summaryrefslogtreecommitdiffstats
path: root/security/aide
diff options
context:
space:
mode:
authorwill <will@FreeBSD.org>2000-07-14 16:11:53 +0000
committerwill <will@FreeBSD.org>2000-07-14 16:11:53 +0000
commit108217c2c13a3a2f68c06968b0a98f87d088b7a3 (patch)
tree1fe473a64eb09043a7b927fe9d4e592c3c8e34d9 /security/aide
parent268a29c40b7b22d1dd8573fecf0f0eee130ae9ec (diff)
downloadFreeBSD-ports-108217c2c13a3a2f68c06968b0a98f87d088b7a3.zip
FreeBSD-ports-108217c2c13a3a2f68c06968b0a98f87d088b7a3.tar.gz
Finally add AIDE, a security tool similar to Tripwire but much improved.
PR: 15894 Submitted by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Diffstat (limited to 'security/aide')
-rw-r--r--security/aide/Makefile52
-rw-r--r--security/aide/distinfo1
-rw-r--r--security/aide/files/aide.conf.freebsd157
-rw-r--r--security/aide/files/patch-aa11
-rw-r--r--security/aide/pkg-comment1
-rw-r--r--security/aide/pkg-descr22
-rw-r--r--security/aide/pkg-plist2
7 files changed, 246 insertions, 0 deletions
diff --git a/security/aide/Makefile b/security/aide/Makefile
new file mode 100644
index 0000000..8f78486
--- /dev/null
+++ b/security/aide/Makefile
@@ -0,0 +1,52 @@
+# New ports collection makefile for: aide
+# Date created: Tue Jan 4 11:45:29 PST 2000
+# Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca)
+#
+# $FreeBSD$
+#
+
+PORTNAME= aide
+PORTVERSION= 0.7
+CATEGORIES= security
+MASTER_SITES= http://www.cs.tut.fi/~rammer/ \
+ ftp://ftp.cs.tut.fi/pub/src/gnu/
+
+MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
+
+LIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS+=--with-mhash \
+ --with-zlib \
+ --with-config_file=/var/adm/aide/aide.conf
+
+CONFIGURE_ENV+= LIBS='-L${LOCALBASE}/lib -pthread'
+
+MAN1= aide.1
+MAN5= aide.conf.5
+
+post-install:
+ ${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample
+ @${ECHO}
+ @${ECHO} "If you want to finish setting up AIDE, don't forget to make"
+ @${ECHO} "a new directory called /var/adm/aide and then create your own"
+ @${ECHO} "aide.conf based on ${PREFIX}/etc/aide.conf.sample and then"
+ @${ECHO} "copy it to that directory. You will also need to make the"
+ @${ECHO} "databases directory, /var/adm/aide/databases, and run the"
+ @${ECHO} "following command:"
+ @${ECHO}
+ @${ECHO} " cd /var/adm/aide;aide --init;mv databases/aide.db.new databases/aide.db"
+ @${ECHO}
+.if defined(AIDE_FLOPPY)
+ @disklabel -w -B /dev/rfd0c fd1440
+ @newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
+ @mount /dev/fd0c /mnt
+ @${CP} ${PREFIX}/bin/aide /mnt/aide
+ @${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf
+ @${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db
+ @${CHMOD} 555 /mnt/aide
+ @umount /mnt
+ @${ECHO} Do not forget to remove and write-protect the floppy.
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/aide/distinfo b/security/aide/distinfo
new file mode 100644
index 0000000..c1967d9
--- /dev/null
+++ b/security/aide/distinfo
@@ -0,0 +1 @@
+MD5 (aide-0.7.tar.gz) = 0b2ed9eb3b608a19418800b87f5be848
diff --git a/security/aide/files/aide.conf.freebsd b/security/aide/files/aide.conf.freebsd
new file mode 100644
index 0000000..1e481db
--- /dev/null
+++ b/security/aide/files/aide.conf.freebsd
@@ -0,0 +1,157 @@
+# $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $
+#
+# tripwire.config
+# Generic version for FreeBSD based on Tripwire's tw.config
+# Will need editing...see comments below
+#
+# This file contains a list of files and directories that System
+# Preener will scan. Information collected from these files will be
+# stored in the tripwire.database file.
+#
+# Format: [!|=] entry [ignore-flags]
+#
+# where: '!' signifies the entry is to be pruned (inclusive) from
+# the list of files to be scanned.
+# '=' signifies the entry is to be added, but if it is
+# a directory, then all its contents are pruned
+# (useful for /tmp).
+#
+# where: entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+# [template][ [+|-][pinugsam...] ... ]
+#
+# - : ignore the following atributes
+# + : do not ignore the following attributes
+#
+# p : permission and file mode bits a: access timestamp
+# i : inode number m: modification timestamp
+# n : number of links (ref count) c: inode creation timestamp
+# u : user id of owner md5: MD5 signature
+# g : group id of owner tiger: tiger signature
+# s : size of file rmd160: RMD160 signature
+# sha1: SHA1 signature
+#
+#
+# Ex: The following entry will scan all the files in /etc, and report
+# any changes in mode bits, inode number, reference count, uid,
+# gid, modification and creation timestamp, and the signatures.
+# However, it will ignore any changes in the access timestamp.
+#
+# /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates:
+# (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a)
+# L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1)
+# N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1)
+# E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+# Ex: /etc/lp E+u+g
+#
+# Example configuration file:
+# /etc R # all system files
+# !/etc/lp R # ...but not those logs
+# =/tmp N # just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template): Ignoring everything in a directory still monitors
+# for added and deleted files. Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly? Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbita
+nt
+# protection is not needed. (See README and design document for further
+# details.)
+#
+
+database=file:///var/log/aide/databases/aide.db
+database_out=file:///var/log/aide/databases/aide.db.new
+
+
+# First, root's traditional "home". Note that FreeBSD's root's home (/root)
+# is protected by R-tiger-rmd160-sha1 protections in the default config file.
+=/ L
+/.rhosts R
+/.profile R
+/.cshrc R
+/.login R
+/.exrc R
+/.logout R
+/.forward R
+
+# Unix itself
+/kernel R
+
+# /bin
+/bin R-tiger-rmd160-sha1
+
+# /dev
+/dev L
+
+# /etc
+/etc R-tiger-rmd160-sha1
+/etc/aliases L
+/etc/dumpdates L
+/etc/motd L
+
+# my passwd database should be static at time of system build. yours may
+# not be, if not, uncomment the lines below.
+
+# /etc/passwd L
+# /etc/master.passwd L
+# /etc/pwd.db L
+# /etc/spwd.db L
+
+# /home
+=/home L-c
+
+# /lkm
+/lkm R-tiger-rmd160-sha1
+
+# /root
+/root R-tiger-rmd160-sha1
+/root/.history L
+
+# /sbin
+/sbin R-tiger-rmd160-sha1
+
+# /stand
+/stand R-tiger-rmd160-sha1
+
+# /usr/bin
+/usr/bin R-tiger-rmd160-sha1
+
+/usr/include R-tiger-rmd160-sha1
+
+/usr/lib R-tiger-rmd160-sha1
+
+/usr/libdata R-tiger-rmd160-sha1
+
+/usr/libexec R-tiger-rmd160-sha1
+
+/usr/local/bin R-tiger-rmd160-sha1
+
+/usr/local/etc L
+
+/usr/local/lib R-tiger-rmd160-sha1
+
+/usr/local/libexec R-tiger-rmd160-sha1
+
+/usr/local/sbin R-tiger-rmd160-sha1
+
+/usr/local/share R-tiger-rmd160-sha1
+
+/usr/sbin R-tiger-rmd160-sha1
+
+/usr/share R-tiger-rmd160-sha1
+
+###########################################
diff --git a/security/aide/files/patch-aa b/security/aide/files/patch-aa
new file mode 100644
index 0000000..8996fbd
--- /dev/null
+++ b/security/aide/files/patch-aa
@@ -0,0 +1,11 @@
+--- src/db_file.c.orig Thu Apr 20 05:44:56 2000
++++ src/db_file.c Thu Jul 13 07:39:36 2000
+@@ -212,7 +212,7 @@
+ if((retval=fork())==0){
+ /* The child process */
+ close(pipefd[0]);
+- conf->db_gzin=gzdopen(fileno(conf->db_in),"rb");
++ conf->db_gzin=gzdopen(fileno((FILE *)conf->db_in),"rb");
+ /* WARNING This causes weird problems. Don't do it.
+ fclose(conf->db_in);
+ */
diff --git a/security/aide/pkg-comment b/security/aide/pkg-comment
new file mode 100644
index 0000000..e11f1ff
--- /dev/null
+++ b/security/aide/pkg-comment
@@ -0,0 +1 @@
+A replacement and extension for Tripwire
diff --git a/security/aide/pkg-descr b/security/aide/pkg-descr
new file mode 100644
index 0000000..a9019fe
--- /dev/null
+++ b/security/aide/pkg-descr
@@ -0,0 +1,22 @@
+AIDE is Advanced Intrusion Detection Environment.
+This piece of software was written as a replacement and extension
+for Tripwire. Tripwire is an excellent program in itself but lacks
+some features and is a closed product.
+
+Current Features:
+Multiple integrity checking algorithms (Even more with mhash support)
+Ability to output the database to stdout/file
+Easy configuration through a powerful configuration file
+
+Planned Features:
+Multiple database retrieval backends
+Encrypted databases
+Compressed databases(zlib bzip2 support)
+Windows NT port
+Email report
+More elaborate report options
+Recurse=n
+Interactive db update
+
+WWW: http://www.cs.tut.fi/~rammer/
+Author: rammer@cs.tut.fi
diff --git a/security/aide/pkg-plist b/security/aide/pkg-plist
new file mode 100644
index 0000000..4358010
--- /dev/null
+++ b/security/aide/pkg-plist
@@ -0,0 +1,2 @@
+bin/aide
+etc/aide.conf.sample
OpenPOWER on IntegriCloud