1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Finally add AIDE, a security tool similar to Tripwire but much improved.

PR:		15894
Submitted by:	Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
This commit is contained in:
Will Andrews 2000-07-14 16:11:53 +00:00
parent c06609aa4e
commit 8bd92e6eab
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=30629
8 changed files with 247 additions and 0 deletions

View File

@ -2,6 +2,7 @@
#
SUBDIR += aafid2
SUBDIR += aide
SUBDIR += bjorb
SUBDIR += bro
SUBDIR += bugs

52
security/aide/Makefile Normal file
View File

@ -0,0 +1,52 @@
# New ports collection makefile for: aide
# Date created: Tue Jan 4 11:45:29 PST 2000
# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca)
#
# $FreeBSD$
#
PORTNAME= aide
PORTVERSION= 0.7
CATEGORIES= security
MASTER_SITES= http://www.cs.tut.fi/~rammer/ \
ftp://ftp.cs.tut.fi/pub/src/gnu/
MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
LIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash
GNU_CONFIGURE= yes
CONFIGURE_ARGS+=--with-mhash \
--with-zlib \
--with-config_file=/var/adm/aide/aide.conf
CONFIGURE_ENV+= LIBS='-L${LOCALBASE}/lib -pthread'
MAN1= aide.1
MAN5= aide.conf.5
post-install:
${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample
@${ECHO}
@${ECHO} "If you want to finish setting up AIDE, don't forget to make"
@${ECHO} "a new directory called /var/adm/aide and then create your own"
@${ECHO} "aide.conf based on ${PREFIX}/etc/aide.conf.sample and then"
@${ECHO} "copy it to that directory. You will also need to make the"
@${ECHO} "databases directory, /var/adm/aide/databases, and run the"
@${ECHO} "following command:"
@${ECHO}
@${ECHO} " cd /var/adm/aide;aide --init;mv databases/aide.db.new databases/aide.db"
@${ECHO}
.if defined(AIDE_FLOPPY)
@disklabel -w -B /dev/rfd0c fd1440
@newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
@mount /dev/fd0c /mnt
@${CP} ${PREFIX}/bin/aide /mnt/aide
@${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf
@${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db
@${CHMOD} 555 /mnt/aide
@umount /mnt
@${ECHO} Do not forget to remove and write-protect the floppy.
.endif
.include <bsd.port.mk>

1
security/aide/distinfo Normal file
View File

@ -0,0 +1 @@
MD5 (aide-0.7.tar.gz) = 0b2ed9eb3b608a19418800b87f5be848

View File

@ -0,0 +1,157 @@
# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $
#
# tripwire.config
# Generic version for FreeBSD based on Tripwire's tw.config
# Will need editing...see comments below
#
# This file contains a list of files and directories that System
# Preener will scan. Information collected from these files will be
# stored in the tripwire.database file.
#
# Format: [!|=] entry [ignore-flags]
#
# where: '!' signifies the entry is to be pruned (inclusive) from
# the list of files to be scanned.
# '=' signifies the entry is to be added, but if it is
# a directory, then all its contents are pruned
# (useful for /tmp).
#
# where: entry is the absolute pathname of a file or a directory
#
# where ignore-flags are in the format:
# [template][ [+|-][pinugsam...] ... ]
#
# - : ignore the following atributes
# + : do not ignore the following attributes
#
# p : permission and file mode bits a: access timestamp
# i : inode number m: modification timestamp
# n : number of links (ref count) c: inode creation timestamp
# u : user id of owner md5: MD5 signature
# g : group id of owner tiger: tiger signature
# s : size of file rmd160: RMD160 signature
# sha1: SHA1 signature
#
#
# Ex: The following entry will scan all the files in /etc, and report
# any changes in mode bits, inode number, reference count, uid,
# gid, modification and creation timestamp, and the signatures.
# However, it will ignore any changes in the access timestamp.
#
# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a
#
# The following templates have been pre-defined to make these long ignore
# mask descriptions unecessary.
#
# Templates:
# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a)
# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1)
# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1)
# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1)
#
# By default, Tripwire uses the R template -- it ignores
# only the access timestamp.
#
# You can use templates with modifiers, like:
# Ex: /etc/lp E+u+g
#
# Example configuration file:
# /etc R # all system files
# !/etc/lp R # ...but not those logs
# =/tmp N # just the directory, not its files
#
# Note the difference between pruning (via "!") and ignoring everything
# (via "E" template): Ignoring everything in a directory still monitors
# for added and deleted files. Pruning a directory will prevent Tripwire
# from even looking in the specified directory.
#
#
# Tripwire running slowly? Modify your tripwire.config entries to
# ignore the (signature 2) attribute when this computationally-exorbita
nt
# protection is not needed. (See README and design document for further
# details.)
#
database=file:///var/log/aide/databases/aide.db
database_out=file:///var/log/aide/databases/aide.db.new
# First, root's traditional "home". Note that FreeBSD's root's home (/root)
# is protected by R-tiger-rmd160-sha1 protections in the default config file.
=/ L
/.rhosts R
/.profile R
/.cshrc R
/.login R
/.exrc R
/.logout R
/.forward R
# Unix itself
/kernel R
# /bin
/bin R-tiger-rmd160-sha1
# /dev
/dev L
# /etc
/etc R-tiger-rmd160-sha1
/etc/aliases L
/etc/dumpdates L
/etc/motd L
# my passwd database should be static at time of system build. yours may
# not be, if not, uncomment the lines below.
# /etc/passwd L
# /etc/master.passwd L
# /etc/pwd.db L
# /etc/spwd.db L
# /home
=/home L-c
# /lkm
/lkm R-tiger-rmd160-sha1
# /root
/root R-tiger-rmd160-sha1
/root/.history L
# /sbin
/sbin R-tiger-rmd160-sha1
# /stand
/stand R-tiger-rmd160-sha1
# /usr/bin
/usr/bin R-tiger-rmd160-sha1
/usr/include R-tiger-rmd160-sha1
/usr/lib R-tiger-rmd160-sha1
/usr/libdata R-tiger-rmd160-sha1
/usr/libexec R-tiger-rmd160-sha1
/usr/local/bin R-tiger-rmd160-sha1
/usr/local/etc L
/usr/local/lib R-tiger-rmd160-sha1
/usr/local/libexec R-tiger-rmd160-sha1
/usr/local/sbin R-tiger-rmd160-sha1
/usr/local/share R-tiger-rmd160-sha1
/usr/sbin R-tiger-rmd160-sha1
/usr/share R-tiger-rmd160-sha1
###########################################

View File

@ -0,0 +1,11 @@
--- src/db_file.c.orig Thu Apr 20 05:44:56 2000
+++ src/db_file.c Thu Jul 13 07:39:36 2000
@@ -212,7 +212,7 @@
if((retval=fork())==0){
/* The child process */
close(pipefd[0]);
- conf->db_gzin=gzdopen(fileno(conf->db_in),"rb");
+ conf->db_gzin=gzdopen(fileno((FILE *)conf->db_in),"rb");
/* WARNING This causes weird problems. Don't do it.
fclose(conf->db_in);
*/

View File

@ -0,0 +1 @@
A replacement and extension for Tripwire

22
security/aide/pkg-descr Normal file
View File

@ -0,0 +1,22 @@
AIDE is Advanced Intrusion Detection Environment.
This piece of software was written as a replacement and extension
for Tripwire. Tripwire is an excellent program in itself but lacks
some features and is a closed product.
Current Features:
Multiple integrity checking algorithms (Even more with mhash support)
Ability to output the database to stdout/file
Easy configuration through a powerful configuration file
Planned Features:
Multiple database retrieval backends
Encrypted databases
Compressed databases(zlib bzip2 support)
Windows NT port
Email report
More elaborate report options
Recurse=n
Interactive db update
WWW: http://www.cs.tut.fi/~rammer/
Author: rammer@cs.tut.fi

2
security/aide/pkg-plist Normal file
View File

@ -0,0 +1,2 @@
bin/aide
etc/aide.conf.sample