Index: head/security/aide/Makefile =================================================================== --- head/security/aide/Makefile (revision 38034) +++ head/security/aide/Makefile (revision 38035) @@ -1,53 +1,53 @@ # New ports collection makefile for: aide # Date created: Tue Jan 4 11:45:29 PST 2000 # Whom: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) # # $FreeBSD$ # PORTNAME= aide PORTVERSION= 0.7 CATEGORIES= security MASTER_SITES= http://www.cs.tut.fi/~rammer/ \ ftp://ftp.cs.tut.fi/pub/src/gnu/ MAINTAINER= Cy.Schubert@uumail.gov.bc.ca LIB_DEPENDS= mhash.2:${PORTSDIR}/security/mhash USE_BISON= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-mhash \ --with-zlib \ --with-config_file=/var/adm/aide/aide.conf CONFIGURE_ENV+= LIBS='-L${LOCALBASE}/lib -pthread' MAN1= aide.1 MAN5= aide.conf.5 post-install: - ${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample + @${INSTALL_DATA} ${FILESDIR}/aide.conf.freebsd ${PREFIX}/etc/aide.conf.sample + @${MKDIR} /var/adm/aide/databases + @if [ ! -f /var/adm/aide/aide.conf ]; then \ + ${CHOWN} root:wheel /var/adm/aide ; \ + ${CHOWN} root:wheel /var/adm/aide/databases ; \ + ${CHMOD} 0700 /var/adm/aide ; \ + ${CHMOD} 0700 /var/adm/aide/databases ; \ + fi @${ECHO} - @${ECHO} "If you want to finish setting up AIDE, don't forget to make" - @${ECHO} "a new directory called /var/adm/aide and then create your own" - @${ECHO} "aide.conf based on ${PREFIX}/etc/aide.conf.sample and then" - @${ECHO} "copy it to that directory. You will also need to make the" - @${ECHO} "databases directory, /var/adm/aide/databases, and run the" - @${ECHO} "following command:" - @${ECHO} - @${ECHO} " cd /var/adm/aide;aide --init;mv databases/aide.db.new databases/aide.db" + @${CAT} ${PKGMESSAGE} @${ECHO} .if defined(AIDE_FLOPPY) @disklabel -w -B /dev/rfd0c fd1440 @newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c @mount /dev/fd0c /mnt @${CP} ${PREFIX}/bin/aide /mnt/aide @${CP} -p /var/adm/aide/aide.conf /mnt/aide.conf @${CP} < /var/adm/aide/databases/aide.db /mnt/aide.db @${CHMOD} 555 /mnt/aide @umount /mnt @${ECHO} Do not forget to remove and write-protect the floppy. .endif .include Property changes on: head/security/aide/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.3 \ No newline at end of property +1.4 \ No newline at end of property Index: head/security/aide/files/aide.conf.freebsd =================================================================== --- head/security/aide/files/aide.conf.freebsd (revision 38034) +++ head/security/aide/files/aide.conf.freebsd (revision 38035) @@ -1,157 +1,156 @@ # $Id: aide.conf.freebsd,v 1.3 1998/07/28 17:54:21 obrien Exp $ # # tripwire.config # Generic version for FreeBSD based on Tripwire's tw.config # Will need editing...see comments below # # This file contains a list of files and directories that System # Preener will scan. Information collected from these files will be # stored in the tripwire.database file. # # Format: [!|=] entry [ignore-flags] # # where: '!' signifies the entry is to be pruned (inclusive) from # the list of files to be scanned. # '=' signifies the entry is to be added, but if it is # a directory, then all its contents are pruned # (useful for /tmp). # # where: entry is the absolute pathname of a file or a directory # # where ignore-flags are in the format: # [template][ [+|-][pinugsam...] ... ] # # - : ignore the following atributes # + : do not ignore the following attributes # # p : permission and file mode bits a: access timestamp # i : inode number m: modification timestamp # n : number of links (ref count) c: inode creation timestamp # u : user id of owner md5: MD5 signature # g : group id of owner tiger: tiger signature # s : size of file rmd160: RMD160 signature # sha1: SHA1 signature # # # Ex: The following entry will scan all the files in /etc, and report # any changes in mode bits, inode number, reference count, uid, # gid, modification and creation timestamp, and the signatures. # However, it will ignore any changes in the access timestamp. # # /etc +p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a # # The following templates have been pre-defined to make these long ignore # mask descriptions unecessary. # # Templates: # (default) R : [R]ead-only (+p+i+n+u+g+s+m+md5+tiger+rmd160+sha1-a) # L : [L]og file (+p+i+n+u+g-s-a-m-md5-tiger-rmd160-sha1) # N : ignore [N]othing (+p+i+n+u+s+g+s+a+m+c+md5+tiger+rmd160+sha1) # E : ignore [E]verything (-p-i-n-u-s-g-s-a-m-c-md5-tiger-rmd160-sha1) # # By default, Tripwire uses the R template -- it ignores # only the access timestamp. # # You can use templates with modifiers, like: # Ex: /etc/lp E+u+g # # Example configuration file: # /etc R # all system files # !/etc/lp R # ...but not those logs # =/tmp N # just the directory, not its files # # Note the difference between pruning (via "!") and ignoring everything # (via "E" template): Ignoring everything in a directory still monitors # for added and deleted files. Pruning a directory will prevent Tripwire # from even looking in the specified directory. # # # Tripwire running slowly? Modify your tripwire.config entries to -# ignore the (signature 2) attribute when this computationally-exorbita -nt +# ignore the (signature 2) attribute when this computationally-exorbitant # protection is not needed. (See README and design document for further # details.) # -database=file:///var/log/aide/databases/aide.db -database_out=file:///var/log/aide/databases/aide.db.new +database=file:///var/adm/aide/databases/aide.db +database_out=file:///var/adm/aide/databases/aide.db.new # First, root's traditional "home". Note that FreeBSD's root's home (/root) # is protected by R-tiger-rmd160-sha1 protections in the default config file. =/ L /.rhosts R /.profile R /.cshrc R /.login R /.exrc R /.logout R /.forward R # Unix itself /kernel R # /bin /bin R-tiger-rmd160-sha1 # /dev /dev L # /etc /etc R-tiger-rmd160-sha1 /etc/aliases L /etc/dumpdates L /etc/motd L # my passwd database should be static at time of system build. yours may # not be, if not, uncomment the lines below. # /etc/passwd L # /etc/master.passwd L # /etc/pwd.db L # /etc/spwd.db L # /home =/home L-c # /lkm /lkm R-tiger-rmd160-sha1 # /root /root R-tiger-rmd160-sha1 /root/.history L # /sbin /sbin R-tiger-rmd160-sha1 # /stand /stand R-tiger-rmd160-sha1 # /usr/bin /usr/bin R-tiger-rmd160-sha1 /usr/include R-tiger-rmd160-sha1 /usr/lib R-tiger-rmd160-sha1 /usr/libdata R-tiger-rmd160-sha1 /usr/libexec R-tiger-rmd160-sha1 /usr/local/bin R-tiger-rmd160-sha1 /usr/local/etc L /usr/local/lib R-tiger-rmd160-sha1 /usr/local/libexec R-tiger-rmd160-sha1 /usr/local/sbin R-tiger-rmd160-sha1 /usr/local/share R-tiger-rmd160-sha1 /usr/sbin R-tiger-rmd160-sha1 /usr/share R-tiger-rmd160-sha1 ########################################### Property changes on: head/security/aide/files/aide.conf.freebsd ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.1 \ No newline at end of property +1.2 \ No newline at end of property Index: head/security/aide/files/patch-doc_aide.1 =================================================================== --- head/security/aide/files/patch-doc_aide.1 (nonexistent) +++ head/security/aide/files/patch-doc_aide.1 (revision 38035) @@ -0,0 +1,23 @@ +--- doc/aide.1.orig Wed Jan 19 12:11:36 2000 ++++ doc/aide.1 Sat Sep 2 13:00:57 2000 +@@ -45,11 +45,17 @@ + Prints out the standard help message. + .PP + .SH FILES +-.B /etc/aide.conf ++.TP ++.BI PREFIX/etc/aide.conf.sample ++Example aide configuration file. ++.TP ++.BI /var/adm/aide/aide.conf + Default aide configuration file. +-.B /etc/aide.db ++.TP ++.BI /var/adm/aide/databases/aide.db + Default aide database. +-.B /etc/aide.db.new ++.TP ++.BI /var/adm/aide/databases/aide.db.new + Default aide output database. + .SH SEE ALSO + .BR aide.conf (5) Property changes on: head/security/aide/files/patch-doc_aide.1 ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/aide/pkg-message =================================================================== --- head/security/aide/pkg-message (nonexistent) +++ head/security/aide/pkg-message (revision 38035) @@ -0,0 +1,10 @@ +If you want to finish setting up AIDE, don't forget to create your own +aide.conf based on ${PREFIX}/etc/aide.conf.sample and then copy it to +the /var/adm/aide/ directory. You will also need to run the following +commands: + + cd /var/adm/aide + aide --init + mv databases/aide.db.new databases/aide.db + +You may want to change the permissions of the /var/adm/aide/ directory tree. Property changes on: head/security/aide/pkg-message ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/aide/pkg-plist =================================================================== --- head/security/aide/pkg-plist (revision 38034) +++ head/security/aide/pkg-plist (revision 38035) @@ -1,2 +1,10 @@ bin/aide etc/aide.conf.sample +@exec /bin/mkdir -p /var/adm/aide/databases +@exec [ -f /var/adm/aide/aide.conf ] || /usr/sbin/chown root:wheel /var/adm/aide +@exec [ -f /var/adm/aide/aide.conf ] || /usr/sbin/chown root:wheel /var/adm/aide/databases +@exec [ -f /var/adm/aide/aide.conf ] || /usr/sbin/chmod 0700 /var/adm/aide +@exec [ -f /var/adm/aide/aide.conf ] || /usr/sbin/chmod 0700 /var/adm/aide/databases +@unexec rmdir /var/adm/aide/databases 2>/dev/null || true +@unexec rmdir /var/adm/aide 2>/dev/null || true +@unexec rmdir /var/adm 2>/dev/null || true Property changes on: head/security/aide/pkg-plist ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.1 \ No newline at end of property +1.2 \ No newline at end of property