diff options
author | will <will@FreeBSD.org> | 2000-07-14 16:11:53 +0000 |
---|---|---|
committer | will <will@FreeBSD.org> | 2000-07-14 16:11:53 +0000 |
commit | 108217c2c13a3a2f68c06968b0a98f87d088b7a3 (patch) | |
tree | 1fe473a64eb09043a7b927fe9d4e592c3c8e34d9 /security/aide | |
parent | 268a29c40b7b22d1dd8573fecf0f0eee130ae9ec (diff) | |
download | FreeBSD-ports-108217c2c13a3a2f68c06968b0a98f87d088b7a3.zip FreeBSD-ports-108217c2c13a3a2f68c06968b0a98f87d088b7a3.tar.gz |
Finally add AIDE, a security tool similar to Tripwire but much improved.
PR: 15894
Submitted by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Diffstat (limited to 'security/aide')
-rw-r--r-- | security/aide/Makefile | 52 | ||||
-rw-r--r-- | security/aide/distinfo | 1 | ||||
-rw-r--r-- | security/aide/files/aide.conf.freebsd | 157 | ||||
-rw-r--r-- | security/aide/files/patch-aa | 11 | ||||
-rw-r--r-- | security/aide/pkg-comment | 1 | ||||
-rw-r--r-- | security/aide/pkg-descr | 22 | ||||
-rw-r--r-- | security/aide/pkg-plist | 2 |
7 files changed, 246 insertions, 0 deletions
diff --git a/security/aide/Makefile b/security/aide/Makefile new file mode 100644 index 0000000..8f78486 --- /dev/null +++ b/security/aide/Makefile @@ -0,0 +1,52 @@ +# New ports collection makefile for: aide +# Date created: Tue Jan 4 11:45:29 PST 2000 +# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) +# +# $FreeBSD$ +# + +PORTNAME= aide +PORTVERSION= 0.7 +CATEGORIES= security +MASTER_SITES= http://www.cs.tut.fi/~rammer/ \ + ftp://ftp.cs.tut.fi/pub/src/gnu/ + +MAINTAINER= Cy.Schubert@uumail.gov.bc.ca + +LIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash + +GNU_CONFIGURE= yes +CONFIGURE_ARGS+=--with-mhash \ + --with-zlib \ + --with-config_file=/var/adm/aide/aide.conf + +CONFIGURE_ENV+= LIBS='-L${LOCALBASE}/lib -pthread' + +MAN1= aide.1 +MAN5= aide.conf.5 + +post-install: + ${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample + @${ECHO} + @${ECHO} "If you want to finish setting up AIDE, don't forget to make" + @${ECHO} "a new directory called /var/adm/aide and then create your own" + @${ECHO} "aide.conf based on ${PREFIX}/etc/aide.conf.sample and then" + @${ECHO} "copy it to that directory. You will also need to make the" + @${ECHO} "databases directory, /var/adm/aide/databases, and run the" + @${ECHO} "following command:" + @${ECHO} + @${ECHO} " cd /var/adm/aide;aide --init;mv databases/aide.db.new databases/aide.db" + @${ECHO} +.if defined(AIDE_FLOPPY) + @disklabel -w -B /dev/rfd0c fd1440 + @newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c + @mount /dev/fd0c /mnt + @${CP} ${PREFIX}/bin/aide /mnt/aide + @${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf + @${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db + @${CHMOD} 555 /mnt/aide + @umount /mnt + @${ECHO} Do not forget to remove and write-protect the floppy. +.endif + +.include <bsd.port.mk> diff --git a/security/aide/distinfo b/security/aide/distinfo new file mode 100644 index 0000000..c1967d9 --- /dev/null +++ b/security/aide/distinfo @@ -0,0 +1 @@ +MD5 (aide-0.7.tar.gz) = 0b2ed9eb3b608a19418800b87f5be848 diff --git a/security/aide/files/aide.conf.freebsd b/security/aide/files/aide.conf.freebsd new file mode 100644 index 0000000..1e481db --- /dev/null +++ b/security/aide/files/aide.conf.freebsd @@ -0,0 +1,157 @@ +# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $ +# +# tripwire.config +# Generic version for FreeBSD based on Tripwire's tw.config +# Will need editing...see comments below +# +# This file contains a list of files and directories that System +# Preener will scan. Information collected from these files will be +# stored in the tripwire.database file. +# +# Format: [!|=] entry [ignore-flags] +# +# where: '!' signifies the entry is to be pruned (inclusive) from +# the list of files to be scanned. +# '=' signifies the entry is to be added, but if it is +# a directory, then all its contents are pruned +# (useful for /tmp). +# +# where: entry is the absolute pathname of a file or a directory +# +# where ignore-flags are in the format: +# [template][ [+|-][pinugsam...] ... ] +# +# - : ignore the following atributes +# + : do not ignore the following attributes +# +# p : permission and file mode bits a: access timestamp +# i : inode number m: modification timestamp +# n : number of links (ref count) c: inode creation timestamp +# u : user id of owner md5: MD5 signature +# g : group id of owner tiger: tiger signature +# s : size of file rmd160: RMD160 signature +# sha1: SHA1 signature +# +# +# Ex: The following entry will scan all the files in /etc, and report +# any changes in mode bits, inode number, reference count, uid, +# gid, modification and creation timestamp, and the signatures. +# However, it will ignore any changes in the access timestamp. +# +# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a +# +# The following templates have been pre-defined to make these long ignore +# mask descriptions unecessary. +# +# Templates: +# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a) +# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1) +# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1) +# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1) +# +# By default, Tripwire uses the R template -- it ignores +# only the access timestamp. +# +# You can use templates with modifiers, like: +# Ex: /etc/lp E+u+g +# +# Example configuration file: +# /etc R # all system files +# !/etc/lp R # ...but not those logs +# =/tmp N # just the directory, not its files +# +# Note the difference between pruning (via "!") and ignoring everything +# (via "E" template): Ignoring everything in a directory still monitors +# for added and deleted files. Pruning a directory will prevent Tripwire +# from even looking in the specified directory. +# +# +# Tripwire running slowly? Modify your tripwire.config entries to +# ignore the (signature 2) attribute when this computationally-exorbita +nt +# protection is not needed. (See README and design document for further +# details.) +# + +database=file:///var/log/aide/databases/aide.db +database_out=file:///var/log/aide/databases/aide.db.new + + +# First, root's traditional "home". Note that FreeBSD's root's home (/root) +# is protected by R-tiger-rmd160-sha1 protections in the default config file. +=/ L +/.rhosts R +/.profile R +/.cshrc R +/.login R +/.exrc R +/.logout R +/.forward R + +# Unix itself +/kernel R + +# /bin +/bin R-tiger-rmd160-sha1 + +# /dev +/dev L + +# /etc +/etc R-tiger-rmd160-sha1 +/etc/aliases L +/etc/dumpdates L +/etc/motd L + +# my passwd database should be static at time of system build. yours may +# not be, if not, uncomment the lines below. + +# /etc/passwd L +# /etc/master.passwd L +# /etc/pwd.db L +# /etc/spwd.db L + +# /home +=/home L-c + +# /lkm +/lkm R-tiger-rmd160-sha1 + +# /root +/root R-tiger-rmd160-sha1 +/root/.history L + +# /sbin +/sbin R-tiger-rmd160-sha1 + +# /stand +/stand R-tiger-rmd160-sha1 + +# /usr/bin +/usr/bin R-tiger-rmd160-sha1 + +/usr/include R-tiger-rmd160-sha1 + +/usr/lib R-tiger-rmd160-sha1 + +/usr/libdata R-tiger-rmd160-sha1 + +/usr/libexec R-tiger-rmd160-sha1 + +/usr/local/bin R-tiger-rmd160-sha1 + +/usr/local/etc L + +/usr/local/lib R-tiger-rmd160-sha1 + +/usr/local/libexec R-tiger-rmd160-sha1 + +/usr/local/sbin R-tiger-rmd160-sha1 + +/usr/local/share R-tiger-rmd160-sha1 + +/usr/sbin R-tiger-rmd160-sha1 + +/usr/share R-tiger-rmd160-sha1 + +########################################### diff --git a/security/aide/files/patch-aa b/security/aide/files/patch-aa new file mode 100644 index 0000000..8996fbd --- /dev/null +++ b/security/aide/files/patch-aa @@ -0,0 +1,11 @@ +--- src/db_file.c.orig Thu Apr 20 05:44:56 2000 ++++ src/db_file.c Thu Jul 13 07:39:36 2000 +@@ -212,7 +212,7 @@ + if((retval=fork())==0){ + /* The child process */ + close(pipefd[0]); +- conf->db_gzin=gzdopen(fileno(conf->db_in),"rb"); ++ conf->db_gzin=gzdopen(fileno((FILE *)conf->db_in),"rb"); + /* WARNING This causes weird problems. Don't do it. + fclose(conf->db_in); + */ diff --git a/security/aide/pkg-comment b/security/aide/pkg-comment new file mode 100644 index 0000000..e11f1ff --- /dev/null +++ b/security/aide/pkg-comment @@ -0,0 +1 @@ +A replacement and extension for Tripwire diff --git a/security/aide/pkg-descr b/security/aide/pkg-descr new file mode 100644 index 0000000..a9019fe --- /dev/null +++ b/security/aide/pkg-descr @@ -0,0 +1,22 @@ +AIDE is Advanced Intrusion Detection Environment. +This piece of software was written as a replacement and extension +for Tripwire. Tripwire is an excellent program in itself but lacks +some features and is a closed product. + +Current Features: +Multiple integrity checking algorithms (Even more with mhash support) +Ability to output the database to stdout/file +Easy configuration through a powerful configuration file + +Planned Features: +Multiple database retrieval backends +Encrypted databases +Compressed databases(zlib bzip2 support) +Windows NT port +Email report +More elaborate report options +Recurse=n +Interactive db update + +WWW: http://www.cs.tut.fi/~rammer/ +Author: rammer@cs.tut.fi diff --git a/security/aide/pkg-plist b/security/aide/pkg-plist new file mode 100644 index 0000000..4358010 --- /dev/null +++ b/security/aide/pkg-plist @@ -0,0 +1,2 @@ +bin/aide +etc/aide.conf.sample |