[133814] trunk/dports/security/aide
mf2k at macports.org
mf2k at macports.org
Thu Mar 12 07:04:12 PDT 2015
Revision: 133814
https://trac.macports.org/changeset/133814
Author: mf2k at macports.org
Date: 2015-03-12 07:04:11 -0700 (Thu, 12 Mar 2015)
Log Message:
-----------
aide: Enhancements and extensive notes added. (#43419)
Modified Paths:
--------------
trunk/dports/security/aide/Portfile
Added Paths:
-----------
trunk/dports/security/aide/files/aide-check.cron
trunk/dports/security/aide/files/aide.conf
trunk/dports/security/aide/files/mp-aide.conf
trunk/dports/security/aide/files/org.macports.aide.plist
Modified: trunk/dports/security/aide/Portfile
===================================================================
--- trunk/dports/security/aide/Portfile 2015-03-12 10:26:02 UTC (rev 133813)
+++ trunk/dports/security/aide/Portfile 2015-03-12 14:04:11 UTC (rev 133814)
@@ -1,3 +1,4 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$
PortSystem 1.0
@@ -4,8 +5,9 @@
name aide
version 0.15.1
+revision 1
categories security
-license GPL-2+
+license GPL-2
maintainers nomaintainer
description Advanced Intrusion Detection Environment
long_description AIDE (Advanced Intrusion Detection Environment) \
@@ -23,42 +25,115 @@
homepage http://aide.sourceforge.net/
master_sites sourceforge:project/aide/aide/${version}
platforms darwin
-checksums md5 d0b72535ff68b93a648e4d08b0ed7f07 \
- sha1 c5998c04a223416142323fa1bd18db0936099827 \
- rmd160 80ea88b1c1496bcca57d2d1cdeecdcdfca0fa5cf
configure.args --mandir=${prefix}/share/man \
+ --sysconfdir=${prefix}/etc/aide \
--with-mhash --with-zlib \
--with-locale --disable-static
-depends_build port:bison
+depends_build port:bison port:flex
depends_lib port:mhash \
port:gettext
-patchfiles patch-Makefile.in.diff patch-src-Makefile.in.diff \
- patch-doc-aide.conf.diff patch-doc-aide-check.cron.diff
+patchfiles patch-Makefile.in.diff patch-src-Makefile.in.diff
+
+variant universal {}
+configure.cflags-append "${configure.cflags} [get_canonical_archflags cc]"
+
post-patch {
reinplace "s|@@LOCALEDIR@@|${prefix}/share/locale|g" \
${worksrcpath}/Makefile.in ${worksrcpath}/src/Makefile.in
- reinplace "s|%%PREFIX%%|${prefix}|g" \
- ${worksrcpath}/doc/aide-check.cron ${worksrcpath}/doc/aide.conf
}
post-destroot {
- file mkdir ${destroot}${prefix}/share/doc/${name}-${version}
- file mkdir ${destroot}${prefix}/etc/${name}
- file mkdir ${destroot}${prefix}/libexec/${name}
+ xinstall -d ${destroot}${prefix}/share/doc/${name}
+ xinstall -d ${destroot}${prefix}/share/examples/${name}
+ xinstall -d ${destroot}${prefix}/etc/${name}
+ xinstall -d ${destroot}${prefix}/libexec/${name}
+ xinstall -d ${destroot}${prefix}/Library/LaunchDaemons
+ xinstall -d ${destroot}${prefix}/var/lib/aide
+ xinstall -d ${destroot}${prefix}/var/log/aide
- system "install -bC ${worksrcpath}/doc/aide.conf \
- ${destroot}${prefix}/share/doc/${name}-${version}/"
- system "install -bC ${worksrcpath}/doc/manual.html \
- ${destroot}${prefix}/share/doc/${name}-${version}/"
- system "install -bC ${worksrcpath}/doc/aide.conf \
- ${destroot}${prefix}/etc/${name}/"
- system "install -bC ${worksrcpath}/doc/aide-check.cron \
- ${destroot}${prefix}/libexec/${name}/"
+ copy ${filespath}/aide.conf ${destroot}${prefix}/share/examples/${name}/
+ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/share/examples/${name}/aide.conf
+ copy ${worksrcpath}/contrib ${destroot}${prefix}/share/examples/${name}/
+ copy ${worksrcpath}/doc/manual.html ${destroot}${prefix}/share/doc/${name}/
+ copy ${worksrcpath}/README ${destroot}${prefix}/share/doc/${name}/
+ xinstall -m 755 ${filespath}/aide-check.cron ${destroot}${prefix}/libexec/${name}/
+ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/libexec/${name}/aide-check.cron
+ copy ${filespath}/org.macports.aide.plist ${destroot}${prefix}/Library/LaunchDaemons/
+ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.aide.plist
+ copy ${filespath}/mp-aide.conf ${destroot}${prefix}/share/examples/${name}/
+ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/share/examples/${name}/mp-aide.conf
+
+ destroot.keepdirs ${destroot}${prefix}/var/lib/aide \
+ ${destroot}${prefix}/var/log/aide ${destroot}${prefix}/etc/${name}
}
+post-activate {
+ if ![file exists ${prefix}/etc/aide/aide.conf ] {
+ copy ${prefix}/share/examples/${name}/aide.conf ${prefix}/etc/aide/aide.conf
+ }
+}
+
platform darwin {
# darwin doesn't have or need off64_t and friends
configure.args-append --disable-lfs
}
+
+notes "
+If not existing, a default config has been copied to
+ ${prefix}/etc/aide/aide.conf
+Review it, especially adjust <myuser> to your environment.
+It seems wildcard or @@var are not working there, at least on stable.
+
+To initialize database
+ # aide --init
+
+A default scheduled task has been set up once a day in
+ ${prefix}/Library/LaunchDaemons/org.macports.aide.plist
+Check if it fit you and start it like
+ # ln -s ${prefix}/Library/LaunchDaemons/org.macports.aide.plist /Library/LaunchDaemons/
+and either one of those commands
+ # launchctl load -w /Library/LaunchDaemons/org.macports.aide.plist
+ # port load aide
+An example config for rotating logs with system newsyslog is
+ ${prefix}/share/examples/${name}/mp-aide.conf
+You can install it with
+ # cp ${prefix}/share/examples/${name}/mp-aide.conf /private/etc/newsyslog.d/
+
+You may need to enable permanently postfix so the scheduled task can send email:
+ Edit /System/Library/LaunchDaemons/org.postfix.master.plist
+ Remove the two strings lines with '-e' '60'.
+ Add a '<key>KeepAlive</key><true/>'
+Also, default MacOS configuration have /var/root/.forward redirecting email to
+/dev/null. Either change aide.conf or .forward to get mail report.
+
+BUG: cron: only check mode, choice update
+"
+
+if {${subport} eq ${name}} {
+
+ version 0.15.1
+ master_sites sourceforge:project/aide/aide/${version}
+ checksums rmd160 80ea88b1c1496bcca57d2d1cdeecdcdfca0fa5cf \
+ sha256 303e5c186257df8c86e418193199f4ea2183fc37d3d4a9098a614f61346059ef
+
+ livecheck.type regex
+ livecheck.url ${homepage}
+ livecheck.regex "The current <em>stable</em> version of AIDE is <strong>(\\d+\\.\\d+\\.\\d+)</strong>"
+}
+
+#subport ${name}-devel {
+## http://sourceforge.net/p/aide/code/ci/master/tree/NEWS
+## 0.16a2 (2013-05-04) vs last commit 2013-05-20
+# version 0.16a2
+# master_sites sourceforge:project/aide/devel/${version}
+# checksums rmd160 92c7d29da4a224b505702a5b624d6dffe54a3aea \
+# sha256 b52451816bc85409ea09dc612e32823336f78438afd28248c252912ea8b91b87
+#
+# ## FIXME! build fails on "compare_db.c:114:32: error: initializer element is not a compile-time constant"
+#
+# livecheck.type regex
+# livecheck.url ${homepage}
+# livecheck.regex "The current <em>development</em> version of AIDE is <strong>(\\d+\\.\\w+)</strong>"
+#}
Added: trunk/dports/security/aide/files/aide-check.cron
===================================================================
--- trunk/dports/security/aide/files/aide-check.cron (rev 0)
+++ trunk/dports/security/aide/files/aide-check.cron 2015-03-12 14:04:11 UTC (rev 133814)
@@ -0,0 +1,72 @@
+#!/bin/sh
+# from debian port
+
+PATH="/bin:/usr/bin:%%PREFIX%%/bin"
+LOGDIR="%%PREFIX%%/var/log/aide"
+LOGFILE="$LOGDIR/aide.log"
+CONFFILE="%%PREFIX%%/etc/aide/aide.conf"
+ERRORLOG="$LOGDIR/error.log"
+## default action: check only, update (but need to rotate db manually)
+COMMAND=${COMMAND:-update}
+
+[ -f %%PREFIX%%/bin/aide ] || exit 0
+
+MAILTO=`grep "^@@define MAILTO" $CONFFILE | head -1 | awk '{ print $3 }'`
+DATABASE=`grep "^database=file:/" $CONFFILE | head -1 | cut -d: -f2`
+LINES=`grep "^@@define LINES" $CONFFILE | head -1 | awk '{ print $3 }'`
+FQDN=`hostname -f`
+DATE=`date +"at %X on %x"`
+
+[ -z "$MAILTO" ] && MAILTO="root"
+[ -z "$DATABASE" ] && DATABASE="%%PREFIX%%/var/lib/aide/aide.db"
+[ -z "$LINES" ] && LINES="1000"
+
+
+if [ ! -f $DATABASE ]; then
+ (
+ echo "Fatal error: The AIDE database does not exist!"
+ echo "This may mean you haven't created it, or it may mean that someone has removed it."
+ ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO
+ exit 0
+fi
+
+#[ -f $LOGFILE ] && savelog -t -g adm -m 640 -u root -c 7 $LOGFILE > /dev/null
+#[ -f $ERRORLOG ] && savelog -t -g adm -m 640 -u root -c 7 $ERRORLOG > /dev/null
+
+aide -c $CONFFILE --$COMMAND >$LOGFILE 2>$ERRORLOG
+
+(cat << EOF;
+This is an automated report generated by the Advanced Intrusion Detection
+Environment on $FQDN ${DATE}.
+
+EOF
+if [ -s $LOGFILE ]; then
+ loglines=`wc -l $LOGFILE | awk '{ print $1 }'`
+ if [ ${loglines:=0} -gt $LINES ]; then
+ echo
+ echo "TRUNCATED (!) output of the daily AIDE run:"
+ echo "Output is $loglines lines, truncated to $LINES."
+ head -$LINES $LOGFILE
+ echo "The full output can be found in $LOGFILE."
+ else
+ echo "Output of the daily AIDE run:"
+ cat $LOGFILE
+ fi
+else
+ echo "AIDE detected no changes."
+fi
+if [ -s $ERRORLOG ]; then
+ errorlines=`wc -l $ERRORLOG | awk '{ print $1 }'`
+ if [ ${errorlines:=0} -gt $LINES ]; then
+ echo "TRUNCATED (!) output of errors produced:"
+ echo "Error output is $errorlines lines, truncated to $LINES."
+ head -$LINES $ERRORLOG
+ echo "The full output can be found in $ERRORLOG."
+ else
+ echo "Errors produced:"
+ cat $ERRORLOG
+ fi
+else
+ echo "AIDE produced no errors."
+fi
+) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO
Added: trunk/dports/security/aide/files/aide.conf
===================================================================
--- trunk/dports/security/aide/files/aide.conf (rev 0)
+++ trunk/dports/security/aide/files/aide.conf 2015-03-12 14:04:11 UTC (rev 133814)
@@ -0,0 +1,255 @@
+# AIDE conf
+# $Id: aide.conf 110 2006-04-22 15:58:58Z my-mac-user $
+# customized linux debian conf for osx, macports
+
+@@define MAILTO=my-mac-user
+@@define LINES=500
+## Not working line w var...
+@@define USER=my-mac-user
+
+database=file:/opt/local/var/lib/aide/aide.db
+database_out=file:/opt/local/var/lib/aide/aide.db.new
+
+# Change this to "no" or remove it to not gzip output
+# (only useful on systems with few CPU cycles to spare)
+gzip_dbout=yes
+
+warn_dead_symlinks=no
+
+summarize_changes=yes
+grouped=yes
+
+#Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
+Checksums = sha512+rmd160+haval
+X=L-p-ftype-i-l-n-u-g
+OwnerMode = p+u+g+ftype
+Size = s+b
+InodeData = OwnerMode+n+i+Size+l+X
+StaticFile = m+c+Checksums
+RamdiskData = InodeData-i
+Full = InodeData+StaticFile
+Binlib = Full
+VarTime = InodeData+Checksums
+VarInode = VarTime-i
+VarFile = OwnerMode+n+l+X
+VarDir = OwnerMode+n+i+X
+ManPages = VarDir
+StaticDir = VarDir
+VarDirInode = OwnerMode+n+X
+VarDirTime = InodeData
+Log = OwnerMode+n+S+X
+FreqRotLog = Log-S
+LowLog = Log-S
+SerMemberLog = Full+I
+LoSerMemberLog = SerMemberLog+ANF
+HiSerMemberLog = SerMemberLog+ARF
+LowDELog = SerMemberLog+ANF+ARF
+SerMemberDELog = Full+ANF
+LinkedLog = Log-n
+
+# Kernel, system map, etc.
+#=/boot$ Binlib
+# Binaries
+/bin Binlib
+/sbin Binlib
+/usr/bin Binlib
+/usr/sbin Binlib
+/usr/local/bin Binlib
+/usr/local/sbin Binlib
+#/usr/games Binlib
+# Libraries
+#/lib Binlib
+/usr/lib Binlib
+/usr/local/lib Binlib
+# Log files
+/var/log$ StaticDir
+#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
+#/var/log/aide/error.log(.[0-9])?(.gz)? Databases
+#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
+/var/log Log
+# Devices
+/dev RamdiskData
+!/dev/fd
+# Other miscellaneous files
+/var/run$ StaticDir
+#!/var/run
+!/private/var/run
+# Test only the directory when dealing with /proc
+#/proc$ StaticDir
+#!/proc
+
+# You can look through these examples to get further ideas
+
+# MD5 sum files - especially useful with debsums -g
+#/var/lib/dpkg/info/([^\.]+).md5sums
+
+# Check crontabs
+#/var/spool/anacron/cron.daily Databases
+#/var/spool/anacron/cron.monthly Databases
+#/var/spool/anacron/cron.weekly Databases
+#/var/spool/cron Databases
+#/var/spool/cron/crontabs Databases
+
+# manpages can be trojaned, especially depending on *roff implementation
+#/usr/man ManPages
+/usr/share/man ManPages
+/usr/local/man ManPages
+
+# docs
+#/usr/doc ManPages
+#/usr/share/doc ManPages
+
+# check users' home directories
+#/home Binlib
+
+# check sources for modifications
+#/usr/src L
+#/usr/local/src L
+
+# Check headers for same
+#/usr/include L
+#/usr/local/include L
+
+/private Binlib
+/private/etc$ VarDir
+#/private/var/audit$ VarDir ## NOK
+!/private/var/audit
+#/private/var/folders$ VarDir
+!/private/var/folders$
+#/private/var/db/systemstats$ VarDir
+!/private/var/db/systemstats$
+!/private/var/db/BootCaches$
+/private/var/db$ VarDir
+/private/var/db/dhcpclient/leases$ VarDir
+/private/var/db/crls$ VarDir
+/private/var/spool$ VarDir
+!/private/var/spool/cups
+/private/var/vm$ VarDir
+### 20140522 commenting /var/log and see...
+#/private/var/log Log
+#/private/var/log/*\.log Log
+#/private/var/log/*\.log\.0\.gz LoSerMemberLog
+#/private/var/log/*\.log\.[1-9]\.gz LoSerMemberLog
+/private/var/tmp$ OwnerMode+i
+!/private/var/tmp
+#/private/tmp$ OwnerMode+i
+#/private/tmp$ VarDir ## NOK
+!/private/tmp
+/private/var/tmp$ VarDir
+/private/var/root/Library/Logs Log
+/private/opt/tmp$ VarDir
+
+### MacOS X specific stuff
+/Applications Binlib
+/System Binlib
+/System/Library/Extensions Binlib
+## normally root ca, but empty on my 10.9.2
+/System/Library/OpenSSL/certs StaticDir
+/Library Binlib
+/Library/Logs Log
+/Developer Binlib
+/cores Binlib
+=/Volumes StaticDir
+/Users StaticDir
+/Trash StaticDir
+#/Library/Caches VarDir ## NOK
+#/System/Library/Caches VarDir ## NOK
+!/Library/Caches
+!/System/Library/Caches
+
+## Exclusion: too much auto-update
+!/Applications/Extra/Communication/Google\ Chrome\ Canary.app/Contents
+
+## Apple Malware definitions
+/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist$ VarFile
+/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist$ VarFile
+
+## Startup items
+/System/Library/LaunchDaemons VarDir
+/System/Library/LaunchAgents VarDir
+/Library/LaunchDaemons VarDir
+/Library/LaunchAgents VarDir
+/Library/Preferences/com.apple.loginwindow.plist VarFile
+/System/Library/XPCServices VarDir
+
+## Web Server
+#/Library/WebServer/Documents
+
+## specific files
+/Library/Application\ Support/com.apple.TCC/TCC.db$ VarFile
+/Library/Preferences/SystemConfiguration$ VarDir
+/Library/Keychains$ VarDir
+
+## User directories
+#=/Users/*/Library/Caches$ VarDir
+#!/Users/@@{USER}/Library/Caches$
+#/Users/@@{USER}/Library/Caches$ VarDir ## NOK
+#!/Users/@@{USER}/Library/Caches ## NOK
+#!/Users/*/Library/Caches ## NOK
+!/Users/my-mac-user/Library/Caches
+!/Users/*/.Trash$
+!/Users/my-mac-user/.Trash
+!/Users/*/.macports$
+#!/Users/*/Library/Application Support/MobileSync/Backup$ ## NOK
+#!/Users/@@{USER}/Library/Application\ Support/MobileSync/Backup$ ## NOK
+!/Users/my-mac-user/Library/Application\ Support/MobileSync/Backup
+!/Users/my-mac-user/Library/Containers/com.twitter.TweetDeck/Data/Library/Caches
+#=/Users/*/.cache$ VarDir NOK
+=/Users/@@${USER}/.cache$ VarDir
+/Users/*/Library/Cookies VarDir
+/Users/*/Library/Preferences VarDir
+/Users/*/Library/Logs Log
+/Users/*/Library/Logs/*.log Log
+/Users/*/Library/Logs/*.log.1 LowLog
+#!/Users/@@{USER}/Music/iTunes/Album\ Artwork/Cache$
+!/Users/@@{USER}/Music$
+!/Users/@@{USER}/Pictures$
+#/Users/@@{USER}/.macports/opt/local/var/macports/build$ VarDir ## NOK
+#!/Users/@@{USER}/.macports/opt/local/var/macports/build ## NOK
+!/Users/my-mac-user/.macports/opt/local/var/macports/build
+#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Local\ Storage
+#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Session\ Storage
+#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Pepper\ Data
+#!/Users/@@{USER}/Library/Application Support/Kindle/Cache
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Local\ Storage
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Local\ Extension
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Session\ Storage
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Pepper\ Data
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Extensions
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Extension\ State
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/File\ System
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/IndexedDB
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Web\ Applications
+!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Applications\ Cache
+!/Users/my-mac-user/Library/Application\ Support/Kindle/Cache
+!/Users/my-mac-user/Library/Containers/com.apple.Preview/Data/Library/Application\ Support/Preview/SearchIndexes
+!/Users/my-mac-user/Library/Containers/com.apple.Preview/Data/Library/Saved\ Application\ State
+!/Users/my-mac-user/Library/Containers/com.apple.appstore/Data/Library/Caches
+!/Users/my-mac-user/Library/Containers/com.apple.appstore/Data/Library/Saved\ Application\ State
+!/Users/my-mac-user/Library/Saved\ Application\ State
+!/Users/my-mac-user/Library/Calendars
+!/Users/my-mac-user/.dropbox/l
+!/Users/my-mac-user/.cache/fontconfig
+!/Users/my-mac-user/.fontconfig
+!/Users/my-mac-user/Library/Containers/com.blackpixel.netnewswire/Data/Library/Caches
+!/Users/my-mac-user/Library/Containers/com.blackpixel.netnewswire/Data/Library/Application\ Support/NetNewsWire\ 4/OPML\ Backups
+!/Users/my-mac-user/Library/Application\ Support/LibreOffice/4/user/temp
+!/Users/my-mac-user/Library/Application\ Support/LibreOffice/4/user/uno_packages/cache
+/Users/my-mac-user/Library/Preferences/com.apple.loginitems.plist VarFile
+/Users/my-mac-user/Library/Mail/V2/MailData/Accounts.plist VarFile
+/Users/my-mac-user/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 VarFile
+/Users/Shared VarDir
+
+### Macports
+/opt/local/bin Binlib
+/opt/local/sbin Binlib
+/opt/local/etc$ VarDir
+/opt/local/lib Binlib
+/opt/local/Library Binlib
+/opt/local/share/man ManPages
+/opt/local/var/log Log
+#/opt/local/var/macports/build VarDir ## NOK
+!/opt/local/var/macports/build
+## Web server
+#/opt/local/www
+
Added: trunk/dports/security/aide/files/mp-aide.conf
===================================================================
--- trunk/dports/security/aide/files/mp-aide.conf (rev 0)
+++ trunk/dports/security/aide/files/mp-aide.conf 2015-03-12 14:04:11 UTC (rev 133814)
@@ -0,0 +1,2 @@
+# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
+%%PREFIX%%/var/log/aide/aide.log 644 7 * $D0 NZ
Added: trunk/dports/security/aide/files/org.macports.aide.plist
===================================================================
(Binary files differ)
Property changes on: trunk/dports/security/aide/files/org.macports.aide.plist
___________________________________________________________________
Added: svn:mime-type
+ application/xml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20150312/64d59b1e/attachment-0001.html>
More information about the macports-changes
mailing list