Re: aide checks over ssh
On Fri, 5 Mar 2004 00:22:40 +0100 Matthias Zeichmann [EMAIL PROTECTED] wrote: yes; maybe i'm too paranoid; but i was trying to avoid to write the database to the target host. Possibly a bit too paranoid, but your idea is a good one. I'm thinking of incorporating that into the script. i did not try, but it might suffice to just copy the aide binary and also supply the config on stdin, though that might not buy much... Possibly not. If an attacker is sophisticated enough to compromise the config you're probably going to lose no matter what you do. John
AIDE compilation under cygwin
Does someone have any detailed notes about installing a current version of AIDE under cygwin? mhash appears to compile OK, but the configure script in AIDE fails in its mhash library check. From the config.log: configure:2996: gcc -E -g -O2 -I/[dir]/mhash-0.8.18/lib -static conftest.c /dev/null 2conftest.out configure:3028: checking for gzdopen in -lz configure:3047: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib -static -L/[dir]/mhash-0.8.18/lib/.libs -static conftest.c -lz 15 configure:3096: checking for regexec configure:3124: gcc -o conftest -g -O2 -static -g -O2 -I/dir]/mhash-0.8.18/lib -static -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lz 15 configure:3096: checking for regcomp configure:3124: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib -static -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lz 15 configure:3208: checking for mhash_get_block_size in -lmhash configure:3227: gcc -o conftest -g -O2 -static -g -O2 -I/[dir]/mhash-0.8.18/lib -static -L/[dir]/mhash-0.8.18/lib/.libs conftest.c -lmhash -lz 15 /[dir]/mhash-0.8.18/lib/.libs/libmhash.a(mhash.o)(.text+0xd70): In function `main': /[dir]/mhash-0.8.18/lib/mhash.c:664: multiple definition of `_main' /cygdrive/c/WINDOWS/TEMP/cc0Ut2p0.o(.text+0x0):/[dir]/aide-0.10/configure:3222: first defined here collect2: ld returned 1 exit status configure: failed program was: #line 3216 configure #include confdefs.h /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char mhash_get_block_size(); int main() { mhash_get_block_size() ; return 0; } Thanks for any hints, John
Re: AIDE / Solaris / libmhash compilation question
On Thu, 06 May 2004 09:20:26 -0400 Michael Shirk [EMAIL PROTECTED] wrote: I had fun with this when I setup AIDE on my box. I believe you need it where the checksum is running. So if you have 10 severs, they will need libmhash. Please, others, correct me if I am wrong You don't need it. On the box you're building AIDE/mhash on, you can do something like the following to build a complete AIDE binary (I have not tested this, but I believe it to be correct): $ tar zxvf mhash-0.8.18.tar.gz ... $ cd mhash-0.8.18 $ ./configure --enable-static=yes $ make $ cd .. $ tar zxvf aide-0.10.tar.gz ... $ cd aide-0.10 $ ./configure --with-extra-libs=-L/path/to/mhash-0.8.18/lib/.libs --with-extra-includes=-I/path/to/mhash-0.8.18/lib $ C_INCLUDE_PATH=/path/to/mhash-0.8.18/lib make John
Re: AIDE compilation under cygwin
On Tue, 16 Mar 2004 22:04:37 -0600 John Kristoff [EMAIL PROTECTED] wrote: Does someone have any detailed notes about installing a current version of AIDE under cygwin? mhash appears to compile OK, but the configure script in AIDE fails in its mhash library check. From the config.log: [...] /[dir]/mhash-0.8.18/lib/mhash.c:664: multiple definition of `_main' I finally got around to looking at this again and thought I would post my solution in case any one else had a need for it. Richard had pointed out the following in mhash.c: #ifdef WIN32 WIN32DLL_DEFINE int main (void) { /* empty main function to avoid linker error (see cygwin FAQ) */ } #endif The cygwin FAQ at http://cygwin.com/faq/faq_toc.html#TOC95 mentions a potential problem with dynamic libraries needing this hack or that the compiler line needs to be reordered. I didn't have much luck with the latter, so to solve I removed the definition and main() function from the mhash.c source file and built mhash as follows: ./configure --enable-static=yes --enable-shared=no make Then aide as: ./configure --with-extra-libs=-L/path/to/mhash-0.8.18/lib/.libs \ --with-extra-includes=-I/path/to/mhash-0.8.18/lib make A working aide.exe was the result. John
Re: my dilemma
On Tue, 8 Jun 2004 06:36:56 +0200 (CEST) Roger Grosswiler [EMAIL PROTECTED] wrote: usually, the the output of irrelevant entries can be done by not checking those. so in your /etc/aide.conf just place a ! in front of the disliked entry. i.e. !/tmp will neither check nor output any result of a check of your tmp-dir. If possible, I wouldn't recommend completely excluding something if at all feasible. While it may be necessary to !/tmp on a multiuser system, if one can monitor fewer attributes to remove the noise without losing some monitoring that may be preferable. John
Re: [Aide] hash cannot be calculated
On Wed, 03 Nov 2004 11:57:43 +0100 Richard van den Berg [EMAIL PROTECTED] wrote: It means that one of the following attributes was changed between the moment the file was added to the inclusion list and the moment that the hash was about to be calculated. Everyone once in awhile I've seen this also, but it does not re-appear during the next --check run. I've not been able to figure out why this happens as of yet. It appears to be a bug of some sort, since the file(s) reported have not actually changed in anyway as far as I can tell. John ___ Aide mailing list [EMAIL PROTECTED] https://mailman.cs.tut.fi/mailman/listinfo/aide
[Aide] Capturing changes in directory but a privileged subdirectory
I'm using 0.16b1 on a Linux machiine and trying to do something like this in an aide.conf: /boot R !/boot/lost\+found I'm initializing the database and running as an unprivileged user. I'm struggling to figure out how to exclude the priviledged (root only) lost+found directories (and others like it) from being accessed by AIDE, because I'm getting errors like this: open_dir(): Permission denied: /boot/lost+found I've tried a variety of ways to get around this, but I must be missing something obvious. How can I exclude a handful of subdirectories, but get everything else by default? Thank you, John ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
Re: [Aide] Capturing changes in directory but a privileged subdirectory
On Wed, 8 Jun 2016 21:25:14 + Hannes von Haugwitzwrote: > I (hopefully) fixed your issue in git fe17bdd [0]. Please try and > report back if it works or not. Unfortunately not. Here is my aide.conf: database = file:aide.db database_out = file:aide.db.new report_url = file:aide_report.txt /boot R !/boot/lost+found If I run (binary name customized to platform): ./aide.amd64 -i -c aide.conf aide_report.txt's first output line is: open_dir(): Permission denied: /boot/lost+found John ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide