import aide-0.16-14.el8

a271d26f · Rocky Automation · fd571745 · a271d26f · a271d26f · a271d26f
Commit a271d26f authored 4 years ago by Rocky Automation
--- a/SOURCES/aide.conf
+++ b/SOURCES/aide.conf
@@ -88,20 +88,20 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512

 # Next decide what directories/files you want in the database.

-/boot        CONTENT_EX
-/opt/        CONTENT
+/boot       CONTENT_EX
+/opt        CONTENT

 # Admins dot files constantly change, just check perms
 /root/\..* PERMS
 # Otherwise get all of /root.
-/root/   CONTENT_EX
+/root   CONTENT_EX

 # These are too volatile
-!/usr/src/
-!/usr/tmp/
+!/usr/src
+!/usr/tmp

 # Otherwise get all of /usr.
-/usr/    CONTENT_EX
+/usr    CONTENT_EX

 # trusted databases
 /etc/hosts$      CONTENT_EX
@@ -112,10 +112,10 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/protocols$  CONTENT_EX
 /etc/services$   CONTENT_EX
 /etc/localtime$  CONTENT_EX
-/etc/alternatives/ CONTENT_EX
+/etc/alternatives CONTENT_EX
 /etc/sysconfig   CONTENT_EX
 /etc/mime.types$ CONTENT_EX
-/etc/terminfo/   CONTENT_EX
+/etc/terminfo    CONTENT_EX
 /etc/exports$    CONTENT_EX
 /etc/fstab$      CONTENT_EX
 /etc/passwd$     CONTENT_EX
@@ -125,12 +125,12 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/subgid$     CONTENT_EX
 /etc/subuid$     CONTENT_EX
 /etc/security/opasswd$ CONTENT_EX
-/etc/skel/       CONTENT_EX
+/etc/skel        CONTENT_EX
 /etc/subuid$     CONTENT_EX
 /etc/subgid$     CONTENT_EX
-/etc/sssd/       CONTENT_EX
+/etc/sssd        CONTENT_EX
 /etc/machine-id$ CONTENT_EX
-/etc/swid/       CONTENT_EX
+/etc/swid        CONTENT_EX
 /etc/system-release-cpe$ CONTENT_EX
 /etc/shells$     CONTENT_EX
 /etc/tmux.conf$  CONTENT_EX
@@ -140,12 +140,12 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 # networking
 /etc/hosts.allow$   CONTENT_EX
 /etc/hosts.deny$    CONTENT_EX
-/etc/firewalld/ CONTENT_EX
-!/etc/NetworkManager/system-connections/
-/etc/NetworkManager/ CONTENT_EX
+/etc/firewalld      CONTENT_EX
+!/etc/NetworkManager/system-connections
+/etc/NetworkManager CONTENT_EX
 /etc/networks$ CONTENT_EX
-/etc/dhcp/ CONTENT_EX
-/etc/wpa_supplicant/ CONTENT_EX
+/etc/dhcp CONTENT_EX
+/etc/wpa_supplicant CONTENT_EX
 /etc/resolv.conf$ DATAONLY
 /etc/nscd.conf$ CONTENT_EX

@@ -154,31 +154,31 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/libuser.conf$ CONTENT_EX
 /var/log/faillog$ PERMS
 /var/log/lastlog$ PERMS
-/var/run/faillock/ PERMS
-/etc/pam.d/ CONTENT_EX
-/etc/security/ CONTENT_EX
+/var/run/faillock PERMS
+/etc/pam.d CONTENT_EX
+/etc/security CONTENT_EX
 /etc/securetty$ CONTENT_EX
-/etc/polkit-1/ CONTENT_EX
+/etc/polkit-1 CONTENT_EX
 /etc/sudo.conf$ CONTENT_EX
-/etc/sudoers CONTENT_EX
-/etc/sudoers.d/ CONTENT_EX
+/etc/sudoers$ CONTENT_EX
+/etc/sudoers.d CONTENT_EX

 # Shell/X startup files
 /etc/profile$ CONTENT_EX
-/etc/profile.d/ CONTENT_EX
+/etc/profile.d CONTENT_EX
 /etc/bashrc$ CONTENT_EX
-/etc/bash_completion.d/ CONTENT_EX
+/etc/bash_completion.d CONTENT_EX
 /etc/zprofile$ CONTENT_EX
 /etc/zshrc$ CONTENT_EX
 /etc/zlogin$ CONTENT_EX
 /etc/zlogout$ CONTENT_EX
-/etc/X11/ CONTENT_EX
+/etc/X11 CONTENT_EX

 # Pkg manager
-/etc/dnf/ CONTENT_EX
+/etc/dnf CONTENT_EX
 /etc/yum.conf$ CONTENT_EX
-/etc/yum/ CONTENT_EX
-/etc/yum.repos.d/ CONTENT_EX
+/etc/yum CONTENT_EX
+/etc/yum.repos.d CONTENT_EX

 # This gets new/removes-old filenames daily
 !/var/log/sa
@@ -187,97 +187,97 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512

 # auditing
 # AIDE produces an audit record, so this becomes perpetual motion.
-/var/log/audit/ PERMS
-/etc/audit/ CONTENT_EX
+/var/log/audit PERMS
+/etc/audit CONTENT_EX
 /etc/libaudit.conf$ CONTENT_EX
 /etc/aide.conf$  CONTENT_EX

 # System logs
 /etc/rsyslog.conf$ CONTENT_EX
-/etc/rsyslog.d/ CONTENT_EX
+/etc/rsyslog.d CONTENT_EX
 /etc/logrotate.conf$ CONTENT_EX
-/etc/logrotate.d/ CONTENT_EX
+/etc/logrotate.d CONTENT_EX
 /etc/systemd/journald.conf$ CONTENT_EX
-/var/log/ LOG+ANF+ARF
+/var/log LOG+ANF+ARF
 /var/run/utmp LOG

 # secrets
-/etc/pkcs11/ CONTENT_EX
-/etc/pki/ CONTENT_EX
-/etc/crypto-policies/ CONTENT_EX
-/etc/certmonger/ CONTENT_EX
+/etc/pkcs11 CONTENT_EX
+/etc/pki CONTENT_EX
+/etc/crypto-policies CONTENT_EX
+/etc/certmonger CONTENT_EX
 /var/lib/systemd/random-seed$ PERMS

 # init system
-/etc/systemd/ CONTENT_EX
-/etc/rc.d/ CONTENT_EX
-/etc/tmpfiles.d/ CONTENT_EX
+/etc/systemd CONTENT_EX
+/etc/rc.d CONTENT_EX
+/etc/tmpfiles.d CONTENT_EX

 # boot config
-/etc/default/ CONTENT_EX
-/etc/grub.d/ CONTENT_EX
-/etc/dracut.conf CONTENT_EX
-/etc/dracut.conf.d/ CONTENT_EX
+/etc/default CONTENT_EX
+/etc/grub.d CONTENT_EX
+/etc/dracut.conf$ CONTENT_EX
+/etc/dracut.conf.d CONTENT_EX

 # glibc linker
 /etc/ld.so.cache$ CONTENT_EX
 /etc/ld.so.conf$ CONTENT_EX
-/etc/ld.so.conf.d/ CONTENT_EX
+/etc/ld.so.conf.d CONTENT_EX
 /etc/ld.so.preload$ CONTENT_EX

 # kernel config
-/etc/sysctl.conf CONTENT_EX
-/etc/sysctl.d/ CONTENT_EX
-/etc/modprobe.d/ CONTENT_EX
-/etc/modules-load.d/ CONTENT_EX
-/etc/depmod.d/ CONTENT_EX
-/etc/udev/ CONTENT_EX
+/etc/sysctl.conf$ CONTENT_EX
+/etc/sysctl.d CONTENT_EX
+/etc/modprobe.d CONTENT_EX
+/etc/modules-load.d CONTENT_EX
+/etc/depmod.d CONTENT_EX
+/etc/udev CONTENT_EX
 /etc/crypttab$ CONTENT_EX

 #### Daemons ####

 # cron jobs
-/var/spool/at/ CONTENT
+/var/spool/at CONTENT
 /etc/at.allow$ CONTENT
 /etc/at.deny$ CONTENT
 /var/spool/anacron CONTENT
 /etc/anacrontab$ CONTENT_EX
 /etc/cron.allow$ CONTENT_EX
 /etc/cron.deny$ CONTENT_EX
-/etc/cron.d/ CONTENT_EX
-/etc/cron.daily/ CONTENT_EX
-/etc/cron.hourly/ CONTENT_EX
-/etc/cron.monthly/ CONTENT_EX
-/etc/cron.weekly/ CONTENT_EX
+/etc/cron.d CONTENT_EX
+/etc/cron.daily CONTENT_EX
+/etc/cron.hourly CONTENT_EX
+/etc/cron.monthly CONTENT_EX
+/etc/cron.weekly CONTENT_EX
 /etc/crontab$ CONTENT_EX
-/var/spool/cron/root/ CONTENT
+/var/spool/cron/root CONTENT

 # time keeping
-/etc/chrony.conf CONTENT_EX
+/etc/chrony.conf$ CONTENT_EX
 /etc/chrony.keys$ CONTENT_EX

 # mail
 /etc/aliases$ CONTENT_EX
 /etc/aliases.db$ CONTENT_EX
-/etc/postfix/ CONTENT_EX
+/etc/postfix CONTENT_EX

 # ssh
-/etc/ssh/sshd_config CONTENT_EX
-/etc/ssh/ssh_config CONTENT_EX
+/etc/ssh/sshd_config$ CONTENT_EX
+/etc/ssh/ssh_config$ CONTENT_EX

 # stunnel
-/etc/stunnel/ CONTENT_EX
+/etc/stunnel CONTENT_EX

 # printing
-/etc/cups/ CONTENT_EX
-/etc/cupshelpers/ CONTENT_EX
-/etc/avahi/ CONTENT_EX
+/etc/cups CONTENT_EX
+/etc/cupshelpers CONTENT_EX
+/etc/avahi CONTENT_EX

 # web server
-/etc/httpd/ CONTENT_EX
+/etc/httpd CONTENT_EX

 # dns
-/etc/named/ CONTENT_EX
+/etc/named CONTENT_EX
 /etc/named.conf$ CONTENT_EX
 /etc/named.iscdlv.key$ CONTENT_EX
 /etc/named.rfc1912.zones$ CONTENT_EX
@@ -285,22 +285,22 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512

 # xinetd
 /etc/xinetd.conf$ CONTENT_EX
-/etc/xinetd.d/ CONTENT_EX
+/etc/xinetd.d CONTENT_EX

 # IPsec
-/etc/ipsec.conf CONTENT_EX
-/etc/ipsec.secrets CONTENT_EX
-/etc/ipsec.d/ CONTENT_EX
+/etc/ipsec.conf$ CONTENT_EX
+/etc/ipsec.secrets$ CONTENT_EX
+/etc/ipsec.d CONTENT_EX

 # USB guard
-/etc/usbguard/ CONTENT_EX
+/etc/usbguard CONTENT_EX

 # Ignore some files
 !/etc/mtab$
 !/etc/.*~

 # Now everything else
-/etc/    PERMS
+/etc    PERMS


 # With AIDE's default verbosity level of 5, these would give lots of

--- a/SOURCES/coverity.patch
+++ b/SOURCES/coverity.patch
@@ -241,7 +241,7 @@ diff -up ./src/commandconf.c.coverity ./src/commandconf.c
             }
         }
 -        *val++;
-+        (*val)++;
+        val++;
     }
 }
 #endif

--- a/SPECS/aide.spec
+++ b/SPECS/aide.spec
 Summary:        Intrusion detection environment
 Name:           aide
 Version:        0.16
-Release:        11%{?dist}
+Release:        14%{?dist}
 URL:            http://sourceforge.net/projects/aide
 License:        GPLv2+
-
-
 Source0:        %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
 Source1:        aide.conf
 Source2:        README.quickstart
@@ -24,6 +22,8 @@ BuildRequires:  libattr-devel
 BuildRequires:  e2fsprogs-devel
 Buildrequires:  audit-libs-devel

+Requires: libgcrypt >= 1.8.5
+
 # Customize the database file location in the man page.
 Patch1: aide-0.16rc1-man.patch
 # fix aide in FIPS mode
@@ -81,6 +81,22 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 %dir %attr(0700,root,root) %{_localstatedir}/log/aide

 %changelog
+* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
+- strict require for libgcrypt
+  resolves: rhbz#1852407
+
+* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
+- RHEL 8.3
+- minor edit of aide.conf to make it consistent
+  resolves: rhbz#1740754
+
+* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
+- RHEL 8.3
+- minor edit of aide.conf
+  resolves: rhbz#1740754
+- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
+  resolves: rhbz#1806323
+
 * Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
 - rebuild
 - minor edit of aide.conf