Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
aide
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
staging
rpms
aide
Commits
68941b20
Commit
68941b20
authored
10 months ago
by
Rocky Automation
Browse files
Options
Downloads
Patches
Plain Diff
import aide-0.18.6-5.el10
parent
67d87904
No related branches found
Branches containing commit
Tags
imports/r8-beta/zlib-1.2.11-17.el8
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
SOURCES/aide-verbose.patch
+12
-12
12 additions, 12 deletions
SOURCES/aide-verbose.patch
SOURCES/gnutls.patch
+487
-0
487 additions, 0 deletions
SOURCES/gnutls.patch
SPECS/aide.spec
+20
-9
20 additions, 9 deletions
SPECS/aide.spec
with
519 additions
and
21 deletions
SOURCES/aide-verbose.patch
+
12
−
12
View file @
68941b20
diff -up ./src/conf_eval.c.
fix
./src/conf_eval.c
--- ./src/conf_eval.c.
fix 2023-12-22 12:12:22.961141634
+0
1
00
+++ ./src/conf_eval.c 202
3-12-22 14:09:21.217786675
+0
1
00
@@ -1
66
,6 +1
66
,7 @@
static
DB_ATTR_TYPE eval_attribute_expre
static void set_database_attr_option(DB_ATTR_TYPE attr, int linenumber, char *filename, char* linebuf) {
char *str
;
+
long num;
DB_ATTR_TYPE hashes = get_hashes(true);
if (attr&(~hashes)) {
diff -up ./src/conf_eval.c.
verbose
./src/conf_eval.c
--- ./src/conf_eval.c.
verbose 2023-04-01 18:25:38.000000000
+0
2
00
+++ ./src/conf_eval.c 202
4-05-15 00:08:41.040033220
+0
2
00
@@ -1
87
,6 +1
87
,7 @@
static
void set_database_attr_option(DB_
static void eval_config_statement(config_option_statement statement, int linenumber, char *filename, char* linebuf) {
char *str;
bool b
;
+ long num;
DB_ATTR_TYPE attr;
switch (statement.option) {
ATTRIBUTE_CONFIG_OPTION_CASE(REPORT_IGNORE_ADDED_ATTRS_OPTION, report_ignore_added_attrs)
@@ -298,8 +299,20 @@
static void eval_config_statement(config
LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_CONFIG, "set 'config_version' option to '%s'", str)
break;
...
...
@@ -19,7 +19,7 @@ diff -up ./src/conf_eval.c.fix ./src/conf_eval.c
+ str = eval_string_expression(statement.e, linenumber, filename, linebuf);
+ num = strtol(str, NULL, 10);
+
+ if (num < 0
&&
num > 255) {
+ if (num < 0
||
num > 255) {
+ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, "invalid verbose level: '%s'", str);
+ exit(INVALID_CONFIGURELINE_ERROR);
+ }
...
...
This diff is collapsed.
Click to expand it.
SOURCES/gnutls.patch
0 → 100644
+
487
−
0
View file @
68941b20
diff -up ./configure.ac.gnutls ./configure.ac
--- ./configure.ac.gnutls 2023-06-13 20:53:43.000000000 +0200
+++ ./configure.ac 2024-05-14 19:09:47.419448389 +0200
@@ -350,6 +350,10 @@
AC_MSG_CHECKING(for Mhash)
AC_ARG_WITH([mhash], AS_HELP_STRING([--with-mhash], [use Mhash (default: check)]), [with_mhash=$withval], [with_mhash=check])
AC_MSG_RESULT([$with_mhash])
+AC_MSG_CHECKING(for GnuTLS)
+AC_ARG_WITH([gnutls], AS_HELP_STRING([--with-gnutls], [use GnuTLS library (default: check)]), [with_gnutls=$withval], [with_gnutls=check])
+AC_MSG_RESULT([$with_gnutls])
+
AC_MSG_CHECKING(for GNU crypto library)
AC_ARG_WITH([gcrypt], AS_HELP_STRING([--with-gcrypt], [use GNU crypto library (default: check)]), [with_gcrypt=$withval], [with_gcrypt=check])
AC_MSG_RESULT([$with_gcrypt])
@@ -363,19 +367,29 @@
AS_IF([test x"$with_mhash" = xyes], [
)],AC_DEFINE(HAVE_MHASH_WHIRLPOOL,1,[mhash has whirlpool]))
AS_IF([test x"$with_gcrypt" = xcheck], [
with_gcrypt=no
+ with_gnutls=no
])
])
AIDE_PKG_CHECK_MODULES_OPTIONAL(gcrypt, GCRYPT, libgcrypt)
+AIDE_PKG_CHECK_MODULES_OPTIONAL(gnutls, GNUTLS, gnutls)
AS_IF([test x"$with_mhash" != xno && test x"$with_gcrypt" != xno], [
AC_MSG_ERROR([Using gcrypt together with mhash makes no sense. To disable mhash use --without-mhash])
])
-AS_IF([test x"$with_mhash" = xno && test x"$with_gcrypt" = xno], [
- AC_MSG_ERROR([AIDE requires mhash or libcrypt for hashsum calculation])
+AS_IF([test x"$with_mhash" != xno && test x"$with_gnutls" != xno], [
+ AC_MSG_ERROR([Using gnutls together with mhash makes no sense. To disable mhash use --without-mhash])
+])
+AS_IF([test x"$with_gcrypt" != xno && test x"$with_gnutls" != xno], [
+ AC_MSG_ERROR([Using gnutls together with gcrypt makes no sense. To disable gcrypt use --without-gcrypt])
+])
+AS_IF([test x"$with_mhash" = xno && test x"$with_gcrypt" = xno && test x"$with_gnutls" == xno], [
+ AC_MSG_ERROR([AIDE requires mhash, gnutls or libcrypt for hashsum calculation])
])
compoptionstring="${compoptionstring}use Mhash: $with_mhash\\n"
AM_CONDITIONAL(HAVE_MHASH, [test "x$MHASH_LIBS" != "x"])
compoptionstring="${compoptionstring}use GNU crypto library: $with_gcrypt\\n"
AM_CONDITIONAL(HAVE_GCRYPT, [test "x$GCRYPT_LIBS" != "x"])
+compoptionstring="${compoptionstring}use GnuTLS: $with_gnutls\\n"
+AM_CONDITIONAL(HAVE_GNUTLS, [test "x$GNUTLS_LIBS" != "x"])
AIDE_PKG_CHECK(audit, Linux Auditing Framework, no, AUDIT, audit)
diff -up ./doc/aide.conf.5.gnutls ./doc/aide.conf.5
--- ./doc/aide.conf.5.gnutls 2023-08-01 10:47:59.000000000 +0200
+++ ./doc/aide.conf.5 2024-05-14 19:09:47.420448380 +0200
@@ -866,6 +866,7 @@
haval256 checksum
.TP
.B "crc32"
crc32 checksum
+(\fIlibmhash\fR and \fIlibgcrypt\fR only)
.TP
.B "crc32b"
crc32 checksum
@@ -876,14 +877,15 @@
GOST R 34.11-94 checksum
.TP
.B "whirlpool"
whirlpool checksum
+(\fIlibgcrypt\fR and \fIlibmhash\fRonly)
.TP
.B "stribog256"
GOST R 34.11-2012, 256 bit checksum
-(\fIlibgcrypt\fR only, added in AIDE v0.17)
+(\fIlibgcrypt\fR and \fIgnutls\fR only, added in AIDE v0.17)
.TP
.B "stribog512"
GOST R 34.11-2012, 512 bit checksum
-(\fIlibgcrypt\fR only, added in AIDE v0.17)
+(\fIlibgcrypt\fR and \fIgnutls\fR only, added in AIDE v0.17)
.PP
Use 'aide --version' to show which hashsums are available.
diff -up ./include/md.h.gnutls ./include/md.h
--- ./include/md.h.gnutls 2023-04-01 18:25:38.000000000 +0200
+++ ./include/md.h 2024-05-14 19:09:47.420448380 +0200
@@ -29,6 +29,10 @@
#ifdef WITH_GCRYPT
#include <gcrypt.h>
#endif
+#ifdef WITH_GNUTLS
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#endif
#include <sys/types.h>
#include "attributes.h"
#include "hashsum.h"
@@ -61,6 +65,10 @@
typedef struct md_container {
gcry_md_hd_t mdh;
#endif
+#ifdef WITH_GNUTLS
+ gnutls_hash_hd_t gnutls_mdh[num_hashes];
+#endif
+
} md_container;
typedef struct md_hashsums {
diff -up ./Makefile.am.gnutls ./Makefile.am
--- ./Makefile.am.gnutls 2024-05-14 19:09:47.420448380 +0200
+++ ./Makefile.am 2024-05-14 19:23:09.347757387 +0200
@@ -64,17 +64,35 @@
if HAVE_CURL
aide_SOURCES += include/fopen.h src/fopen.c
endif
-aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS}
-aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS}
+aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS} ${GNUTLS_CFLAGS}
+aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GNUTLS_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS}
if HAVE_CHECK
-TESTS = check_aide
-check_PROGRAMS = check_aide
+TESTS = check_aide check_md
+check_PROGRAMS = check_aide check_md
check_aide_SOURCES = tests/check_aide.c tests/check_aide.h \
tests/check_attributes.c src/attributes.c \
src/log.c src/util.c
-check_aide_CFLAGS = -I$(top_srcdir)/include $(CHECK_CFLAGS)
-check_aide_LDADD = -lm ${PCRE2_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} $(CHECK_LIBS)
+check_aide_CFLAGS = -I$(top_srcdir)/include $(CHECK_CFLAGS) ${GNUTLS_CFLAGS}
+check_aide_LDADD = -lm ${PCRE2_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} $(CHECK_LIBS) ${GNUTLS_LIBS}
+
+check_md_SOURCES = tests/check_md.c tests/check_md.h \
+ tests/check_hashes.c \
+ src/log.c src/util.c src/md.c src/base64.c src/hashsum.c src/attributes.c
+
+check_md_CFLAGS = -I$(top_srcdir)/include \
+ $(CHECK_CFLAGS) \
+ $(GCRYPT_CFLAGS) \
+ $(GNUTLS_CFLAGS) \
+ $(MHASH_CFLAGS) \
+ $(PCRE2_CFLAGS)
+check_md_LDADD = -lm \
+ $(CHECK_LIBS) \
+ ${GCRYPT_LIBS} \
+ ${GNUTLS_LIBS} \
+ ${MHASH_LIBS} \
+ ${PCRE2_LIBS}
+
endif # HAVE_CHECK
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
diff -up ./README.gnutls ./README
--- ./README.gnutls 2023-08-01 10:47:59.000000000 +0200
+++ ./README 2024-05-14 19:09:47.419448389 +0200
@@ -132,11 +132,15 @@
o GNU make.
o pkg-config
o PCRE2 library
- o Mhash (optional, but highly recommended). Mhash is currently
- available from http://mhash.sourceforge.net/. A static version of
- libmhash needs to be build using the --enable-static=yes
- configure option.
+
+ One of the following crypto libraries:
+
+ o Mhash. Mhash is currently available from
+ http://mhash.sourceforge.net/. A static version of libmhash needs
+ to be build using the --enable-static=yes configure option.
Aide requires at least mhash version 0.9.2
+ o GNU libgcrypt
+ o GnuTLS
o libcheck (optional, needed for 'make check', license: LGPL-2.1)
diff -up ./src/aide.c.gnutls ./src/aide.c
--- ./src/aide.c.gnutls 2023-06-13 20:52:39.000000000 +0200
+++ ./src/aide.c 2024-05-14 19:09:47.420448380 +0200
@@ -66,6 +66,9 @@
char* after = NULL;
#include <gcrypt.h>
#define NEED_LIBGCRYPT_VERSION "1.8.0"
#endif
+#ifdef WITH_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
static void usage(int exitvalue)
{
@@ -522,9 +525,6 @@
static void setdefaults_before_config()
DB_ATTR_TYPE common_attrs = ATTR(attr_perm)|ATTR(attr_ftype)|ATTR(attr_inode)|ATTR(attr_linkcount)|ATTR(attr_uid)|ATTR(attr_gid);
DB_ATTR_TYPE GROUP_R_HASHES=0LLU;
-#ifdef WITH_MHASH
- GROUP_R_HASHES=ATTR(attr_md5);
-#endif
#ifdef WITH_GCRYPT
if (gcry_fips_mode_active()) {
char* str;
@@ -533,6 +533,8 @@
static void setdefaults_before_config()
} else {
GROUP_R_HASHES = ATTR(attr_md5);
}
+#else /* WITH_MHASH or WITH_GNUTLS */
+ GROUP_R_HASHES=ATTR(attr_md5);
#endif
log_msg(LOG_LEVEL_INFO, "define default groups definitions");
diff -up ./src/hashsum.c.gnutls ./src/hashsum.c
--- ./src/hashsum.c.gnutls 2023-04-01 18:25:38.000000000 +0200
+++ ./src/hashsum.c 2024-05-14 19:09:47.420448380 +0200
@@ -29,6 +29,9 @@
#ifdef WITH_GCRYPT
#include <gcrypt.h>
#endif
+#ifdef WITH_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
hashsum_t hashsums[] = {
{ attr_md5, 16 },
@@ -86,6 +89,24 @@
int algorithms[] = { /* order must match
};
#endif
+#ifdef WITH_GNUTLS
+int algorithms[] = { /* order must match hashsums array */
+ GNUTLS_DIG_MD5,
+ GNUTLS_DIG_SHA1,
+ GNUTLS_DIG_SHA256,
+ GNUTLS_DIG_SHA512,
+ GNUTLS_DIG_RMD160,
+ -1, /* TIGER is not available */
+ -1, /* CRC32 is not available */
+ -1, /* CRC32B is not available */
+ -1, /* GCRY_MD_HAVAL is not available */
+ -1, /* WHIRLPOOL is not available */
+ -1, /* GNUTLS_DIG_GOSTR_94 gives different results than Gcrypt */
+ GNUTLS_DIG_STREEBOG_256,
+ GNUTLS_DIG_STREEBOG_512,
+};
+#endif
+
DB_ATTR_TYPE get_hashes(bool include_unsupported) {
DB_ATTR_TYPE attr = 0LLU;
for (int i = 0; i < num_hashes; ++i) {
diff -up ./src/md.c.gnutls ./src/md.c
--- ./src/md.c.gnutls 2023-04-01 18:25:38.000000000 +0200
+++ ./src/md.c 2024-05-14 19:28:09.651209390 +0200
@@ -40,6 +40,11 @@
#include <gcrypt.h>
#endif
+#ifdef WITH_GNUTLS
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#endif
+
/*
Initialise md_container according its todo_attr field
*/
@@ -90,6 +95,22 @@
int init_md(struct md_container* md, con
}
}
#endif
+#ifdef WITH_GNUTLS
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
+ DB_ATTR_TYPE h = ATTR(hashsums[i].attribute);
+ if (h&md->todo_attr) {
+ if(gnutls_hash_init(&(md->gnutls_mdh[i]),algorithms[i])>=0){
+ md->calc_attr|=h;
+ } else {
+ log_msg(LOG_LEVEL_WARNING,"%s: gnutls_hash_init (%s) failed for '%s'", filename, attributes[hashsums[i].attribute].db_name, filename);
+ md->todo_attr&=~h;
+ md->gnutls_mdh[i] = NULL;
+ }
+ } else {
+ md->gnutls_mdh[i] = NULL;
+ }
+ }
+#endif
char *str;
log_msg(LOG_LEVEL_DEBUG, "%s> initialized md_container: %s (%p)", filename, str = diff_attributes(0, md->calc_attr), md);
free(str);
@@ -120,6 +141,13 @@
int update_md(struct md_container* md,vo
#ifdef WITH_GCRYPT
gcry_md_write(md->mdh, data, size);
#endif
+#ifdef WITH_GNUTLS
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
+ if(md->gnutls_mdh[i] != NULL){
+ gnutls_hash(md->gnutls_mdh[i], data, size);
+ }
+ }
+#endif
return RETOK;
}
@@ -163,6 +191,14 @@
int close_md(struct md_container* md, md
}
}
#endif
+#ifdef WITH_GNUTLS
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
+ if(md->gnutls_mdh[i] != NULL){
+ gnutls_hash_deinit(md->gnutls_mdh[i], hs?hs->hashsums[i]:NULL);
+ md->gnutls_mdh[i] = NULL;
+ }
+ }
+#endif /* WITH_MHASH */
if (hs) {
hs->attrs = md->calc_attr;
}
diff -up ./tests/check_hashes.c.gnutls ./tests/check_hashes.c
--- ./tests/check_hashes.c.gnutls 2024-05-14 19:09:47.420448380 +0200
+++ ./tests/check_hashes.c 2024-05-14 19:09:47.420448380 +0200
@@ -0,0 +1,111 @@
+/*
+ * AIDE (Advanced Intrusion Detection Environment)
+ *
+ * Copyright (C) 2024 Jakub Jelen
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <check.h>
+#include <stdlib.h>
+
+#include "hashsum.h"
+#include "md.h"
+
+typedef struct {
+ const char *input;
+ ssize_t input_len;
+ md_hashsums expected;
+} diff_digests_t;
+
+static diff_digests_t diff_digests_tests[] = {
+ { "", 0, {{
+ "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+ "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+ "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+ "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
+ "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31",
+ "\x24\xf0\x13\x0c\x63\xac\x93\x32\x16\x16\x6e\x76\xb1\xbb\x92\x5f\xf3\x73\xde\x2d\x49\x58\x4e\x7a",
+ "\x00\x00\x00\x00",
+ "\x00\x00\x00\x00",
+ "\x4f\x69\x38\x53\x1f\x0b\xc8\x99\x1f\x62\xda\x7b\xbd\x6f\x7d\xe3\xfa\xd4\x45\x62\xb8\xc6\xf4\xeb\xf1\x46\xd5\xb4\xe4\x6f\x7c\x17",
+ "\x19\xfa\x61\xd7\x55\x22\xa4\x66\x9b\x44\xe3\x9c\x1d\x2e\x17\x26\xc5\x30\x23\x21\x30\xd4\x07\xf8\x9a\xfe\xe0\x96\x49\x97\xf7\xa7\x3e\x83\xbe\x69\x8b\x28\x8f\xeb\xcf\x88\xe3\xe0\x3c\x4f\x07\x57\xea\x89\x64\xe5\x9b\x63\xd9\x37\x08\xb1\x38\xcc\x42\xa6\x6e\xb3",
+ "\xce\x85\xb9\x9c\xc4\x67\x52\xff\xfe\xe3\x5c\xab\x9a\x7b\x02\x78\xab\xb4\xc2\xd2\x05\x5c\xff\x68\x5a\xf4\x91\x2c\x49\x49\x0f\x8d",
+ "\x3f\x53\x9a\x21\x3e\x97\xc8\x02\xcc\x22\x9d\x47\x4c\x6a\xa3\x2a\x82\x5a\x36\x0b\x2a\x93\x3a\x94\x9f\xd9\x25\x20\x8d\x9c\xe1\xbb",
+ "\x8e\x94\x5d\xa2\x09\xaa\x86\x9f\x04\x55\x92\x85\x29\xbc\xae\x46\x79\xe9\x87\x3a\xb7\x07\xb5\x53\x15\xf5\x6c\xeb\x98\xbe\xf0\xa7\x36\x2f\x71\x55\x28\x35\x6e\xe8\x3c\xda\x5f\x2a\xac\x4c\x6a\xd2\xba\x3a\x71\x5c\x1b\xcd\x81\xcb\x8e\x9f\x90\xbf\x4c\x1c\x1a\x8a" }
+ }},
+ { "hello", 5, {{
+ "\x5d\x41\x40\x2a\xbc\x4b\x2a\x76\xb9\x71\x9d\x91\x10\x17\xc5\x92",
+ "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
+ "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24",
+ "\x9b\x71\xd2\x24\xbd\x62\xf3\x78\x5d\x96\xd4\x6a\xd3\xea\x3d\x73\x31\x9b\xfb\xc2\x89\x0c\xaa\xda\xe2\xdf\xf7\x25\x19\x67\x3c\xa7\x23\x23\xc3\xd9\x9b\xa5\xc1\x1d\x7c\x7a\xcc\x6e\x14\xb8\xc5\xda\x0c\x46\x63\x47\x5c\x2e\x5c\x3a\xde\xf4\x6f\x73\xbc\xde\xc0\x43",
+ "\x10\x8f\x07\xb8\x38\x24\x12\x61\x2c\x04\x8d\x07\xd1\x3f\x81\x41\x18\x44\x5a\xcd",
+ "\xa7\x88\x62\x33\x6f\x7f\xfd\x2c\x8a\x38\x74\xf8\x9b\x1b\x74\xf2\xf2\x7b\xdb\xca\x39\x66\x02\x54",
+#ifdef WITH_MHASH
+ "\x3d\x65\x31\x19",
+#else
+ "\x36\x10\xa6\x86",
+#endif
+ "\x86\xa6\x10\x36",
+ "\x26\x71\x8e\x4f\xb0\x55\x95\xcb\x87\x03\xa6\x72\xa8\xae\x91\xee\xa0\x71\xca\xc5\xe7\x42\x61\x73\xd4\xc2\x5a\x61\x1c\x4b\x80\x22",
+ "\x0a\x25\xf5\x5d\x73\x08\xec\xa6\xb9\x56\x7a\x7e\xd3\xbd\x1b\x46\x32\x7f\x0f\x1f\xfd\xc8\x04\xdd\x8b\xb5\xaf\x40\xe8\x8d\x78\xb8\x8d\xf0\xd0\x02\xa8\x9e\x2f\xdb\xd5\x87\x6c\x52\x3f\x1b\x67\xbc\x44\xe9\xf8\x70\x47\x59\x8e\x75\x48\x29\x8e\xa1\xc8\x1c\xfd\x73",
+ "\xa7\xeb\x5d\x08\xdd\xf2\x36\x3f\x1e\xa0\x31\x7a\x80\x3f\xce\xf8\x1d\x33\x86\x3c\x8b\x2f\x9f\x6d\x7d\x14\x95\x1d\x22\x9f\x45\x67",
+ "\x3f\xb0\x70\x0a\x41\xce\x6e\x41\x41\x3b\xa7\x64\xf9\x8b\xf2\x13\x5b\xa6\xde\xd5\x16\xbe\xa2\xfa\xe8\x42\x9c\xc5\xbd\xd4\x6d\x6d",
+ "\x8d\xf4\x14\x26\x09\x66\xbe\xb7\xb3\x4d\x92\x07\x63\x07\x9e\x15\xdf\x1f\x63\x29\x7e\xb3\xdd\x43\x11\xe8\xb5\x85\xd4\xbf\x2f\x59\x23\x21\x4f\x1d\xfe\xd3\xfd\xee\x4a\xaf\x01\x83\x30\xa1\x2a\xcd\xe0\xef\xcc\x33\x8e\xb5\x29\x22\xf3\xe5\x71\x21\x2d\x42\xc8\xde" }
+ }},
+};
+
+static int num_diff_digests_tests = sizeof diff_digests_tests / sizeof(diff_digests_t);
+
+START_TEST (test_diff_digests) {
+ const char *filename = "filename"; /* used only in the debug logs */
+ md_hashsums hs = {0};
+ struct md_container *mdc = calloc(1, sizeof(struct md_container));
+ mdc->todo_attr = get_hashes(false);
+
+#ifdef WITH_GCRYPT
+ gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif
+
+ init_md(mdc, filename);
+ update_md(mdc, (void *)diff_digests_tests[_i].input, diff_digests_tests[_i].input_len);
+ close_md(mdc, &hs, filename);
+ free(mdc);
+
+ for (HASHSUM i = 0 ; i < num_hashes ; ++i) {
+ DB_ATTR_TYPE attr = ATTR(hashsums[i].attribute);
+ if (algorithms[i] >= 0 && hs.attrs&attr) {
+ ck_assert_mem_eq(diff_digests_tests[_i].expected.hashsums[i], hs.hashsums[i], hashsums[i].length);
+ }
+ }
+}
+END_TEST
+
+Suite *make_md_suite(void) {
+
+ Suite *s = suite_create ("md");
+
+ TCase *tc_diff_digests = tcase_create ("diff_digests");
+
+ tcase_add_loop_test (tc_diff_digests, test_diff_digests, 0, num_diff_digests_tests);
+
+ suite_add_tcase (s, tc_diff_digests);
+
+ return s;
+}
+
diff -up ./tests/check_md.c.gnutls ./tests/check_md.c
--- ./tests/check_md.c.gnutls 2024-05-14 19:09:47.420448380 +0200
+++ ./tests/check_md.c 2024-05-14 19:09:47.420448380 +0200
@@ -0,0 +1,36 @@
+/*
+ * AIDE (Advanced Intrusion Detection Environment)
+ *
+ * Copyright (C) 2024 Jakub Jelen
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+
+#include "check_md.h"
+
+int main (void) {
+ int number_failed;
+ SRunner *sr;
+
+ sr = srunner_create (make_md_suite());
+
+ srunner_run_all (sr, CK_NORMAL);
+ number_failed = srunner_ntests_failed (sr);
+
+ srunner_free (sr);
+ return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff -up ./tests/check_md.h.gnutls ./tests/check_md.h
--- ./tests/check_md.h.gnutls 2024-05-14 19:09:47.421448372 +0200
+++ ./tests/check_md.h 2024-05-14 19:09:47.421448372 +0200
@@ -0,0 +1,23 @@
+/*
+ * AIDE (Advanced Intrusion Detection Environment)
+ *
+ * Copyright (C) 2024 Jakub Jelen
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <check.h>
+
+Suite *make_md_suite(void);
This diff is collapsed.
Click to expand it.
SPECS/aide.spec
+
20
−
9
View file @
68941b20
Summary: Intrusion detection environment
Name: aide
Version: 0.18.6
Release:
4
%{?dist}
Release:
5
%{?dist}
URL: http://sourceforge.net/projects/aide
License: GPL-2.0-or-later
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
Source1: aide.conf
Source2: README.quickstart
...
...
@@ -15,7 +13,7 @@ BuildRequires: gcc
BuildRequires: make
BuildRequires: bison flex
BuildRequires: pcre2-devel
BuildRequires: libgpg-error-devel
libgcrypt
-devel
BuildRequires: libgpg-error-devel
gnutls
-devel
BuildRequires: zlib-devel
BuildRequires: libcurl-devel
BuildRequires: libacl-devel
...
...
@@ -23,26 +21,33 @@ BuildRequires: pkgconfig(libselinux)
BuildRequires: libattr-devel
BuildRequires: e2fsprogs-devel
BuildRequires: audit-libs-devel
BuildRequires: autoconf automake libtool
BuildRequires: autoconf autoconf-archive
BuildRequires: automake libtool
Patch1: aide-verbose.patch
Patch2: gnutls.patch
%description
AIDE (Advanced Intrusion Detection Environment) is a file integrity
checker and intrusion detection program.
%prep
%autosetup -p1
%setup
#%%autosetup -p1
cp -a %{S:2} .
%patch -R -P 1 -p1 -b .verbose
%patch -P 1 -p1 -b .verbose
%patch -P 2 -p1 -b .gnutls
%build
#
autoreconf -ivf
autoreconf -ivf
%configure \
--disable-static \
--with-config_file=%{_sysconfdir}/aide.conf \
--with-gcrypt \
--with-gnutls \
--without-gcrypt \
--with-zlib \
--with-curl \
--with-posix-acl \
...
...
@@ -72,6 +77,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
%changelog
* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.18.6-5
REDHAT 10.0 ERRATUM
- fix verbose patch
- get rid of libgcrypt
Resolves: RHEL-36780
* Mon Feb 12 2024 Radovan Sroka <rsroka@redhat.com> - 0.18.6-4
- rebase to 0.18.6
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
