From bb3631a2ce08b85cd1ca25d2d9b8ae803cdebb66 Mon Sep 17 00:00:00 2001 From: Yury Martynov Date: Wed, 24 Jun 2020 18:43:23 +0300 Subject: app-forensics/aide: bump to 0.16.2 (20200614) Package-Manager: Portage-2.3.99, Repoman-2.3.23 Signed-off-by: Yury Martynov Closes: https://github.com/gentoo/gentoo/pull/16398 Signed-off-by: Joonas Niilola --- app-forensics/aide/Manifest | 1 + app-forensics/aide/aide-0.16.2_p20200614.ebuild | 156 +++++++++++++++++++++ ...e-0.16.2_p20200614_define_hash_use_gcrypt.patch | 37 +++++ app-forensics/aide/files/aide.conf-r1 | 133 ++++++++++++++++++ app-forensics/aide/metadata.xml | 12 +- 5 files changed, 338 insertions(+), 1 deletion(-) create mode 100644 app-forensics/aide/aide-0.16.2_p20200614.ebuild create mode 100644 app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch create mode 100644 app-forensics/aide/files/aide.conf-r1 (limited to 'app-forensics') diff --git a/app-forensics/aide/Manifest b/app-forensics/aide/Manifest index 1d08718bf487..adae5e37bdc6 100644 --- a/app-forensics/aide/Manifest +++ b/app-forensics/aide/Manifest @@ -1 +1,2 @@ +DIST aide-0.16.2_p20200614.tar.gz 144202 BLAKE2B a2533eaf0dd6caa82718eaa89878ddc101f64767788eeac3a250ceb584a2c5958ef8a5481b89eeb720e21af07da8f3576fb46d8ee9966fd2361354a35a7eaa6e SHA512 f5f83b8401465471043c60aeb6314f7bcab24c9f962f6ce550445bec8d866a5c8c00eba9e9f157f1223cde58631de139533c7de64fb3c861a5d8e7b5e367e106 DIST aide-0.16.tar.gz 391009 BLAKE2B 8769d8c6bdf72f307b75f3c1feaa2effdeaead00a0c65ab25bbb50dc6f7c7b53fda4d0a3a54dd5030de1444a34a81c294437d45193aeb8aec7ef0af83a173d47 SHA512 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7 diff --git a/app-forensics/aide/aide-0.16.2_p20200614.ebuild b/app-forensics/aide/aide-0.16.2_p20200614.ebuild new file mode 100644 index 000000000000..794fd0db7d74 --- /dev/null +++ b/app-forensics/aide/aide-0.16.2_p20200614.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools readme.gentoo-r1 + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker" +HOMEPAGE="https://aide.github.io/ https://github.com/aide/aide" + +COMMIT="7949feff20501724a43929ee7894b005812ffb4f" # 20200614 +SRC_URI="https://github.com/aide/aide/archive/${COMMIT}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl audit curl e2fs mhash postgres prelink selinux static xattr zlib" + +REQUIRED_USE=" + postgres? ( !mhash ) + static? ( !audit !curl !postgres )" + +COMMON_DEPEND=" + dev-libs/libpcre + acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + e2fs? ( sys-fs/e2fsprogs ) + !mhash? ( + dev-libs/libgcrypt:0= + dev-libs/libgpg-error + ) + mhash? ( app-crypt/mhash ) + postgres? ( dev-db/postgresql:= ) + prelink? ( dev-libs/elfutils ) + selinux? ( sys-libs/libselinux ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" + +RDEPEND=" + !static? ( ${COMMON_DEPEND} ) + selinux? ( sec-policy/selinux-aide )" + +DEPEND="${COMMON_DEPEND} + static? ( + dev-libs/libpcre[static-libs] + acl? ( >=virtual/acl-0-r1[static-libs] ) + e2fs? ( sys-fs/e2fsprogs[static-libs] ) + !mhash? ( + dev-libs/libgcrypt:0[static-libs] + dev-libs/libgpg-error[static-libs] + ) + mhash? ( app-crypt/mhash[static-libs] ) + prelink? ( dev-libs/elfutils[static-libs] ) + selinux? ( sys-libs/libselinux[static-libs] ) + xattr? ( sys-apps/attr[static-libs] ) + zlib? ( sys-libs/zlib[static-libs] ) + )" + +BDEPEND=" + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + prelink? ( sys-devel/prelink )" + +HTML_DOCS=( doc/manual.html ) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'. +Please edit it to meet your needs. Refer to aide.conf(5) manual page +for more information. + +A helper script, aideinit, was installed and can be used to make AIDE +management easier. Please run 'aideinit --help' for more information." + +PATCHES=( + "${FILESDIR}/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch" + "${FILESDIR}/aide-0.16-fix-acl-configure-option.patch" + + # Remove not available gcrypt algorithm 7 DB_HAVAL + # See: https://sourceforge.net/p/aide/bugs/105/ + "${FILESDIR}/${P}_define_hash_use_gcrypt.patch" +) + +S="${WORKDIR}/${PN}-${COMMIT}" + +pkg_setup() { + if use postgres; then + ewarn "\nWARNING!" + ewarn "You need to choose one of the postgres versions before building" + ewarn "\nPlease select a target postgres version/slot using:\n" + ewarn " ~# eselect postgresql list" + ewarn " ~# eselect postgresql set \n" + fi +} + +src_prepare() { + default + sed -i -e 's| -Werror||g' configure.ac || die + echo "m4_define([AIDE_VERSION], [${PV}])" > version.m4 || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + --sysconfdir="${EPREFIX}/etc/${PN}" + --with-confighmactype="sha512" # Override default weak MD5 hash. + --with-dbhmackey="sha512" # Override default weak MD5 hash. + # Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/ + # This doesn't affect anything because there are no localizations yet. + --without-locale + $(use_enable static) + $(use_with zlib) + $(use_with curl) + $(use_with acl posix-acl) + $(use_with selinux) + $(use_with prelink prelink "${EPREFIX}/usr/sbin/prelink") + $(use_with xattr) + $(use_with e2fs e2fsattrs) + $(use_with mhash mhash) + $(use_with !mhash gcrypt) + $(use_with postgres psql) + $(use_with audit) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + insinto /etc/${PN} + insopts -m0600 + newins "${FILESDIR}"/aide.conf-r1 aide.conf + + dosbin "${FILESDIR}"/aideinit + dodoc -r contrib/ "${FILESDIR}"/aide.cron + + keepdir /var/{lib,log}/${PN} +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use postgres; then + elog "\nDue to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog '\n ~# psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog "\nwhere TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "in your aide.conf.\n" + fi +} diff --git a/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch b/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch new file mode 100644 index 000000000000..e643a0017de8 --- /dev/null +++ b/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch @@ -0,0 +1,37 @@ +diff -Nur aide-0.16/include/md.h aide-0.16.new/include/md.h +--- aide-0.16/include/md.h 2016-07-25 22:56:55.000000000 +0200 ++++ aide-0.16.new/include/md.h 2018-11-21 14:07:01.347479021 +0100 +@@ -48,7 +48,7 @@ + #define HASH_GCRYPT_COUNT GCRY_MD_CRC32 + #ifndef WITH_MHASH + #define HASH_USE_GCRYPT (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\ +- DB_HAVAL|DB_CRC32|DB_SHA256|DB_SHA512) ++ DB_CRC32B|DB_SHA256|DB_SHA512) + #endif + #endif + +diff -Nur aide-0.16/src/md.c aide-0.16.new/src/md.c +--- aide-0.16/src/md.c 2016-07-25 22:56:55.000000000 +0200 ++++ aide-0.16.new/src/md.c 2018-11-21 14:06:05.602295496 +0100 +@@ -55,10 +55,12 @@ + r=DB_TIGER; + break; + } ++/* until libgcrypt-1.8.4 not implemented yet, see doc/gcrypt.info-1 + case GCRY_MD_HAVAL: { + r=DB_HAVAL; + break; + } ++*/ + case GCRY_MD_SHA256: { + r=DB_SHA256; + break; +@@ -219,7 +221,7 @@ + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ + md->calc_attr|=h; + } else { +- error(0,"gcry_md_enable %i failed",i); ++ error(0,"gcry_md_enable %i failed, see /usr/include/gcrypt.h enum gcry_md_algos",i); + md->todo_attr&=~h; + } + } diff --git a/app-forensics/aide/files/aide.conf-r1 b/app-forensics/aide/files/aide.conf-r1 new file mode 100644 index 000000000000..87df5e168c80 --- /dev/null +++ b/app-forensics/aide/files/aide.conf-r1 @@ -0,0 +1,133 @@ +# Example configuration file for AIDE +# See more: man 5 aide.conf + +database=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Default: 5 +#verbose=5 + +report_url=file:/var/log/aide/aide.log +report_url=stdout +#report_url=stderr + +# Here are all the things we can check - these are the default rules +# +# p: permissions +# ftype: file type +# i: inode +# l: link name +# n: number of links +# u: user +# g: group +# s: size +# b: block count +# m: mtime (modification time) +# a: atime (access time) +# c: ctime (change time) +# S: check for growing size +# I: ignore changed filename +# ANF: allow new files +# ARF: allow removed files +# md5: md5 checksum +# sha1: sha1 checksum +# sha256: sha256 checksum +# sha512: sha512 checksum +# rmd160: rmd160 checksum +# tiger: tiger checksum +# crc32: crc32 checksum +# R: p+ftype+i+l+n+u+g+s+m+c+md5+X +# L: p+ftype+i+l+n+u+g+X +# E: Empty group +# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled) +# >: Growing file p+ftype+l+u+g+i+n+S+X + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Configs +/etc ConfFiles +!/etc/mtab +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/libexec Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib(64)? Binlib +/usr/lib(64)? Binlib +/usr/local/lib(64)? Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L diff --git a/app-forensics/aide/metadata.xml b/app-forensics/aide/metadata.xml index f661f6e69f05..c7da79793a7f 100644 --- a/app-forensics/aide/metadata.xml +++ b/app-forensics/aide/metadata.xml @@ -1,12 +1,22 @@ - + + email@linxon.ru + Yury Martynov + + + proxy-maint@gentoo.org + Proxy Maintainers + Enable support for checking file attributes on ext2/ext3/ext4 filesystems + Use curl for http,https and ftp backends + Use postgresql library for storing databases Bypass prelinking when calculating checksums + aide/aide aide -- cgit v1.2.3-65-gdbad