Re: aide checks over ssh

2004-03-04 Thread John Kristoff 
On Fri, 5 Mar 2004 00:22:40 +0100
Matthias Zeichmann [EMAIL PROTECTED] wrote:

 yes; maybe i'm too paranoid; but i was trying to avoid to write the database
 to the target host. 

Possibly a bit too paranoid, but your idea is a good one.  I'm thinking of
incorporating that into the script.

 i did not try, but it might suffice to just copy the aide binary and also 
 supply the config on stdin, though that might not buy much...

Possibly not.  If an attacker is sophisticated enough to compromise the
config you're probably going to lose no matter what you do.

John

AIDE compilation under cygwin

2004-03-16 Thread John Kristoff 
Does someone have any detailed notes about installing a current version
of AIDE under cygwin?  mhash appears to compile OK, but the configure
script in AIDE fails in its mhash library check.  From the config.log:

  configure:2996: gcc -E -g -O2 -I/[dir]/mhash-0.8.18/lib -static conftest.c 
/dev/null 2conftest.out
  configure:3028: checking for gzdopen in -lz
  configure:3047: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib 
-static  -L/[dir]/mhash-0.8.18/lib/.libs -static conftest.c -lz   15
  configure:3096: checking for regexec
  configure:3124: gcc -o conftest -g -O2 -static -g -O2 -I/dir]/mhash-0.8.18/lib 
-static  -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lz  15
  configure:3096: checking for regcomp
  configure:3124: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib 
-static  -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lz  15
  configure:3208: checking for mhash_get_block_size in -lmhash
  configure:3227: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib 
-static  -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lmhash  -lz  15
  /[dir]/mhash-0.8.18/lib/.libs/libmhash.a(mhash.o)(.text+0xd70): In function `main':
  /[dir]/mhash-0.8.18/lib/mhash.c:664: multiple definition of `_main'
  /cygdrive/c/WINDOWS/TEMP/cc0Ut2p0.o(.text+0x0):/[dir]/aide-0.10/configure:3222: 
first defined here
  collect2: ld returned 1 exit status
  configure: failed program was:
  #line 3216 configure
  #include confdefs.h
  /* Override any gcc2 internal prototype to avoid an error.  */
  /* We use char because int might match the return type of a gcc2
  builtin and then its argument prototype would still apply.  */
  char mhash_get_block_size();
 
  int main() {
  mhash_get_block_size()
  ; return 0; }

Thanks for any hints,

John

Re: AIDE / Solaris / libmhash compilation question

2004-05-06 Thread John Kristoff 
On Thu, 06 May 2004 09:20:26 -0400
Michael Shirk [EMAIL PROTECTED] wrote:

 I had fun with this when I setup AIDE on my box. I believe you need it where 
 the checksum is running. So if you have 10 severs, they will need libmhash.
 Please, others, correct me if I am wrong

You don't need it.  On the box you're building AIDE/mhash on, you can do
something like the following to build a complete AIDE binary (I have not
tested this, but I believe it to be correct):

   $ tar zxvf mhash-0.8.18.tar.gz
   ...
   $ cd mhash-0.8.18
   $ ./configure --enable-static=yes
   $ make
   $ cd ..
   $ tar zxvf aide-0.10.tar.gz
   ...
   $ cd aide-0.10
   $ ./configure --with-extra-libs=-L/path/to/mhash-0.8.18/lib/.libs 
--with-extra-includes=-I/path/to/mhash-0.8.18/lib
   $ C_INCLUDE_PATH=/path/to/mhash-0.8.18/lib make

John

Re: AIDE compilation under cygwin

2004-05-29 Thread John Kristoff 
On Tue, 16 Mar 2004 22:04:37 -0600
John Kristoff [EMAIL PROTECTED] wrote:

 Does someone have any detailed notes about installing a current version
 of AIDE under cygwin?  mhash appears to compile OK, but the configure
 script in AIDE fails in its mhash library check.  From the config.log:
[...]
   /[dir]/mhash-0.8.18/lib/mhash.c:664: multiple definition of `_main'

I finally got around to looking at this again and thought I would post
my solution in case any one else had a need for it.

Richard had pointed out the following in mhash.c:

  #ifdef WIN32
  WIN32DLL_DEFINE int main (void)
  {
  /* empty main function to avoid linker error (see cygwin FAQ) */
  }
  #endif

The cygwin FAQ at http://cygwin.com/faq/faq_toc.html#TOC95 mentions a
potential problem with dynamic libraries needing this hack or that the
compiler line needs to be reordered.  I didn't have much luck with the
latter, so to solve I removed the definition and main() function from
the mhash.c source file and built mhash as follows:

  ./configure --enable-static=yes --enable-shared=no
  make

Then aide as:

  ./configure --with-extra-libs=-L/path/to/mhash-0.8.18/lib/.libs \
 --with-extra-includes=-I/path/to/mhash-0.8.18/lib
  make

A working aide.exe was the result.

John

Re: my dilemma

2004-06-08 Thread John Kristoff 
On Tue, 8 Jun 2004 06:36:56 +0200 (CEST)
Roger Grosswiler [EMAIL PROTECTED] wrote:

 usually, the the output of irrelevant entries can be done by not checking those. so 
 in your /etc/aide.conf just place
 a ! in front of the disliked entry. i.e. !/tmp will neither check nor output any 
 result of a check of your tmp-dir.
 

If possible, I wouldn't recommend completely excluding something if at
all feasible.  While it may be necessary to !/tmp on a multiuser system,
if one can monitor fewer attributes to remove the noise without losing
some monitoring that may be preferable.

John

Re: [Aide] hash cannot be calculated

2004-11-03 Thread John Kristoff 
On Wed, 03 Nov 2004 11:57:43 +0100
Richard van den Berg [EMAIL PROTECTED] wrote:

 It means that one of the following attributes was changed between the 
 moment the file was added to the inclusion list and the moment that the 
 hash was about to be calculated.

Everyone once in awhile I've seen this also, but it does not re-appear
during the next --check run.  I've not been able to figure out why this
happens as of yet.  It appears to be a bug of some sort, since the file(s)
reported have not actually changed in anyway as far as I can tell.

John
___
Aide mailing list
[EMAIL PROTECTED]
https://mailman.cs.tut.fi/mailman/listinfo/aide

[Aide] Capturing changes in directory but a privileged subdirectory

2016-06-06 Thread John Kristoff 
I'm using 0.16b1 on a Linux machiine and trying to do something like
this in an aide.conf:

  /boot  R
  !/boot/lost\+found

I'm initializing the database and running as an unprivileged user.  I'm
struggling to figure out how to exclude the priviledged (root only)
lost+found directories (and others like it) from being accessed by AIDE,
because I'm getting errors like this:

  open_dir(): Permission denied: /boot/lost+found

I've tried a variety of ways to get around this, but I must be missing
something obvious.  How can I exclude a handful of subdirectories, but
get everything else by default?

Thank you,

John
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Re: [Aide] Capturing changes in directory but a privileged subdirectory

2016-06-08 Thread John Kristoff 
On Wed, 8 Jun 2016 21:25:14 +
Hannes von Haugwitz  wrote:

> I (hopefully) fixed your issue in git fe17bdd [0]. Please try and
> report back if it works or not.

Unfortunately not.  Here is my aide.conf:

  database = file:aide.db
  database_out = file:aide.db.new
  report_url   = file:aide_report.txt

  /boot R
  !/boot/lost+found

If I run (binary name customized to platform):

  ./aide.amd64 -i -c aide.conf

aide_report.txt's first output line is:

  open_dir(): Permission denied: /boot/lost+found

John
___
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide