mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-23 04:23:08 +00:00
Finally add AIDE, a security tool similar to Tripwire but much improved.
PR: 15894 Submitted by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
This commit is contained in:
parent
c06609aa4e
commit
8bd92e6eab
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=30629
@ -2,6 +2,7 @@
|
||||
#
|
||||
|
||||
SUBDIR += aafid2
|
||||
SUBDIR += aide
|
||||
SUBDIR += bjorb
|
||||
SUBDIR += bro
|
||||
SUBDIR += bugs
|
||||
|
52
security/aide/Makefile
Normal file
52
security/aide/Makefile
Normal file
@ -0,0 +1,52 @@
|
||||
# New ports collection makefile for: aide
|
||||
# Date created: Tue Jan 4 11:45:29 PST 2000
|
||||
# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca)
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= aide
|
||||
PORTVERSION= 0.7
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://www.cs.tut.fi/~rammer/ \
|
||||
ftp://ftp.cs.tut.fi/pub/src/gnu/
|
||||
|
||||
MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
|
||||
|
||||
LIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS+=--with-mhash \
|
||||
--with-zlib \
|
||||
--with-config_file=/var/adm/aide/aide.conf
|
||||
|
||||
CONFIGURE_ENV+= LIBS='-L${LOCALBASE}/lib -pthread'
|
||||
|
||||
MAN1= aide.1
|
||||
MAN5= aide.conf.5
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample
|
||||
@${ECHO}
|
||||
@${ECHO} "If you want to finish setting up AIDE, don't forget to make"
|
||||
@${ECHO} "a new directory called /var/adm/aide and then create your own"
|
||||
@${ECHO} "aide.conf based on ${PREFIX}/etc/aide.conf.sample and then"
|
||||
@${ECHO} "copy it to that directory. You will also need to make the"
|
||||
@${ECHO} "databases directory, /var/adm/aide/databases, and run the"
|
||||
@${ECHO} "following command:"
|
||||
@${ECHO}
|
||||
@${ECHO} " cd /var/adm/aide;aide --init;mv databases/aide.db.new databases/aide.db"
|
||||
@${ECHO}
|
||||
.if defined(AIDE_FLOPPY)
|
||||
@disklabel -w -B /dev/rfd0c fd1440
|
||||
@newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
|
||||
@mount /dev/fd0c /mnt
|
||||
@${CP} ${PREFIX}/bin/aide /mnt/aide
|
||||
@${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf
|
||||
@${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db
|
||||
@${CHMOD} 555 /mnt/aide
|
||||
@umount /mnt
|
||||
@${ECHO} Do not forget to remove and write-protect the floppy.
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
1
security/aide/distinfo
Normal file
1
security/aide/distinfo
Normal file
@ -0,0 +1 @@
|
||||
MD5 (aide-0.7.tar.gz) = 0b2ed9eb3b608a19418800b87f5be848
|
157
security/aide/files/aide.conf.freebsd
Normal file
157
security/aide/files/aide.conf.freebsd
Normal file
@ -0,0 +1,157 @@
|
||||
# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $
|
||||
#
|
||||
# tripwire.config
|
||||
# Generic version for FreeBSD based on Tripwire's tw.config
|
||||
# Will need editing...see comments below
|
||||
#
|
||||
# This file contains a list of files and directories that System
|
||||
# Preener will scan. Information collected from these files will be
|
||||
# stored in the tripwire.database file.
|
||||
#
|
||||
# Format: [!|=] entry [ignore-flags]
|
||||
#
|
||||
# where: '!' signifies the entry is to be pruned (inclusive) from
|
||||
# the list of files to be scanned.
|
||||
# '=' signifies the entry is to be added, but if it is
|
||||
# a directory, then all its contents are pruned
|
||||
# (useful for /tmp).
|
||||
#
|
||||
# where: entry is the absolute pathname of a file or a directory
|
||||
#
|
||||
# where ignore-flags are in the format:
|
||||
# [template][ [+|-][pinugsam...] ... ]
|
||||
#
|
||||
# - : ignore the following atributes
|
||||
# + : do not ignore the following attributes
|
||||
#
|
||||
# p : permission and file mode bits a: access timestamp
|
||||
# i : inode number m: modification timestamp
|
||||
# n : number of links (ref count) c: inode creation timestamp
|
||||
# u : user id of owner md5: MD5 signature
|
||||
# g : group id of owner tiger: tiger signature
|
||||
# s : size of file rmd160: RMD160 signature
|
||||
# sha1: SHA1 signature
|
||||
#
|
||||
#
|
||||
# Ex: The following entry will scan all the files in /etc, and report
|
||||
# any changes in mode bits, inode number, reference count, uid,
|
||||
# gid, modification and creation timestamp, and the signatures.
|
||||
# However, it will ignore any changes in the access timestamp.
|
||||
#
|
||||
# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a
|
||||
#
|
||||
# The following templates have been pre-defined to make these long ignore
|
||||
# mask descriptions unecessary.
|
||||
#
|
||||
# Templates:
|
||||
# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a)
|
||||
# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1)
|
||||
# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1)
|
||||
# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1)
|
||||
#
|
||||
# By default, Tripwire uses the R template -- it ignores
|
||||
# only the access timestamp.
|
||||
#
|
||||
# You can use templates with modifiers, like:
|
||||
# Ex: /etc/lp E+u+g
|
||||
#
|
||||
# Example configuration file:
|
||||
# /etc R # all system files
|
||||
# !/etc/lp R # ...but not those logs
|
||||
# =/tmp N # just the directory, not its files
|
||||
#
|
||||
# Note the difference between pruning (via "!") and ignoring everything
|
||||
# (via "E" template): Ignoring everything in a directory still monitors
|
||||
# for added and deleted files. Pruning a directory will prevent Tripwire
|
||||
# from even looking in the specified directory.
|
||||
#
|
||||
#
|
||||
# Tripwire running slowly? Modify your tripwire.config entries to
|
||||
# ignore the (signature 2) attribute when this computationally-exorbita
|
||||
nt
|
||||
# protection is not needed. (See README and design document for further
|
||||
# details.)
|
||||
#
|
||||
|
||||
database=file:///var/log/aide/databases/aide.db
|
||||
database_out=file:///var/log/aide/databases/aide.db.new
|
||||
|
||||
|
||||
# First, root's traditional "home". Note that FreeBSD's root's home (/root)
|
||||
# is protected by R-tiger-rmd160-sha1 protections in the default config file.
|
||||
=/ L
|
||||
/.rhosts R
|
||||
/.profile R
|
||||
/.cshrc R
|
||||
/.login R
|
||||
/.exrc R
|
||||
/.logout R
|
||||
/.forward R
|
||||
|
||||
# Unix itself
|
||||
/kernel R
|
||||
|
||||
# /bin
|
||||
/bin R-tiger-rmd160-sha1
|
||||
|
||||
# /dev
|
||||
/dev L
|
||||
|
||||
# /etc
|
||||
/etc R-tiger-rmd160-sha1
|
||||
/etc/aliases L
|
||||
/etc/dumpdates L
|
||||
/etc/motd L
|
||||
|
||||
# my passwd database should be static at time of system build. yours may
|
||||
# not be, if not, uncomment the lines below.
|
||||
|
||||
# /etc/passwd L
|
||||
# /etc/master.passwd L
|
||||
# /etc/pwd.db L
|
||||
# /etc/spwd.db L
|
||||
|
||||
# /home
|
||||
=/home L-c
|
||||
|
||||
# /lkm
|
||||
/lkm R-tiger-rmd160-sha1
|
||||
|
||||
# /root
|
||||
/root R-tiger-rmd160-sha1
|
||||
/root/.history L
|
||||
|
||||
# /sbin
|
||||
/sbin R-tiger-rmd160-sha1
|
||||
|
||||
# /stand
|
||||
/stand R-tiger-rmd160-sha1
|
||||
|
||||
# /usr/bin
|
||||
/usr/bin R-tiger-rmd160-sha1
|
||||
|
||||
/usr/include R-tiger-rmd160-sha1
|
||||
|
||||
/usr/lib R-tiger-rmd160-sha1
|
||||
|
||||
/usr/libdata R-tiger-rmd160-sha1
|
||||
|
||||
/usr/libexec R-tiger-rmd160-sha1
|
||||
|
||||
/usr/local/bin R-tiger-rmd160-sha1
|
||||
|
||||
/usr/local/etc L
|
||||
|
||||
/usr/local/lib R-tiger-rmd160-sha1
|
||||
|
||||
/usr/local/libexec R-tiger-rmd160-sha1
|
||||
|
||||
/usr/local/sbin R-tiger-rmd160-sha1
|
||||
|
||||
/usr/local/share R-tiger-rmd160-sha1
|
||||
|
||||
/usr/sbin R-tiger-rmd160-sha1
|
||||
|
||||
/usr/share R-tiger-rmd160-sha1
|
||||
|
||||
###########################################
|
11
security/aide/files/patch-aa
Normal file
11
security/aide/files/patch-aa
Normal file
@ -0,0 +1,11 @@
|
||||
--- src/db_file.c.orig Thu Apr 20 05:44:56 2000
|
||||
+++ src/db_file.c Thu Jul 13 07:39:36 2000
|
||||
@@ -212,7 +212,7 @@
|
||||
if((retval=fork())==0){
|
||||
/* The child process */
|
||||
close(pipefd[0]);
|
||||
- conf->db_gzin=gzdopen(fileno(conf->db_in),"rb");
|
||||
+ conf->db_gzin=gzdopen(fileno((FILE *)conf->db_in),"rb");
|
||||
/* WARNING This causes weird problems. Don't do it.
|
||||
fclose(conf->db_in);
|
||||
*/
|
1
security/aide/pkg-comment
Normal file
1
security/aide/pkg-comment
Normal file
@ -0,0 +1 @@
|
||||
A replacement and extension for Tripwire
|
22
security/aide/pkg-descr
Normal file
22
security/aide/pkg-descr
Normal file
@ -0,0 +1,22 @@
|
||||
AIDE is Advanced Intrusion Detection Environment.
|
||||
This piece of software was written as a replacement and extension
|
||||
for Tripwire. Tripwire is an excellent program in itself but lacks
|
||||
some features and is a closed product.
|
||||
|
||||
Current Features:
|
||||
Multiple integrity checking algorithms (Even more with mhash support)
|
||||
Ability to output the database to stdout/file
|
||||
Easy configuration through a powerful configuration file
|
||||
|
||||
Planned Features:
|
||||
Multiple database retrieval backends
|
||||
Encrypted databases
|
||||
Compressed databases(zlib bzip2 support)
|
||||
Windows NT port
|
||||
Email report
|
||||
More elaborate report options
|
||||
Recurse=n
|
||||
Interactive db update
|
||||
|
||||
WWW: http://www.cs.tut.fi/~rammer/
|
||||
Author: rammer@cs.tut.fi
|
2
security/aide/pkg-plist
Normal file
2
security/aide/pkg-plist
Normal file
@ -0,0 +1,2 @@
|
||||
bin/aide
|
||||
etc/aide.conf.sample
|
Loading…
Reference in New Issue
Block a user