aide-commits Mailing List for aide
Brought to you by:
hvhaugwitz,
rvdb
This list is closed, nobody may subscribe to it.
2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(27) |
Jul
(26) |
Aug
(19) |
Sep
(29) |
Oct
(3) |
Nov
(7) |
Dec
(14) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2011 |
Jan
|
Feb
(8) |
Mar
(7) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
(25) |
Oct
(1) |
Nov
|
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(4) |
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(24) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(2) |
Nov
(5) |
Dec
|
2016 |
Jan
|
Feb
(4) |
Mar
(8) |
Apr
(10) |
May
|
Jun
(1) |
Jul
(14) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(6) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
From: Hannes v. H. <hvh...@us...> - 2018-12-07 07:31:20
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 242ce0bd6cedbbc989c565364679c57ee9171424 (commit) from 80134862869784784ea7c7121daf4240085de04b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 242ce0bd6cedbbc989c565364679c57ee9171424 Author: Hannes von Haugwitz <ha...@vo...> Date: Fri Dec 7 08:16:08 2018 +0100 src/do_md.c: fix memory leak in is_prelinked * thanks to Robert Springer for the patch * closes #103 diff --git a/ChangeLog b/ChangeLog index 1eea55e..a4b1563 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2018-12-07 Hannes von Haugwitz <ha...@vo...> + * src/do_md.c: fix memory leak in is_prelinked (closes #103), + thanks to Robert Springer for the patch + 2018-06-23 Hannes von Haugwitz <ha...@vo...> * Fix spelling error diff --git a/src/do_md.c b/src/do_md.c index bc06e62..86fde8d 100644 --- a/src/do_md.c +++ b/src/do_md.c @@ -1,7 +1,7 @@ /* aide, Advanced Intrusion Detection Environment * vi: ts=8 sw=8 * - * Copyright (C) 1999-2002,2004-2006,2009-2011,2013 Rami Lehti, Pablo + * Copyright (C) 1999-2002,2004-2006,2009-2011,2013,2018 Rami Lehti, Pablo * Virolainen, Mike Markley, Richard van den Berg, Hannes von Haugwitz * $Header$ * @@ -90,8 +90,10 @@ int is_prelinked(int fd) { if ((elf = elf_begin (fd, ELF_C_READ, NULL)) == NULL || elf_kind(elf) != ELF_K_ELF || gelf_getehdr(elf, &ehdr) == NULL - || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) + || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) { + elf_end(elf); return 0; + } bingo = 0; while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) { @@ -113,6 +115,7 @@ int is_prelinked(int fd) { } } } + elf_end(elf); return bingo; } ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ src/do_md.c | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-23 14:04:42
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 80134862869784784ea7c7121daf4240085de04b (commit) from 141d12e862b8ef979e6913b8d532a665563b84a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80134862869784784ea7c7121daf4240085de04b Author: Hannes von Haugwitz <ha...@vo...> Date: Sat Jun 23 11:56:40 2018 +0200 Fix spelling error diff --git a/ChangeLog b/ChangeLog index d4546cc..1eea55e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2018-06-23 Hannes von Haugwitz <ha...@vo...> + * Fix spelling error + 2018-06-17 Hannes von Haugwitz <ha...@vo...> * Fix some compiler warnings diff --git a/src/db_file.c b/src/db_file.c index 94bd16d..6a0f093 100644 --- a/src/db_file.c +++ b/src/db_file.c @@ -1,7 +1,7 @@ /* aide, Advanced Intrusion Detection Environment * - * Copyright (C) 1999-2007,2010-2013,2016 Rami Lehti, Pablo Virolainen, Mike - * Markley, Richard van den Berg, Hannes von Haugwitz + * Copyright (C) 1999-2007,2010-2013,2016,2018 Rami Lehti, Pablo Virolainen, + * Mike Markley, Richard van den Berg, Hannes von Haugwitz * $Header$ * * This program is free software; you can redistribute it and/or @@ -270,7 +270,7 @@ int db_file_read_spec(int db){ } if (conf->attr==DB_ATTR_UNDEF) { conf->attr=0; - error(0,"Database does not have attr field.\nComparation may be incorrect\nGenerating attr-field from dbspec\nIt might be a good Idea to regenerate databases. Sorry.\n"); + error(0,"Database does not have attr field.\nComparison may be incorrect\nGenerating attr-field from dbspec\nIt might be a good Idea to regenerate databases. Sorry.\n"); for(i=0;i<conf->db_in_size;i++) { conf->attr|=1<<(*db_order)[i]; } ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/db_file.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-17 06:52:40
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 141d12e862b8ef979e6913b8d532a665563b84a2 (commit) from b50df911afd1ac185eae8c2ca3335875ac03cf63 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 141d12e862b8ef979e6913b8d532a665563b84a2 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jun 17 08:42:12 2018 +0200 Fix some compiler warnings diff --git a/ChangeLog b/ChangeLog index 454b2ba..d4546cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2018-06-17 Hannes von Haugwitz <ha...@vo...> + * Fix some compiler warnings + 2018-06-10 Hannes von Haugwitz <ha...@vo...> * Add missing include in src/db.c (patch by Ilya Tumaykin) * src/base64.c: fix memory leak in decode_base64 (closes #95) diff --git a/src/compare_db.c b/src/compare_db.c index 45b6f29..39b52ed 100644 --- a/src/compare_db.c +++ b/src/compare_db.c @@ -396,19 +396,19 @@ snprintf(*values[0], l, "%s",s); *values[0] = malloc(time_string_len * sizeof (char)); \ strftime(*values[0], time_string_len, time_format, localtime(&(line->b))); - int l; if (line==NULL || !(line->attr&attr)) { *values = NULL; return 0; #ifdef WITH_ACL } else if (DB_ACL&attr) { - return acl2array(line->acl, &*values); + return acl2array(line->acl, values); #endif #ifdef WITH_XATTR } else if (DB_XATTRS&attr) { - return xattrs2array(line->xattrs, &*values); + return xattrs2array(line->xattrs, values); #endif } else { + int l; *values = malloc(1 * sizeof (char*)); if (DB_FTYPE&attr) { easy_string(get_file_type_string(line->perm)) @@ -459,13 +459,13 @@ static void print_line(seltree* node) { int length = sizeof(summary_attributes)/sizeof(DB_ATTR_TYPE); char* summary = malloc ((length+1) * sizeof (char)); if (node->checked&(NODE_ADDED|NODE_REMOVED)) { - summary[0]=get_file_type_char((node->checked&NODE_REMOVED?node->old_data:node->new_data)->perm); + summary[0]=get_file_type_char(((node->checked&NODE_REMOVED)?node->old_data:node->new_data)->perm); for(i=1;i<length;i++){ - summary[i]=node->checked&NODE_ADDED?'+':'-'; + summary[i]=(node->checked&NODE_ADDED)?'+':'-'; } } else if (node->checked&NODE_CHANGED) { - char c, u, a, r, g, s; for(i=0;i<length;i++) { + char c, u, a, r, g, s; c = summary_char[i]; r = '-'; a = '+'; g = ':'; u = '.'; s = ' '; switch (i) { @@ -499,7 +499,7 @@ static void print_line(seltree* node) { } } summary[length]='\0'; - error(2,"\n%s: %s", summary, (node->checked&NODE_REMOVED?node->old_data:node->new_data)->filename); + error(2,"\n%s: %s", summary, ((node->checked&NODE_REMOVED)?node->old_data:node->new_data)->filename); free(summary); summary=NULL; } else { if (node->checked&NODE_ADDED) { @@ -538,11 +538,11 @@ static void print_dbline_attributes(db_line* oline, db_line* nline, DB_ATTR_TYPE while (olen-p*k >= 0 || nlen-p*k >= 0) { c = k*(p-1); if (!onumber) { - error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, ' ', p-1, nlen-c>0?&nvalue[i][c]:""); + error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", (i+k)?"":details_string[j], (i+k)?' ':':', p, ' ', p-1, nlen-c>0?&nvalue[i][c]:""); } else if (!nnumber) { - error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p-1, olen-c>0?&ovalue[i][c]:""); + error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", (i+k)?"":details_string[j], (i+k)?' ':':', p-1, olen-c>0?&ovalue[i][c]:""); } else { - error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, p-1, olen-c>0?&ovalue[i][c]:"", p-1, nlen-c>0?&nvalue[i][c]:""); + error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", (i+k)?"":details_string[j], (i+k)?' ':':', p, p-1, olen-c>0?&ovalue[i][c]:"", p-1, nlen-c>0?&nvalue[i][c]:""); } k++; } ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/compare_db.c | 20 ++++++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-10 21:39:24
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via b50df911afd1ac185eae8c2ca3335875ac03cf63 (commit) from 7cc6f2be903fe342c8b2471f5557a1074f129218 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b50df911afd1ac185eae8c2ca3335875ac03cf63 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jun 10 23:37:44 2018 +0200 src/base64.c: fix memory leak in decode_base64 * closes #95 diff --git a/ChangeLog b/ChangeLog index e74866f..454b2ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2018-06-10 Hannes von Haugwitz <ha...@vo...> * Add missing include in src/db.c (patch by Ilya Tumaykin) + * src/base64.c: fix memory leak in decode_base64 (closes #95) 2018-05-31 Hannes von Haugwitz <ha...@vo...> * Remove aide.spec.in diff --git a/src/base64.c b/src/base64.c index 6c717fa..fd01bac 100644 --- a/src/base64.c +++ b/src/base64.c @@ -209,6 +209,7 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) case FAIL: error(3, "decode_base64: Illegal character: %c\n", *inb); error(230, "decode_base64: Illegal line:\n%s\n", src); + free(outbuf); return NULL; break; case SKIP: ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + src/base64.c | 1 + 2 files changed, 2 insertions(+) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-10 20:49:58
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 7cc6f2be903fe342c8b2471f5557a1074f129218 (commit) via c6e47606cb485457afd06d74c7f372011184fa73 (commit) from c6b2810cb5a5c553eed2661b3c998cceedbf138b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7cc6f2be903fe342c8b2471f5557a1074f129218 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jun 10 22:41:42 2018 +0200 ChangeLog: record c6e4760 diff --git a/ChangeLog b/ChangeLog index 34ea5b4..e74866f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2018-06-10 Hannes von Haugwitz <ha...@vo...> + * Add missing include in src/db.c (patch by Ilya Tumaykin) + 2018-05-31 Hannes von Haugwitz <ha...@vo...> * Remove aide.spec.in * Remove contrib/mkdailyrelease.sh commit c6e47606cb485457afd06d74c7f372011184fa73 Author: Ilya Tumaykin <itu...@gm...> Date: Tue May 23 17:24:29 2017 +0300 Add missing include in src/db.c url_fclose() function used in this file is defined in fopen.h. diff --git a/src/db.c b/src/db.c index dd133d4..858240d 100644 --- a/src/db.c +++ b/src/db.c @@ -28,6 +28,10 @@ #include "db_disk.h" #include "md.h" +#ifdef WITH_CURL +#include "fopen.h" +#endif + #ifdef WITH_PSQL #include "db_sql.h" #endif ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/db.c | 4 ++++ 2 files changed, 7 insertions(+) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-08 04:35:37
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via c6b2810cb5a5c553eed2661b3c998cceedbf138b (commit) from 376ac3d21905d2b171787150528ad30bbbdd448f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c6b2810cb5a5c553eed2661b3c998cceedbf138b Author: Hannes von Haugwitz <ha...@vo...> Date: Thu May 31 10:41:37 2018 +0200 Remove contrib/mkdailyrelease.sh diff --git a/ChangeLog b/ChangeLog index 71e01ab..34ea5b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2018-05-31 Hannes von Haugwitz <ha...@vo...> * Remove aide.spec.in + * Remove contrib/mkdailyrelease.sh 2017-11-18 Hannes von Haugwitz <ha...@vo...> * Fix root_prefix option diff --git a/contrib/mkdailyrelease.sh b/contrib/mkdailyrelease.sh deleted file mode 100644 index b9f2e5f..0000000 --- a/contrib/mkdailyrelease.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# -# Simple script to generate daily aide release from git -# -# Copyright © 2011 Hannes von Haugwitz -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -if [ -n "$1" ] ; then - SCP_USER="$1" - SCP_TARGET="web.sourceforge.net:htdocs/snapshots/aide-daily-snapshot.tar.gz" - SAVED_PWD=`pwd` - TMP=/tmp/aide-daily-release.$$ - mkdir $TMP - cd $TMP - if git clone -q git://aide.git.sourceforge.net/gitroot/aide/aide; then - cd aide - if sh autogen.sh >/dev/null 2>&1; then - if ./configure >/dev/null 2>&1; then - if make distcheck >/dev/null 2>&1; then - if GIT_VERSION=`git describe`; then - chmod 644 aide-${GIT_VERSION#v}.tar.gz - if ! scp -qp aide-${GIT_VERSION#v}.tar.gz $SCP_USER@$SCP_TARGET; then - echo "ERROR: 'scp' failed!" - exit 7 - fi - else - echo "ERROR: 'git describe' failed!" - exit 6 - fi - else - echo "ERROR: 'make distcheck' failed!" - exit 5 - fi - else - echo "ERROR: './configure' failed!" - exit 4 - fi - else - echo "ERROR: 'sh autogen.sh' failed!" - exit 3 - fi - else - echo "ERROR: 'git clone' failed!" - exit 2 - fi - cd $SAVED_PWD - rm -rf $TMP -else - echo "ERROR: you must specify a username (e.g. ./mkdailyrelease.sh user,aide)" - exit 1 -fi ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + contrib/mkdailyrelease.sh | 64 ----------------------------------------------- 2 files changed, 1 insertion(+), 64 deletions(-) delete mode 100644 contrib/mkdailyrelease.sh hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2018-06-08 04:31:00
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 376ac3d21905d2b171787150528ad30bbbdd448f (commit) from 11a2c9828cc5d182a0a3090af4ee7687eb997f57 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 376ac3d21905d2b171787150528ad30bbbdd448f Author: Hannes von Haugwitz <ha...@vo...> Date: Thu May 31 10:34:20 2018 +0200 Remove aide.spec.in diff --git a/ChangeLog b/ChangeLog index 43f84a1..71e01ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2018-05-31 Hannes von Haugwitz <ha...@vo...> + * Remove aide.spec.in + 2017-11-18 Hannes von Haugwitz <ha...@vo...> * Fix root_prefix option diff --git a/aide.spec.in b/aide.spec.in deleted file mode 100644 index a24f241..0000000 --- a/aide.spec.in +++ /dev/null @@ -1,61 +0,0 @@ -%define name aide -%define ver @AIDEVERSION@ -%define rel 1 -%define prefix /usr - -Summary: Advanced Intrusion Detection Environment -Name: %name -Version: %ver -Release: %rel -Copyright: GPL -Group: Console/Security -Source: http://prdownloads.sourceforge.net/aide/aide-%ver.tar.gz -BuildRoot: /var/tmp/aide-%{PACKAGE_VERSION}-root -Obsoletes: %name -URL: http://sourceforge.net/projects/aide -Docdir: %{prefix}/doc - -%description -aide is an intrusion detection system for checking the integrity of files. - -%changelog - -* Fri Nov 28 2003 Richard van den Berg <ri...@vd...> - -- Changed URLs to point to sourceforge.net - -* Wed Jan 26 2000 Matthew Kirkwood <we...@fe...> - -- Fixes for RH 6.1 and sysconfdir changed to /etc and /var/lib/aide added - -* Sun Sep 12 1999 Rami Lehti <ra...@cs...> - -- Some small changes to make this autogeneratable by configure. - -* Sat Sep 11 1999 Zach Brown <za...@re...> - -- First go - -%prep -%setup - -%build -CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix --sysconfdir=/etc --with-config-file=/etc/aide.conf - -%install -rm -rf $RPM_BUILD_ROOT - -make prefix=$RPM_BUILD_ROOT%{prefix} install-strip install-man -mkdir -p -m700 $RPM_BUILD_ROOT/var/lib/aide - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-, root, root) - -%doc AUTHORS COPYING ChangeLog NEWS README README-snprintf LICENSE-snprintf.txt Todo doc/aide* -%{prefix}/bin/aide -%{_mandir}/man1/aide.1* -%{_mandir}/man5/aide.conf.5* -/var/lib/aide diff --git a/configure.ac b/configure.ac index 3598ebe..673f0f5 100644 --- a/configure.ac +++ b/configure.ac @@ -998,5 +998,5 @@ LDFLAGS="$LDFLAGS $EXTRA_LDFLAGS" CFLAGS="$CFLAGS $EXTRA_CFLAGS" AC_SUBST(AIDE_DEFS) -AC_OUTPUT(Makefile doc/aide.conf doc/aide.1 doc/aide.conf.5 aide.spec) +AC_OUTPUT(Makefile doc/aide.conf doc/aide.1 doc/aide.conf.5) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ aide.spec.in | 61 ------------------------------------------------------------ configure.ac | 2 +- 3 files changed, 4 insertions(+), 62 deletions(-) delete mode 100644 aide.spec.in hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2017-11-18 08:09:52
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 11a2c9828cc5d182a0a3090af4ee7687eb997f57 (commit) from 4863aa95d571c95107841aebf97d3d32aa8b3577 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 11a2c9828cc5d182a0a3090af4ee7687eb997f57 Author: Hannes von Haugwitz <ha...@vo...> Date: Sat Nov 18 09:00:27 2017 +0100 Fix root_prefix option diff --git a/ChangeLog b/ChangeLog index 14a3c72..43f84a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2017-11-18 Hannes von Haugwitz <ha...@vo...> + * Fix root_prefix option + 2017-10-29 Hannes von Haugwitz <ha...@vo...> * Fix short form of --limit parameter diff --git a/src/db_disk.c b/src/db_disk.c index 47e3e3e..36748e7 100644 --- a/src/db_disk.c +++ b/src/db_disk.c @@ -203,7 +203,7 @@ db_line *db_readline_disk () fullname=malloc((conf->root_prefix_length+2)*sizeof(char)); strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1); strncat (fullname, "/", 1); - if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) { + if (!get_file_status(fullname, &fs)) { add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode); error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add, conf->tree, attr); @@ -249,7 +249,7 @@ recursion: If not call, db_readline_disk again... */ - if (get_file_status(&fullname[conf->root_prefix_length], &fs)) { + if (get_file_status(fullname, &fs)) { free (fullname); goto recursion; } ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/db_disk.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2017-10-29 21:32:38
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 4863aa95d571c95107841aebf97d3d32aa8b3577 (commit) from 543c3f9f1af0414a52be20d35558f1490bcf559b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4863aa95d571c95107841aebf97d3d32aa8b3577 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Oct 29 22:16:39 2017 +0100 Fix short form of --limit parameter diff --git a/ChangeLog b/ChangeLog index 263c438..14a3c72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2017-10-29 Hannes von Haugwitz <ha...@vo...> + * Fix short form of --limit parameter + 2016-07-25 Hannes von Haugwitz <ha...@vo...> * Release version 0.16 diff --git a/src/aide.c b/src/aide.c index f85c1b4..2971178 100644 --- a/src/aide.c +++ b/src/aide.c @@ -117,7 +117,7 @@ static int read_param(int argc,char**argv) }; while(1){ - option = getopt_long(argc, argv, "hV::vc:B:A:r:iCuDE", options, &i); + option = getopt_long(argc, argv, "hV::vc:l:B:A:r:iCuDE", options, &i); if(option==-1) break; switch(option) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/aide.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-25 21:48:58
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The annotated tag, v0.16 has been created at 3730e8f503d94aa29f0128158e7c46986ec227cf (tag) tagging 543c3f9f1af0414a52be20d35558f1490bcf559b (commit) replaces v0.16rc1 tagged by Hannes von Haugwitz on Mon Jul 25 22:59:02 2016 +0200 - Log ----------------------------------------------------------------- Release version 0.16 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAABCAAGBQJXln2WAAoJEBjuhjhgIu9XoRIL/R7d8JW/HwZMqwVZT/p5W1Qb wIsarz88GrZzp8bTS3a/age6YwaLIJ9pfEeJVppc0pOU1qdXotUQfbydP39akcma c5EkC/OXHTyte/wT9E9ZrT7tFrKbQFSYHTgYmPz+eDw2EXc5GvTsllI+cyzkiU6Y JvKMUU2xpQB+tQhJbrFf4/Z8BSpUyFIQiO+Nrhq9f9PWOIjlBZ91dWCHku3zr/4R ui4pN/OxQmgeehLS+HqtB34zoj73KQP5mMzedzxO7tMrLh+fhglCLnZCJjlLsQm+ xiZcoRUexfjf6jhRQy5zAA3EySuKsIUTiMHIlbJJkXPxPHaNogn8fv2gRhAoAXLI SAzf5vr+H/Eip3J4qG36DN6/GDR08PiaQAEuYgiNwQf6z4FADTQ0V0heB5IhU1vd 4cnkct5AF95gcH69iHGhoiPdZ2s+fKoQIJBLZbz5BmjpvvnkJHFFIIX3RbLRIekb TkZIk9MVaaLPe7Opxj77+ueKYC5ZwbomBJ7M4tMvDg== =sCkQ -----END PGP SIGNATURE----- Hannes von Haugwitz (2): Remove stamp-h.in Release version 0.16 ----------------------------------------------------------------------- hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-25 21:47:15
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 543c3f9f1af0414a52be20d35558f1490bcf559b (commit) from 9f8eed5c374082a96b269c3450cc1eadbde796fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 543c3f9f1af0414a52be20d35558f1490bcf559b Author: Hannes von Haugwitz <ha...@vo...> Date: Mon Jul 25 22:43:13 2016 +0200 Release version 0.16 diff --git a/ChangeLog b/ChangeLog index dc097dd..263c438 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-07-25 Hannes von Haugwitz <ha...@vo...> + * Release version 0.16 + 2016-07-11 Hannes von Haugwitz <ha...@vo...> * Fix example aide.conf (xattr -> xattrs) * aide.conf.5: update "SELECTION LINES" section diff --git a/README b/README index edcbe83..ce99155 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ AIDE - Advanced Intrusion Detection Environment ------------------------------------------------- - Version 0.16rc1 + Version 0.16 This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/doc/aide.1.in b/doc/aide.1.in index 8717aac..e60858d 100644 --- a/doc/aide.1.in +++ b/doc/aide.1.in @@ -1,4 +1,4 @@ -.TH AIDE 1 "Jul 11, 2016" "aide 0.16rc1" "User Commands" +.TH AIDE 1 "Jul 25, 2016" "aide 0.16" "User Commands" .SH NAME \fBaide\fP \- Advanced Intrusion Detection Environment .SH SYNOPSIS diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 58675e0..0ca8f6b 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -1,4 +1,4 @@ -.TH AIDE.CONF 5 "Jul 11, 2016" "aide 0.16rc1" "AIDE" +.TH AIDE.CONF 5 "Jul 25, 2016" "aide 0.16" "AIDE" .SH NAME aide.conf - The configuration file for Advanced Intrusion Detection Environment diff --git a/doc/manual.html b/doc/manual.html index 1ede6b2..5127038 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -2,7 +2,7 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> -<head><title>AIDE Manual version 0.16rc1</title> +<head><title>AIDE Manual version 0.16</title> </head> <body> ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ README | 2 +- doc/aide.1.in | 2 +- doc/aide.conf.5.in | 2 +- doc/manual.html | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-11 21:24:43
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The annotated tag, v0.16rc1 has been created at 6de8660468429bcdc35d56597aeaa307033d127c (tag) tagging 7bf821b14d24711f559a8b213f68a5dfefe6345b (commit) replaces v0.16b1 tagged by Hannes von Haugwitz on Mon Jul 11 21:27:09 2016 +0200 - Log ----------------------------------------------------------------- Released version 0.16rc1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAABCAAGBQJXg/MNAAoJEBjuhjhgIu9XBH4L+wU942HK+VLZMHeMHwpCTJSO /YF6K+ahiq6RO/lO3trXfTBqG5AghtJlkzvbRWwmKyiITXxVVlDSihZgVNqR1r4Y ut7kz1PNmqvwbUYRptKbkNlGZkB2heUV+UQzNef/MvObmqOkZS3FiIzz5+hwxIMw rMpYOdEe0i1UL7ZD9iBSLCVreOpYu2fEyBZeMYSgNNpNKN2BWvD+mH9UuTkUSokZ 4cc82FUS+xrsifP9FUmuOHBN98KAtmHeDmOuApKk/rqhfjM7nNI+dO5QIYCbMzBS OfywwkdfrydcJkEITCRgv9MJyyldbVMIemEkowCqYCkdOAvUdTpRrlZ8hLCZZ8sF 4Wp4nNckw428VqCRluCgaD5vzefu17IFkeRcGFB+zqQsRft1nuOAa61qs1W0GPCF bYAJ5ZJy4c07i4SZFeE8tY75wMDGKgJFX6kFZsTAeNoE6vNxMDz0PQK7eNwzqPXM ShiwslylGG7wX78JOsPygqRx13xHfrHZzs6H4jG03w== =G9gh -----END PGP SIGNATURE----- Hannes von Haugwitz (12): Add missing break statements Adapt manual to version 0.16 Fix compilation with latest libaudit Use AC_PROG_CC_C99 instead of AC_PROG_CC Add AM_PROG_CC_C_O aide.conf.in: logfile -> file Update README Update manual pages (aide.1 and aide.conf.5) Fix example aide.conf (xattr -> xattrs) aide.conf.5: update "SELECTION LINES" section Finalise aide 0.16 NEWS section Released version 0.16rc1 ----------------------------------------------------------------------- hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-11 21:24:24
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 7bf821b14d24711f559a8b213f68a5dfefe6345b (commit) from a626e90dce9c4b1b273adb3a6c1fe82c611daed3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7bf821b14d24711f559a8b213f68a5dfefe6345b Author: Hannes von Haugwitz <ha...@vo...> Date: Mon Jul 11 21:10:17 2016 +0200 Released version 0.16rc1 diff --git a/ChangeLog b/ChangeLog index 50be68a..dc097dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 2016-07-11 Hannes von Haugwitz <ha...@vo...> * Fix example aide.conf (xattr -> xattrs) * aide.conf.5: update "SELECTION LINES" section + * Released version 0.16rc1 2016-07-10 Hannes von Haugwitz <ha...@vo...> * Fix compilation with latest libaudit diff --git a/README b/README index 5fd8c32..edcbe83 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ AIDE - Advanced Intrusion Detection Environment ------------------------------------------------- - Version 0.16b1 + Version 0.16rc1 This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/doc/aide.1.in b/doc/aide.1.in index 62570bd..8717aac 100644 --- a/doc/aide.1.in +++ b/doc/aide.1.in @@ -1,4 +1,4 @@ -.TH AIDE 1 "Apr 15, 2016" "aide 0.16b1" "User Commands" +.TH AIDE 1 "Jul 11, 2016" "aide 0.16rc1" "User Commands" .SH NAME \fBaide\fP \- Advanced Intrusion Detection Environment .SH SYNOPSIS diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 65257d4..58675e0 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -1,4 +1,4 @@ -.TH AIDE.CONF 5 "Apr 15, 2016" "aide 0.16b1" "AIDE" +.TH AIDE.CONF 5 "Jul 11, 2016" "aide 0.16rc1" "AIDE" .SH NAME aide.conf - The configuration file for Advanced Intrusion Detection Environment diff --git a/doc/manual.html b/doc/manual.html index 2f1e75a..1ede6b2 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -2,7 +2,7 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> -<head><title>AIDE Manual version 0.16b1</title> +<head><title>AIDE Manual version 0.16rc1</title> </head> <body> ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + README | 2 +- doc/aide.1.in | 2 +- doc/aide.conf.5.in | 2 +- doc/manual.html | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-11 19:05:13
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via a626e90dce9c4b1b273adb3a6c1fe82c611daed3 (commit) from 2de463503517474d86896b1f97aaa01b62748999 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a626e90dce9c4b1b273adb3a6c1fe82c611daed3 Author: Hannes von Haugwitz <ha...@vo...> Date: Mon Jul 11 21:02:33 2016 +0200 Finalise aide 0.16 NEWS section diff --git a/NEWS b/NEWS index 09e51de..f81eafa 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,7 @@ Version 0.16 (NOT_YET_RELEASED) - Negative selection lines of the form '!<regex> <groups>' are no longer supported (use '!<regex>' instead) - The switch to Perl 5 Compatible Regular Expressions and the fix of - '.*'-rule matching may result in different rule matching behaviour. + '.*'-rule matching may result in different rule matching behaviour * Support restricted selection lines * Switch to PCRE library (drops bundled GNU regexp library) * New config options: @@ -27,6 +27,7 @@ Version 0.16 (NOT_YET_RELEASED) - adjust file type letters in summarize_changes output - add numeric timezone to time string - add info about verbose level to report if it differs from standard + value - add info about number of entries if aide found no changes or the database has been initialized - add run time to report @@ -45,6 +46,7 @@ Version 0.16 (NOT_YET_RELEASED) * Sort entries of database file * Compare database entries just once * Add warning if a group is redefined + * Update documentation * Bug fixes * Code clean up ----------------------------------------------------------------------- Summary of changes: NEWS | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-11 18:47:27
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 2de463503517474d86896b1f97aaa01b62748999 (commit) from 1192cf8a7b784fcaa6e417ff912045a7ddb8de18 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2de463503517474d86896b1f97aaa01b62748999 Author: Hannes von Haugwitz <ha...@vo...> Date: Mon Jul 11 20:45:29 2016 +0200 aide.conf.5: update "SELECTION LINES" section diff --git a/ChangeLog b/ChangeLog index c82c6f6..50be68a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2016-07-11 Hannes von Haugwitz <ha...@vo...> * Fix example aide.conf (xattr -> xattrs) + * aide.conf.5: update "SELECTION LINES" section 2016-07-10 Hannes von Haugwitz <ha...@vo...> * Fix compilation with latest libaudit diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 54dda69..65257d4 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -225,7 +225,8 @@ Regular selection line: .B <regex> <group> .fi -Files matching the regular expression are added to the database. +Files and directories matching the regular expression are added to the +database. .RE @@ -236,8 +237,8 @@ Negative selection line: .B !<regex> .fi -Files matching the regular expression are ignored and not added to the -database. +Files and directories matching the regular expression are ignored and not added +to the database. .RE ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + doc/aide.conf.5.in | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-11 18:44:08
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 1192cf8a7b784fcaa6e417ff912045a7ddb8de18 (commit) from e60f3dddea0c131c3cfaeca48f33daf0e8e58aff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1192cf8a7b784fcaa6e417ff912045a7ddb8de18 Author: Hannes von Haugwitz <ha...@vo...> Date: Mon Jul 11 20:38:09 2016 +0200 Fix example aide.conf (xattr -> xattrs) diff --git a/ChangeLog b/ChangeLog index 9eaadba..c82c6f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-07-11 Hannes von Haugwitz <ha...@vo...> + * Fix example aide.conf (xattr -> xattrs) + 2016-07-10 Hannes von Haugwitz <ha...@vo...> * Fix compilation with latest libaudit * Use AC_PROG_CC_C99 instead of AC_PROG_CC diff --git a/configure.ac b/configure.ac index 72e3d52..3598ebe 100644 --- a/configure.ac +++ b/configure.ac @@ -538,7 +538,7 @@ AS_IF([test "x$with_xattr_support" != xno], [AC_DEFINE(WITH_XATTR,1,[use xattr]) ATTRLIB=-lattr compoptionstring="${compoptionstring}WITH_XATTR\\n" - aideextragroups="${aideextragroups}+xattr" + aideextragroups="${aideextragroups}+xattrs" AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)] ) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 21:51:37
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via e60f3dddea0c131c3cfaeca48f33daf0e8e58aff (commit) from 5b8bd3ba7ccd46e6cd7892a1e271174024736caa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e60f3dddea0c131c3cfaeca48f33daf0e8e58aff Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 23:13:14 2016 +0200 Update manual pages (aide.1 and aide.conf.5) diff --git a/ChangeLog b/ChangeLog index d569cee..9eaadba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ * Add AM_PROG_CC_C_O * aide.conf.in: logfile -> file * Update README + * Update manual pages (aide.1 and aide.conf.5) 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/doc/aide.1.in b/doc/aide.1.in index 8b46b8e..62570bd 100644 --- a/doc/aide.1.in +++ b/doc/aide.1.in @@ -6,8 +6,8 @@ \%[\fBparameters\fP] \%\fBcommand\fP .SH DESCRIPTION -\fBaide\fP is an intrusion detection system for checking the integrity -of files. +\fBAIDE\fP is an intrusion detection system for checking the integrity +of files. .SH COMMANDS .PP @@ -19,15 +19,15 @@ command \fBaide\fP does a check. Initialize the database. You must initialize a database and move it to the appropriate place before you can use the \-\-check command. .IP "--update, -u" -Checks the database and updates the database non-interactively. +Checks the database and updates the database non-interactively. The input and output databases must be different. .IP "--compare, -E" -Compares two databases. They must be defined in configfile with +Compares two databases. They must be defined in config file with database=<url> and database_new=<url>. .IP "--config-check, -D" Stops after reading in the configuration file. Any errors will be reported. If \fBaide\fP was compiled with the \(dq\fB--with-dbhmackey\fR\(dq option, -a hash for the config file will be calculated. See the aide manual for more +a hash for the config file will be calculated. See the AIDE manual for more information. .SH PARAMETERS .IP "--config=\fBconfigfile\fR , -c \fBconfigfile\fR" @@ -35,10 +35,25 @@ Configuration is read from file \fBconfigfile\fR instead of "./aide.conf". Use ' .IP "--limit=\fBREGEX\fR , -l \fBREGEX\fR" Limit command to entries matching REGEX. Note that the REGEX only matches at the first position. + +.RS +.B Example +.RS 3 +Only check and update the database entries matching /etc (i.e. the /etc +directory) while leaving all other entries unchecked and unchanged: + +.RS 3 +.nf +aide --update --limit /etc +.fi +.RE +.RE +.RE + .IP "--before=\(dq\fBconfigparameters\fR\(dq , -B \(dq\fBconfigparameters\fR\(dq" These \fBconfigparameters\fR are handled before the reading of the configuration file. See aide.conf (5) for more details on what to put -here. +here. .IP "--after=\(dq\fBconfigparameters\fR\(dq , -A \(dq\fBconfigparameters\fR\(dq" These \fBconfigparameters\fR are handled after the reading of the configuration file. See aide.conf (5) for more details on what to put @@ -57,7 +72,7 @@ Prints out the standard help message. .PP .SH DIAGNOSTICS Normally, the exit status is 0 if no errors occurred. Except when the -.BR --check, +.BR --check , .BR --compare " or" .B --update command was requested, in which case the exit status is defined as: @@ -94,7 +109,7 @@ Default aide database. Default aide output database. .SH SEE ALSO .BR aide.conf (5) -.BR http://www.cs.tut.fi/~rammer/aide/manual.html +.BR manual.html .SH BUGS There are probably bugs in this release. Please report them at http://sourceforge.net/projects/aide . Bug fixes are more than welcome. diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 471d635..54dda69 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -1,31 +1,31 @@ .TH AIDE.CONF 5 "Apr 15, 2016" "aide 0.16b1" "AIDE" .SH NAME aide.conf - The configuration file for Advanced Intrusion Detection -Environment +Environment .PP .SH SYNOPSIS \fBaide.conf\fP is the configuration file for Advanced Intrusion Detection Environment. \fBaide.conf\fP contains the runtime -configuration aide uses to initiailize or check the aide database. +configuration aide uses to initialize or check the AIDE database. .PP .SH "FILE FORMAT" \fBaide.conf\fP is similar in to Tripwire(tm)'s configuration -file. With little effort tw.conf can be converted to aide.conf. +file. With little effort tw.conf can be converted to aide.conf. .PP -aide.conf is case-sensitive. Leading and trailing whitespaces are -ignored. +aide.conf is case-sensitive. Leading and trailing white spaces are +ignored. .PP There are three types of lines in \fBaide.conf\fP. First there are the configuration lines which are used to set configuration parameters and -define/undefine variables. Second, there are selection lines that are used -to indicate which files are added to the database. Third, macro lines -define or undefine variables within the config file. Lines beginning -with # are ignored as comments. +define/undefine variables. Second, there are (restricted) selection lines that +are used to indicate which files are added to the database. Third, macro lines +define or undefine variables within the config file. Lines beginning with # +are ignored as comments. .PP .SH "CONFIG LINES" .PP These lines have the format parameter=value. See URLS for a list of -valid urls. +valid urls. .PP .IP "database" The url from which database is read. There can only be one of these @@ -47,9 +47,9 @@ to .RB ' E '. By default all compiled in checksums are added to the report. .IP "database_add_metadata" -Whether to add the Aide version and the time of database generation as comments +Whether to add the AIDE version and the time of database generation as comments to the database file or not. Valid values are yes, true, no and false. The -default is to add the Aide version and the time of database generation. This +default is to add the AIDE version and the time of database generation. This option may be set to no by default in a future release. .IP "verbose" The level of messages that is output. This value can be 0-255 @@ -60,7 +60,7 @@ output is written when doing \-\-check, \-\-update or \-\-compare. .IP "report_url" The url that the output is written to. There can be multiple instances of this parameter. Output is written to all of them. The default is -stdout. +stdout. .IP "report_base16" Whether to base16 encode the checksums in the report or not. Valid values are yes, true, no and false. The default is to report checksums not in base16 but @@ -79,7 +79,7 @@ yes,true,no and false. The default is no. This option is available only if zlib support is compiled in. .IP "root_prefix" The prefix to strip from each file name in the file system before applying the -rules and writing to database. Aide removes a trailing slash from the prefix. +rules and writing to database. AIDE removes a trailing slash from the prefix. The default is no (an empty) prefix. This option has no effect in compare mode. .IP "acl_no_symlink_follow" @@ -102,17 +102,17 @@ The general format is like the string YlZbpugamcinCAXSE, where Y is replaced by the file-type (\fBf\fP for a regular file, \fBd\fP for a directory, \fBl\fP for a symbolic link, \fBc\fP for a character device, \fBb\fP for a block device, \fBp\fP for a FIFO, \fBs\fP for a unix -socket, \fBD\fP for a Solaris door, \fBP\fP for a Port, \fB!\fP if file type -has changed and \fB?\fP otherwise). +socket, \fBD\fP for a Solaris door, \fBP\fP for a Solaris event port, \fB!\fP +if file type has changed and \fB?\fP otherwise). The Z is replaced as follows: A \fB=\fP means that the size has not changed, a \fB<\fP reports a shrinked size and a \fB>\fP reports a grown size. -The other letters in the string are the actual letters that will be output +The other letters in the string are the actual letters that will be output if the associated attribute for the item has been changed or a "." for no change, a "+" if the attribute has been added, a "-" if it has been removed, a ":" if the attribute is ignored (but not forced) or a " " if the attribute has -not been checked. The exceptions to this are: (1) a newly created file replaces +not been checked. The exceptions to this are: (1) a newly created file replaces each letter with a "+", and (2) a removed file replaces each letter with a "-". The attribute that is associated with each letter is as follows: @@ -198,17 +198,17 @@ report_ignore_e2fsattrs=EhI .RE .RE .IP "config_version" -The value of config_version is printed in the report and also printed +The value of config_version is printed in the report and also printed to the database. This is for informational purposes only. It has no other functionality. .IP "Group definitions" If the parameter is not one of the previous parameters then it is regarded as a group definition. Value is then regarded as an -expression. Expression is of the following form. -.IP +expression. Expression is of the following form. +.IP .nf <predefined group>| <expr> + <predefined group> - | <expr> - <predifined group> + | <expr> - <predefined group> .fi .IP See DEFAULT GROUPS for an explanation of default predefined groups. @@ -216,19 +216,54 @@ Note that this is different from the way Tripwire(tm) does it. .PP .SH "SELECTION LINES" .PP -aide supports three types of selection lines (regular, negative, equals) -Lines beginning with "/" are regular selection lines. Lines beginning -with "=" are equals selection lines. And lines beginning with "!" -are negative selection lines. The string following the first character -is taken as a regular expression matching to a complete filename, -including the path. In a regular selection rule the "/" is included in the -regular expression. Special characters in your filenames can be escaped -using two-digit URL encoding (for example, %20 to represent a space). -Following the regular expression is a group definition as explained above. +AIDE supports three types of selection lines: + +Regular selection line: +.RS 3 + +.nf +.B <regex> <group> +.fi + +Files matching the regular expression are added to the database. + +.RE + +Negative selection line: +.RS 3 + +.nf +.B !<regex> +.fi + +Files matching the regular expression are ignored and not added to the +database. + +.RE + +Equals selection line: +.RS 3 + +.nf +.B =<regex> <group> +.fi + +Files and directories matching the regular expression are added to the +database. The children of directories are only added if the regular expression +ends with a "/". The children of sub-directories are not added at all. + +.RE + +Every regular expression has to start with a "/". An implicit ^ is added in +front of each regular expression. In other words the regular expressions are +matched at the first position against the complete filename (i.e. including the +path). Special characters in your filenames can be escaped using two-digit URL +encoding (for example, %20 to represent a space). + See EXAMPLES and doc/aide.conf for examples. .PP More in-depth discussion of the selection algorithm can be found in -the aide manual. +the AIDE manual. .IP .PP .SH "RESTRICTED SELECTION LINES" @@ -250,7 +285,7 @@ restricted to file types. The following file types are supported: \fBp\fP: restrict rule to FIFO files -\fBs\fP: restrict rule to unix sockets +\fBs\fP: restrict rule to UNIX sockets \fBD\fP: restrict rule to Solaris doors @@ -263,7 +298,7 @@ selection lines is as follows: Restricted regular selection line: .RS 3 .nf -.B /<regex> <file types> <group> +.B <regex> <file types> <group> .fi .RE @@ -330,9 +365,9 @@ the part between @@else and @@endif is used. @@ifndef reverses the logic of @@ifdef statement but otherwise works similarly. .IP "@@ifhost \fBhostname\fR, @@ifnhost \fBhostname\fR" @@ifhost works like @@ifdef only difference is that it checks whether -\fBhostname\fR equals the name of the host that aide is running on. +\fBhostname\fR equals the name of the host that AIDE is running on. \fBhostname\fR is the name of the host without the domainname -(hostname, not hostname.aide.org). +(hostname, not hostname.example.com). .IP "@@{\fBVAR\fR}" @@{\fBVAR\fR} is replaced with the value of the variable \fBVAR\fR. If variable \fBVAR\fR is not defined an empty string is used. Unlike @@ -343,7 +378,7 @@ Begins the else part of an if statement. .IP "@@endif" Ends an if statement. .IP "@@include \fBVAR\fR" -Includes the file \fBVAR\fR. The content of the file is used as if it +Includes the file \fBVAR\fR. The content of the file is used as if it were inserted in this part of the config file. .PP .SH URLS @@ -356,7 +391,7 @@ Output is sent to stdout,stderr respectively. Input is read from stdin. .IP "file://\fBfilename\fR" Input is read from \fBfilename\fR or output is written to -\fBfilename\fR. +\fBfilename\fR. .IP "fd:\fBnumber\fR" Input is read from filedescriptor \fBnumber\fR or output is written to \fBnumber\fR. @@ -391,7 +426,7 @@ Input is read from filedescriptor \fBnumber\fR or output is written to .IP "L: p+ftype+i+l+n+u+g+X" .IP "E: Empty group" .IP "X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled)" -.IP ">: Growing logfile p+ftype+l+u+g+i+n+S+X" +.IP ">: Growing file p+ftype+l+u+g+i+n+S+X" .LP And also the following if you have mhash support enabled .IP "gost: gost checksum" @@ -415,21 +450,28 @@ but are ignored in the report. .PP .SH EXAMPLES .IP -.B "/ R" +.B "/ R" .LP -This adds all files on your machine to the database. This is one line +This adds all files on your machine to the database. This one line is a fully qualified configuration file. .IP .B "!/dev" .LP This ignores the /dev directory structure. .IP -.B "=/tmp" +.B "=/foo R" +.LP +Only /foo and /foobar are taken into the database. None of their children are +added. +.IP +.B "=/foo/ R" .LP -Only /tmp is taken into the database. None of its children are added. -.IP +Only /foo and its children (e.g. /foo/file and /foo/directory) are taken into +the database. The children of sub-directories (e.g. /foo/directory/bar) are not +added. +.IP .B "\fBAll\fR=p+i+n+u+g+s+m+c+a+md5+sha1+tiger+rmd160" -.LP +.LP This line defines group \fBAll\fR. It has all attributes and all md checksum functions. If you absolutely want all digest functions then you should enable mhash support and add @@ -437,32 +479,15 @@ then you should enable mhash support and add \fBAll\fR. Mhash support can only be enabled at compile-time. .PP .SH HINTS -.IP -.B "=/foo p+i+l+n+u+g+s+m+c+md5" -.IP -.B "/foo/bar p+i+l+n+u+g+s+m+c+md5" -.LP -This config adds all files under /foo because they match to regex /foo, -which is equivalent to /foo.* . What you probably want is: -.IP -.B "=/foo$ p+i+l+n+u+g+s+m+c+md5" -.IP -.B "/foo/bar p+i+l+n+u+g+s+m+c+md5" -.LP -Note that the following still works as expected because =/foo$ stop -recuring of directory /foo. -.IP -.B "=/foo p+i+l+n+u+g+s+m+c+md5" -.LP In the following, the first is not allowed in AIDE. Use the latter instead. .IP .B "/foo epug" -.IP +.IP .B "/foo e+p+u+g" .PP .SH "SEE ALSO" .BR aide (1) -.BR http://www.cs.tut.fi/~rammer/aide/manual.html +.BR manual.html .SH DISCLAIMER All trademarks are the property of their respective owners. No animals were harmed while making this webpage or this piece of ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + doc/aide.1.in | 31 ++++++++--- doc/aide.conf.5.in | 153 ++++++++++++++++++++++++++++++---------------------- 3 files changed, 113 insertions(+), 72 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 09:58:31
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 5b8bd3ba7ccd46e6cd7892a1e271174024736caa (commit) from e78b83dca644a8e4ad288aa47a517e0c413e9c64 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5b8bd3ba7ccd46e6cd7892a1e271174024736caa Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 10:03:38 2016 +0200 Update README diff --git a/ChangeLog b/ChangeLog index ec9d812..d569cee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ * Use AC_PROG_CC_C99 instead of AC_PROG_CC * Add AM_PROG_CC_C_O * aide.conf.in: logfile -> file + * Update README 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/README b/README index ef0536a..5fd8c32 100644 --- a/README +++ b/README @@ -62,7 +62,7 @@ to use --disable-static when configuring AIDE. Please note that dynamic linking introduces a security risk and is not recommended. - For Mac OS Leopard (10.5) you also need to use --disable-lfs because it + Since Mac OS Leopard (10.5) you also need to use --disable-lfs because it handles 64 bit file support out of the box. Source Code Verification @@ -85,7 +85,7 @@ The current public key needed for signature verification is: - pub 4096R/68E7B931 2011-06-28 [expires: 2017-06-26] + pub 4096R/68E7B931 2011-06-28 [expires: 2021-06-27] uid Hannes von Haugwitz <ha...@vo...> If you do not have this key, you can get it from one of the well known PGP ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + README | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 06:42:25
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via e78b83dca644a8e4ad288aa47a517e0c413e9c64 (commit) from da85c651b80aa9283cbe2da0144c0ad305752fe7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e78b83dca644a8e4ad288aa47a517e0c413e9c64 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 08:27:26 2016 +0200 aide.conf.in: logfile -> file diff --git a/ChangeLog b/ChangeLog index a575458..ec9d812 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ * Fix compilation with latest libaudit * Use AC_PROG_CC_C99 instead of AC_PROG_CC * Add AM_PROG_CC_C_O + * aide.conf.in: logfile -> file 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/doc/aide.conf.in b/doc/aide.conf.in index 863e2a0..f967a01 100644 --- a/doc/aide.conf.in +++ b/doc/aide.conf.in @@ -91,7 +91,7 @@ report_url=stdout #R: p+ftype+i+l+n+u+g+s+m+c+md5 #L: p+ftype+i+l+n+u+g #E: Empty group -#>: Growing logfile p+ftype+l+u+g+i+n+S +#>: Growing file p+ftype+l+u+g+i+n+S #The following are available if you have mhash support enabled: #gost: gost checksum #whirlpool: whirlpool checksum ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + doc/aide.conf.in | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 06:22:01
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via da85c651b80aa9283cbe2da0144c0ad305752fe7 (commit) from e738ce7b3def93b9231aff8d25aa7e89a43ea779 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da85c651b80aa9283cbe2da0144c0ad305752fe7 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 08:19:27 2016 +0200 Add AM_PROG_CC_C_O diff --git a/ChangeLog b/ChangeLog index ae73750..a575458 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 2016-07-10 Hannes von Haugwitz <ha...@vo...> * Fix compilation with latest libaudit * Use AC_PROG_CC_C99 instead of AC_PROG_CC + * Add AM_PROG_CC_C_O 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/configure.ac b/configure.ac index 3e52c73..72e3d52 100644 --- a/configure.ac +++ b/configure.ac @@ -30,6 +30,7 @@ fi AC_CHECK_PROGS(LD, ld) AC_PATH_PROG(PKG_CONFIG, pkg-config, "") +AM_PROG_CC_C_O dnl AC_ARG_PROGRAM ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + configure.ac | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 06:18:22
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via e738ce7b3def93b9231aff8d25aa7e89a43ea779 (commit) from 8ef8a92453e331f9fe0b73db655fa116a282a6db (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e738ce7b3def93b9231aff8d25aa7e89a43ea779 Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 08:16:30 2016 +0200 Use AC_PROG_CC_C99 instead of AC_PROG_CC diff --git a/ChangeLog b/ChangeLog index b1e141d..ae73750 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2016-07-10 Hannes von Haugwitz <ha...@vo...> * Fix compilation with latest libaudit + * Use AC_PROG_CC_C99 instead of AC_PROG_CC 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/configure.ac b/configure.ac index 3bc48c7..3e52c73 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl The name of the configure h-file. AM_CONFIG_HEADER(config.h) dnl Checks for programs. -AC_PROG_CC +AC_PROG_CC_C99 AC_PROG_MAKE_SET AC_PROG_RANLIB AC_PROG_INSTALL ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + configure.ac | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-10 06:15:00
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 8ef8a92453e331f9fe0b73db655fa116a282a6db (commit) from 8751f4cce035a7524d4299903fe711d07a2cd36e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ef8a92453e331f9fe0b73db655fa116a282a6db Author: Hannes von Haugwitz <ha...@vo...> Date: Sun Jul 10 08:11:57 2016 +0200 Fix compilation with latest libaudit diff --git a/ChangeLog b/ChangeLog index 8de8ed2..b1e141d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-07-10 Hannes von Haugwitz <ha...@vo...> + * Fix compilation with latest libaudit + 2016-07-07 Hannes von Haugwitz <ha...@vo...> * Adapt manual to version 0.16 diff --git a/configure.ac b/configure.ac index bfc0795..3bc48c7 100644 --- a/configure.ac +++ b/configure.ac @@ -967,6 +967,17 @@ AS_IF([test "x$with_audit" != xno], AC_MSG_ERROR(You don't have libaudit properly installed. Install it if you need it.) ) AUDITLIB="-laudit" + if test "$aide_static_choice" == "yes"; then + saveLIBS=$LIBS + LIBS="-static $AUDITLIB" + AC_CHECK_LIB([audit], [audit_log_user_message], [], [ + LIBS="$LIBS -lcap-ng" + AC_CHECK_LIB([cap-ng], [audit_log_user_message], [AUDITLIB="$AUDITLIB -lcap-ng"], + AC_MSG_ERROR([You don't have libaudit properly installed. Install it or try --without-audit.]) + , []) + ], []) + LIBS=$saveLIBS + fi compoptionstring="${compoptionstring}WITH_AUDIT\\n"], [with_audit=no] ) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ configure.ac | 11 +++++++++++ 2 files changed, 14 insertions(+), 0 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-07-06 22:30:36
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 8751f4cce035a7524d4299903fe711d07a2cd36e (commit) from fe17bddce77468e69241796c745d84cbbff7fa05 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8751f4cce035a7524d4299903fe711d07a2cd36e Author: Hannes von Haugwitz <ha...@vo...> Date: Thu Jul 7 00:00:22 2016 +0200 Adapt manual to version 0.16 diff --git a/ChangeLog b/ChangeLog index 8ec0986..8de8ed2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-07-07 Hannes von Haugwitz <ha...@vo...> + * Adapt manual to version 0.16 + 2016-06-08 Hannes von Haugwitz <ha...@vo...> * Add missing break statements diff --git a/doc/manual.html b/doc/manual.html index cac6d62..2f1e75a 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -1,79 +1,82 @@ -<html> +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> <head><title>AIDE Manual version 0.16b1</title> -<meta name="cvsheader" content=" -$Id$ -"> -</meta> </head> -<body bgcolor="#FFFFFF"> +<body> <h1>The AIDE manual</h1> -<a name="about"></a> -<h2>About this document</h2> +<h2><a name="about">About this document</a></h2> +<p> <strong>This manual is by no means complete, usable, readable, comprehensible, -or error free.<br> +or error free.</strong> +</p> <p> -If you have any corrections, additions or constructive comments, please +<strong>If you have any corrections, additions or constructive comments, please report them as bugs, patches or feature requests <a href="http://sourceforge.net/projects/aide">here</a>. </strong></p> -This document was originally written by Rami Lehti -<a href="mailto:ra...@cs..."><ra...@cs...></a> +<p> +This document was originally written by Rami Lehti +<a href="mailto:ra...@cs..."><ra...@cs...></a> with additions made by Marc Haber -<a href="mailto:mh+...@zu..."><mh+...@zu...></a> -and Richard van den Berg -<a href="mailto:ri...@vd..."><ri...@vd...></a> +<a href="mailto:mh+...@zu..."><mh+...@zu...></a> +, Richard van den Berg +<a href="mailto:ri...@vd..."><ri...@vd...></a> +and Hannes von Haugwitz . +</p> -<a name="toc"></a> -<h2>Table of Contents</h2> +<h2><a name="toc">Table of Contents</a></h2> <ol> -<li><a href="#about">About this document</a> -<li><a href="#toc">Table of Contents</a> -<li><a href="#whatisAIDE">What is AIDE?</a> -<li><a href="#compilation">Compiling AIDE</a> -<li><a href="#config">Configuration</a> -<li><a href="#usage">Usage</a> -<li><a href="#signing">Database and config signing</a> -<li><a href="#general">General guidelines for security</a> + <li><a href="#about">About this document</a></li> + <li><a href="#toc">Table of Contents</a></li> + <li><a href="#whatisAIDE">What is AIDE?</a></li> + <li><a href="#compilation">Compiling AIDE</a></li> + <li><a href="#config">Configuration</a></li> + <li><a href="#usage">Usage</a></li> + <li><a href="#signing">Database and config signing</a></li> + <li><a href="#misc">Miscellaneous</a></li> + <li><a href="#general">General guidelines for security</a></li> </ol> -<a name="whatisAIDE"></a> -<h2>What is AIDE?</h2> + +<h2><a name="whatisAIDE">What is AIDE?</a></h2> <p> AIDE (Advanced Intrusion Detection Environment) is an intrusion detection program. More specifically a file integrity checker. </p> <p> AIDE constructs a database of the files specified in aide.conf, AIDE's configuration file. -The AIDE database stores various file attributes including: -permissions, inode number, user, group, file size, mtime and ctime, +The AIDE database stores various file attributes including: +file type, permissions, inode number, user, group, file size, mtime and ctime, atime, growing size, number of links and link name. AIDE also creates a cryptographic checksum or hash of each file using one or a combination of the following message digest algorithms: sha1, -sha256, sha512, md5, rmd160, tiger (gost and whirlpool can be compiled -in if mhash support is available). -Additionaly, the extended attributes acl, xattr and selinux can be used when -expliticly enabled during compile time. +sha256, sha512, md5, rmd160, tiger, haval, crc32 (gost and whirlpool can be +compiled in if mhash support is available). +Additionally, the attributes acl, xattr, selinux and e2fsattrs can be used when +explicitly enabled during compile time. </p><p> Typically, a system administrator will create an AIDE database on a new system before it is brought onto the network. This first AIDE database is a snapshot of the system in it's normal state and the yardstick by which all subsequent updates and changes will be measured. The database should contain information about key system -binaries, libraries, header files, all files -that are expected to remain the same over time. The database probably +binaries, libraries, header files, all files +that are expected to remain the same over time. The database probably should not contain information about files which change frequently like log files, mail spools, proc filesystems, user's home directories, or temporary directories. </p><p> -After a break-in, an administrator may begin by examinining the system -using system tools like ls, ps, netstat, and who --- +After a break-in, an administrator may begin by examining the system +using system tools like ls, ps, netstat, and who --- the very tools most likely to be trojaned. Imagine that ls has been -doctored to not show +doctored to not show any file named "sniffedpackets.log" and that ps and netstat have been -rewritten to not show any information for a process named -"sniffdaemond". +rewritten to not show any information for a process named +"sniffdaemond". Even an administrator who had previously printed out on paper the dates and sizes of these key system files can not be certain by comparison that they have not been modified in some way. File dates @@ -85,81 +88,120 @@ and exponentially more difficult to manipulate each of the entire array of checksums that AIDE supports. By rerunning AIDE after a break-in, a system administrator can quickly identify changes to key files and have a fairly high degree of confidence as to the accuracy -of these findings. +of these findings. </p> <p> Unfortunately, AIDE can not provide absolute sureness about change in -files. Like any other system file, AIDE's binary and/or database can +files. Like any other system file, AIDE's binary and/or database can also be altered. </p> -<a name=compilation></a> -<h2>Compiling AIDE</h2> -<h3>I'm in a hurry. Bottomline about compilation.</h3> + +<h2><a name="compilation">Compiling AIDE</a></h2> +<h3>I'm in a hurry. Bottom line about compilation.</h3> <p> -After you have installed all the necessary sofware do -<code>./configure;make;make install</code> in the main AIDE +After you have installed all the necessary software do +<code>./configure;make;make install</code> in the main AIDE directory of the unpacked source tree. <b>You should carefully think about the configuration and what a possible hacker can do if he/her/they/it has root access.</b></p> <h3>Getting all that is needed</h3> <p> -Before you can compile AIDE you must have certain things. +Before you can compile AIDE you must have certain things: +</p> <ul> -<li>ANSI C-compiler (<a href="http://www.gnu.org/sofware/gcc/gcc.html">GCC</a> -will do just fine) -<li><a href="ftp://ftp.gnu.org/pub/gnu/flex/">GNU Flex</a> -<li><a href="ftp://ftp.gnu.org/pub/gnu/bison/">GNU Bison</a> -<li><a href="ftp://ftp.gnu.org/pub/gnu/make">GNU Make</a> -<li><a href="http://www.cs.tut.fi/~rammer/aide.html">AIDE source code</a> -<li><a href="http://schumann.cx/mhash/">Mhash library</a> -<li>And if you want to use postgres sql for database storage you must have the -<a href="http://www.postgreSQL.org/">postgres sql developer -library</a> installed + <li><a href="http://aide.sourceforge.net">AIDE source code</a></li> + <li>ANSI C-compiler (<a href="https://gcc.gnu.org">GCC</a> will do just fine)</li> + <li><a href="http://flex.sourceforge.net">GNU Flex</a></li> + <li><a href="https://www.gnu.org/software/bison/">GNU Bison</a></li> + <li><a href="https://www.gnu.org/software/make/">GNU Make</a></li> + <li><a href="http://pcre.org/">PCRE library</a></li> + <li><a href="http://mhash.sourceforge.net">Mhash library</a> (highly recommended)</li> + <li><a href="http://zlib.net/">zlib</a> (recommended)</li> </ul> -Please check to see if there are mirrors available.</p> +<p>Please check to see if there are mirrors available.</p> <p> Once you have the source code of AIDE you should unpack it. If you have GNU tar then the command is <code>tar zxvf -aide-version.tar.gz</code> . +aide-<VERSION_NUMBER>.tar.gz</code> +</p> +<h3>Source Code Verification</h3> +<p> +It is <strong>highly recommended</strong> to verify the signature of your +downloaded source code. You can either verify the source tarball or the git +tag. +</p> +<p> +To check the supplied signature with GnuPG: +</p> +<pre> +<code> +$ gpg --verify aide-<VERSION_NUMBER>.tar.gz.asc +</code> +</pre> +<p> +To validate the gpg signature of the git tag: +</p> +<pre> +<code> +$ git verify-tag v<VERSION_NUMBER> +</code> +</pre> +<p>The current public key is published on <a href="http://aide.sourceforge.net#gpgkey">aide.sourceforge.net</a>.</p> +<p> +If you do not have that key, you can get it from one of the well known PGP key +servers. +</p> +<p> +You have to make sure that the key you install is not a faked one. You +can do this with reasonable assurance by comparing the output of +</p> +<pre> +<code> +$ gpg --fingerprint 0x<KEYID> +</code> +</pre> +<p> +with the fingerprint published elsewhere. </p> <h3>Compile-time configuration</h3> <p> Next you must use the configure script found in AIDE's source code package to configure the compilation process.</p><p> There are several options you can select to configure. You can find out -what options are available with <code>./configure --help</code> +what options are available with <code>./configure --help</code> command. Most of the time you do not need to give any options. You can just use configure without any parameters.</p><p> -If you want to change the directory where AIDE is installed you can +If you want to change the directory where AIDE is installed you can use --prefix option. For example <code>./configure --prefix=/usr -</code> +</code> </p> <h3>Compilation and installation</h3> <p> The compilation is done by simply typing <code>make</code>. You can now type <code>make install</code> to install the binary and the manual pages. The binary however should be installed on read-only -media or in some other tamperproof place. Also the databases should +media or in some other tamperproof place. Also the databases should be kept somewhere where a possible intruder cannot change them.</p> -<a name=config></a> -<h2>Configuration</h2> + +<h2><a name="config">Configuration</a></h2> <p> Next you have to create a configuration file. You can find more documentation for this in aide.conf(5) manual page. </p> <p> There are three types of lines in aide.conf: +</p> <ul> -<li>configuration lines - used to set configuration parameters and -define/undefine variables -<li>selection lines - indicate which files will be added to the database -<li>macro lines - define or undefine variables within the the config file + <li>configuration lines - used to set configuration parameters and define/undefine variables</li> + <li>(restricted) selection lines - indicate which files will be added to the database</li> + <li>macro lines - define or undefine variables within the config file</li> </ul> +<p> Lines beginning with # are ignored as comments. </p> <p> @@ -169,7 +211,7 @@ Here is an example configuration.</p> <pre> #AIDE conf - # Here are all the things we can check - these are the default rules + # Here are all the things we can check - these are the default rules # #p: permissions #ftype: file type @@ -196,7 +238,7 @@ Here is an example configuration.</p> #R: p+ftupe+i+l+n+u+g+s+m+c+md5 #L: p+ftype+i+l+n+u+g #E: Empty group - #>: Growing logfile p+ftype+l+u+g+i+n+S + #>: Growing file p+ftype+l+u+g+i+n+S #The following are available if you have mhash support enabled: #gost: gost checksum #whirlpool: whirlpool checksum @@ -207,16 +249,16 @@ Here is an example configuration.</p> #xattrs: extended file attributes #e2fsattrs: file attributes on a second extended file system - # You can alse create custom rules - my home made rule definition goes like this + # You can also create custom rules - my home made rule definition goes like this # - MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 + MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 # Next decide what directories/files you want in the database /etc p+i+u+g #check only permissions, inode, user and group for etc - /bin MyRule # apply the custom rule to the files in bin - /sbin MyRule # apply the same custom rule to the files in sbin - /var MyRule + /bin MyRule # apply the custom rule to the files in bin + /sbin MyRule # apply the same custom rule to the files in sbin + /var MyRule !/var/log/.* # ignore the log dir it changes too often !/var/spool/.* # ignore spool dirs as they change too often !/var/adm/utmp$ # ignore the file /var/adm/utmp @@ -226,23 +268,23 @@ Here is an example configuration.</p> -<p>Here we include files in /etc, /bin and /sbin. We also include -/var but ignore /var/log, /var/spool and a single file /var/adm/utmp. +<p>Here we include files in /etc, /bin and /sbin. We also include +/var but ignore /var/log, /var/spool and a single file /var/adm/utmp. </p><p> It is generally a good idea to ignore directories that frequently -change, unless you want to read long reports. +change, unless you want to read long reports. It is good practice to exclude tmp directories, mail spools, log directories, proc filesystems, user's home directories, web content -directories, anything that changes regularly. It is also good practice to +directories, anything that changes regularly. It is also good practice to include all system binaries, libraries, include files, system source -files. It will also be a good idea to include directories you don't -often look in like /dev /usr/man/.*usr/. Of course you'll want to -include as many files as practical, but think about what you include. +files. It will also be a good idea to include directories you don't +often look in like /dev /usr/man/.*usr/. Of course you'll want to +include as many files as practical, but think about what you include. </p> <p> One example: If you have a block device whose owner is changing frequently, you can -configure aide to just +configure aide to just check the attributes that do not normally change (inode, number of links, ctime). </p> @@ -251,59 +293,66 @@ Note that if you are referring to a single file you should add $ to the end of the regexp. This matches to the name of the file exactly and does not include any other files that might have the same beginning. In the example, all filenames beginning with -/var/adm/utmp would be ignored if there were no dollar sign at the +/var/adm/utmp would be ignored if there were no dollar sign at the end of the last line. An intruder could then create a -directory called /var/adm/utmp_root_kit and place all the files +directory called /var/adm/utmp_root_kit and place all the files he/she/they wanted there and they would be ignored by AIDE. </p> +<h3>Special group definitions</h3> <p> There are several special group definitions to tweak what attributes are printed in the report. First report_force_attrs lists those attributes that are always printed from changed files. For example, if you say +</p> <pre> report_force_attrs = u+g </pre> +<p> and the size of a file changes, it's user and group id will also be printed -in the report. Secondly, report_ignore_added_attrs, +in the report. Secondly, report_ignore_added_attrs, report_ignore_removed_attrs and report_ignore_changed_attrs define which attributes to ignore from the report. For example, if you define +</p> <pre> report_ignore_changed_attrs = b </pre> -and this size of a file changes, it's block count will not be printed in the +<p> +and the size of a file changes, it's block count will not be printed in the report, even if it did change as well. </p> +<p> +If an attribute is both ignored and forced the attribute is not considered for +file change but printed in the final report if the file has been otherwise +changed. +</p> <h3>Troubleshooting your config</h3> <p>Making a config file is a lot of hard work and must be done on a case -by case bases. Don't give up simply because you don't get it right +by case bases. Don't give up simply because you don't get it right the first time around. This section gives you a few hints on how to debug -your config. +your config. </p> <p> -You can use <code>aide --verbose=255</code> to generate a lot of debug -output to help you see which files get added and which are discarded. +You can use <code>aide --verbose=255</code> to generate a lot of debug +output to help you see which files get added and which are discarded. The following section gives some more information about AIDE's rule matching algorithm. </p> <h4>Understanding AIDE rule matching</h4> <p> Before reading this you should have basic understanding of how regular -expressions work. There are several good books about this. Several -Perl-books also have decent explanations about this subject. Just -remember that Perl has some extensions to the standard regexps. -There are also some differences in how different platforms handle -regexps if you are using your platforms own regexp implementation. -For example GNU regexps have their own extensions. Try reading the -manual page of your system in this case. It might be a pain to read -but it is worth it. +expressions in general and Perl Compatible Regular Expressions in particular +work. There are several good books about this. Several Perl-books also have +decent explanations about this subject. </p> <p> As you already know, aide has three types of selection lines: +</p> <ul> <li>Regular selection lines, beginning with "/".</li> <li>Equals selection lines, beginning with "=".</li> <li>Negative selection lines, beginning with "!".</li> </ul> +<p> The string following the first character is taken as a regular expression matching to a complete filename, including the path. In a regular selection rule, the slash is included in the regular @@ -331,23 +380,25 @@ node. <p> The algorithm that aide uses for rule matching is described in the following paragraphs. The pseudocode is an adaption from src/gen_list.c. -<code> +</p> <pre> +<code> check_node_for_match(node,filename,first_time) - if (first_time) - check(equals list for this node) + if (first_time) + check(equals list for this node) - check(regular list for this node) + check(regular list for this node) - if (node is not the root node) - check_node_for_match(nodes parent,filename,false) + if (node is not the root node) + check_node_for_match(nodes parent,filename,false) - if (this file is about to be added) - check(negative list for this node) + if (this file is about to be added) + check(negative list for this node) - return (info about whether this file should be added or not and how) -</pre> + return (info about whether this file should be added or not and how) </code> +</pre> +<p> When aide needs to determine whether a file found in the file system is to be checked, it first determines the deepest possible node x to match the current file against (that algorithm is not part of the @@ -364,48 +415,29 @@ which is a quite expensive operation. <p> There are some side-effects from this algorithm that might seem strange at first. For example if you have the following rules: -<code> -<pre> -/ R -=/etc R+a -!/etc/ppp/logs -</pre> -</code> -The result would be that /etc and all files in it and in /etc/ppp -except /etc/ppp/logs would be added to the database. This is perfectly -normal. This happens because the =/etc matches not only /etc but all -the files under it. Remember that regexps match always just the part -they are referring to. The rest of the line is included by default. -So <code>=/etc$ R+a</code> would be the correct form. If you don't -have the <code>!/etc/ppp/logs</code> you would get the results that -you are looking for because there is no node /etc in the regexp -tree and there for it is not checked when AIDE constructs the list of -files to add to the database. But when you have the negative rules the -nodes /etc and /etc/ppp get created and they get checked when the file -list is generated. So the =/etc is used to find a match in those nodes -and it succeeds. </p> -<p> -Consider the following rules: -<code> <pre> +<code> / R =/var/log/messages$ R+a !/var/log/messages.* -</pre> </code> +</pre> +<p> This is what you might write if you want to check /var/log/messages but not /var/log/messages.0 and /var/log/messages.1 etc. However since the negative selection rules are checked last and .* can match to an empty string /var/log/messages is not added to the database. The following is a more correct way of doing it. -<code> +</p> <pre> +<code> / R =/var/log/messages$ R+a !/var/log/messages\.[0-9]$ -</pre> </code> +</pre> +<p> Now only messages files ending in number 0-9 are not included in the database. Note an intruder could disguise a rootkit by creating a directory called messages.9. If messages.9 does not already exist that @@ -413,13 +445,15 @@ is. </p> <p> Consider the following rules: -<code> +</p> <pre> +<code> / n+p+l+i+u+g+s+b+m+c+md5+sha1+rmd160+haval+gost+crc32+tiger /etc$ n+p+l+i+u+g /etc/resolv.conf$ n+p+l+u+g -</pre> </code> +</pre> +<p> This way, changing /etc/resolv.conf will also report /etc as having their mtime and ctime changed, even if /etc is configured not to be checked for mtime and ctime. The reason is that aide only uses a @@ -430,41 +464,43 @@ the specialized /etc rule. </p> <p> Rearranging the configuration like this: -<code> +</p> <pre> +<code> /etc/resolv.conf$ n+p+l+u+g /etc$ n+p+l+i+u+g / n+p+l+i+u+g+s+b+m+c+md5+sha1+rmd160+haval+gost+crc32+tiger -</pre> </code> +</pre> +<p> will solve the issue. It is generally a good idea to write the most general rules last. </p> -<a name=usage></a> -<h2>Usage</h2> + +<h2><a name="usage">Usage</a></h2> <p> First you must create a database against which future checks are performed. This should be done immediately after the operating system and applications have been installed, before the machine is plugged -into a network. You can do this by giving the command -<code>aide --init</code>. +into a network. You can do this by giving the command +<code>aide --init</code>. This creates a database that contains all of the files that you -selected in your config file. The newly created database should now be +selected in your config file. The newly created database should now be moved to a secure location such as read-only media. You should also place the configuration file and the AIDE binary and preferably the manual pages and this manual on that media also. Please remember to edit the configuration file so that the input database is read from -that read-only media. The config file should not be kept on the +that read-only media. The config file should not be kept on the target machine. The attacker could read the config file and alter it and if he does alter it he could place his rootkit in a place that -AIDE does not check. So the read-only media should be accessible only +AIDE does not check. So the read-only media should be accessible only during the check.</p> <p> Now you are all set to go. You can now check the integrity of the files. This can be done by giving the command <code>aide --check</code>. AIDE now reads the database and compares it to the files found on the -disk. AIDE may find changes in places that might not expect. For +disk. AIDE may find changes in places that you might not expect. For instance tty devices often change owners and permissions. You may want to read long reports and that is up to you to decide. But most of us do not have the time or the inclination read through tons of garbage @@ -487,7 +523,7 @@ The update command also does the same thing as check but it creates a new database. This database should now be placed on that read-only media along with the new config file. The check, trim, update cycle should be repeated as long as necessary. I recommend that -the config file should be reviewed once in a while. The definition of +the config file should be reviewed once in a while. The definition of "a while" depends on your paranoia. Some might want do it daily after each check. Some might want to do it weekly.</p> <p> @@ -502,16 +538,17 @@ should always be a manual operation. This should not be automated. <p> There is also an alternative way of doing this. This method may be preferable for people that have lots of machines that run aide. -You can run -<code>aide --init</code> +You can run +<code>aide --init</code> on all of the hosts and move the generated databases to a central host -where you compare different versions of the databases with +where you compare different versions of the databases with <code>aide --compare</code> This has the benefit of freeing up resources on the monitored machines. +</p> + -<a name=signing></a> -<h2>Database and config signing</h2> +<h2><a name="signing">Database and config signing</a></h2> <p> The security of AIDE can be increased by signing the configuration and/or database. When a database is signed, and it is changed manually, AIDE will @@ -522,6 +559,7 @@ it until the embedded hash is updated as well. <p> To make use of the signing features, use these options to the configure script: +</p> <dl> <dt> --with-confighmactype=TYPE @@ -539,7 +577,7 @@ script: 31 chars. </dd> <dt> - --with-dbhmactype=TYPE + --with-dbhmactype=TYPE </dt> <dd> Hash type to use for checking db. Valid values are @@ -550,15 +588,13 @@ script: </dt> <dd> HMAC hash key to use for checking db. Must be a base64 - encoded byte stream. Maximum string lentgth is 31 + encoded byte stream. Maximum string length is 31 chars. </dd> </dl> - +<p> The base64 encoding was chosen so that the keys are not limited to printable -characters. You can use a local base64 tool or an -<a href="http://www.opinionatedgeek.com/dotnet/tools/Base64Encode/">online -base64 encoder</a> +characters. You can use a local base64 tool to convert the keys to the right format. Then run configure, for example: </p> @@ -572,6 +608,7 @@ to convert the keys to the right format. Then run configure, for example: <p> To make the presence of a valid signature mandatory, the following configure options can be used: +</p> <dl> <dt> @@ -589,6 +626,7 @@ options can be used: </dd> </dl> +<p> It is also possible to edit the <code>config.h</code> file by hand, and changing the values of the <code>FORCEDBMD</code> and <code>FORCECONFIGMD</code> macros. @@ -599,6 +637,7 @@ Creating the hash for the aide.db database is done by running <code>aide --init</code> or <code>aide --update</code>. The hash for the aide.conf configuration file can be obtained by running <code>aide --config-check</code>: +</p> <pre> $ aide --config-check @@ -609,9 +648,11 @@ Config checked. Use the following to patch your config file. > @@end_config </pre> +<p> The <code>@@begin_config</code> and <code>@@end_config</code> can be added to the aide.conf file manually, or the output of <code>aide --config-check</code> can be directly piped into <code>patch</code>: +</p> <pre> $ aide --config-check | patch @@ -625,6 +666,7 @@ File to patch: /etc/aide.conf patching file /etc/aide.conf </pre> +<p> Using <code>forced_configmd</code> will make AIDE refuse to use unsigned configuration files. This also disables the <code>--config-check</code> option. This only makes sense if you already have a signed configuration, or @@ -632,22 +674,21 @@ if you have an AIDE executable on another machine that can create the signed configurations for you. </p> -<a name=misc></a> -<h2>Miscellaneous</h2> + +<h2><a name="misc">Miscellaneous</a></h2> <p> The AIDE database can be used to find the real names and places of files that have been moved to lost+found directory by fsck. </p> -<a name=general></a> -<h2>General guidelines for security</h2> + +<h2><a name="general">General guidelines for security</a></h2> <ol> -<li>Do not assume anything -<li>Trust no-one,nothing -<li>Nothing is secure -<li>Security is a trade-off with usability -<li>Paranoia is your friend + <li>Do not assume anything</li> + <li>Trust no-one,nothing</li> + <li>Nothing is secure</li> + <li>Security is a trade-off with usability</li> + <li>Paranoia is your friend</li> </ol> </body> </html> - ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 + doc/manual.html | 383 ++++++++++++++++++++++++++++++------------------------- 2 files changed, 215 insertions(+), 171 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-06-08 21:22:08
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via fe17bddce77468e69241796c745d84cbbff7fa05 (commit) from 6be695a9b8b3b64a0d3d2f9a0c92e027f4c462f8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe17bddce77468e69241796c745d84cbbff7fa05 Author: Hannes von Haugwitz <ha...@vo...> Date: Wed Jun 8 23:11:50 2016 +0200 Add missing break statements diff --git a/ChangeLog b/ChangeLog index 67beef5..8ec0986 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-06-08 Hannes von Haugwitz <ha...@vo...> + * Add missing break statements + 2016-04-15 Hannes von Haugwitz <ha...@vo...> * Released version 0.16b1 diff --git a/src/gen_list.c b/src/gen_list.c index ec12f66..8164936 100644 --- a/src/gen_list.c +++ b/src/gen_list.c @@ -635,12 +635,14 @@ static int check_node_for_match(seltree*node,char*text, mode_t perm, int retval, case 0: { error(220, "check_node_for_match: equal match for '%s'\n", text); retval|=2|4; + break; } case -1: { if(S_ISDIR(perm) && get_seltree_node(node,text)==NULL) { error(220, "check_node_for_match: creating new seltree node for '%s'\n", text); new_seltree_node(node,text,0,NULL); } + break; } } } @@ -654,12 +656,14 @@ static int check_node_for_match(seltree*node,char*text, mode_t perm, int retval, case 0: { error(220, "check_node_for_match: selective match for '%s'\n", text); retval|=1|8; + break; } case -1: { if(S_ISDIR(perm) && get_seltree_node(node,text)==NULL) { error(220, "check_node_for_match: creating new seltree node for '%s'\n", text); new_seltree_node(node,text,0,NULL); } + break; } } } ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ src/gen_list.c | 4 ++++ 2 files changed, 7 insertions(+), 0 deletions(-) hooks/post-receive -- aide |
From: Hannes v. H. <hvh...@us...> - 2016-04-15 22:06:15
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "aide". The branch, master has been updated via 6be695a9b8b3b64a0d3d2f9a0c92e027f4c462f8 (commit) from dbefd5a21d041d118a77fe777ca59bc3b716f2e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6be695a9b8b3b64a0d3d2f9a0c92e027f4c462f8 Author: Hannes von Haugwitz <ha...@vo...> Date: Fri Apr 15 23:19:01 2016 +0200 Released version 0.16b1 diff --git a/ChangeLog b/ChangeLog index ed7c5ae..67beef5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2016-04-15 Hannes von Haugwitz <ha...@vo...> + * Released version 0.16b1 + 2016-04-13 Hannes von Haugwitz <ha...@vo...> * Fix spelling errors * Makefile.am: fix distribution of doc files diff --git a/README b/README index d9c54f4..ef0536a 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ AIDE - Advanced Intrusion Detection Environment ------------------------------------------------- - Version 0.16a2 + Version 0.16b1 This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/doc/aide.1.in b/doc/aide.1.in index 6985a54..8b46b8e 100644 --- a/doc/aide.1.in +++ b/doc/aide.1.in @@ -1,4 +1,4 @@ -.TH "aide" "1" +.TH AIDE 1 "Apr 15, 2016" "aide 0.16b1" "User Commands" .SH NAME \fBaide\fP \- Advanced Intrusion Detection Environment .SH SYNOPSIS diff --git a/doc/aide.conf.5.in b/doc/aide.conf.5.in index 1ecbd42..471d635 100644 --- a/doc/aide.conf.5.in +++ b/doc/aide.conf.5.in @@ -1,4 +1,4 @@ -.TH "aide.conf" "5" +.TH AIDE.CONF 5 "Apr 15, 2016" "aide 0.16b1" "AIDE" .SH NAME aide.conf - The configuration file for Advanced Intrusion Detection Environment diff --git a/doc/manual.html b/doc/manual.html index 9526ad6..cac6d62 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -1,5 +1,5 @@ <html> -<head><title>AIDE Manual version 0.16a2</title> +<head><title>AIDE Manual version 0.16b1</title> <meta name="cvsheader" content=" $Id$ "> ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ README | 2 +- doc/aide.1.in | 2 +- doc/aide.conf.5.in | 2 +- doc/manual.html | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) hooks/post-receive -- aide |