Opened 11 years ago
Closed 10 years ago
#43419 closed enhancement (fixed)
security/aide improvements
Reported by: | jul_bsd@… | Owned by: | macports-tickets@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | haspatch | Cc: | |
Port: | aide |
Description
- subport -devel
- add cron task from debian shell script and launchd plist to use it, template for rotating log with newsyslog (is there a preferred way? system newsyslog, no macports newsyslog, port logrotate)
- conf as post-activate
- notes to end install
- default aide.conf fit for macos
- port lint --nitpick
- livecheck
- /tab/spacex4/
Attachments (7)
Change History (18)
Changed 11 years ago by jul_bsd@…
Attachment: | mp-aide.conf added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | org.macports.aide.plist added |
---|
comment:1 Changed 11 years ago by jul_bsd@…
- put plist in LaunchDaemons
- add contrib for examples
- add README in doc
- fix var option in aide-check.cron to be in update mode as default vs check only
Changed 11 years ago by jul_bsd@…
Attachment: | aide-check.cron added |
---|
comment:2 Changed 11 years ago by jul_bsd@…
- mode line
- universal variant
- update config macos aide.conf
Changed 11 years ago by jul_bsd@…
comment:3 Changed 10 years ago by mf2k (Frank Schima)
Your patch includes whitespace changes making it very hard to see the changes you are proposing. Please submit a new Portfile patch with only functional changes.
comment:5 Changed 10 years ago by mf2k (Frank Schima)
This fails at staging with the following error:
---> Staging aide into destroot Error: Failed to destroot aide: error copying "/opt/mports/trunk/dports/security/aide/files/aide.conf": no such file or directory
Indeed there is no file "aide.conf", but there is "mp-aide.conf".
comment:6 Changed 10 years ago by mf2k (Frank Schima)
The aide port installs but I see an error with aide-devel:
:info:build be.c:226:9: warning: incompatible pointer types assigning to 'FILE *' (aka 'struct __sFILE *') from 'gzFile' (aka 'struct gzFile_s *') [-Wincompatible-pointer-types] :info:build fh=gzdopen(a,"w"); :info:build ^~~~~~~~~~~~~~~ :info:build compare_db.c:114:32: error: initializer element is not a compile-time constant :info:build const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512")
Changed 10 years ago by mf2k (Frank Schima)
comment:7 Changed 10 years ago by mf2k (Frank Schima)
I see there is a comment in the Portfile stating that. Creating a new sub-port that does not compile is not acceptable. Please supply a patch without the non-working aide-devel subport. I might try to commit without it if I find some time.
comment:9 Changed 10 years ago by mf2k (Frank Schima)
This should use modern checksums (only rmd160 and sha256).
When I run it, I see the following error.
$ aide Cannot access config file:/opt/local/etc/aide.conf:No such file or directory No config defined Configuration error
However, according to the post-destroot block, it should be looking for this - note the missing /aide
from the path.
${prefix}/etc/aide/aide.conf
$ ls -l /opt/local/etc/aide/aide.conf -rw-r--r-- 1 root admin 8475 Dec 1 16:42 /opt/local/etc/aide/aide.conf
comment:10 Changed 10 years ago by jul_bsd@…
- miss this checksum, my control check only presence in file not every subport... fixed
- post-destroot put config files in share/examples and post-activate put in place if not existing. added --sysconfdir at configure to take care of that
- add notes to initialize database
Changed 10 years ago by jul_bsd@…
Changed 10 years ago by jul_bsd@…
Attachment: | patch-aide-Portfile.diff added |
---|
comment:11 Changed 10 years ago by mf2k (Frank Schima)
Resolution: | → fixed |
---|---|
Status: | new → closed |