From: Valentin Vidic Date: Fri, 28 Dec 2007 15:05:19 +0000 (+0100) Subject: Removed aide configs. X-Git-Tag: debian/4.0.1~89 X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=carnet-upgrade.git;a=commitdiff_plain;h=5d929e88076c0d1e268525b609aead29b8a6eb00 Removed aide configs. --- diff --git a/usr/share/carnet-upgrade/files/etc/aide/aide.conf b/usr/share/carnet-upgrade/files/etc/aide/aide.conf deleted file mode 100644 index 8316278..0000000 --- a/usr/share/carnet-upgrade/files/etc/aide/aide.conf +++ /dev/null @@ -1,115 +0,0 @@ -# AIDE conf - -database=file:/var/lib/aide/aide.db -database_out=file:/var/lib/aide/aide.db.new - -# Change this to "no" or remove it to not gzip output -# (only useful on systems with few CPU cycles to spare) -gzip_dbout=yes - -# Here are all the things we can check - these are the default rules -# -#p: permissions -#i: inode -#n: number of links -#u: user -#g: group -#s: size -#b: block count -#m: mtime -#a: atime -#c: ctime -#S: check for growing size -#md5: md5 checksum -#sha1: sha1 checksum -#rmd160: rmd160 checksum -#tiger: tiger checksum -#R: p+i+n+u+g+s+m+c+md5 -#L: p+i+n+u+g -#E: Empty group -#>: Growing logfile p+u+g+i+n+S -#haval: haval checksum -#gost: gost checksum -#crc32: crc32 checksum - -# Defines formerly set here have been moved to /etc/default/aide. - -# Custom rules -Binlib = p+i+n+u+g+s+b+m+c+md5+sha1 -ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 -Logs = p+i+n+u+g+S -Devices = p+i+n+u+g+s+b+c+md5+sha1 -Databases = p+n+u+g -StaticDir = p+i+n+u+g -ManPages = p+i+n+u+g+s+b+m+c+md5+sha1 - -# Next decide what directories/files you want in the database - -# Kernel, system map, etc. -=/boot$ Binlib -# Binaries -/bin Binlib -/sbin Binlib -/usr/bin Binlib -/usr/sbin Binlib -/usr/local/bin Binlib -/usr/local/sbin Binlib -/usr/games Binlib -# Libraries -/lib Binlib -/usr/lib Binlib -/usr/local/lib Binlib -# Log files -=/var/log$ StaticDir -!/var/log/ksymoops -/var/log/aide/aide.log(.[0-9])?(.gz)? Databases -/var/log/aide/error.log(.[0-9])?(.gz)? Databases -/var/log/setuid.changes(.[0-9])?(.gz)? Databases -!/var/log/aide -/var/log Logs -# Devices -!/dev/pts -# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, -# you may uncomment this to get rid of them. They're harmless but sometimes -# annoying. -#!/dev/cpu/mtrr -!/dev/xconsole -/dev Devices -# Other miscellaneous files -/var/run$ StaticDir -!/var/run -# Test only the directory when dealing with /proc -/proc$ StaticDir -!/proc - -# You can look through these examples to get further ideas - -# MD5 sum files - especially useful with debsums -g -#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 - -# Check crontabs -#/var/spool/anacron/cron.daily Databases -#/var/spool/anacron/cron.monthly Databases -#/var/spool/anacron/cron.weekly Databases -#/var/spool/cron Databases -#/var/spool/cron/crontabs Databases - -# manpages can be trojaned, especially depending on *roff implementation -#/usr/man ManPages -#/usr/share/man ManPages -#/usr/local/man ManPages - -# docs -#/usr/doc ManPages -#/usr/share/doc ManPages - -# check users' home directories -#/home Binlib - -# check sources for modifications -#/usr/src L -#/usr/local/src L - -# Check headers for same -#/usr/include L -#/usr/local/include L diff --git a/usr/share/carnet-upgrade/files/etc/cron.daily/aide b/usr/share/carnet-upgrade/files/etc/cron.daily/aide deleted file mode 100755 index e5fa178..0000000 --- a/usr/share/carnet-upgrade/files/etc/cron.daily/aide +++ /dev/null @@ -1,157 +0,0 @@ -#!/bin/bash - -PATH="/sbin:/usr/sbin:/bin:/usr/bin" -LOGDIR="/var/log/aide" -LOGFILE="aide.log" -CONFFILE="/var/lib/aide/aide.conf.autogenerated" -ERRORLOG="error.log" -ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` - -[ -f /usr/bin/aide ] || exit 0 - -if [ -f /etc/default/aide ]; then - . /etc/default/aide -fi - -DATABASE=`grep "^database=file:/" $CONFFILE | head -1 | cut --delimiter=: --fields=2` -FQDN=`hostname -f` -DATE=`date +"at %Y-%m-%d %H:%M"` - -# default values - -MAILTO="${MAILTO:-root}" -DATABASE="${DATABASE:-/var/lib/aide/aide.db}" -LINES="${LINES:-1000}" -COMMAND="${COMMAND:-check}" - -AIDEARGS="-V4" - -if [ ! -f $DATABASE ]; then - ( - echo "Fatal error: The AIDE database does not exist!" - echo "This may mean you haven't created it, or it may mean that someone has removed it." - ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO - exit 0 -fi - -[ -f "$LOGDIR/$LOGFILE" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null -[ -f "$LOGDIR/$ERRORLOG" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null - -aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" -RETVAL=$? - -if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then - # Bail now because there was no output and QUIETREPORTS is set - exit 0 -fi - -(cat << EOF; -This is an automated report generated by the Advanced Intrusion Detection -Environment on $FQDN ${DATE}. - -EOF - -# include error log in daily report e-mail - -if [ "$RETVAL" != "0" ]; then - cat > "$LOGDIR/$ERRORLOG" << EOF; - -***************************************************************************** -* aide returned a non-zero exit value * -***************************************************************************** - -EOF - echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" -else - touch "$LOGDIR/$ERRORLOG" -fi -< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" -rm -f "$ERRORTMP" - -if [ -s "$LOGDIR/$ERRORLOG" ]; then - errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` - if [ ${errorlines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned many errors. * -* the error log output has been truncated in this mail * -**************************************************************************** - -EOF - echo "Error output is $errorlines lines, truncated to $LINES." - head -$LINES "$LOGDIR/$ERRORLOG" - echo "The full output can be found in $LOGDIR/$ERRORLOG." - else - echo "Errors produced ($errorlines lines):" - cat "$LOGDIR/$ERRORLOG" - fi -else - echo "AIDE produced no errors." -fi - -# include de-noised log - -if [ -n "$NOISE" ]; then - NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` - NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` - sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ - grep '^\(changed\|removed\|added\):' | \ - grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 - - if [ -n "$NOISE" ]; then - < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP - rm -f $NOISETMP2 - echo "De-Noised output removes everything matching $NOISE." - else - mv $NOISETMP2 $NOISETMP - echo "No noise expression was given." - fi - - if [ -s "$NOISETMP" ]; then - loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` - if [ ${loglines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned long output which has been truncated in this mail * -**************************************************************************** - -EOF - echo "De-Noised output is $loglines lines, truncated to $LINES." - < $NOISETMP head -$LINES - echo "The full output can be found in $LOGDIR/$LOGFILE." - else - echo "De-Noised output of the daily AIDE run ($loglines lines):" - cat $NOISETMP - fi - else - echo "AIDE detected no changes after removing noise." - fi - rm -f $NOISETMP - echo "============================================================================" -fi - -# include non-de-noised log - -if [ -s "$LOGDIR/$LOGFILE" ]; then - loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` - if [ ${loglines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned long output which has been truncated in this mail * -**************************************************************************** - -EOF - echo "Output is $loglines lines, truncated to $LINES." - head -$LINES "$LOGDIR/$LOGFILE" - echo "The full output can be found in $LOGDIR/$LOGFILE." - else - echo "Output of the daily AIDE run ($loglines lines):" - cat "$LOGDIR/$LOGFILE" - fi -else - echo "AIDE detected no changes." -fi -) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO diff --git a/usr/share/carnet-upgrade/files/etc/default/aide b/usr/share/carnet-upgrade/files/etc/default/aide deleted file mode 100644 index 773751d..0000000 --- a/usr/share/carnet-upgrade/files/etc/default/aide +++ /dev/null @@ -1,25 +0,0 @@ -# These settings are mainly for the wrapper scripts around aide, -# such as aideinit and /etc/cron.daily/aide - -# This is the email address reports get mailed to -MAILTO=root - -# Set this to suppress mailings when there's nothing to report -#QUIETREPORTS=1 - -# This parameter defines which aide command to run from the cron script. -# Sensible values are "update" and "check". -# Default is "check", ensuring backwards compatibility. -# Since "update" does not take any longer, it is recommended to use "update", -# so that a new database is created every day. The new database needs to be -# manually copied over the current one, though. -COMMAND=update - -# This parameter defines how many lines to return per e-mail. Output longer -# than this value will be truncated in the e-mail sent out. -LINES=1000 - -# This parameter gives a grep regular expression. If given, all output lines -# that _don't_ match the regexp are listed first in the script's output. This -# allows to easily remove noise from the aide report. -NOISE="(/var/cache/dwww|/var/backups|/var/lib/dwww/html)"