Opened 10 years ago

Closed 9 years ago

#43419 closed enhancement (fixed)

security/aide improvements

Reported by: jul_bsd@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc:
Port: aide

Description

  • subport -devel
  • add cron task from debian shell script and launchd plist to use it, template for rotating log with newsyslog (is there a preferred way? system newsyslog, no macports newsyslog, port logrotate)
  • conf as post-activate
  • notes to end install
  • default aide.conf fit for macos
  • port lint --nitpick
  • livecheck
  • /tab/spacex4/

Attachments (7)

mp-aide.conf (152 bytes) - added by jul_bsd@… 10 years ago.
org.macports.aide.plist (501 bytes) - added by jul_bsd@… 10 years ago.
aide-check.cron (2.1 KB) - added by jul_bsd@… 10 years ago.
aide.conf (8.3 KB) - added by jul_bsd@… 10 years ago.
main.log (76.9 KB) - added by mf2k (Frank Schima) 9 years ago.
Portfile (5.9 KB) - added by jul_bsd@… 9 years ago.
patch-aide-Portfile.diff (6.5 KB) - added by jul_bsd@… 9 years ago.

Download all attachments as: .zip

Change History (18)

Changed 10 years ago by jul_bsd@…

Attachment: mp-aide.conf added

Changed 10 years ago by jul_bsd@…

Attachment: org.macports.aide.plist added

comment:1 Changed 10 years ago by jul_bsd@…

  • put plist in LaunchDaemons
  • add contrib for examples
  • add README in doc
  • fix var option in aide-check.cron to be in update mode as default vs check only

Changed 10 years ago by jul_bsd@…

Attachment: aide-check.cron added

comment:2 Changed 10 years ago by jul_bsd@…

  • mode line
  • universal variant
  • update config macos aide.conf

Changed 10 years ago by jul_bsd@…

Attachment: aide.conf added

comment:3 Changed 10 years ago by mf2k (Frank Schima)

Your patch includes whitespace changes making it very hard to see the changes you are proposing. Please submit a new Portfile patch with only functional changes.

comment:4 Changed 9 years ago by jul_bsd@…

Here an update without whitespaces...

comment:5 Changed 9 years ago by mf2k (Frank Schima)

This fails at staging with the following error:

--->  Staging aide into destroot
Error: Failed to destroot aide: error copying "/opt/mports/trunk/dports/security/aide/files/aide.conf": no such file or directory

Indeed there is no file "aide.conf", but there is "mp-aide.conf".

Version 0, edited 9 years ago by mf2k (Frank Schima) (next)

comment:6 Changed 9 years ago by mf2k (Frank Schima)

The aide port installs but I see an error with aide-devel:

:info:build be.c:226:9: warning: incompatible pointer types assigning to 'FILE *' (aka 'struct __sFILE *') from 'gzFile' (aka 'struct gzFile_s *') [-Wincompatible-pointer-types]
:info:build       fh=gzdopen(a,"w");
:info:build         ^~~~~~~~~~~~~~~
:info:build compare_db.c:114:32: error: initializer element is not a compile-time constant
:info:build const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512")

Changed 9 years ago by mf2k (Frank Schima)

Attachment: main.log added

comment:7 Changed 9 years ago by mf2k (Frank Schima)

I see there is a comment in the Portfile stating that. Creating a new sub-port that does not compile is not acceptable. Please supply a patch without the non-working aide-devel subport. I might try to commit without it if I find some time.

comment:8 Changed 9 years ago by jul_bsd@…

Commented out devel part

comment:9 Changed 9 years ago by mf2k (Frank Schima)

This should use modern checksums (only rmd160 and sha256).

When I run it, I see the following error.

$ aide
Cannot access config file:/opt/local/etc/aide.conf:No such file or directory
No config defined
Configuration error

However, according to the post-destroot block, it should be looking for this - note the missing /aide from the path.

${prefix}/etc/aide/aide.conf 
$ ls -l /opt/local/etc/aide/aide.conf 
-rw-r--r--  1 root  admin  8475 Dec  1 16:42 /opt/local/etc/aide/aide.conf
Last edited 9 years ago by mf2k (Frank Schima) (previous) (diff)

comment:10 Changed 9 years ago by jul_bsd@…

  • miss this checksum, my control check only presence in file not every subport... fixed
  • post-destroot put config files in share/examples and post-activate put in place if not existing. added --sysconfdir at configure to take care of that
  • add notes to initialize database

Changed 9 years ago by jul_bsd@…

Attachment: Portfile added

Changed 9 years ago by jul_bsd@…

Attachment: patch-aide-Portfile.diff added

comment:11 Changed 9 years ago by mf2k (Frank Schima)

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.