From e8632ef8c9b35effdfa2f0f59dc06d2885390234 Mon Sep 17 00:00:00 2001
From: rockyautomation <rockyautomation@rockylinux.org>
Date: Fri, 19 Feb 2021 22:58:08 +0100
Subject: [PATCH] import aide-0.16-8.el8
---
SOURCES/aide.conf | 326 +++++++++++++++--------------------------
SOURCES/coverity.patch | 2 +-
SPECS/aide.spec | 42 +-----
3 files changed, 122 insertions(+), 248 deletions(-)
diff --git a/SOURCES/aide.conf b/SOURCES/aide.conf
index b934dc3..cd95c01 100644
--- a/SOURCES/aide.conf
+++ b/SOURCES/aide.conf
@@ -51,6 +51,8 @@ report_url=stdout
#crc32: crc32 checksum (MHASH only)
#whirlpool: whirlpool checksum (MHASH only)
+FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
+
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
#L: p+i+n+u+g+acl+selinux+xattrs
#E: Empty group
@@ -63,245 +65,150 @@ ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
# Everything but access time (Ie. all changes)
EVERYTHING = R+ALLXTRAHASHES
-# Sane
-# NORMAL = R+sha512
-NORMAL = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha512
+# Sane, with multiple hashes
+# NORMAL = R+rmd160+sha256+whirlpool
+NORMAL = FIPSR+sha512
# For directories, don't bother doing hashes
DIR = p+i+n+u+g+acl+selinux+xattrs
# Access control only
-PERMS = p+u+g+acl+selinux+xattrs
+PERMS = p+i+u+g+acl+selinux
# Logfile are special, in that they often change
-LOG = p+u+g+n+S+acl+selinux+xattrs
-
-# Content + file type.
-CONTENT = sha512+ftype
+LOG = >
-# Extended content + file type + access.
-CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
+# Just do sha256 and sha512 hashes
+LSPP = FIPSR+sha512
# Some files get updated automatically, so the inode/ctime/mtime change
# but we want to know when the data inside them changes
-DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
+DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
# Next decide what directories/files you want in the database.
-/boot CONTENT_EX
-/opt CONTENT
-
-# Admins dot files constantly change, just check perms
-/root/\..* PERMS
-# Otherwise get all of /root.
-/root CONTENT_EX
-
+/boot NORMAL
+/bin NORMAL
+/sbin NORMAL
+/lib NORMAL
+/lib64 NORMAL
+/opt NORMAL
+/usr NORMAL
+/root NORMAL
# These are too volatile
!/usr/src
!/usr/tmp
-# Otherwise get all of /usr.
-/usr CONTENT_EX
-
-# trusted databases
-/etc/hosts$ CONTENT_EX
-/etc/host.conf$ CONTENT_EX
-/etc/hostname$ CONTENT_EX
-/etc/issue$ CONTENT_EX
-/etc/issue.net$ CONTENT_EX
-/etc/protocols$ CONTENT_EX
-/etc/services$ CONTENT_EX
-/etc/localtime$ CONTENT_EX
-/etc/alternatives CONTENT_EX
-/etc/sysconfig CONTENT_EX
-/etc/mime.types$ CONTENT_EX
-/etc/terminfo CONTENT_EX
-/etc/exports$ CONTENT_EX
-/etc/fstab$ CONTENT_EX
-/etc/passwd$ CONTENT_EX
-/etc/group$ CONTENT_EX
-/etc/gshadow$ CONTENT_EX
-/etc/shadow$ CONTENT_EX
-/etc/subgid$ CONTENT_EX
-/etc/subuid$ CONTENT_EX
-/etc/security/opasswd$ CONTENT_EX
-/etc/skel CONTENT_EX
-/etc/subuid$ CONTENT_EX
-/etc/subgid$ CONTENT_EX
-/etc/sssd CONTENT_EX
-/etc/machine-id$ CONTENT_EX
-/etc/swid CONTENT_EX
-/etc/system-release-cpe$ CONTENT_EX
-/etc/shells$ CONTENT_EX
-/etc/tmux.conf$ CONTENT_EX
-/etc/xattr.conf$ CONTENT_EX
-
-
-# networking
-/etc/hosts.allow$ CONTENT_EX
-/etc/hosts.deny$ CONTENT_EX
-/etc/firewalld CONTENT_EX
-!/etc/NetworkManager/system-connections
-/etc/NetworkManager CONTENT_EX
-/etc/networks$ CONTENT_EX
-/etc/dhcp CONTENT_EX
-/etc/wpa_supplicant CONTENT_EX
-/etc/resolv.conf$ DATAONLY
-/etc/nscd.conf$ CONTENT_EX
-
-# logins and accounts
-/etc/login.defs$ CONTENT_EX
-/etc/libuser.conf$ CONTENT_EX
-/var/log/faillog$ PERMS
-/var/log/lastlog$ PERMS
-/var/run/faillock PERMS
-/etc/pam.d CONTENT_EX
-/etc/security CONTENT_EX
-/etc/securetty$ CONTENT_EX
-/etc/polkit-1 CONTENT_EX
-/etc/sudo.conf$ CONTENT_EX
-/etc/sudoers$ CONTENT_EX
-/etc/sudoers.d CONTENT_EX
-
-# Shell/X startup files
-/etc/profile$ CONTENT_EX
-/etc/profile.d CONTENT_EX
-/etc/bashrc$ CONTENT_EX
-/etc/bash_completion.d CONTENT_EX
-/etc/zprofile$ CONTENT_EX
-/etc/zshrc$ CONTENT_EX
-/etc/zlogin$ CONTENT_EX
-/etc/zlogout$ CONTENT_EX
-/etc/X11 CONTENT_EX
+# Check only permissions, inode, user and group for /etc, but
+# cover some important files closely.
+/etc PERMS
+!/etc/mtab
+# Ignore backup files
+!/etc/.*~
+/etc/exports NORMAL
+/etc/fstab NORMAL
+/etc/passwd NORMAL
+/etc/group NORMAL
+/etc/gshadow NORMAL
+/etc/shadow NORMAL
+/etc/security/opasswd NORMAL
+
+/etc/hosts.allow NORMAL
+/etc/hosts.deny NORMAL
+
+/etc/sudoers NORMAL
+/etc/skel NORMAL
+
+/etc/logrotate.d NORMAL
+
+/etc/resolv.conf DATAONLY
+
+/etc/nscd.conf NORMAL
+/etc/securetty NORMAL
+
+# Shell/X starting files
+/etc/profile NORMAL
+/etc/bashrc NORMAL
+/etc/bash_completion.d/ NORMAL
+/etc/login.defs NORMAL
+/etc/zprofile NORMAL
+/etc/zshrc NORMAL
+/etc/zlogin NORMAL
+/etc/zlogout NORMAL
+/etc/profile.d/ NORMAL
+/etc/X11/ NORMAL
# Pkg manager
-/etc/dnf CONTENT_EX
-/etc/yum.conf$ CONTENT_EX
-/etc/yum CONTENT_EX
-/etc/yum.repos.d CONTENT_EX
+/etc/yum.conf NORMAL
+/etc/yumex.conf NORMAL
+/etc/yumex.profiles.conf NORMAL
+/etc/yum/ NORMAL
+/etc/yum.repos.d/ NORMAL
+
+/var/log LOG
+/var/run/utmp LOG
# This gets new/removes-old filenames daily
!/var/log/sa
# As we are checking it, we've truncated yesterdays size to zero.
!/var/log/aide.log
-# auditing
+# LSPP rules...
# AIDE produces an audit record, so this becomes perpetual motion.
-/var/log/audit PERMS
-/etc/audit CONTENT_EX
-/etc/libaudit.conf$ CONTENT_EX
-/etc/aide.conf$ CONTENT_EX
-
-# System logs
-/etc/rsyslog.conf$ CONTENT_EX
-/etc/rsyslog.d CONTENT_EX
-/etc/logrotate.conf$ CONTENT_EX
-/etc/logrotate.d CONTENT_EX
-/etc/systemd/journald.conf$ CONTENT_EX
-/var/log LOG+ANF+ARF
-/var/run/utmp LOG
+# /var/log/audit/ LSPP
+/etc/audit/ LSPP
+/etc/libaudit.conf LSPP
+/usr/sbin/stunnel LSPP
+/var/spool/at LSPP
+/etc/at.allow LSPP
+/etc/at.deny LSPP
+/etc/cron.allow LSPP
+/etc/cron.deny LSPP
+/etc/cron.d/ LSPP
+/etc/cron.daily/ LSPP
+/etc/cron.hourly/ LSPP
+/etc/cron.monthly/ LSPP
+/etc/cron.weekly/ LSPP
+/etc/crontab LSPP
+/var/spool/cron/root LSPP
-# secrets
-/etc/pkcs11 CONTENT_EX
-/etc/pki CONTENT_EX
-/etc/crypto-policies CONTENT_EX
-/etc/certmonger CONTENT_EX
-/var/lib/systemd/random-seed$ PERMS
-
-# init system
-/etc/systemd CONTENT_EX
-/etc/rc.d CONTENT_EX
-/etc/tmpfiles.d CONTENT_EX
-
-# boot config
-/etc/default CONTENT_EX
-/etc/grub.d CONTENT_EX
-/etc/dracut.conf$ CONTENT_EX
-/etc/dracut.conf.d CONTENT_EX
-
-# glibc linker
-/etc/ld.so.cache$ CONTENT_EX
-/etc/ld.so.conf$ CONTENT_EX
-/etc/ld.so.conf.d CONTENT_EX
-/etc/ld.so.preload$ CONTENT_EX
-
-# kernel config
-/etc/sysctl.conf$ CONTENT_EX
-/etc/sysctl.d CONTENT_EX
-/etc/modprobe.d CONTENT_EX
-/etc/modules-load.d CONTENT_EX
-/etc/depmod.d CONTENT_EX
-/etc/udev CONTENT_EX
-/etc/crypttab$ CONTENT_EX
-
-#### Daemons ####
-
-# cron jobs
-/var/spool/at CONTENT
-/etc/at.allow$ CONTENT
-/etc/at.deny$ CONTENT
-/var/spool/anacron CONTENT
-/etc/anacrontab$ CONTENT_EX
-/etc/cron.allow$ CONTENT_EX
-/etc/cron.deny$ CONTENT_EX
-/etc/cron.d CONTENT_EX
-/etc/cron.daily CONTENT_EX
-/etc/cron.hourly CONTENT_EX
-/etc/cron.monthly CONTENT_EX
-/etc/cron.weekly CONTENT_EX
-/etc/crontab$ CONTENT_EX
-/var/spool/cron/root CONTENT
-
-# time keeping
-/etc/chrony.conf$ CONTENT_EX
-/etc/chrony.keys$ CONTENT_EX
-
-# mail
-/etc/aliases$ CONTENT_EX
-/etc/aliases.db$ CONTENT_EX
-/etc/postfix CONTENT_EX
-
-# ssh
-/etc/ssh/sshd_config$ CONTENT_EX
-/etc/ssh/ssh_config$ CONTENT_EX
-
-# stunnel
-/etc/stunnel CONTENT_EX
-
-# printing
-/etc/cups CONTENT_EX
-/etc/cupshelpers CONTENT_EX
-/etc/avahi CONTENT_EX
-
-# web server
-/etc/httpd CONTENT_EX
-
-# dns
-/etc/named CONTENT_EX
-/etc/named.conf$ CONTENT_EX
-/etc/named.iscdlv.key$ CONTENT_EX
-/etc/named.rfc1912.zones$ CONTENT_EX
-/etc/named.root.key$ CONTENT_EX
-
-# xinetd
-/etc/xinetd.conf$ CONTENT_EX
-/etc/xinetd.d CONTENT_EX
-
-# IPsec
-/etc/ipsec.conf$ CONTENT_EX
-/etc/ipsec.secrets$ CONTENT_EX
-/etc/ipsec.d CONTENT_EX
-
-# USB guard
-/etc/usbguard CONTENT_EX
-
-# Ignore some files
-!/etc/mtab$
-!/etc/.*~
+/etc/login.defs LSPP
+/etc/securetty LSPP
+/var/log/faillog LSPP
+/var/log/lastlog LSPP
-# Now everything else
-/etc PERMS
+/etc/hosts LSPP
+/etc/sysconfig LSPP
+
+/etc/inittab LSPP
+/etc/grub/ LSPP
+/etc/rc.d LSPP
+
+/etc/ld.so.conf LSPP
+
+/etc/localtime LSPP
+
+/etc/sysctl.conf LSPP
+
+/etc/modprobe.conf LSPP
+
+/etc/pam.d LSPP
+/etc/security LSPP
+/etc/aliases LSPP
+/etc/postfix LSPP
+
+/etc/ssh/sshd_config LSPP
+/etc/ssh/ssh_config LSPP
+
+/etc/stunnel LSPP
+
+/etc/vsftpd.ftpusers LSPP
+/etc/vsftpd LSPP
+
+/etc/issue LSPP
+/etc/issue.net LSPP
+/etc/cups LSPP
# With AIDE's default verbosity level of 5, these would give lots of
# warnings upon tree traversal. It might change with future version.
@@ -314,4 +221,3 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
# Admins dot files constantly change, just check perms
/root/\..* PERMS
-!/root/.xauth*
diff --git a/SOURCES/coverity.patch b/SOURCES/coverity.patch
index 9b981be..21535d6 100644
--- a/SOURCES/coverity.patch
+++ b/SOURCES/coverity.patch
@@ -241,7 +241,7 @@ diff -up ./src/commandconf.c.coverity ./src/commandconf.c
}
}
- *val++;
-+ val++;
++ (*val)++;
}
}
#endif
diff --git a/SPECS/aide.spec b/SPECS/aide.spec
index 9b1aba3..22efc0b 100644
--- a/SPECS/aide.spec
+++ b/SPECS/aide.spec
@@ -1,9 +1,11 @@
Summary: Intrusion detection environment
Name: aide
Version: 0.16
-Release: 14%{?dist}
+Release: 8%{?dist}
URL: http://sourceforge.net/projects/aide
License: GPLv2+
+
+
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
Source1: aide.conf
Source2: README.quickstart
@@ -22,8 +24,6 @@ BuildRequires: libattr-devel
BuildRequires: e2fsprogs-devel
Buildrequires: audit-libs-devel
-Requires: libgcrypt >= 1.8.5
-
# Customize the database file location in the man page.
Patch1: aide-0.16rc1-man.patch
# fix aide in FIPS mode
@@ -34,9 +34,6 @@ Patch4: aide-0.16-crypto-disable-haval-and-others.patch
Patch5: coverity.patch
Patch6: aide-0.16-crash-elf.patch
-# 1676487 - Null pointer dereference fix spotted by coverity
-Patch7: coverity2.patch
-
%description
AIDE (Advanced Intrusion Detection Environment) is a file integrity
checker and intrusion detection program.
@@ -81,36 +78,6 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
%changelog
-* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
-- strict require for libgcrypt
- resolves: rhbz#1852407
-
-* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
-- RHEL 8.3
-- minor edit of aide.conf to make it consistent
- resolves: rhbz#1740754
-
-* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
-- RHEL 8.3
-- minor edit of aide.conf
- resolves: rhbz#1740754
-- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
- resolves: rhbz#1806323
-
-* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
-- rebuild
-- minor edit of aide.conf
-
-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
-- respin
-- minor edit of aide.conf
-
-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
-- Null pointer dereference fix spotted by coverity
- resolves: rhbz#1676487
-- aide.conf needs updates for RHEL 8
- resolves: rhbz#1708015
-
* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
- fixed wrong line wrapping of messages in the syslog format
resolves: rhbz#1628153
@@ -144,7 +111,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
* Tue Apr 04 2017 Radovan Sroka <rsroka@redhat.com> - 0.16-1
- rebase to stable v0.16
- specfile cleanup
-- make doc readable
+- make doc readable
resolves: #1421355
- make aide binary runable for any user
resolves: #1421351
@@ -333,3 +300,4 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
* Sun Sep 07 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.1.20030902
- Initial package version.
+
--
GitLab