-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
app-forensics/aide: bump to 0.16.2 (20200614)
Package-Manager: Portage-2.3.99, Repoman-2.3.23 Signed-off-by: Yury Martynov <email@linxon.ru>
- Loading branch information
Showing
5 changed files
with
338 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
DIST aide-0.16.2_p20200614.tar.gz 144202 BLAKE2B a2533eaf0dd6caa82718eaa89878ddc101f64767788eeac3a250ceb584a2c5958ef8a5481b89eeb720e21af07da8f3576fb46d8ee9966fd2361354a35a7eaa6e SHA512 f5f83b8401465471043c60aeb6314f7bcab24c9f962f6ce550445bec8d866a5c8c00eba9e9f157f1223cde58631de139533c7de64fb3c861a5d8e7b5e367e106 | ||
DIST aide-0.16.tar.gz 391009 BLAKE2B 8769d8c6bdf72f307b75f3c1feaa2effdeaead00a0c65ab25bbb50dc6f7c7b53fda4d0a3a54dd5030de1444a34a81c294437d45193aeb8aec7ef0af83a173d47 SHA512 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
# Copyright 1999-2020 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=7 | ||
|
||
inherit autotools readme.gentoo-r1 | ||
|
||
DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker" | ||
HOMEPAGE="https://aide.github.io/ https://github.com/aide/aide" | ||
|
||
COMMIT="7949feff20501724a43929ee7894b005812ffb4f" # 20200614 | ||
SRC_URI="https://github.com/aide/aide/archive/${COMMIT}.tar.gz -> ${P}.tar.gz" | ||
|
||
LICENSE="GPL-2" | ||
SLOT="0" | ||
KEYWORDS="~amd64 ~x86" | ||
IUSE="acl audit curl e2fs mhash postgres prelink selinux static xattr zlib" | ||
|
||
REQUIRED_USE=" | ||
postgres? ( !mhash ) | ||
static? ( !audit !curl !postgres )" | ||
|
||
COMMON_DEPEND=" | ||
dev-libs/libpcre | ||
acl? ( virtual/acl ) | ||
audit? ( sys-process/audit ) | ||
curl? ( net-misc/curl ) | ||
e2fs? ( sys-fs/e2fsprogs ) | ||
!mhash? ( | ||
dev-libs/libgcrypt:0= | ||
dev-libs/libgpg-error | ||
) | ||
mhash? ( app-crypt/mhash ) | ||
postgres? ( dev-db/postgresql:= ) | ||
prelink? ( dev-libs/elfutils ) | ||
selinux? ( sys-libs/libselinux ) | ||
xattr? ( sys-apps/attr ) | ||
zlib? ( sys-libs/zlib )" | ||
|
||
RDEPEND=" | ||
!static? ( ${COMMON_DEPEND} ) | ||
selinux? ( sec-policy/selinux-aide )" | ||
|
||
DEPEND="${COMMON_DEPEND} | ||
static? ( | ||
dev-libs/libpcre[static-libs] | ||
acl? ( virtual/acl[static-libs] ) | ||
e2fs? ( sys-fs/e2fsprogs[static-libs] ) | ||
!mhash? ( | ||
dev-libs/libgcrypt:0[static-libs] | ||
dev-libs/libgpg-error[static-libs] | ||
) | ||
mhash? ( app-crypt/mhash[static-libs] ) | ||
prelink? ( dev-libs/elfutils[static-libs] ) | ||
selinux? ( sys-libs/libselinux[static-libs] ) | ||
xattr? ( sys-apps/attr[static-libs] ) | ||
zlib? ( sys-libs/zlib[static-libs] ) | ||
)" | ||
|
||
BDEPEND=" | ||
sys-devel/bison | ||
sys-devel/flex | ||
virtual/pkgconfig | ||
prelink? ( sys-devel/prelink )" | ||
|
||
HTML_DOCS=( doc/manual.html ) | ||
|
||
DISABLE_AUTOFORMATTING=1 | ||
DOC_CONTENTS=" | ||
Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'. | ||
Please edit it to meet your needs. Refer to aide.conf(5) manual page | ||
for more information. | ||
A helper script, aideinit, was installed and can be used to make AIDE | ||
management easier. Please run 'aideinit --help' for more information." | ||
|
||
PATCHES=( | ||
"${FILESDIR}/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch" | ||
"${FILESDIR}/aide-0.16-fix-acl-configure-option.patch" | ||
|
||
# Remove not available gcrypt algorithm 7 DB_HAVAL | ||
# See: https://sourceforge.net/p/aide/bugs/105/ | ||
"${FILESDIR}/${P}_define_hash_use_gcrypt.patch" | ||
) | ||
|
||
S="${WORKDIR}/${PN}-${COMMIT}" | ||
|
||
pkg_setup() { | ||
if use postgres; then | ||
ewarn "\nWARNING!" | ||
ewarn "You need to choose one of the postgres versions before building" | ||
ewarn "\nPlease select a target postgres version/slot using:\n" | ||
ewarn " ~# eselect postgresql list" | ||
ewarn " ~# eselect postgresql set <version>\n" | ||
fi | ||
} | ||
|
||
src_prepare() { | ||
default | ||
sed -i -e 's| -Werror||g' configure.ac || die | ||
echo "m4_define([AIDE_VERSION], [${PV}])" > version.m4 || die | ||
eautoreconf | ||
} | ||
|
||
src_configure() { | ||
local myeconfargs=( | ||
--sysconfdir="${EPREFIX}/etc/${PN}" | ||
--with-confighmactype="sha512" # Override default weak MD5 hash. | ||
--with-dbhmackey="sha512" # Override default weak MD5 hash. | ||
# Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/ | ||
# This doesn't affect anything because there are no localizations yet. | ||
--without-locale | ||
$(use_enable static) | ||
$(use_with zlib) | ||
$(use_with curl) | ||
$(use_with acl posix-acl) | ||
$(use_with selinux) | ||
$(use_with prelink prelink "${EPREFIX}/usr/sbin/prelink") | ||
$(use_with xattr) | ||
$(use_with e2fs e2fsattrs) | ||
$(use_with mhash mhash) | ||
$(use_with !mhash gcrypt) | ||
$(use_with postgres psql) | ||
$(use_with audit) | ||
) | ||
|
||
econf "${myeconfargs[@]}" | ||
} | ||
|
||
src_install() { | ||
default | ||
readme.gentoo_create_doc | ||
|
||
insinto /etc/${PN} | ||
insopts -m0600 | ||
newins "${FILESDIR}"/aide.conf-r1 aide.conf | ||
|
||
dosbin "${FILESDIR}"/aideinit | ||
dodoc -r contrib/ "${FILESDIR}"/aide.cron | ||
|
||
keepdir /var/{lib,log}/${PN} | ||
} | ||
|
||
pkg_postinst() { | ||
readme.gentoo_print_elog | ||
|
||
if use postgres; then | ||
elog "\nDue to a bad assumption by aide, you must issue the following" | ||
elog "command after the database initialization (aide --init ...):" | ||
elog '\n ~# psql -c "update pg_index set indisunique=false from pg_class \\ ' | ||
elog " where pg_class.relname='TABLE_pkey' and \ " | ||
elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' | ||
elog "\nwhere TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" | ||
elog "in your aide.conf.\n" | ||
fi | ||
} |
37 changes: 37 additions & 0 deletions
37
app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
diff -Nur aide-0.16/include/md.h aide-0.16.new/include/md.h | ||
--- aide-0.16/include/md.h 2016-07-25 22:56:55.000000000 +0200 | ||
+++ aide-0.16.new/include/md.h 2018-11-21 14:07:01.347479021 +0100 | ||
@@ -48,7 +48,7 @@ | ||
#define HASH_GCRYPT_COUNT GCRY_MD_CRC32 | ||
#ifndef WITH_MHASH | ||
#define HASH_USE_GCRYPT (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\ | ||
- DB_HAVAL|DB_CRC32|DB_SHA256|DB_SHA512) | ||
+ DB_CRC32B|DB_SHA256|DB_SHA512) | ||
#endif | ||
#endif | ||
|
||
diff -Nur aide-0.16/src/md.c aide-0.16.new/src/md.c | ||
--- aide-0.16/src/md.c 2016-07-25 22:56:55.000000000 +0200 | ||
+++ aide-0.16.new/src/md.c 2018-11-21 14:06:05.602295496 +0100 | ||
@@ -55,10 +55,12 @@ | ||
r=DB_TIGER; | ||
break; | ||
} | ||
+/* until libgcrypt-1.8.4 not implemented yet, see doc/gcrypt.info-1 | ||
case GCRY_MD_HAVAL: { | ||
r=DB_HAVAL; | ||
break; | ||
} | ||
+*/ | ||
case GCRY_MD_SHA256: { | ||
r=DB_SHA256; | ||
break; | ||
@@ -219,7 +221,7 @@ | ||
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ | ||
md->calc_attr|=h; | ||
} else { | ||
- error(0,"gcry_md_enable %i failed",i); | ||
+ error(0,"gcry_md_enable %i failed, see /usr/include/gcrypt.h enum gcry_md_algos",i); | ||
md->todo_attr&=~h; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
# Example configuration file for AIDE | ||
# See more: man 5 aide.conf | ||
|
||
database=file:/var/lib/aide/aide.db | ||
database_out=file:/var/lib/aide/aide.db.new | ||
|
||
# Change this to "no" or remove it to not gzip output | ||
# (only useful on systems with few CPU cycles to spare) | ||
gzip_dbout=yes | ||
|
||
# Default: 5 | ||
#verbose=5 | ||
|
||
report_url=file:/var/log/aide/aide.log | ||
report_url=stdout | ||
#report_url=stderr | ||
|
||
# Here are all the things we can check - these are the default rules | ||
# | ||
# p: permissions | ||
# ftype: file type | ||
# i: inode | ||
# l: link name | ||
# n: number of links | ||
# u: user | ||
# g: group | ||
# s: size | ||
# b: block count | ||
# m: mtime (modification time) | ||
# a: atime (access time) | ||
# c: ctime (change time) | ||
# S: check for growing size | ||
# I: ignore changed filename | ||
# ANF: allow new files | ||
# ARF: allow removed files | ||
# md5: md5 checksum | ||
# sha1: sha1 checksum | ||
# sha256: sha256 checksum | ||
# sha512: sha512 checksum | ||
# rmd160: rmd160 checksum | ||
# tiger: tiger checksum | ||
# crc32: crc32 checksum | ||
# R: p+ftype+i+l+n+u+g+s+m+c+md5+X | ||
# L: p+ftype+i+l+n+u+g+X | ||
# E: Empty group | ||
# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled) | ||
# >: Growing file p+ftype+l+u+g+i+n+S+X | ||
|
||
# Defines formerly set here have been moved to /etc/default/aide. | ||
|
||
# Custom rules | ||
Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 | ||
ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 | ||
Logs = p+i+n+u+g+S | ||
Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160 | ||
Databases = p+n+u+g | ||
StaticDir = p+i+n+u+g | ||
ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 | ||
|
||
# Next decide what directories/files you want in the database | ||
|
||
# Kernel, system map, etc. | ||
=/boot$ Binlib | ||
# Configs | ||
/etc ConfFiles | ||
!/etc/mtab | ||
# Binaries | ||
/bin Binlib | ||
/sbin Binlib | ||
/usr/bin Binlib | ||
/usr/sbin Binlib | ||
/usr/libexec Binlib | ||
/usr/local/bin Binlib | ||
/usr/local/sbin Binlib | ||
#/usr/games Binlib | ||
# Libraries | ||
/lib(64)? Binlib | ||
/usr/lib(64)? Binlib | ||
/usr/local/lib(64)? Binlib | ||
# Log files | ||
=/var/log$ StaticDir | ||
#!/var/log/ksymoops | ||
/var/log/aide/aide.log(.[0-9])?(.gz)? Databases | ||
/var/log/aide/error.log(.[0-9])?(.gz)? Databases | ||
#/var/log/setuid.changes(.[0-9])?(.gz)? Databases | ||
!/var/log/aide | ||
/var/log Logs | ||
# Devices | ||
!/dev/pts | ||
# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, | ||
# you may uncomment this to get rid of them. They're harmless but sometimes | ||
# annoying. | ||
#!/dev/cpu/mtrr | ||
#!/dev/xconsole | ||
/dev Devices | ||
# Other miscellaneous files | ||
/var/run$ StaticDir | ||
!/var/run | ||
# Test only the directory when dealing with /proc | ||
/proc$ StaticDir | ||
!/proc | ||
|
||
# You can look through these examples to get further ideas | ||
|
||
# MD5 sum files - especially useful with debsums -g | ||
#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 | ||
|
||
# Check crontabs | ||
#/var/spool/anacron/cron.daily Databases | ||
#/var/spool/anacron/cron.monthly Databases | ||
#/var/spool/anacron/cron.weekly Databases | ||
#/var/spool/cron Databases | ||
#/var/spool/cron/crontabs Databases | ||
|
||
# manpages can be trojaned, especially depending on *roff implementation | ||
#/usr/man ManPages | ||
#/usr/share/man ManPages | ||
#/usr/local/man ManPages | ||
|
||
# docs | ||
#/usr/doc ManPages | ||
#/usr/share/doc ManPages | ||
|
||
# check users' home directories | ||
#/home Binlib | ||
|
||
# check sources for modifications | ||
#/usr/src L | ||
#/usr/local/src L | ||
|
||
# Check headers for same | ||
#/usr/include L | ||
#/usr/local/include L |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,22 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> | ||
<pkgmetadata> | ||
<!-- maintainer-needed --> | ||
<maintainer type="person"> | ||
<email>email@linxon.ru</email> | ||
<name>Yury Martynov</name> | ||
</maintainer> | ||
<maintainer type="project"> | ||
<email>proxy-maint@gentoo.org</email> | ||
<name>Proxy Maintainers</name> | ||
</maintainer> | ||
<use> | ||
<flag name="e2fs">Enable support for checking file attributes on ext2/ext3/ext4 filesystems</flag> | ||
<flag name="curl">Use curl for http,https and ftp backends</flag> | ||
<flag name="postgres">Use postgresql library for storing databases</flag> | ||
<flag name="prelink">Bypass prelinking when calculating checksums</flag> | ||
</use> | ||
<upstream> | ||
<remote-id type="github">aide/aide</remote-id> | ||
<remote-id type="sourceforge">aide</remote-id> | ||
</upstream> | ||
</pkgmetadata> |