[Aide-commits] aide branch, master, updated. 73313db804f7b9c72679422b1feaddb605fd91ed
Brought to you by:
hvhaugwitz,
rvdb
From: Hannes v. H. <hvh...@us...> - 2010-07-20 18:31:13
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 73313db804f7b9c72679422b1feaddb605fd91ed (commit) from 0418ae1ea01d3d824d9b43ace432855b467ee5b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 73313db804f7b9c72679422b1feaddb605fd91ed Author: Hannes von Haugwitz <ha...@vo...> Date: Tue Jul 20 19:57:45 2010 +0200 Added ext2 file attributes support diff --git a/ChangeLog b/ChangeLog index 26ddad3..beb530b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2010-07-20 Hannes von Haugwitz <ha...@vo...> + * Added ext2 file attributes support + 2010-06-12 Hannes von Haugwitz <ha...@vo...> * Always add permissions attribute to database * Added AIDEVERSION to report diff --git a/NEWS b/NEWS index 845d59a..75cc4a6 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ ========================================================= Version UNRELEASED + * Added support for e2fsattrs attribute * Added support for ftype attribute * Bug fixes diff --git a/configure.in b/configure.in index 9295f60..2af7608 100644 --- a/configure.in +++ b/configure.in @@ -524,6 +524,24 @@ AS_IF([test "x$with_xattr_support" != xno], AC_SUBST(ATTRLIB) +AC_MSG_CHECKING(for e2fsattrs-support) +AC_ARG_WITH([e2fsattrs], + [AC_HELP_STRING([--with-e2fsattrs], + [use e2fsattrs (no checking)])], + [with_e2fsattrs_support="$withval"], + [with_e2fsattrs_support=no] +) + +AS_IF([test "x$with_e2fsattrs_support" != xno], + [AC_DEFINE(WITH_E2FSATTRS,1,[use e2fsattrs]) + E2FSATTRSLIB=-le2p + compoptionstring="${compoptionstring}WITH_E2FSATTRS\\n" + aideextragroups="${aideextragroups}+e2fsattrs" + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)] +) + +AC_SUBST(E2FSATTRSLIB) # Check whether LFS has explicitly been disabled AC_ARG_ENABLE(lfs,[ --disable-lfs Disable large file support on 32-bit platforms], [aide_lfs_choice=$enableval], [aide_lfs_choice=yes]) diff --git a/contrib/aide-attributes.sh b/contrib/aide-attributes.sh index 13266be..bafc81e 100644 --- a/contrib/aide-attributes.sh +++ b/contrib/aide-attributes.sh @@ -24,7 +24,7 @@ attributes=( "filename" "linkname" "perm" "uid" "gid" "size" "atime" \ "rmd160" "tiger" "crc32" "haval" "gost" "crc32b" "attr" \ "acl" "bsize" "rdev" "dev" "checkmask" "growingsize" "checkinode" \ "allownewfile" "allowrmfile" "sha256" "sha512" "selinux" \ - "xattrs" "whirlpool" "ftype" ) + "xattrs" "whirlpool" "ftype" "e2fsattrs" ) NAME="aide-attributes" diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 54bcfa3..3b30f40 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -64,7 +64,7 @@ Whether to summarize changes in the added, removed and changed files sections of the report or not. Valid values are yes,true,no and false. The default is not to summarize the changes. -The general format is like the string YlZbpugamcinCAXS, where Y is +The general format is like the string YlZbpugamcinCAXSE, where Y is replaced by the file-type (\fBf\fP for a regular file, \fBd\fP for a directory, \fBL\fP for a symbolic link, \fBD\fP for a character device, \fBB\fP for a block device, \fBF\fP for a FIFO, \fBs\fP for a unix @@ -111,6 +111,8 @@ A \fBA\fP means that the access control list has changed. A \fBX\fP means that the extended attributes have changed. .IP o A \fBS\fP means that the SELinux attributes have changed. +.IP o +A \fBE\fP means that the file attributes on a second extended file system have changed. .RE .IP "report_attributes" Special group definition that lists parameters which are always printed @@ -238,6 +240,7 @@ Input is read from filedescriptor \fBnumber\fR or output is written to .IP "acl: access control list" .IP "selinux: selinux attributes" .IP "xattrs: extended attributes" +.IP "e2fsattrs: file attributes on a second extended file system .LP Please note that 'I' and 'c' are incompatible. When the name of a file is changed, it's ctime is updated as well. When you put 'c' and 'I' in diff --git a/doc/manual.html b/doc/manual.html index 2b7436a..2840970 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -208,6 +208,7 @@ Here is an example configuration.</p> #acl: access control list #selinux SELinux security context #xattrs: extended file attributes + #e2fsattrs: file attributes on a second extended file system # You can alse create custom rules - my home made rule definition goes like this # diff --git a/include/db_config.h b/include/db_config.h index 8d54146..1a329de 100644 --- a/include/db_config.h +++ b/include/db_config.h @@ -85,6 +85,10 @@ typedef struct xattrs_type #endif #endif +#ifdef WITH_E2FSATTRS +#include <e2p/e2p.h> +#endif + #ifdef WITH_MHASH #include <mhash.h> #endif @@ -151,6 +155,7 @@ typedef enum { db_whirlpool, /* "whirlpool", */ db_selinux, /* "selinux", */ db_xattrs, /* "xattrs", */ + db_e2fsattrs, /* "e2fsattrs" */ db_unknown } DB_FIELD; /* "unknown" */ /* db_unknown must be last because it is used to determine size of @@ -204,6 +209,7 @@ typedef enum { #define DB_XATTRS (1LLU<<33) /* "xattrs", */ #define DB_WHIRLPOOL (1LLU<<34) /* "whirlpool", */ #define DB_FTYPE (1LLU<<35) /* "file type", */ +#define DB_E2FSATTRS (1LLU<<36) /* "ext2 file system attributes" */ #define DB_HASHES (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \ DB_GOST|DB_CRC32B|DB_SHA256|DB_SHA512|DB_WHIRLPOOL) @@ -384,6 +390,8 @@ typedef struct db_line { xattrs_type* xattrs; + unsigned long e2fsattrs; + /* Attributes .... */ DB_ATTR_TYPE attr; diff --git a/include/do_md.h b/include/do_md.h index a97208c..f15fc83 100644 --- a/include/do_md.h +++ b/include/do_md.h @@ -33,4 +33,8 @@ list* do_md(list* file_lst,db_config* conf); void acl2line(db_line* line); +#ifdef WITH_E2FSATTRS +void e2fsattrs2line(db_line* line); +#endif + #endif /* _DO_MD_H_INCLUDED */ diff --git a/src/Makefile.am b/src/Makefile.am index 7cbfcd5..b595079 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -25,7 +25,7 @@ AM_YFLAGS= -d #AM_LFLAGS= -d LEX_OUTPUT_ROOT = lex.yy -LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @ELFLIB@ +LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ diff --git a/src/aide.c b/src/aide.c index deb7ae0..9dbbc69 100644 --- a/src/aide.c +++ b/src/aide.c @@ -377,6 +377,9 @@ void setdefaults_before_config() #endif #endif do_groupdef("ftype",DB_FTYPE); +#ifdef WITH_E2FSATTRS + do_groupdef("e2fsattrs",DB_E2FSATTRS); +#endif p=0LLU; #if defined(WITH_MHASH) || defined(WITH_GCRYPT) diff --git a/src/commandconf.c b/src/commandconf.c index 6820d3d..0b43194 100644 --- a/src/commandconf.c +++ b/src/commandconf.c @@ -511,6 +511,9 @@ void update_db_out_order(DB_ATTR_TYPE attr) if((attr&DB_SELINUX) && (check_dboo(db_selinux)!=RETFAIL)){ conf->db_out_order[conf->db_out_size++]=db_selinux; } + if((attr&DB_E2FSATTRS) && (check_dboo(db_e2fsattrs)!=RETFAIL)){ + conf->db_out_order[conf->db_out_size++]=db_e2fsattrs; + } if((attr&DB_CHECKMASK) && (check_dboo(db_checkmask)!=RETFAIL)){ conf->db_out_order[conf->db_out_size++]=db_checkmask; } diff --git a/src/compare_db.c b/src/compare_db.c index 8af7181..bf87532 100644 --- a/src/compare_db.c +++ b/src/compare_db.c @@ -59,6 +59,14 @@ char oline[129]; char nline[129]; const char* entry_format= " %-9s: %-33s, %s\n"; const char* entry_format_justnew=" %-9s: %-33c %s\n"; +#ifdef WITH_E2FSATTRS + /* flag->character mappings defined in lib/e2p/pf.c (part of e2fsprogs-1.41.12 sources) */ + unsigned long flag_bits[] = { EXT2_SECRM_FL, EXT2_UNRM_FL, EXT2_SYNC_FL, EXT2_DIRSYNC_FL, EXT2_IMMUTABLE_FL, + EXT2_APPEND_FL, EXT2_NODUMP_FL, EXT2_NOATIME_FL, EXT2_COMPR_FL, EXT2_COMPRBLK_FL, + EXT2_DIRTY_FL, EXT2_NOCOMPR_FL, EXT2_ECOMPR_FL, EXT3_JOURNAL_DATA_FL, EXT2_INDEX_FL, + EXT2_NOTAIL_FL, EXT2_TOPDIR_FL, EXT4_EXTENTS_FL, EXT4_HUGE_FILE_FL}; + char flag_char[] = "suSDiadAcBZXEjItTeh"; +#endif /*************/ static DB_ATTR_TYPE get_ignorelist() { @@ -390,6 +398,9 @@ DB_ATTR_TYPE compare_dbline(db_line* l1,db_line* l2,DB_ATTR_TYPE ignorelist) ret|=DB_XATTRS; } } +#ifdef WITH_E2FSATTRS + easy_compare(DB_E2FSATTRS,e2fsattrs); +#endif if (!(DB_SELINUX&ignorelist)) { if(compare_str(l1->cntx,l2->cntx)) { ret|=DB_SELINUX; @@ -527,6 +538,22 @@ void print_xattrs_changes(xattrs_type* old,xattrs_type* new) { } +#ifdef WITH_E2FSATTRS +char* e2fsattrs2char(unsigned long flags) { + char* string = malloc (20 * sizeof (char)); + int i; + for (i = 0 ; i < 19 ; i++) { + if (flag_bits[i] & flags) { + string[i]=flag_char[i]; + } else { + string[i]='-'; + } + } + string[19] = '\0'; + return string; +} +#endif + void print_md_changes(byte*old,byte*new,int len,char* name) { int ok = 0; @@ -666,7 +693,7 @@ char* get_file_type_string(mode_t mode) { void print_added_line(db_line* data) { if(conf->summarize_changes==1) { - error(2,"%c+++++++++++++++: %s\n",get_file_type_char(data->perm) , data->filename); + error(2,"%c++++++++++++++++: %s\n",get_file_type_char(data->perm) , data->filename); } else { error(2,"added: %s\n",data->filename); } @@ -674,7 +701,7 @@ void print_added_line(db_line* data) { void print_removed_line(db_line* data) { if(conf->summarize_changes==1) { - error(2,"%c---------------: %s\n",get_file_type_char(data->perm), data->filename); + error(2,"%c----------------: %s\n",get_file_type_char(data->perm), data->filename); } else { error(2,"removed: %s\n",data->filename); } @@ -755,7 +782,7 @@ void print_changed_line(db_line* old,db_line* new, DB_ATTR_TYPE ignorelist) { } if(conf->summarize_changes==1) { - char summary[]=" "; + char summary[]=" "; summary[0]= ((!(DB_FTYPE&ignorelist)) && (((DB_FTYPE&old->attr && DB_FTYPE&new->attr) && get_file_type_char(old->perm)!=get_file_type_char(new->perm)))) ? '!' : get_file_type_char(new->perm); @@ -857,6 +884,9 @@ void print_changed_line(db_line* old,db_line* new, DB_ATTR_TYPE ignorelist) { easy_compare_char(DB_XATTRS,compare_xattrs(old->xattrs,new->xattrs)==RETFAIL,'X',14); easy_compare_char(DB_SELINUX,str_has_changed(old->cntx,new->cntx),'S',15); +#ifdef WITH_E2FSATTRS + easy_char(DB_E2FSATTRS,e2fsattrs,'E',16); +#endif error(2,"%s: %s\n",summary, new->filename); } else { error(2,"changed: %s\n",new->filename); @@ -1027,6 +1057,18 @@ void print_dbline_changes(db_line* old,db_line* new, print_str_changes(old->cntx,new->cntx, "SELinux"); } +#ifdef WITH_E2FSATTRS + if ( !(DB_E2FSATTRS&ignorelist) ) { + if(old->e2fsattrs!=new->e2fsattrs || DB_E2FSATTRS&forced_attrs ) { + tmp=e2fsattrs2char(old->e2fsattrs); + tmp2=e2fsattrs2char(new->e2fsattrs); + print_string_changes("E2fsAttrs", tmp, tmp2, old->e2fsattrs==new->e2fsattrs); + free(tmp); free(tmp2); + tmp=NULL; tmp2=NULL; + } + } +#endif + return; } diff --git a/src/conf_yacc.y b/src/conf_yacc.y index 3745389..e2de36d 100644 --- a/src/conf_yacc.y +++ b/src/conf_yacc.y @@ -107,6 +107,7 @@ extern long conf_lineno; %token <i> TACL %token <i> TXATTRS %token <i> TSELINUX +%token <i> TE2FSATTRS /* hash funktions */ @@ -208,7 +209,7 @@ other : TRIGHTS { $$ =$1 ;} | TUSER {$$ =$1 ;} | TGROWINGSIZE {$$ =$1 ;} | TATIME {$$ =$1 ;} | TCTIME {$$ =$1 ;} | TMTIME {$$ =$1 ;} | TL {$$ = $1;} | TR {$$ = $1;} | TACL {$$ =$1 ;} | TXATTRS {$$ =$1 ;} - | TSELINUX {$$ =$1 ;}; + | TSELINUX {$$ =$1 ;} | TE2FSATTRS {$$ =$1 ;}; hash : TTIGER { $$ =$1 ;} | TSHA1 { $$ =$1 ;} | TRMD160 { $$ =$1 ;} | TMD5 {$$ =$1 ;} | TSHA256 { $$ =$1 ;} | TSHA512 { $$ =$1 ;} diff --git a/src/db.c b/src/db.c index 699c31d..6324af8 100644 --- a/src/db.c +++ b/src/db.c @@ -84,6 +84,7 @@ const char* db_names[db_unknown+1] = { "whirlpool", "selinux", "xattrs", + "e2fsattrs", "unknown"} ; const int db_value[db_unknown+1] = { @@ -120,6 +121,7 @@ const int db_value[db_unknown+1] = { db_whirlpool, /* "whirlpool", */ db_selinux, /* "selinux", */ db_xattrs, /* "xattrs", */ + db_e2fsattrs, /* "e2fsattrs", */ db_unknown }; /* "unknown" */ const char* db_namealias[db_alias_size] = { @@ -370,6 +372,7 @@ db_line* db_char2line(char** ss,int db){ line->linkname=NULL; line->acl=NULL; line->xattrs=NULL; + line->e2fsattrs=0; line->cntx=NULL; line->attr=conf->attr; /* attributes from @@dbspec */ @@ -591,6 +594,11 @@ db_line* db_char2line(char** ss,int db){ break; } + case db_e2fsattrs : { + line->e2fsattrs=readlong(ss[(*db_order)[i]],"e2fsattrs"); + break; + } + case db_unknown : { /* Unknown fields are ignored. */ break; diff --git a/src/db_file.c b/src/db_file.c index e9b04a1..d8037de 100644 --- a/src/db_file.c +++ b/src/db_file.c @@ -1066,6 +1066,12 @@ int db_writeline_file(db_line* line,db_config* dbconf, url_t* url){ db_write_byte_base64((byte*)line->cntx, 0, dbconf->db_out, i, 1, 1); break; } +#ifdef WITH_E2FSATTRS + case db_e2fsattrs : { + db_writelong(line->e2fsattrs,dbconf->db_out,i); + break; + } +#endif case db_checkmask : { db_writeoct(line->attr,dbconf->db_out,i); break; diff --git a/src/do_md.c b/src/do_md.c index 7446bc2..99c277f 100644 --- a/src/do_md.c +++ b/src/do_md.c @@ -538,6 +538,22 @@ void acl2line(db_line* line) { #endif } +#ifdef WITH_E2FSATTRS +void e2fsattrs2line(db_line* line) { + unsigned long flags; + if (DB_E2FSATTRS&line->attr) { + if (fgetflags(line->filename, &flags) == 0) { + line->e2fsattrs=flags; + } else { + line->attr&=(~DB_E2FSATTRS); + line->e2fsattrs=0; + } + } else { + line->e2fsattrs=0; + } +} +#endif + void no_hash(db_line* line) { line->attr&=~DB_HASHES; } diff --git a/src/gen_list.c b/src/gen_list.c index 1ab4789..5e2b953 100644 --- a/src/gen_list.c +++ b/src/gen_list.c @@ -1097,6 +1097,7 @@ void strip_dbline(db_line* line,DB_ATTR_TYPE attr) checked_free(line->cntx); } #endif + /* e2fsattrs is stripped within e2fsattrs2line in do_md */ } /* @@ -1350,6 +1351,10 @@ db_line* get_file_attrs(char* filename,DB_ATTR_TYPE attr) selinux2line(line); +#ifdef WITH_E2FSATTRS + e2fsattrs2line(line); +#endif + if (attr&DB_HASHES && S_ISREG(fs.st_mode)) { calc_md(&fs,line); } else { ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 ++ NEWS | 1 + configure.in | 18 ++++++++++++++++ contrib/aide-attributes.sh | 2 +- doc/aide.conf.5.in | 5 +++- doc/manual.html | 1 + include/db_config.h | 8 +++++++ include/do_md.h | 4 +++ src/Makefile.am | 2 +- src/aide.c | 3 ++ src/commandconf.c | 3 ++ src/compare_db.c | 48 +++++++++++++++++++++++++++++++++++++++++-- src/conf_yacc.y | 3 +- src/db.c | 8 +++++++ src/db_file.c | 6 +++++ src/do_md.c | 16 ++++++++++++++ src/gen_list.c | 5 ++++ 17 files changed, 129 insertions(+), 7 deletions(-) hooks/post-receive -- aide |