there is old data for this node ++ and there are no regexps for this node ++ There is no new data for this node otherwise it would not ++ come to this part of the code. ++ So we don't print any error message. ++ */ ++ }else { ++ /* In any other case we print the message. */ ++ char* er=strerror(errno); ++ if (er!=NULL) { ++ error(5,"open_dir():%s: %s\n",er , start_path); ++ } else { ++ error(5,"open_dir():%i: %s\n",errno ,start_path); ++ } ++ if(errno == ENOENT && ++ ((r->sel_rx_lst!=NULL || r->neg_rx_lst!=NULL || ++ r->equ_rx_lst!=NULL)||r->childs!=NULL)) { ++ /* The dir did not exist and there are regexps referring to ++ this node or there are children to this node. ++ The only way a nonexistant dirnode can have children is by ++ having rules referring to them. ++ */ ++ error(5,"There are rules referring to non-existant directories!\n"); ++ } ++ } + r->checked|=NODE_TRAVERSE|NODE_CHECKED; + r=r->parent; + error(255,"dropping back to parent\n"); +@@ -399,12 +431,15 @@ + + dirh=opendir(start_path); + if (dirh==NULL) { +- char* er=strerror(errno); ++ /* Errors should be printed here because then we get too many ++ errormessages. */ ++ /* char* er=strerror(errno); + if (er!=NULL) { + error(5,"open_dir():%s: %s\n",er , start_path); + } else { + error(5,"open_dir():%i: %s\n",errno ,start_path); + } ++ */ + return RETFAIL; + } + +diff -Naur aide-0.9-orig/src/db_file.c aide-CVS-20030902/src/db_file.c +--- aide-0.9-orig/src/db_file.c 2002-05-30 11:42:46.000000000 +0200 ++++ aide-CVS-20030902/src/db_file.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/db_file.c,v 1.18 2002/05/30 09:42:46 pablo Exp $ ++ * $Header: /aide/aide/src/db_file.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -460,7 +460,9 @@ + i--; + break; + } +- ++ if(gotend_db){ ++ return NULL; ++ } + /* */ + + error(0,"Not enough parameters in db:%i. Trying to continue.\n", +@@ -515,6 +517,11 @@ + break; + } + ++ case TEND_DBNOMD : { ++ gotend_db=1; ++ break; ++ } ++ + case TEOF : { + if(gotend_db){ + return NULL; +diff -Naur aide-0.9-orig/src/db_lex.l aide-CVS-20030902/src/db_lex.l +--- aide-0.9-orig/src/db_lex.l 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/db_lex.l 2003-01-16 11:37:34.000000000 +0100 +@@ -23,7 +23,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti,Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/db_lex.l,v 1.4 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/db_lex.l,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -104,6 +104,10 @@ + return (TSTRING); + } + ++^"@@end_db" { ++ return (TEND_DBNOMD); ++} ++ + "@@"({L}+) { + return (TUNKNOWN); + } +diff -Naur aide-0.9-orig/src/db_list.c aide-CVS-20030902/src/db_list.c +--- aide-0.9-orig/src/db_list.c 1970-01-01 01:00:00.000000000 +0100 ++++ aide-CVS-20030902/src/db_list.c 2003-01-16 11:37:34.000000000 +0100 +@@ -0,0 +1,51 @@ ++/* aide, Advanced Intrusion Detection Environment ++ * ++ * Copyright (C) 1999,2000,2001,2002 Rami Lehti,Pablo Virolainen ++ * $Header: /aide/aide/src/db_list.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++ ++#include "db_list.h" ++/*for locale support*/ ++#include "locale-aide.h" ++/*for locale support*/ ++ ++void db_list_append(db_list*item) ++{ ++ db_list* tmp_listp=NULL; ++ item->next=NULL; ++ item->prev=NULL; ++ item->head=NULL; ++ ++ if(db_list_head==NULL){ ++ db_list_head=item; ++ db_list_head->next=NULL; ++ db_list_head->prev=NULL; ++ db_list_head->head=db_list_head; ++ db_list_head->tail=db_list_head; ++ return; ++ } ++ else { ++ tmp_listp=db_list_head->tail; ++ tmp_listp->next=item; ++ tmp_listp->tail=item; ++ item->head=db_list_head; ++ item->tail=db_list_head; ++ db_list_head->tail=item; ++ return; ++ } ++} ++ +diff -Naur aide-0.9-orig/src/do_md.c aide-CVS-20030902/src/do_md.c +--- aide-0.9-orig/src/do_md.c 2002-05-31 14:47:07.000000000 +0200 ++++ aide-CVS-20030902/src/do_md.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/do_md.c,v 1.11 2002/05/31 12:47:07 rammer Exp $ ++ * $Header: /aide/aide/src/do_md.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -149,7 +149,7 @@ + return; + } + +- sres=fstat(filedes,&fs); ++ sres=AIDE_FSTAT_FUNC(filedes,&fs); + + if (stat_cmp(&fs,old_fs)==RETOK) { + /* +diff -Naur aide-0.9-orig/src/gen_list.c aide-CVS-20030902/src/gen_list.c +--- aide-0.9-orig/src/gen_list.c 2002-05-30 11:53:52.000000000 +0200 ++++ aide-CVS-20030902/src/gen_list.c 2003-01-17 09:58:38.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti,Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/gen_list.c,v 1.17 2002/05/30 09:53:52 pablo Exp $ ++ * $Header: /aide/aide/src/gen_list.c,v 1.2 2003/01/17 08:58:38 cvsd Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -369,6 +369,11 @@ + } + + #ifdef HAVE_USTAT ++ /* ++ * This should not use ustat and should be implemented otherwise ++ * since ustat is not universally known function ++ * check find(1) for clues ++ */ + /* + Here we should check if we need to add it.. + */ +@@ -1322,24 +1327,24 @@ + } + } + /* +- Is this valid?? +- I think not. ++ Is this valid?? ++ No, We should do this elsewhere. ++ */ ++ /* if(conf->symlinks_found==0){ ++ int it=0; ++ DB_FIELD dbtmp; ++ DB_FIELD dbtmp2; ++ dbtmp=conf->db_out_order[1]; ++ conf->db_out_order[1]=db_linkname; ++ for(it=2;itdb_out_size;it++){ ++ dbtmp2=conf->db_out_order[it]; ++ conf->db_out_order[it]=dbtmp; ++ dbtmp=dbtmp2; ++ } ++ conf->db_out_order[conf->db_out_size++]=dbtmp; ++ conf->symlinks_found=1; ++ } + */ +- /* if(conf->symlinks_found==0){ */ +- /* int it=0; */ +- /* DB_FIELD dbtmp; */ +- /* DB_FIELD dbtmp2; */ +- /* dbtmp=conf->db_out_order[1]; */ +- /* conf->db_out_order[1]=db_linkname; */ +- /* for(it=2;itdb_out_size;it++){ */ +- /* dbtmp2=conf->db_out_order[it]; */ +- /* conf->db_out_order[it]=dbtmp; */ +- /* dbtmp=dbtmp2; */ +- /* } */ +- /* conf->db_out_order[conf->db_out_size++]=dbtmp; */ +- /* conf->symlinks_found=1; */ +- /* } */ +- + line->linkname=(char*)malloc(_POSIX_PATH_MAX+1); + if(line->linkname==NULL){ + error(0,_("malloc failed in add_file_to_list()\n")); +diff -Naur aide-0.9-orig/src/list.c aide-CVS-20030902/src/list.c +--- aide-0.9-orig/src/list.c 2002-05-29 10:04:27.000000000 +0200 ++++ aide-CVS-20030902/src/list.c 2003-01-16 11:37:34.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti,Pablo Virolainen +- * $Header: /cvs-root-aide/aide2/src/list.c,v 1.5 2002/05/29 08:04:27 rammer Exp $ ++ * $Header: /aide/aide/src/list.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -32,7 +32,7 @@ + + * And that is not true anymore. + * Now list has header which knows head and tail. +- * Every irem knows header. ++ * Every item knows header. + + */ + diff --git a/aide-cvs20031104.patch b/aide-cvs20031104.patch new file mode 100644 index 0000000..8b13d78 --- /dev/null +++ b/aide-cvs20031104.patch @@ -0,0 +1,356 @@ +diff -Naur aide-CVS-20030902/AUTHORS aide-CVS-20031104/AUTHORS +--- aide-CVS-20030902/AUTHORS 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/AUTHORS 2003-10-03 22:14:14.000000000 +0200 +@@ -1,3 +1,7 @@ ++If you have any questions about aide, it's use or applications please send ++your inquiries to the mailing list at aide@cs.tut.fi rather than to the ++individuals named below. ++ + The main authors of this package are: + * Rami Lehti (rammer@cs.tut.fi) + * Pablo Virolainen (pablo@cs.tut.fi) +@@ -5,5 +9,8 @@ + Other contributors (people who have given us code/patches): + * KELEMEN Peter + +-I would also like to thank the people who have given good +-bug reports. ++This package is currently maintained by: ++ * Richard van den Berg (richard@vdberg.org) ++ * Mike Markley (mike@markley.org) ++ ++Thanks to the people who have given good bug reports. +diff -Naur aide-CVS-20030902/ChangeLog aide-CVS-20031104/ChangeLog +--- aide-CVS-20030902/ChangeLog 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/ChangeLog 2003-10-03 22:18:32.000000000 +0200 +@@ -1,3 +1,8 @@ ++2003-10-03 Richard van den Berg ++ * Moved project over to http://sf.net/projects/aide ++ * Fixed problems in conf_yacc.y ++ * Gzip code now uses best (-9) compression ++ + 2002-07-22 Rami Lehti + + * Fixed Unimplemented error message when conf md not compiled in +diff -Naur aide-CVS-20030902/configure.in aide-CVS-20031104/configure.in +--- aide-CVS-20030902/configure.in 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/configure.in 2003-10-29 12:05:34.000000000 +0100 +@@ -2,7 +2,7 @@ + dnl Initialize automake + AC_INIT(src/aide.c) + +-AM_INIT_AUTOMAKE(aide, 0.9) ++AM_INIT_AUTOMAKE(aide, 0.10) + dnl The name of the configure h-file. + AM_CONFIG_HEADER(config.h) + # We want an absolute path to the source-dir. +diff -Naur aide-CVS-20030902/INSTALL aide-CVS-20031104/INSTALL +--- aide-CVS-20030902/INSTALL 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/INSTALL 2003-10-03 22:09:54.000000000 +0200 +@@ -179,3 +179,12 @@ + + `configure' also accepts some other, not widely useful, options. + ++Compiling From CVS ++================== ++ ++The CVS version of the source code does not come with the `configure' script ++included. Instead a script called `autogen.sh' can be used to generate the ++configure script. At this moment this requires autoconf version 2.13 to be ++present on your system. A newer version of autoconf will not work. If this is ++a problem for you, please do not use the CVS version, but use a released tar ++ball which will include the `configure' script. +diff -Naur aide-CVS-20030902/NEWS aide-CVS-20031104/NEWS +--- aide-CVS-20030902/NEWS 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/NEWS 2003-10-28 18:37:52.000000000 +0100 +@@ -2,6 +2,11 @@ + AIDE Version History + + ========================================================= ++Version 0.10 ++ * Fixed bugs ++ * Moved project over to sourceforge.net ++ * Change of project ownership ++ + Version 0.9 + * Fixed bugs + * Added support for keyed md check of db and config +diff -Naur aide-CVS-20030902/README aide-CVS-20031104/README +--- aide-CVS-20030902/README 2003-01-17 10:24:41.000000000 +0100 ++++ aide-CVS-20031104/README 2003-10-29 12:05:34.000000000 +0100 +@@ -2,7 +2,7 @@ + + Advanced Intrusion Detection Environment + +- Version 0.9.1 ++ Version 0.10 + + ******************************************************************* + +@@ -43,6 +43,7 @@ + Documentation is in doc/ directory. + The manual pages are a good place to start. + Also see doc/manual.html or http://www.cs.tut.fi/~rammer/aide/manual.html ++Other useful information might appear on http://sf.net/projects/aide + + Requirements + +@@ -81,7 +82,7 @@ + software. + Although some pizza delivery guy's feelings were hurt. + +-******************************************************* ++************************************************************* + If there is something that ought to be said here +-please send your comments to rammer@cs.tut.fi. +-******************************************************* ++please send your comments to aide-devel@lists.sourceforge.net ++************************************************************* +diff -Naur aide-CVS-20030902/src/aide.c aide-CVS-20031104/src/aide.c +--- aide-CVS-20030902/src/aide.c 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/src/aide.c 2003-10-30 12:20:53.000000000 +0100 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /aide/aide/src/aide.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ ++ * $Header: /cvsroot/aide/aide/src/aide.c,v 1.2 2003/10/30 11:20:53 madhack Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -116,7 +116,7 @@ + }; + + while(1){ +- option = getopt_long(argc, argv, "hV::vc:B:A:r:e:f:iCu", options, &i); ++ option = getopt_long(argc, argv, "hV::vc:B:A:r:iCuDE", options, &i); + if(option==-1) + break; + switch(option) +diff -Naur aide-CVS-20030902/src/be.c aide-CVS-20031104/src/be.c +--- aide-CVS-20030902/src/be.c 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/src/be.c 2003-08-18 15:06:30.000000000 +0200 +@@ -137,7 +137,7 @@ + error(200,_("Opening file \"%s\" for %s\n"),u->value,inout?"r":"w+"); + #ifdef WITH_ZLIB + if(iszipped && !inout){ +- fh=gzopen(u->value,"wb+"); ++ fh=gzopen(u->value,"wb9+"); + if(fh==NULL){ + error(0,_("Couldn't open file %s for %s"),u->value, + inout?"reading\n":"writing\n"); +diff -Naur aide-CVS-20030902/src/conf_yacc.y aide-CVS-20031104/src/conf_yacc.y +--- aide-CVS-20030902/src/conf_yacc.y 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/src/conf_yacc.y 2003-08-18 15:03:22.000000000 +0200 +@@ -2,7 +2,7 @@ + + /* + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /aide/aide/src/conf_yacc.y,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ ++ * $Header: /cvsroot/aide/aide/src/conf_yacc.y,v 1.2 2003/08/18 13:03:22 rvdb Exp $ + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the +@@ -143,19 +143,19 @@ + | TEOF { + newlinelastinconfig=1; + YYACCEPT; +- } ; ++ } + | TNEWLINE + | TDBSPEC { + error(220,"Got @@dbspec.Stopping\n"); + YYACCEPT; +- } ; ++ } + | TBEGIN_DB { + error(220,"Got @@begin_db. Stopping\n"); + YYACCEPT; +- } ; ++ } + | TEND_DB { + conferror("Error while reading configuration"); +- } ; ++ } + | error { + conferror("Error while reading configuration"); + YYABORT; +diff -Naur aide-CVS-20030902/src/db_file.c aide-CVS-20031104/src/db_file.c +--- aide-CVS-20030902/src/db_file.c 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/src/db_file.c 2003-08-18 15:06:30.000000000 +0200 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti, Pablo Virolainen +- * $Header: /aide/aide/src/db_file.c,v 1.1.1.1 2003/01/16 10:37:34 rammer Exp $ ++ * $Header: /cvsroot/aide/aide/src/db_file.c,v 1.3 2003/08/18 13:06:30 rvdb Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -95,7 +95,8 @@ + int retval; + #ifdef WITH_ZLIB + if(conf->gzip_dbout){ +- retval=gzflush(conf->db_gzout,Z_SYNC_FLUSH); ++ /* Should not flush using gzip, it degrades compression */ ++ retval=Z_OK; + }else { + #endif + retval=fflush(conf->db_out); +@@ -108,27 +109,23 @@ + + int dofprintf( const char* s,...) + { ++ char buf[3]; + int retval; + char* temp=NULL; + va_list ap; + + va_start(ap,s); +- temp=(char*)malloc(3); +- if(temp==NULL){ +- error(0,"Unable to alloc %i bytes\n",3); +- return -1; +- } +- +- retval=vsnprintf(temp,3,s,ap); +- +- free(temp); ++ retval=vsnprintf(buf,3,s,ap); ++ va_end(ap); + + temp=(char*)malloc(retval+2); + if(temp==NULL){ + error(0,"Unable to alloc %i bytes\n",retval+2); + return -1; + } ++ va_start(ap,s); + retval=vsnprintf(temp,retval+1,s,ap); ++ va_end(ap); + + #ifdef WITH_MHASH + if(conf->do_dbnewmd) +@@ -140,12 +137,13 @@ + retval=gzwrite(conf->db_gzout,temp,retval); + }else{ + #endif ++ va_start(ap,s); + retval=vfprintf(conf->db_out,s,ap); ++ va_end(ap); + #ifdef WITH_ZLIB + } + #endif + free(temp); +- va_end(ap); + + return retval; + } +diff -Naur aide-CVS-20030902/src/error.c aide-CVS-20031104/src/error.c +--- aide-CVS-20030902/src/error.c 2003-01-16 11:37:34.000000000 +0100 ++++ aide-CVS-20031104/src/error.c 2003-08-01 21:28:55.000000000 +0200 +@@ -184,22 +184,24 @@ + )) { + db_line line; + int len; +- va_start(ap,error_msg); + memset(&line,0,sizeof(db_line)); + line.filename=(char*)malloc(3); + if (line.filename!=NULL) { ++ va_start(ap,error_msg); + len=vsnprintf(line.filename,2,error_msg,ap); ++ va_end(ap); + free(line.filename); + line.filename=malloc(len+2); + line.filename[0]='#'; + if (line.filename!=NULL) { + line.attr=DB_FILENAME; ++ va_start(ap,error_msg); + len=vsnprintf(line.filename+1,len+1,error_msg,ap); ++ va_end(ap); + db_writeline(&line,conf); + free(line.filename); + } + } +- va_end(ap); + } + #endif + +diff -Naur aide-CVS-20030902/src/gen_list.c aide-CVS-20031104/src/gen_list.c +--- aide-CVS-20030902/src/gen_list.c 2003-01-17 09:58:38.000000000 +0100 ++++ aide-CVS-20031104/src/gen_list.c 2003-09-09 08:55:07.000000000 +0200 +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * + * Copyright (C) 1999,2000,2001,2002 Rami Lehti,Pablo Virolainen +- * $Header: /aide/aide/src/gen_list.c,v 1.2 2003/01/17 08:58:38 cvsd Exp $ ++ * $Header: /cvsroot/aide/aide/src/gen_list.c,v 1.3 2003/09/09 06:55:07 ramilehti Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -66,16 +66,31 @@ + { + char*p=NULL; + int i=0; ++ int j=1; ++ int last_backslash=0; ++ int lastslash_in_p=1; + +- /* This assumes that the first character is a slash */ +- int lastslash=1; ++ /* The following code assumes that the first character is a slash */ ++ int lastslash=0; ++ ++ p=(char*)malloc(sizeof(char)*strlen(rx)+1); ++ p[0]='/'; + +- /* i=0 because we want to return at least the first slash */ + for(i=1;ichilds=NULL; +@@ -223,19 +224,20 @@ + copy_rule_ref(node,r); + + if(tree!=NULL){ ++ tmprxtok = strrxtok(path); + if(isrx){ +- parent=get_seltree_node(tree,strrxtok(path)); ++ parent=get_seltree_node(tree,tmprxtok); + }else { + parent=get_seltree_node(tree,strlastslash(path)); + } + if(parent==NULL){ + if(isrx){ +- parent=new_seltree_node(tree,strrxtok(path),isrx,r); ++ parent=new_seltree_node(tree,tmprxtok,isrx,r); + }else { + parent=new_seltree_node(tree,strlastslash(path),isrx,r); + } + } +- ++ free(tmprxtok); + parent->childs=list_append(parent->childs,(void*)node); + node->parent=parent; + }else { +@@ -311,6 +313,7 @@ + /* Data should not be free'ed because it's in rxc struct + * and freeing is done if error occour. + */ ++ free(rxtok); + } + + diff --git a/aide-rootpath.patch b/aide-rootpath.patch new file mode 100644 index 0000000..89c6746 --- /dev/null +++ b/aide-rootpath.patch @@ -0,0 +1,21 @@ +--- src/db_disk.c.orig 2003-01-16 11:37:34.000000000 +0100 ++++ src/db_disk.c 2003-09-09 12:58:45.000000000 +0200 +@@ -178,7 +178,8 @@ + + /* root needs special handling */ + if(!root_handled){ +- fullname="/"; ++ fullname=malloc(1+1); ++ strcpy(fullname,"/"); + add=check_rxtree(fullname,conf->tree,&attr); + error(240,"%s match=%d, tree=%i, attr=%i\n",fullname, add,conf->tree,attr); + +@@ -200,6 +201,8 @@ + fil=NULL; + } + } ++ if (!add) ++ free(fullname); + root_handled=1; + } + rec \ No newline at end of file diff --git a/aide-useless-includes.patch b/aide-useless-includes.patch new file mode 100644 index 0000000..0a2bd11 --- /dev/null +++ b/aide-useless-includes.patch @@ -0,0 +1,11 @@ +--- aide-0.9/src/Makefile.in.orig 2002-06-06 11:08:32.000000000 +0200 ++++ aide-0.9/src/Makefile.in 2002-06-06 11:08:48.000000000 +0200 +@@ -98,7 +98,7 @@ + aide_SOURCES = conf_yacc.y conf_lex.l getopt.c getopt1.c gnu_regex.c error.c md.c db.c commandconf.c db_file.c db_disk.c db_lex.l db_sql.c gen_list.c list.c do_md.c base64.c symboltable.c compare_db.c be.c util.c aide.c + + +-INCLUDES = -I$(prefix)/include -I$(top_srcdir)/include ++INCLUDES = -I$(top_srcdir)/include + + LDADD = @CRYPTLIB@ @ACLLIB@ + diff --git a/aide.conf b/aide.conf new file mode 100644 index 0000000..ce68965 --- /dev/null +++ b/aide.conf @@ -0,0 +1,84 @@ +# Example configuration file for AIDE. + +@@define DBDIR /var/lib/aide + +# The location of the database to be read. +database=file:@@{DBDIR}/aide.db.gz + +# The location of the database to be written. +#database_out=sql:host:port:database:login_name:passwd:table +#database_out=file:aide.db.new +database_out=file:@@{DBDIR}/aide.db.new.gz + +# Whether to gzip the output to database +gzip_dbout=yes + +# Default. +verbose=5 + +report_url=file:/var/log/aide.log +report_url=stdout +#report_url=stderr +#NOT IMPLEMENTED report_url=mailto:root@foo.com +#NOT IMPLEMENTED report_url=syslog:LOG_AUTH + +# These are the default rules. +# +#p: permissions +#i: inode: +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#md5: md5 checksum +#sha1: sha1 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum +#haval: haval checksum +#gost: gost checksum +#crc32: crc32 checksum +#R: p+i+n+u+g+s+m+c+md5 +#L: p+i+n+u+g +#E: Empty group +#>: Growing logfile p+u+g+i+n+S + +# You can create custom rules like this. + +NORMAL = R+b+sha1 + +DIR = p+i+n+u+g + +# Next decide what directories/files you want in the database. + +/boot NORMAL +/bin NORMAL +/sbin NORMAL +/lib NORMAL +/opt NORMAL +/usr NORMAL +/root NORMAL + +# Check only permissions, inode, user and group for /etc, but +# cover some important files closely. +/etc p+i+u+g +!/etc/mtab +/etc/exports NORMAL +/etc/fstab NORMAL +/etc/passwd NORMAL +/etc/group NORMAL +/etc/gshadow NORMAL +/etc/shadow NORMAL + +/var/log p+n+u+g + +# With AIDE's default verbosity level of 5, these would give lots of +# warnings upon tree traversal. It might change with future version. +# +#=/lost\+found DIR +#=/home DIR + diff --git a/aide.spec b/aide.spec new file mode 100644 index 0000000..183ccaa --- /dev/null +++ b/aide.spec @@ -0,0 +1,98 @@ +Summary: Intrusion detection environment. +Name: aide +Version: 0.10 +Release: 0.fdr.0.1.cvs20031104.rh90 +Epoch: 0 +URL: http://www.cs.tut.fi/~rammer/aide.html +License: GPL +Group: Applications/System +Source: aide-0.9.tar.gz +Source1: aide.conf +Source2: README.quickstart +Patch1: aide-cvs.patch +Patch2: aide-cvs20031104.patch +Patch3: aide-fstat.patch +Patch4: aide-rootpath.patch +Patch5: aide-useless-includes.patch +Patch6: aide-memleaks.patch +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) +Buildrequires: mhash-devel zlib-devel +Buildrequires: flex bison + +%description +AIDE (Advanced Intrusion Detection Environment) is a file integrity +checker and intrusion detection program. + + +%prep +%setup -q -n aide-0.9 + +%patch1 -p1 +%patch2 -p1 +%patch3 -p0 +%patch4 -p0 +%patch5 -p1 +%patch6 -p0 + + +%build +# Apply RPM_OPT_FLAGS. +perl -pi -e 's/^CFLAGS="\$LD_STATIC_FLAG\"//' configure +perl -pi -e 's/^CPPFLAGS="\$LD_STATIC_FLAG\"//' configure + +%configure --with-config_file=%{_sysconfdir}/aide.conf \ + --with-zlib \ + --with-mhash --enable-mhash + +# Adjust default database paths. +perl -pi -e 's!%{_sysconfdir}/aide.db!%{_localstatedir}/lib/aide.db!' config.h +# Adjust default paths in manual. +perl -pi -e 's!/etc/aide.db!%{_localstatedir}/lib/aide.db!' doc/aide.1 +perl -pi -e 's!/etc/aide.conf!%{_sysconfdir}/aide.conf!' doc/aide.1 + +make %{?_smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +%makeinstall bindir=$RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} +install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir} +mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide +install -p %{SOURCE2} README.quickstart +mkdir -p -m0755 $RPM_BUILD_ROOT%{_mandir}/ru/man{1,5} +install -p -m0644 doc/aide.1.ru $RPM_BUILD_ROOT%{_mandir}/ru/man1/aide.1 +install -p -m0644 doc/aide.conf.5.ru $RPM_BUILD_ROOT%{_mandir}/ru/man5/aide.conf.5 + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(0644,root,root,0755) +%doc AUTHORS COPYING ChangeLog NEWS README ./doc/manual.html +%doc README.quickstart +%attr(0700,root,root) %{_sbindir}/aide +%{_mandir}/man1/* +%{_mandir}/man5/* +%lang(ru) %{_mandir}/ru/man1/aide.1* +%lang(ru) %{_mandir}/ru/man5/aide.conf.5* +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf +%dir %attr(0700,root,root) %{_localstatedir}/lib/aide + + +%changelog +* Tue Nov 04 2003 Michael Schwendt - 0:0.10-0.fdr.0.1.cvs20031104 +- Only tar.gz available upstream. +- byacc not needed when bison -y is available. +- Installed Russian manual pages. +- Updated with changes from CVS (2003-11-04). +- getopt patch merged upstream. +- bison-1.35 patch incorporated upstream. + +* Tue Sep 09 2003 Michael Schwendt - 0:0.9-0.fdr.0.2.20030902 +- Added fixes for further memleaks. + +* Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 +- Initial package version. + diff --git a/sources b/sources index e69de29..15a6839 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +877b1f515a9e25afda75e06805d687fb aide-0.9.tar.gz