Module Name: othersrc Committed By: agc Date: Thu Sep 24 01:05:20 UTC 2015
Update of /cvsroot/othersrc/external/bsd/sid In directory ivanova.netbsd.org:/tmp/cvs-serv19893 Log Message: sid is a Static Intrusion Detection and integrity checking system, designed to be efficient (by using mmap(2) to open any regular files it needs to check) and as unintrusively as possible. It uses in-memory diff(1) functionality by default through libnetdiff(3), falling back to temporary files if there is not enough memory to complete the full set of checks. To that end, on a heavily (output) network-bound machine, it takes 15 seconds elapsed, and 1 second system time, to check the root file system, running at the maxiumum nice value. When running, no output drops were observed at the interface. It uses a configuration file to govern the checks it makes. The syntax is borrowed from the old aide program, without any of the disadvantages of aide (GPL, default verbosity, static database usage, no fs flags checking, GNU regexps, unusual digest types). See the included sid.conf file. The following checks can be specified: a: atime b: block count c: ctime crc32c: crc32c checksum f: flags ftype: file type g: group i: inode l: link target m: mtime n: number of links p: permissions s: size sha256: sha256 checksum sha512: sha512 checksum u: user Checking rules are specified with an embedded '=' sign after the rule: RegFile = crc32c+f+ftype+g+l+p+s+sha256+u LogFile = ftype+g+l+n+p+u Comments are introduced with '#' and continue to the end of line. Directory entries are specified in the configuration file using regular expressions (much more expressive than fnmatch(3)). Directory entries may be specified in 3 ways: 1. checks - give directory entries and rules for recursive checking /bin RegFile # apply the custom rule to the files in /bin /boot RegFile # apply the custom rule to the files in /boot /cfg RegFile # apply the custom rule to the files in /cfg /etc RegFile # same for /etc 2. ignores - specify which directory entries not to check # don't check scratch dir in /usr/local/ccsc/data !/usr/local/ccsc/data and # ignore various per-host config files !/etc/resolv.conf 3. exact matches # more specific tests =/var/tmp$ p+i+n+u+g+s+b+f The default configuration file is /etc/sid.conf, and the output file for now lives in /root/db.sid New files will show up as follows: # touch /root/newfile # nice time sid /root/db.sid 896a897 > {"name":"/root/newfile","crc32c":0,"flags":0,"ftype":100000,"gid":0,"linkname":"/root/newfile","perms":0644,"size":0,"sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","uid":0} 13.888u 1.428s 0:23.82 64.2% 86+173k 1107+0io 8879pf+0w # but will not show up when unlinked: # rm /root/newfile # nice time sid /root/db.sid 13.844u 0.965s 0:15.05 98.3% 86+173k 0+0io 0pf+0w # To generate a database which can be used for later verification, the -g option is used. It can also be used with the -p prefix option to specify a leading prefix. So, for example, if a directory "/build/amd64/fs" contains a representation of the file system as it will later be installed, and using the configuration file in the target file system to configure the database, the command to generate a database would be: sid -g -p /build/amd64/fs -f /build/amd64/fs/etc/sid.conf \ -o /build/amd64/fs/root/db.sid Status: Vendor Tag: CROOKS Release Tags: sid-20150923-base N othersrc/external/bsd/sid/Makefile N othersrc/external/bsd/sid/bin/1.expected N othersrc/external/bsd/sid/bin/Makefile N othersrc/external/bsd/sid/bin/2.expected N othersrc/external/bsd/sid/bin/4.expected N othersrc/external/bsd/sid/bin/5.expected N othersrc/external/bsd/sid/bin/6.expected N othersrc/external/bsd/sid/bin/conf2 N othersrc/external/bsd/sid/dist/diff_subr.c N othersrc/external/bsd/sid/dist/libsid.3 N othersrc/external/bsd/sid/dist/Makefile N othersrc/external/bsd/sid/dist/README N othersrc/external/bsd/sid/dist/crc32c.c N othersrc/external/bsd/sid/dist/crc32c.h N othersrc/external/bsd/sid/dist/diffdir.c N othersrc/external/bsd/sid/dist/diffreg.c N othersrc/external/bsd/sid/dist/internal.h N othersrc/external/bsd/sid/dist/main.c N othersrc/external/bsd/sid/dist/netdiff.h N othersrc/external/bsd/sid/dist/pathnames.h N othersrc/external/bsd/sid/dist/sha2.c N othersrc/external/bsd/sid/dist/sha256hl.c N othersrc/external/bsd/sid/dist/sha512hl.c N othersrc/external/bsd/sid/dist/sid.1 N othersrc/external/bsd/sid/dist/sid.c N othersrc/external/bsd/sid/dist/sid.conf N othersrc/external/bsd/sid/dist/sid.h N othersrc/external/bsd/sid/dist/sidsha2.h No conflicts created by this import