diff --git a/Add-missing-include-in-src-db.c.patch b/Add-missing-include-in-src-db.c.patch new file mode 100644 index 0000000..79775fc --- /dev/null +++ b/Add-missing-include-in-src-db.c.patch @@ -0,0 +1,28 @@ +From c6e47606cb485457afd06d74c7f372011184fa73 Mon Sep 17 00:00:00 2001 +From: Ilya Tumaykin +Date: Tue, 23 May 2017 17:24:29 +0300 +Subject: [PATCH 05/20] Add missing include in src/db.c + +url_fclose() function used in this file is defined in fopen.h. +--- + src/db.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/db.c b/src/db.c +index dd133d4..858240d 100644 +--- a/src/db.c ++++ b/src/db.c +@@ -28,6 +28,10 @@ + #include "db_disk.h" + #include "md.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif +-- +2.19.1 + diff --git a/Fix-root_prefix-option.patch b/Fix-root_prefix-option.patch new file mode 100644 index 0000000..d1115ed --- /dev/null +++ b/Fix-root_prefix-option.patch @@ -0,0 +1,46 @@ +From 11a2c9828cc5d182a0a3090af4ee7687eb997f57 Mon Sep 17 00:00:00 2001 +From: Hannes von Haugwitz +Date: Sat, 18 Nov 2017 09:00:27 +0100 +Subject: [PATCH 02/20] Fix root_prefix option + +--- + ChangeLog | 3 +++ + src/db_disk.c | 4 ++-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 14a3c72..43f84a1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,6 @@ ++2017-11-18 Hannes von Haugwitz ++ * Fix root_prefix option ++ + 2017-10-29 Hannes von Haugwitz + * Fix short form of --limit parameter + +diff --git a/src/db_disk.c b/src/db_disk.c +index 47e3e3e..36748e7 100644 +--- a/src/db_disk.c ++++ b/src/db_disk.c +@@ -203,7 +203,7 @@ db_line *db_readline_disk () + fullname=malloc((conf->root_prefix_length+2)*sizeof(char)); + strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1); + strncat (fullname, "/", 1); +- if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) { ++ if (!get_file_status(fullname, &fs)) { + add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode); + error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add, + conf->tree, attr); +@@ -249,7 +249,7 @@ recursion: + If not call, db_readline_disk again... + */ + +- if (get_file_status(&fullname[conf->root_prefix_length], &fs)) { ++ if (get_file_status(fullname, &fs)) { + free (fullname); + goto recursion; + } +-- +2.19.1 + diff --git a/Fix-short-form-of-limit-parameter.patch b/Fix-short-form-of-limit-parameter.patch new file mode 100644 index 0000000..6deed36 --- /dev/null +++ b/Fix-short-form-of-limit-parameter.patch @@ -0,0 +1,37 @@ +From 4863aa95d571c95107841aebf97d3d32aa8b3577 Mon Sep 17 00:00:00 2001 +From: Hannes von Haugwitz +Date: Sun, 29 Oct 2017 22:16:39 +0100 +Subject: [PATCH 01/20] Fix short form of --limit parameter + +--- + ChangeLog | 3 +++ + src/aide.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 263c438..14a3c72 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,6 @@ ++2017-10-29 Hannes von Haugwitz ++ * Fix short form of --limit parameter ++ + 2016-07-25 Hannes von Haugwitz + * Release version 0.16 + +diff --git a/src/aide.c b/src/aide.c +index f85c1b4..2971178 100644 +--- a/src/aide.c ++++ b/src/aide.c +@@ -117,7 +117,7 @@ static int read_param(int argc,char**argv) + }; + + while(1){ +- option = getopt_long(argc, argv, "hV::vc:B:A:r:iCuDE", options, &i); ++ option = getopt_long(argc, argv, "hV::vc:l:B:A:r:iCuDE", options, &i); + if(option==-1) + break; + switch(option) +-- +2.19.1 + diff --git a/README.quickstart b/README.quickstart new file mode 100644 index 0000000..87adc63 --- /dev/null +++ b/README.quickstart @@ -0,0 +1,40 @@ +1) Customize /etc/aide.conf to your liking. In particular, add + important directories and files which you would like to be + covered by integrity checks. Avoid files which are expected + to change frequently or which don't affect the safety of your + system. + +2) Run "/usr/sbin/aide --init" to build the initial database. + With the default setup, that creates /var/lib/aide/aide.db.new.gz + +3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz + in a secure location, e.g. on separate read-only media (such as + CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures + of those files in a secure location, so you have means to verify + that nobody modified those files. + +4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz + which is the location of the input database. + +5) Run "/usr/sbin/aide --check" to check your system for inconsistencies + compared with the AIDE database. Prior to running a check manually, + ensure that the AIDE binary and database have not been modified + without your knowledge. + + Caution! + + With the default setup, an AIDE check is not run periodically as a + cron job. It cannot be guaranteed that the AIDE binaries, config + file and database are intact. It is not recommended that you run + automated AIDE checks without verifying AIDE yourself frequently. + In addition to that, AIDE does not implement any password or + encryption protection for its own files. + + It is up to you how to put a file integrity checker to good effect + and how to set up automated checks if you think it adds a level of + safety (e.g. detecting failed/incomplete compromises or unauthorized + modification of special files). On a compromised system, the + intruder could disable the automated check. Or he could replace the + AIDE binary, config file and database easily when they are not + located on read-only media. + diff --git a/Skip-reading-section-data-if-the-section-doesn-t-con.patch b/Skip-reading-section-data-if-the-section-doesn-t-con.patch new file mode 100644 index 0000000..0d11779 --- /dev/null +++ b/Skip-reading-section-data-if-the-section-doesn-t-con.patch @@ -0,0 +1,27 @@ +From dd98dbd23770b8f8b95dc5a08ad5d5546831076a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Jirkovsk=C3=BD?= +Date: Fri, 8 Mar 2019 20:44:51 +0100 +Subject: [PATCH 19/20] Skip reading section data if the section doesn't + contain any table. + +Fixes floating point exception on go files. +--- + src/do_md.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/do_md.c b/src/do_md.c +index 86fde8d..35c0751 100644 +--- a/src/do_md.c ++++ b/src/do_md.c +@@ -99,7 +99,7 @@ int is_prelinked(int fd) { + while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) { + (void) gelf_getshdr(scn, &shdr); + +- if (shdr.sh_type != SHT_DYNAMIC) ++ if (shdr.sh_type != SHT_DYNAMIC || shdr.sh_entsize == 0) + continue; + + while (!bingo && (data = elf_getdata (scn, data)) != NULL) { +-- +2.19.1 + diff --git a/aide-0.16.tar.gz b/aide-0.16.tar.gz new file mode 100644 index 0000000..4ab3793 Binary files /dev/null and b/aide-0.16.tar.gz differ diff --git a/aide-0.16b1-fipsfix.patch b/aide-0.16b1-fipsfix.patch new file mode 100644 index 0000000..434d74e --- /dev/null +++ b/aide-0.16b1-fipsfix.patch @@ -0,0 +1,103 @@ +diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c +--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200 ++++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200 +@@ -511,9 +511,28 @@ int main(int argc,char**argv) + #endif + umask(0177); + init_sighandler(); +- + setdefaults_before_config(); + ++#if WITH_GCRYPT ++ error(255,"Gcrypt library initialization\n"); ++ /* ++ * Initialize libgcrypt as per ++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ * ++ * ++ */ ++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); ++ gcry_control(GCRYCTL_INIT_SECMEM, 1); ++ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ++#endif /* WITH_GCRYPT */ ++ ++ + if(read_param(argc,argv)==RETFAIL){ + error(0, _("Invalid argument\n") ); + exit(INVALID_ARGUMENT_ERROR); +@@ -646,6 +665,9 @@ int main(int argc,char**argv) + } + #endif + } ++#ifdef WITH_GCRYPT ++ gcry_control(GCRYCTL_TERM_SECMEM, 0); ++#endif /* WITH_GCRYPT */ + return RETOK; + } + const char* aide_key_3=CONFHMACKEY_03; +diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c +--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200 ++++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200 +@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- error(255,"Gcrypt library initialization\n"); +- if(!gcry_check_version(GCRYPT_VERSION)) { +- error(0,"libgcrypt version mismatch\n"); +- exit(VERSION_MISMATCH_ERROR); +- } +- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); +- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } +@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { + + /*. There might be more hashes in the library. Add those here.. */ + +- gcry_md_reset(md->mdh); ++ gcry_md_close(md->mdh); + #endif + + #ifdef WITH_MHASH +diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c +--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200 ++++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200 +@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s) + return(AIDE_SYSLOG_FACILITY); + } + +-/* We need these dummy stubs to fool the linker into believing that +- we do not need them at link time */ +- +-void* dlopen(char*filename,int flag) +-{ +- return NULL; +-} +- +-void* dlsym(void*handle,char*symbol) +-{ +- return NULL; +-} +- +-void* dlclose(void*handle) +-{ +- return NULL; +-} +- +-const char* dlerror(void) +-{ +- return NULL; +-} +- + const char* aide_key_2=CONFHMACKEY_02; + const char* db_key_2=DBHMACKEY_02; diff --git a/aide-0.16rc1-man.patch b/aide-0.16rc1-man.patch new file mode 100644 index 0000000..4715552 --- /dev/null +++ b/aide-0.16rc1-man.patch @@ -0,0 +1,15 @@ +diff -up ./doc/aide.1.in.orig ./doc/aide.1.in +--- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200 ++++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200 +@@ -103,9 +103,9 @@ echo | base64 \-d | h + .SH FILES + .IP \fB@sysconfdir@/aide.conf\fR + Default aide configuration file. +-.IP \fB@sysconfdir@/aide.db\fR ++.IP \fB@localstatedir@/lib/aide/aide.db\fR + Default aide database. +-.IP \fB@sysconfdir@/aide.db.new\fR ++.IP \fB@localstatedir@/lib/aide/aide.db.new\fR + Default aide output database. + .SH SEE ALSO + .BR aide.conf (5) diff --git a/aide-define_hash_use_gcrypt.patch b/aide-define_hash_use_gcrypt.patch new file mode 100644 index 0000000..e643a00 --- /dev/null +++ b/aide-define_hash_use_gcrypt.patch @@ -0,0 +1,37 @@ +diff -Nur aide-0.16/include/md.h aide-0.16.new/include/md.h +--- aide-0.16/include/md.h 2016-07-25 22:56:55.000000000 +0200 ++++ aide-0.16.new/include/md.h 2018-11-21 14:07:01.347479021 +0100 +@@ -48,7 +48,7 @@ + #define HASH_GCRYPT_COUNT GCRY_MD_CRC32 + #ifndef WITH_MHASH + #define HASH_USE_GCRYPT (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\ +- DB_HAVAL|DB_CRC32|DB_SHA256|DB_SHA512) ++ DB_CRC32B|DB_SHA256|DB_SHA512) + #endif + #endif + +diff -Nur aide-0.16/src/md.c aide-0.16.new/src/md.c +--- aide-0.16/src/md.c 2016-07-25 22:56:55.000000000 +0200 ++++ aide-0.16.new/src/md.c 2018-11-21 14:06:05.602295496 +0100 +@@ -55,10 +55,12 @@ + r=DB_TIGER; + break; + } ++/* until libgcrypt-1.8.4 not implemented yet, see doc/gcrypt.info-1 + case GCRY_MD_HAVAL: { + r=DB_HAVAL; + break; + } ++*/ + case GCRY_MD_SHA256: { + r=DB_SHA256; + break; +@@ -219,7 +221,7 @@ + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ + md->calc_attr|=h; + } else { +- error(0,"gcry_md_enable %i failed",i); ++ error(0,"gcry_md_enable %i failed, see /usr/include/gcrypt.h enum gcry_md_algos",i); + md->todo_attr&=~h; + } + } diff --git a/aide.conf b/aide.conf new file mode 100644 index 0000000..cd95c01 --- /dev/null +++ b/aide.conf @@ -0,0 +1,223 @@ +# Example configuration file for AIDE. + +@@define DBDIR /var/lib/aide +@@define LOGDIR /var/log/aide + +# The location of the database to be read. +database=file:@@{DBDIR}/aide.db.gz + +# The location of the database to be written. +#database_out=sql:host:port:database:login_name:passwd:table +#database_out=file:aide.db.new +database_out=file:@@{DBDIR}/aide.db.new.gz + +# Whether to gzip the output to database +gzip_dbout=yes + +# Default. +verbose=5 + +report_url=file:@@{LOGDIR}/aide.log +report_url=stdout +#report_url=stderr +#NOT IMPLEMENTED report_url=mailto:root@foo.com +#NOT IMPLEMENTED report_url=syslog:LOG_AUTH + +# These are the default rules. +# +#p: permissions +#i: inode: +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#acl: Access Control Lists +#selinux SELinux security context +#xattrs: Extended file attributes +#md5: md5 checksum +#sha1: sha1 checksum +#sha256: sha256 checksum +#sha512: sha512 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum + +#haval: haval checksum (MHASH only) +#gost: gost checksum (MHASH only) +#crc32: crc32 checksum (MHASH only) +#whirlpool: whirlpool checksum (MHASH only) + +FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 + +#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 +#L: p+i+n+u+g+acl+selinux+xattrs +#E: Empty group +#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs + +# You can create custom rules like this. +# With MHASH... +# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 +ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger +# Everything but access time (Ie. all changes) +EVERYTHING = R+ALLXTRAHASHES + +# Sane, with multiple hashes +# NORMAL = R+rmd160+sha256+whirlpool +NORMAL = FIPSR+sha512 + +# For directories, don't bother doing hashes +DIR = p+i+n+u+g+acl+selinux+xattrs + +# Access control only +PERMS = p+i+u+g+acl+selinux + +# Logfile are special, in that they often change +LOG = > + +# Just do sha256 and sha512 hashes +LSPP = FIPSR+sha512 + +# Some files get updated automatically, so the inode/ctime/mtime change +# but we want to know when the data inside them changes +DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 + +# Next decide what directories/files you want in the database. + +/boot NORMAL +/bin NORMAL +/sbin NORMAL +/lib NORMAL +/lib64 NORMAL +/opt NORMAL +/usr NORMAL +/root NORMAL +# These are too volatile +!/usr/src +!/usr/tmp + +# Check only permissions, inode, user and group for /etc, but +# cover some important files closely. +/etc PERMS +!/etc/mtab +# Ignore backup files +!/etc/.*~ +/etc/exports NORMAL +/etc/fstab NORMAL +/etc/passwd NORMAL +/etc/group NORMAL +/etc/gshadow NORMAL +/etc/shadow NORMAL +/etc/security/opasswd NORMAL + +/etc/hosts.allow NORMAL +/etc/hosts.deny NORMAL + +/etc/sudoers NORMAL +/etc/skel NORMAL + +/etc/logrotate.d NORMAL + +/etc/resolv.conf DATAONLY + +/etc/nscd.conf NORMAL +/etc/securetty NORMAL + +# Shell/X starting files +/etc/profile NORMAL +/etc/bashrc NORMAL +/etc/bash_completion.d/ NORMAL +/etc/login.defs NORMAL +/etc/zprofile NORMAL +/etc/zshrc NORMAL +/etc/zlogin NORMAL +/etc/zlogout NORMAL +/etc/profile.d/ NORMAL +/etc/X11/ NORMAL + +# Pkg manager +/etc/yum.conf NORMAL +/etc/yumex.conf NORMAL +/etc/yumex.profiles.conf NORMAL +/etc/yum/ NORMAL +/etc/yum.repos.d/ NORMAL + +/var/log LOG +/var/run/utmp LOG + +# This gets new/removes-old filenames daily +!/var/log/sa +# As we are checking it, we've truncated yesterdays size to zero. +!/var/log/aide.log + +# LSPP rules... +# AIDE produces an audit record, so this becomes perpetual motion. +# /var/log/audit/ LSPP +/etc/audit/ LSPP +/etc/libaudit.conf LSPP +/usr/sbin/stunnel LSPP +/var/spool/at LSPP +/etc/at.allow LSPP +/etc/at.deny LSPP +/etc/cron.allow LSPP +/etc/cron.deny LSPP +/etc/cron.d/ LSPP +/etc/cron.daily/ LSPP +/etc/cron.hourly/ LSPP +/etc/cron.monthly/ LSPP +/etc/cron.weekly/ LSPP +/etc/crontab LSPP +/var/spool/cron/root LSPP + +/etc/login.defs LSPP +/etc/securetty LSPP +/var/log/faillog LSPP +/var/log/lastlog LSPP + +/etc/hosts LSPP +/etc/sysconfig LSPP + +/etc/inittab LSPP +/etc/grub/ LSPP +/etc/rc.d LSPP + +/etc/ld.so.conf LSPP + +/etc/localtime LSPP + +/etc/sysctl.conf LSPP + +/etc/modprobe.conf LSPP + +/etc/pam.d LSPP +/etc/security LSPP +/etc/aliases LSPP +/etc/postfix LSPP + +/etc/ssh/sshd_config LSPP +/etc/ssh/ssh_config LSPP + +/etc/stunnel LSPP + +/etc/vsftpd.ftpusers LSPP +/etc/vsftpd LSPP + +/etc/issue LSPP +/etc/issue.net LSPP + +/etc/cups LSPP + +# With AIDE's default verbosity level of 5, these would give lots of +# warnings upon tree traversal. It might change with future version. +# +#=/lost\+found DIR +#=/home DIR + +# Ditto /var/log/sa reason... +!/var/log/and-httpd + +# Admins dot files constantly change, just check perms +/root/\..* PERMS diff --git a/aide.logrotate b/aide.logrotate new file mode 100644 index 0000000..614c6a6 --- /dev/null +++ b/aide.logrotate @@ -0,0 +1,9 @@ +/var/log/aide/*.log { + weekly + missingok + rotate 4 + compress + delaycompress + copytruncate + minsize 100k +} diff --git a/aide.spec b/aide.spec new file mode 100644 index 0000000..2ea2208 --- /dev/null +++ b/aide.spec @@ -0,0 +1,112 @@ +Name: aide +Version: 0.16 +Release: 14 +Summary: Advanced Intrusion Detection Environment +License: GPLv2+ +URL: http://sourceforge.net/projects/aide +Source0: http://sourceforge.net/projects/aide/files/aide/%{version}/%{name}-%{version}.tar.gz +Source1: aide.conf +Source2: README.quickstart +Source3: aide.logrotate + +BuildRequires: gcc make bison flex pcre-devel libgpg-error-devel libgcrypt-devel zlib-devel libcurl-devel +BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audit-libs-devel git + +Patch1: aide-0.16rc1-man.patch +Patch2: aide-0.16b1-fipsfix.patch +Patch6000: aide-define_hash_use_gcrypt.patch +Patch6001: Fix-short-form-of-limit-parameter.patch +Patch6002: Fix-root_prefix-option.patch +Patch6003: Add-missing-include-in-src-db.c.patch +Patch6004: src-do_md.c-fix-memory-leak-in-is_prelinked.patch +Patch6005: Skip-reading-section-data-if-the-section-doesn-t-con.patch + +%description +AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. +It creates a database from the regular expression rules that it finds from the config file(s). +Once this database is initialized it can be used to verify the integrity of the files. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 -Sgit + +%build +%configure --disable-static --with-config_file=%{_sysconfdir}/aide.conf --with-gcrypt --with-zlib \ + --with-curl --with-posix-acl --with-selinux --with-xattr --with-e2fsattrs --with-audit +make %{?_smp_mflags} + +%install +%make_install bindir=%{_sbindir} +install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:1} +install -Dpm0644 -t %{buildroot}%{_datadir}/doc/aide-help %{S:2} +install -Dpm0644 -t %{buildroot}%{_sysconfdir}/logrotate.d/aide %{S:3} +mkdir -p %{buildroot}%{_localstatedir}/log/aide +mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide + +%pre + +%preun + +%post + +%postun + +%files +%defattr(-,root,root) +%license COPYING AUTHORS +%doc ChangeLog contrib/ +%{_sbindir}/* +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/aide +%dir %attr(0700,root,root) %{_localstatedir}/lib/aide +%dir %attr(0700,root,root) %{_localstatedir}/log/aide + +%files help +%defattr(-,root,root) +%doc NEWS README doc/manual.html README.quickstart +%{_mandir}/*/* + +%changelog +* Wed Oct 9 2019 openEuler Buildteam - 0.16-14 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: change the directory of AUTHORS + +* Sat Sep 21 2019 openEuler Buildteam - 0.16-13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:revise description + +* Fri Aug 23 2019 openEuler Buildteam - 0.16-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:strengthen spec + +* Tue Aug 20 2019 guoxiaoqi - 0.16-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:rename patches + +* Tue Apr 9 2019 wangxiao - 0.16-10 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:Fix short form of --limit parameter + Fix root_prefix option + Add missing include in src/db.c + Fix memory leak in is_prelinked + Skip reading section data if the section doesn't contain any table. + +* Sun Apr 7 2019 zoujing - 0.16-9 +- Type:enhancement +- ID:NA +- SUG:restart +- DESC: backport patch for fixing "DBG: md_enable: algorithm 7 not available" + +* Tue Jul 31 2018 openEuler Buildteam - 0.16-8 +- Package init diff --git a/src-do_md.c-fix-memory-leak-in-is_prelinked.patch b/src-do_md.c-fix-memory-leak-in-is_prelinked.patch new file mode 100644 index 0000000..9c5ca0a --- /dev/null +++ b/src-do_md.c-fix-memory-leak-in-is_prelinked.patch @@ -0,0 +1,48 @@ +From 242ce0bd6cedbbc989c565364679c57ee9171424 Mon Sep 17 00:00:00 2001 +From: Hannes von Haugwitz +Date: Fri, 7 Dec 2018 08:16:08 +0100 +Subject: [PATCH 10/20] src/do_md.c: fix memory leak in is_prelinked + +* thanks to Robert Springer for the patch +* closes #103 +--- + ChangeLog | 4 ++++ + src/do_md.c | 7 +++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/do_md.c b/src/do_md.c +index bc06e62..86fde8d 100644 +--- a/src/do_md.c ++++ b/src/do_md.c +@@ -1,7 +1,7 @@ + /* aide, Advanced Intrusion Detection Environment + * vi: ts=8 sw=8 + * +- * Copyright (C) 1999-2002,2004-2006,2009-2011,2013 Rami Lehti, Pablo ++ * Copyright (C) 1999-2002,2004-2006,2009-2011,2013,2018 Rami Lehti, Pablo + * Virolainen, Mike Markley, Richard van den Berg, Hannes von Haugwitz + * $Header$ + * +@@ -90,8 +90,10 @@ int is_prelinked(int fd) { + if ((elf = elf_begin (fd, ELF_C_READ, NULL)) == NULL + || elf_kind(elf) != ELF_K_ELF + || gelf_getehdr(elf, &ehdr) == NULL +- || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) ++ || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) { ++ elf_end(elf); + return 0; ++ } + + bingo = 0; + while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) { +@@ -113,6 +115,7 @@ int is_prelinked(int fd) { + } + } + } ++ elf_end(elf); + + return bingo; + } +-- +2.19.1 +