diff --git a/.aide.metadata b/.aide.metadata
new file mode 100644
index 0000000..78c4b28
--- /dev/null
+++ b/.aide.metadata
@@ -0,0 +1 @@
+c5998c04a223416142323fa1bd18db0936099827 SOURCES/aide-0.15.1.tar.gz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6e9de9a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/aide-0.15.1.tar.gz
diff --git a/SOURCES/README.quickstart b/SOURCES/README.quickstart
new file mode 100644
index 0000000..87adc63
--- /dev/null
+++ b/SOURCES/README.quickstart
@@ -0,0 +1,40 @@
+1) Customize /etc/aide.conf to your liking. In particular, add
+ important directories and files which you would like to be
+ covered by integrity checks. Avoid files which are expected
+ to change frequently or which don't affect the safety of your
+ system.
+
+2) Run "/usr/sbin/aide --init" to build the initial database.
+ With the default setup, that creates /var/lib/aide/aide.db.new.gz
+
+3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
+ in a secure location, e.g. on separate read-only media (such as
+ CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
+ of those files in a secure location, so you have means to verify
+ that nobody modified those files.
+
+4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
+ which is the location of the input database.
+
+5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
+ compared with the AIDE database. Prior to running a check manually,
+ ensure that the AIDE binary and database have not been modified
+ without your knowledge.
+
+ Caution!
+
+ With the default setup, an AIDE check is not run periodically as a
+ cron job. It cannot be guaranteed that the AIDE binaries, config
+ file and database are intact. It is not recommended that you run
+ automated AIDE checks without verifying AIDE yourself frequently.
+ In addition to that, AIDE does not implement any password or
+ encryption protection for its own files.
+
+ It is up to you how to put a file integrity checker to good effect
+ and how to set up automated checks if you think it adds a level of
+ safety (e.g. detecting failed/incomplete compromises or unauthorized
+ modification of special files). On a compromised system, the
+ intruder could disable the automated check. Or he could replace the
+ AIDE binary, config file and database easily when they are not
+ located on read-only media.
+
diff --git a/SOURCES/aide-0.14-man.patch b/SOURCES/aide-0.14-man.patch
new file mode 100644
index 0000000..8192636
--- /dev/null
+++ b/SOURCES/aide-0.14-man.patch
@@ -0,0 +1,15 @@
+diff -ur aide.orig/doc/aide.1.in aide/doc/aide.1.in
+--- aide.orig/doc/aide.1.in 2010-02-24 13:53:49.000000000 -0500
++++ aide/doc/aide.1.in 2010-02-24 13:57:44.000000000 -0500
+@@ -75,9 +75,9 @@
+ .SH FILES
+ .B @sysconfdir@/aide.conf
+ Default aide configuration file.
+-.B @sysconfdir@/aide.db
++.B @localstatedir@/lib/aide.db
+ Default aide database.
+-.B @sysconfdir@/aide.db.new
++.B @localstatedir@/lib/aide.db.new
+ Default aide output database.
+ .SH SEE ALSO
+ .BR aide.conf (5)
diff --git a/SOURCES/aide-0.15-error-messages.patch b/SOURCES/aide-0.15-error-messages.patch
new file mode 100644
index 0000000..7dc3ffc
--- /dev/null
+++ b/SOURCES/aide-0.15-error-messages.patch
@@ -0,0 +1,13 @@
+diff -U0 ./ChangeLog.error-messages ./ChangeLog
+diff -up ./src/conf_yacc.y.error-messages ./src/conf_yacc.y
+--- ./src/conf_yacc.y.error-messages 2017-03-20 16:45:08.885577012 +0100
++++ ./src/conf_yacc.y 2017-03-20 16:45:08.888577012 +0100
+@@ -37,7 +37,7 @@ DB_ATTR_TYPE retval=0;
+ extern int conflex();
+ void conferror(const char*);
+
+-extern char conftext[];
++extern char *conftext;
+ extern long conf_lineno;
+
+
diff --git a/SOURCES/aide-0.15-syslog-format.patch b/SOURCES/aide-0.15-syslog-format.patch
new file mode 100644
index 0000000..961927f
--- /dev/null
+++ b/SOURCES/aide-0.15-syslog-format.patch
@@ -0,0 +1,759 @@
+diff -up ./doc/aide.conf.5.in.syslog-format ./doc/aide.conf.5.in
+--- ./doc/aide.conf.5.in.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./doc/aide.conf.5.in 2017-03-07 11:12:49.964000000 -0500
+@@ -44,6 +44,25 @@ inclusive. This parameter can only be gi
+ occurence is used. If \-\-verbose or \-V is used then the value from that
+ is used. The default is 5. If verbosity is 20 then additional report
+ output is written when doing \-\-check, \-\-update or \-\-compare.
++.IP "syslog_format"
++Valid values are yes,true,no and false. This option enables new syslog format
++which is suitable for logging. Every change is logged as one simple line. This option
++changes verbose level to 0 and prints everything that was changed. It is suggested
++to use this option with "report_url=syslog:...". Default value is "false/no".
++Maximum size of message is 1KB which is limitation of syslog call. If message is
++greater than limit, message will be truncated.
++Option summarize_changes has no impact for this format.
++.nf
++.eo
++
++Output always starts with:
++"AIDE found differences between database and filesystem!!"
++And it is followed by summary:
++summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1
++And finally there are logs about changes:
++dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;...
++.ec
++.fi
+ .IP "report_url"
+ The url that the output is written to. There can be multiple instances
+ of this parameter. Output is written to all of them. The default is
+diff -up ./include/db_config.h.syslog-format ./include/db_config.h
+--- ./include/db_config.h.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./include/db_config.h 2017-03-07 11:12:49.964000000 -0500
+@@ -264,6 +264,7 @@ typedef struct db_config {
+ FILE* db_out;
+
+ int config_check;
++ int syslog_format;
+
+ #ifdef WITH_ZLIB
+ gzFile db_gzin;
+diff -up ./src/aide.c.syslog-format ./src/aide.c
+--- ./src/aide.c.syslog-format 2017-03-07 11:12:49.960000000 -0500
++++ ./src/aide.c 2017-03-07 11:12:49.964000000 -0500
+@@ -264,6 +264,7 @@ void setdefaults_before_config()
+ }
+
+ /* Setting some defaults */
++ conf->syslog_format=0;
+ conf->report_db=0;
+ conf->tree=NULL;
+ conf->config_check=0;
+@@ -468,6 +469,9 @@ void setdefaults_after_config()
+ if(conf->verbose_level==-1){
+ conf->verbose_level=5;
+ }
++ if(conf->syslog_format==1){
++ conf->verbose_level=0;
++ }
+ }
+
+
+@@ -664,6 +668,7 @@ int main(int argc,char**argv)
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
+ #endif /* WITH_GCRYPT */
+ return RETOK;
++
+ }
+ const char* aide_key_3=CONFHMACKEY_03;
+ const char* db_key_3=DBHMACKEY_03;
+diff -up ./src/compare_db.c.syslog-format ./src/compare_db.c
+--- ./src/compare_db.c.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./src/compare_db.c 2017-03-07 11:30:52.630000000 -0500
+@@ -50,6 +50,7 @@
+ #include "md.h"
+
+ /*************/
++#define MESSAGE_SIZE 1024
+ /* contruction area for report lines */
+ const int old_col = 12;
+ const int new_col = 40;
+@@ -60,6 +61,9 @@ char oline[129];
+ char nline[129];
+ const char* entry_format= " %-9s: %-33s, %s\n";
+ const char* entry_format_justnew=" %-9s: %-33c %s\n";
++const char* entry_syslog= "%s_old=%s;%s_new=%s";
++const char* entry_syslog_justnew="%s_new=%s";
++
+ #ifdef WITH_E2FSATTRS
+ /* flag->character mappings defined in lib/e2p/pf.c (part of e2fsprogs-1.41.12 sources) */
+ unsigned long flag_bits[] = { EXT2_SECRM_FL, EXT2_UNRM_FL, EXT2_SYNC_FL, EXT2_DIRSYNC_FL, EXT2_IMMUTABLE_FL,
+@@ -415,7 +419,7 @@ DB_ATTR_TYPE compare_dbline(db_line* l1,
+ return ret;
+ }
+
+-void print_str_changes(char*old,char*new,const char *name, DB_ATTR_TYPE force)
++void print_str_changes(char*old,char*new,const char *name, DB_ATTR_TYPE force, char* part_message)
+ {
+ int mode = 0;
+ if(old==NULL){
+@@ -438,50 +442,80 @@ void print_str_changes(char*old,char*new
+ }
+ if(mode == 1) {
+ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ } else if (mode == 2) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
++ } else {
++ part_message="\0";
+ }
+ return;
+ }
+
+ #ifdef WITH_ACL
+-void print_single_acl(acl_type* acl)
++void print_single_acl(acl_type* acl, char* line)
+ {
+ if (acl==NULL) {
+ error(2,"<NULL>\n");
++ if (conf->syslog_format)snprintf(line, long_part_len, "<NULL>");
+ } else {
+ #ifdef WITH_POSIX_ACL
+- if (!acl->acl_a)
++ if (!acl->acl_a) {
+ error(2,"A: <NONE>\n ");
+- else
++ if (conf->syslog_format)snprintf(line, long_part_len, "A:<NONE>");
++ }
++ else {
+ error(2,"A:\n----\n%s----\n ",acl->acl_a);
+- if (!acl->acl_d)
++ if (conf->syslog_format)snprintf(line, long_part_len, "A:%s", acl->acl_a);
++ }
++ size_t len=strlen(line);
++ if (!acl->acl_d) {
+ error(2,"D: <NONE>\n");
+- else
++ if (conf->syslog_format&&len<(size_t)long_part_len)snprintf(line+len-1, long_part_len, "|D:<NONE>");
++ }
++ else {
+ error(2,"D:\n----\n%s----\n",acl->acl_d);
++ if (conf->syslog_format&&len<(size_t)long_part_len)snprintf(line+len-1, long_part_len, "|D:%s", acl->acl_d);
++ }
+ #endif
+ #ifdef WITH_SUN_ACL
+ aclt=acltotext(acl->acl,acl->entries);
+ if (aclt==NULL) {
+ error(2,"ERROR\n");
++ if (conf->syslog_format)snprintf(line, long_part_len, "<ERROR>");
+ } else {
+ error(2,"%s ,\n",aclt);
++ if (conf->syslog_format)snprintf(line, long_part_len, "%s", aclt);
+ free(aclt);
+ }
+ #endif
+ }
+ }
+
+-void print_acl_changes(acl_type* old,acl_type* new, DB_ATTR_TYPE force) {
++void print_acl_changes(acl_type* old,acl_type* new, DB_ATTR_TYPE force, char* part_message) {
+
+ if (compare_acl(old,new)==RETFAIL) {
+ error(2," ACL : old = ");
+- print_single_acl(old);
++ print_single_acl(old, oline);
+ error(2," new = ");
+- print_single_acl(new);
++ print_single_acl(new, nline);
++ if (conf->syslog_format) {
++ snprintf(part_message, MESSAGE_SIZE, "ACL_old=|%s|;ACL_new=|%s|", oline, nline);
++ unsigned int i;
++ for (i = 0; i < strlen(part_message); i++) if (part_message[i] == '\n') part_message[i] = ' ';
++ }
+ } else if (old!=NULL && new!=NULL && force) {
+ error(2," ACL : ");
+- print_single_acl(new);
++ print_single_acl(new, nline);
++ if (conf->syslog_format) {
++ snprintf(part_message, MESSAGE_SIZE, "ACL_new=|%s|", nline);
++ unsigned int i;
++ for (i = 0; i < strlen(part_message); i++) if (part_message[i] == '\n') part_message[i] = ' ';
++ }
+ }
+ }
+ #endif
+@@ -502,15 +536,18 @@ static size_t xstrnspn(const char *s1, s
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ ".-_:;,[]{}<>()!@#$%^&*|\\/?~"
+
+-void print_single_xattrs(xattrs_type* xattrs)
++void print_single_xattrs(xattrs_type* xattrs, char* line)
+ {
+ if (xattrs==NULL) {
+ error(2,"num=0\n");
++ if (conf->syslog_format)snprintf(line, MESSAGE_SIZE, "num=0");
+ } else {
+ size_t num = 0;
+ int width = 0;
+-
++ char tmp[MESSAGE_SIZE]={0};
++
+ error(2,"num=%lu\n", (unsigned long)xattrs->num);
++ if (conf->syslog_format)snprintf(line, MESSAGE_SIZE, "num=%lu", (unsigned long)xattrs->num);
+
+ width = log10(xattrs->num); /* make them the same width */
+
+@@ -524,33 +561,44 @@ void print_single_xattrs(xattrs_type* xa
+ len = xstrnspn(val, xattrs->ents[num - 1].vsz, PRINTABLE_XATTR_VALS);
+
+ if ((len == xattrs->ents[num - 1].vsz) ||
+- ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len]))
++ ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) {
+ error(2," [%.*zd] %s = %s\n", width, num,
+ xattrs->ents[num - 1].key, val);
+- else
+- {
++ if (conf->syslog_format)snprintf(tmp, MESSAGE_SIZE, "[%.*zd]%s=%s", width, num,
++ xattrs->ents[num - 1].key, val);
++ }
++ else {
+ val = encode_base64(xattrs->ents[num - 1].val,
+ xattrs->ents[num - 1].vsz);
+ error(2," [%.*zd] %s <=> %s\n", width, num,
+ xattrs->ents[num - 1].key, val);
++ if (conf->syslog_format)snprintf(tmp, MESSAGE_SIZE, "[%.*zd]%s<=>%s", width, num,
++ xattrs->ents[num - 1].key, val);
+ free(val);
+ }
+-
++
++ if (conf->syslog_format&&len<MESSAGE_SIZE) {
++ len=strlen(line);
++ snprintf(line+len, MESSAGE_SIZE-len, "|%s", tmp);
++ }
+ }
+ }
+ }
+
+ void print_xattrs_changes(xattrs_type* old,xattrs_type* new,
+- DB_ATTR_TYPE force) {
+-
++ DB_ATTR_TYPE force, char* part_message) {
++ char old_attrs[MESSAGE_SIZE]={0};
++ char new_attrs[MESSAGE_SIZE]={0};
+ if (compare_xattrs(old,new)==RETFAIL) {
+ error(2," XAttrs : old = ");
+- print_single_xattrs(old);
++ print_single_xattrs(old, (char*)old_attrs);
+ error(2," new = ");
+- print_single_xattrs(new);
++ print_single_xattrs(new, (char*)new_attrs);
++ if (conf->syslog_format)snprintf(part_message, MESSAGE_SIZE, "XAttrs_old=|%s|;XAttrs_new=|%s|", (char*)old_attrs, (char*)new_attrs);
+ } else if (force) {
+ error(2," XAttrs : ");
+- print_single_xattrs(new);
++ print_single_xattrs(new, (char*)new_attrs);
++ if (conf->syslog_format)snprintf(part_message, MESSAGE_SIZE, "XAttrs_new=|%s|", (char*)new_attrs);
+ }
+
+ }
+@@ -571,7 +619,7 @@ char* e2fsattrs2char(unsigned long flags
+ }
+ #endif
+
+-void print_md_changes(byte*old,byte*new,int len,char* name, DB_ATTR_TYPE force)
++void print_md_changes(byte*old,byte*new,int len,char* name, DB_ATTR_TYPE force, char* part_message)
+ {
+ int mode = 0;
+ if (old!=NULL && new!=NULL) {
+@@ -594,8 +642,14 @@ void print_md_changes(byte*old,byte*new,
+ }
+ if (mode == 1) {
+ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ } else if (mode == 2) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
+ }
+ return;
+ }
+@@ -607,7 +661,7 @@ int is_time_null(struct tm *ot)
+ && ot->tm_hour == 1 && ot->tm_min == 0 && ot->tm_sec == 0);
+ }
+
+-void print_time_changes(const char* name, time_t old_time, time_t new_time,int justnew)
++void print_time_changes(const char* name, time_t old_time, time_t new_time,int justnew, char* part_message)
+ {
+ struct tm otm;
+ struct tm *ot = &otm;
+@@ -640,12 +694,18 @@ void print_time_changes(const char* name
+ }
+ if (justnew) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
+ } else {
+- error(2,(char*)entry_format,name,oline,nline);
++ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ }
+ }
+
+-void print_int_changes(const char* name, int old, int new, int justnew)
++void print_int_changes(const char* name, int old, int new, int justnew, char* part_message)
+ {
+ if (!justnew) {
+ snprintf(oline,part_len,"%i",old);
+@@ -653,11 +713,17 @@ void print_int_changes(const char* name,
+ snprintf(nline,part_len,"%i",new);
+ if (justnew) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
+ } else {
+ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ }
+ }
+-void print_long_changes(const char* name, AIDE_OFF_TYPE old, AIDE_OFF_TYPE new, int justnew)
++void print_long_changes(const char* name, AIDE_OFF_TYPE old, AIDE_OFF_TYPE new, int justnew, char* part_message)
+ {
+ #if SIZEOF_OFF64_T == SIZEOF_LONG_LONG
+ if (!justnew) {
+@@ -672,12 +738,18 @@ void print_long_changes(const char* name
+ #endif
+ if (justnew) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
+ } else {
+ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ }
+ }
+
+-void print_string_changes(const char* name, const char* old, const char* new, int justnew)
++void print_string_changes(const char* name, const char* old, const char* new, int justnew, char* part_message)
+ {
+ if (!justnew) {
+ snprintf(oline,part_len,"%s",old);
+@@ -685,8 +757,14 @@ void print_string_changes(const char* na
+ snprintf(nline,part_len,"%s",new);
+ if (justnew) {
+ error(2,(char*)entry_format_justnew,name,' ',nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog_justnew, name, nline);
++ }
+ } else {
+- error(2,(char*)entry_format,name,oline,nline);
++ error(2,(char*)entry_format,name,oline,nline);
++ if(part_message!=NULL && conf->syslog_format){
++ snprintf(part_message, MESSAGE_SIZE, entry_syslog, name, oline, name, nline);
++ }
+ }
+ }
+
+@@ -954,168 +1032,226 @@ void print_changed_line(db_line* old,db_
+ }
+ }
+
++static void p_swap(char** first, char** second)
++{
++ if(first==NULL||second==NULL)return;
++ char* tmp=*first;
++ *first=*second;
++ *second=tmp;
++}
++
++#define DO_APPEND(x,y,z) do{ \
++ if(conf->syslog_format&&z[0]!=0){ \
++ snprintf(x, MESSAGE_SIZE,"%s;%s",y,z); \
++ p_swap((char**)&x,(char**)&y); \
++ z[0]='\0'; \
++ } \
++ }while(0)
++
+ void print_dbline_changes(db_line* old,db_line* new,
+ DB_ATTR_TYPE ignorelist,DB_ATTR_TYPE forced_attrs)
+ {
+ char* tmp=NULL;
+ char* tmp2=NULL;
+-
++
++ char part_message[MESSAGE_SIZE]={0};
++ char message1[MESSAGE_SIZE]={0};
++ char message2[MESSAGE_SIZE]={0};
++ char* message=&message1[0];
++ char* message_old=&message2[0];
+ /*
+ Force just entries, that exists.
+ */
+ forced_attrs&=new->attr;
+
+ error(2,"\n%s: %s\n",get_file_type_string(new->perm),new->filename);
++
++ if(conf->syslog_format){
++ if(S_ISDIR(new->perm_o))
++ snprintf(message, MESSAGE_SIZE, "dir=%s", old->filename);
++ else
++ snprintf(message, MESSAGE_SIZE, "file=%s", old->filename);
++ p_swap(&message,&message_old);
++ }
+
+ if ((!(DB_FTYPE&ignorelist)) && (((DB_FTYPE&old->attr && DB_FTYPE&new->attr) && get_file_type_char(old->perm)!=get_file_type_char(new->perm)) || DB_FTYPE&forced_attrs)) {
+- print_string_changes("File type", get_file_type_string(old->perm),get_file_type_string(new->perm), get_file_type_char(old->perm)==get_file_type_char(new->perm));
++ if(conf->syslog_format)
++ print_string_changes("file_type", get_file_type_string(old->perm),get_file_type_string(new->perm), get_file_type_char(old->perm)==get_file_type_char(new->perm), ((char*)part_message));
++ else
++ print_string_changes("File type", get_file_type_string(old->perm),get_file_type_string(new->perm), get_file_type_char(old->perm)==get_file_type_char(new->perm), NULL);
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if(!(DB_LINKNAME&ignorelist)){
+- print_str_changes(old->linkname,new->linkname, "Lname", DB_LINKNAME&forced_attrs);
++ print_str_changes(old->linkname,new->linkname, "Lname", DB_LINKNAME&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (((!(DB_SIZEG&ignorelist)) && (((DB_SIZEG&old->attr && DB_SIZEG&new->attr) && old->size>new->size) || DB_SIZEG&forced_attrs))
+ || ((!(DB_SIZE&ignorelist)) && (((DB_SIZE&old->attr && DB_SIZE&new->attr) && old->size!=new->size) || DB_SIZE&forced_attrs)) ) {
+- print_long_changes("Size", old->size,new->size,old->size==new->size);
++ print_long_changes("Size", old->size,new->size,old->size==new->size, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_BCOUNT&ignorelist)) {
+ if(old->bcount!=new->bcount ||(DB_BCOUNT&forced_attrs) ){
+- print_int_changes("Bcount", old->bcount,new->bcount,old->bcount==new->bcount);
++ print_int_changes("Bcount", old->bcount,new->bcount,old->bcount==new->bcount, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+ if (!(DB_PERM&ignorelist)) {
+ if((DB_PERM&old->attr && DB_PERM&new->attr && old->perm!=new->perm) || DB_PERM&forced_attrs){
+ tmp=perm_to_char(old->perm);
+ tmp2=perm_to_char(new->perm);
+- print_string_changes("Perm", tmp,tmp2,old->perm==new->perm);
++ print_string_changes("Perm", tmp,tmp2,old->perm==new->perm, ((char*)part_message));
+ free(tmp);
+ free(tmp2);
+ tmp=NULL;
+ tmp2=NULL;
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_UID&ignorelist)) {
+ if(old->uid!=new->uid||DB_UID&forced_attrs){
+- print_int_changes("Uid", old->uid,new->uid,old->uid==new->uid);
++ print_int_changes("Uid", old->uid,new->uid,old->uid==new->uid, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_GID&ignorelist)) {
+ if(old->gid!=new->gid||DB_GID&forced_attrs){
+- print_int_changes("Gid", old->gid,new->gid,old->gid==new->gid);
++ print_int_changes("Gid", old->gid,new->gid,old->gid==new->gid, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_ATIME&ignorelist)) {
+ if(old->atime!=new->atime||DB_ATIME&forced_attrs){
+- print_time_changes("Atime", old->atime, new->atime,old->atime==new->atime);
++ print_time_changes("Atime", old->atime, new->atime,old->atime==new->atime, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_MTIME&ignorelist)) {
+ if(old->mtime!=new->mtime||DB_MTIME&forced_attrs){
+- print_time_changes("Mtime", old->mtime, new->mtime,old->mtime==new->mtime);
++ print_time_changes("Mtime", old->mtime, new->mtime,old->mtime==new->mtime, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_CTIME&ignorelist)) {
+ if(old->ctime!=new->ctime||DB_CTIME&forced_attrs){
+- print_time_changes("Ctime", old->ctime, new->ctime,old->ctime==new->ctime);
++ print_time_changes("Ctime", old->ctime, new->ctime,old->ctime==new->ctime, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_INODE&ignorelist)) {
+ if(((DB_INODE&old->attr && (DB_INODE&new->attr)) && old->inode!=new->inode) ||DB_INODE&forced_attrs){
+- print_int_changes("Inode", old->inode,new->inode,old->inode==new->inode);
++ print_int_changes("Inode", old->inode,new->inode,old->inode==new->inode, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+ if (!(DB_LNKCOUNT&ignorelist)) {
+ if(old->nlink!=new->nlink||DB_LNKCOUNT&forced_attrs){
+- print_int_changes("Linkcount", old->nlink,new->nlink,old->nlink==new->nlink);
++ print_int_changes("Linkcount", old->nlink,new->nlink,old->nlink==new->nlink, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+
+ if (!(DB_MD5&ignorelist)) {
+ print_md_changes(old->md5,new->md5,
+ HASH_MD5_LEN,
+- "MD5", DB_MD5&forced_attrs);
++ "MD5", DB_MD5&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_SHA1&ignorelist)) {
+ print_md_changes(old->sha1,new->sha1,
+ HASH_SHA1_LEN,
+- "SHA1", DB_SHA1&forced_attrs);
++ "SHA1", DB_SHA1&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_RMD160&ignorelist)) {
+ print_md_changes(old->rmd160,new->rmd160,
+ HASH_RMD160_LEN,
+- "RMD160", DB_RMD160&forced_attrs);
++ "RMD160", DB_RMD160&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_TIGER&ignorelist)) {
+ print_md_changes(old->tiger,new->tiger,
+ HASH_TIGER_LEN,
+- "TIGER", DB_TIGER&forced_attrs);
++ "TIGER", DB_TIGER&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_SHA256&ignorelist)) {
+ print_md_changes(old->sha256,new->sha256,
+ HASH_SHA256_LEN,
+- "SHA256", DB_SHA256&forced_attrs);
++ "SHA256", DB_SHA256&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_SHA512&ignorelist)) {
+ print_md_changes(old->sha512,new->sha512,
+ HASH_SHA512_LEN,
+- "SHA512", DB_SHA512&forced_attrs);
++ "SHA512", DB_SHA512&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ #ifdef WITH_MHASH
+ if (!(DB_CRC32&ignorelist)) {
+ print_md_changes(old->crc32,new->crc32,
+ HASH_CRC32_LEN,
+- "CRC32", DB_CRC32&forced_attrs);
++ "CRC32", DB_CRC32&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_HAVAL&ignorelist)) {
+ print_md_changes(old->haval,new->haval,
+ HASH_HAVAL256_LEN,
+- "HAVAL", DB_HAVAL&forced_attrs);
++ "HAVAL", DB_HAVAL&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_GOST&ignorelist)) {
+ print_md_changes(old->gost,new->gost,
+ HASH_GOST_LEN,
+- "GOST", DB_GOST&forced_attrs);
++ "GOST", DB_GOST&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_CRC32B&ignorelist)) {
+ print_md_changes(old->crc32b,new->crc32b,
+ HASH_CRC32B_LEN,
+- "CRC32B", DB_CRC32B&forced_attrs);
++ "CRC32B", DB_CRC32B&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ if (!(DB_WHIRLPOOL&ignorelist)) {
+ print_md_changes(old->whirlpool,new->whirlpool,
+ HASH_WHIRLPOOL_LEN,
+- "WHIRLPOOL", DB_WHIRLPOOL&forced_attrs);
++ "WHIRLPOOL", DB_WHIRLPOOL&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ #endif
+
+ #ifdef WITH_ACL
+ if (!(DB_ACL&ignorelist)) {
+- print_acl_changes(old->acl,new->acl, DB_ACL&forced_attrs);
++ print_acl_changes(old->acl,new->acl, DB_ACL&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ #endif
+ if (!(DB_XATTRS&ignorelist)) {
+- print_xattrs_changes(old->xattrs,new->xattrs, DB_XATTRS&forced_attrs);
++ print_xattrs_changes(old->xattrs,new->xattrs, DB_XATTRS&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+ if (!(DB_SELINUX&ignorelist)) {
+- print_str_changes(old->cntx,new->cntx, "SELinux", DB_SELINUX&forced_attrs);
++ print_str_changes(old->cntx,new->cntx, "SELinux", DB_SELINUX&forced_attrs, ((char*)part_message));
++ DO_APPEND(message,message_old,part_message);
+ }
+
+ #ifdef WITH_E2FSATTRS
+@@ -1123,13 +1259,19 @@ void print_dbline_changes(db_line* old,d
+ if(old->e2fsattrs!=new->e2fsattrs || DB_E2FSATTRS&forced_attrs ) {
+ tmp=e2fsattrs2char(old->e2fsattrs);
+ tmp2=e2fsattrs2char(new->e2fsattrs);
+- print_string_changes("E2FSAttrs", tmp, tmp2, old->e2fsattrs==new->e2fsattrs);
++ print_string_changes("E2FSAttrs", tmp, tmp2, old->e2fsattrs==new->e2fsattrs, ((char*)part_message));
+ free(tmp); free(tmp2);
+ tmp=NULL; tmp2=NULL;
++ DO_APPEND(message,message_old,part_message);
+ }
+ }
+ #endif
+
++ if (conf->syslog_format) {
++ /* Already swapped */
++ error(0, "%s\n", message_old);
++ }
++
+ return;
+ }
+
+@@ -1207,8 +1349,13 @@ void print_report_header(int nfil,int na
+ error(2,_("Start timestamp: %.4u-%.2u-%.2u %.2u:%.2u:%.2u\n"),
+ st->tm_year+1900, st->tm_mon+1, st->tm_mday,
+ st->tm_hour, st->tm_min, st->tm_sec);
+- error(0,_("\nSummary:\n Total number of files:\t%i\n Added files:\t\t\t%i\n"
++ if(!conf->syslog_format){
++ error(0,_("\nSummary:\n Total number of files:\t%i\n Added files:\t\t\t%i\n"
+ " Removed files:\t\t%i\n Changed files:\t\t%i\n\n"),nfil,nadd,nrem,nchg);
++ }else{
++ error(0,_("summary;total_number_of_files=%i;added_files=%i;"
++ "removed_files=%i;changed_files=%i\n"),nfil,nadd,nrem,nchg);
++ }
+
+ }
+
+@@ -1312,6 +1459,7 @@ long report_tree(seltree* node,int stage
+ }
+ if(node->checked&NODE_ADDED){
+ print_added_line(node->new_data);
++ if(conf->syslog_format) error(0, "file=%s; added\n", node->new_data->filename);
+ }
+ }
+
+@@ -1323,6 +1471,7 @@ long report_tree(seltree* node,int stage
+ }
+ if(node->checked&NODE_REMOVED){
+ print_removed_line(node->old_data);
++ if(conf->syslog_format) error(0, "file=%s; removed\n", node->old_data->filename);
+ }
+ }
+
+@@ -1337,7 +1486,7 @@ long report_tree(seltree* node,int stage
+ }
+ }
+
+- if((stage==4)&&(conf->verbose_level>=5)&&status[4]){
++ if((stage==4)&&(conf->verbose_level>=5||conf->syslog_format)&&status[4]){
+ if(top){
+ error(2,_("\n---------------------------------------------------\n"));
+ error(2,_("Detailed information about changes:\n"));
+diff -up ./src/conf_lex.l.syslog-format ./src/conf_lex.l
+--- ./src/conf_lex.l.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./src/conf_lex.l 2017-03-07 11:12:49.965000000 -0500
+@@ -12,7 +12,7 @@ EX [" "\t]*
+
+ %{
+
+-#define YYDEBUG
++//#define YYDEBUG
+
+ /*
+ * Copyright (C) 1999-2002,2004-2006,2010 Rami Lehti, Pablo Virolainen, Richard
+@@ -349,6 +349,12 @@ int var_in_conflval=0;
+ return (TGZIPDBOUT);
+ }
+
++^[\t\ ]*"syslog_format"{E} {
++ error(230,"%li:syslog_format =\n",conf_lineno);
++ BEGIN CONFVALHUNT;
++ return (SYSLOG_FORMAT);
++}
++
+ ^[\t\ ]*"recstop"{E} {
+ error(230,"%li:recstop =\n",conf_lineno);
+ BEGIN CONFVALHUNT;
+diff -up ./src/conf_yacc.y.syslog-format ./src/conf_yacc.y
+--- ./src/conf_yacc.y.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./src/conf_yacc.y 2017-03-07 11:12:49.965000000 -0500
+@@ -81,6 +81,7 @@ extern long conf_lineno;
+ %token TDATABASE_NEW
+ %token TREPORT_URL
+ %token TGZIPDBOUT
++%token SYSLOG_FORMAT
+ %token TUMASK
+ %token TTRUE
+ %token TFALSE
+@@ -150,7 +151,7 @@ lines : lines line | ;
+ line : rule | equrule | negrule | definestmt | undefstmt
+ | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt
+ | groupdef | db_in | db_out | db_new | verbose | config_version
+- | report | gzipdbout | recursion_stopper | warn_dead_symlinks | grouped
++ | report | gzipdbout | syslogformat | recursion_stopper | warn_dead_symlinks | grouped
+ | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt
+ | TEOF {
+ newlinelastinconfig=1;
+@@ -329,6 +330,13 @@ conf->gzip_dbout=0;
+ #endif
+ } ;
+
++syslogformat : SYSLOG_FORMAT TTRUE {
++conf->syslog_format=1;
++} |
++ SYSLOG_FORMAT TFALSE {
++conf->syslog_format=0;
++} ;
++
+ recursion_stopper : TRECSTOP TSTRING {
+ /* FIXME implement me */
+
+diff -up ./src/db_lex.l.syslog-format ./src/db_lex.l
+--- ./src/db_lex.l.syslog-format 2010-08-08 13:39:31.000000000 -0400
++++ ./src/db_lex.l 2017-03-07 11:12:49.965000000 -0500
+@@ -45,7 +45,7 @@ extern YYSTYPE yylval;
+ #define YY_DECL int db_scan(void)
+
+
+-#define YYDEBUG
++//#define YYDEBUG
+
+ #include "aide.h"
+ #include "conf_yacc.h"
diff --git a/SOURCES/aide-0.15.1-fipsfix.patch b/SOURCES/aide-0.15.1-fipsfix.patch
new file mode 100644
index 0000000..2b80c39
--- /dev/null
+++ b/SOURCES/aide-0.15.1-fipsfix.patch
@@ -0,0 +1,103 @@
+diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c
+--- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
++++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100
+@@ -484,9 +484,28 @@ int main(int argc,char**argv)
+ #endif
+ umask(0177);
+ init_sighandler();
+-
+ setdefaults_before_config();
+
++#if WITH_GCRYPT
++ error(255,"Gcrypt library initialization\n");
++ /*
++ * Initialize libgcrypt as per
++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
++ *
++ *
++ */
++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
++ gcry_control(GCRYCTL_INIT_SECMEM, 1);
++
++ if(!gcry_check_version(GCRYPT_VERSION)) {
++ error(0,"libgcrypt version mismatch\n");
++ exit(VERSION_MISMATCH_ERROR);
++ }
++
++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
++#endif /* WITH_GCRYPT */
++
++
+ if(read_param(argc,argv)==RETFAIL){
+ error(0, _("Invalid argument\n") );
+ exit(INVALID_ARGUMENT_ERROR);
+@@ -641,6 +660,9 @@ int main(int argc,char**argv)
+ }
+ #endif
+ }
++#ifdef WITH_GCRYPT
++ gcry_control(GCRYCTL_TERM_SECMEM, 0);
++#endif /* WITH_GCRYPT */
+ return RETOK;
+ }
+ const char* aide_key_3=CONFHMACKEY_03;
+diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c
+--- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
++++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100
+@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
+ }
+ #endif
+ #ifdef WITH_GCRYPT
+- error(255,"Gcrypt library initialization\n");
+- if(!gcry_check_version(GCRYPT_VERSION)) {
+- error(0,"libgcrypt version mismatch\n");
+- exit(VERSION_MISMATCH_ERROR);
+- }
+- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
+ error(0,"gcrypt_md_open failed\n");
+ exit(IO_ERROR);
+ }
+@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
+
+ /*. There might be more hashes in the library. Add those here.. */
+
+- gcry_md_reset(md->mdh);
++ gcry_md_close(md->mdh);
+ #endif
+
+ #ifdef WITH_MHASH
+diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c
+--- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
++++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100
+@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s)
+ return(AIDE_SYSLOG_FACILITY);
+ }
+
+-/* We need these dummy stubs to fool the linker into believing that
+- we do not need them at link time */
+-
+-void* dlopen(char*filename,int flag)
+-{
+- return NULL;
+-}
+-
+-void* dlsym(void*handle,char*symbol)
+-{
+- return NULL;
+-}
+-
+-void* dlclose(void*handle)
+-{
+- return NULL;
+-}
+-
+-const char* dlerror(void)
+-{
+- return NULL;
+-}
+-
+ const char* aide_key_2=CONFHMACKEY_02;
+ const char* db_key_2=DBHMACKEY_02;
diff --git a/SOURCES/aide-0.15.1-prelinkwarn.patch b/SOURCES/aide-0.15.1-prelinkwarn.patch
new file mode 100644
index 0000000..674629d
--- /dev/null
+++ b/SOURCES/aide-0.15.1-prelinkwarn.patch
@@ -0,0 +1,78 @@
+diff -up aide-0.15.1/src/do_md.c.prelinkwarn aide-0.15.1/src/do_md.c
+--- aide-0.15.1/src/do_md.c.prelinkwarn 2010-08-08 19:39:31.000000000 +0200
++++ aide-0.15.1/src/do_md.c 2013-11-08 13:13:54.634961991 +0100
+@@ -70,6 +70,40 @@
+ #ifdef WITH_PRELINK
+ #include <sys/wait.h>
+ #include <gelf.h>
++#include <stdbool.h>
++
++bool g_prelink_present = false;
++bool g_prelink_detect = true;
++bool g_noprelink_warn = true;
++
++bool prelink_present(void)
++{
++ /* don't perform the check if we already did it */
++ if (!g_prelink_detect)
++ return g_prelink_present;
++
++ /* check whether the prelink binary is present and executable */
++ if (access(PRELINK_PATH, X_OK) == 0)
++ g_prelink_present = true;
++ else
++ g_prelink_present = false;
++
++ g_prelink_detect = false;
++ return g_prelink_present;
++}
++
++void noprelink_warn(void)
++{
++ if (g_noprelink_warn) {
++ error(0,
++ "WARNING: AIDE detected prelinked binary objects on your"
++ " system but the prelink tool (%s) is missing!\n", PRELINK_PATH);
++ error(0,
++ "WARNING: prelinked files will be processed without a prelink undo operation!"
++ " Please install prelink to fix this.\n");
++ g_noprelink_warn = false;
++ }
++}
+
+ /*
+ * Is file descriptor prelinked binary/library?
+@@ -265,12 +299,19 @@ void calc_md(struct AIDE_STAT_TYPE* old_
+ */
+ pid=0;
+ if ( is_prelinked(filedes) ) {
+- close(filedes);
+- pid = open_prelinked(line->filename, &filedes);
+- if (pid == 0) {
+- error(0, "Error on starting prelink undo\n");
+- return;
+- }
++ /* first detect whether the prelink binary is available */
++ if (prelink_present()) {
++ close(filedes);
++ pid = open_prelinked(line->filename, &filedes);
++ if (pid == 0) {
++ error(0, "Error on starting prelink undo\n");
++ return;
++ }
++ } else {
++ /* we've detected a prelinked file but the prelink binary is not available */
++ /* warn the user about this situation (once) and process the file as is */
++ noprelink_warn();
++ }
+ }
+ #endif
+
+@@ -296,6 +337,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_
+ #ifdef __hpux
+ buf = mmap(0,r_size,PROT_READ,MAP_PRIVATE,filedes,curpos);
+ #else
++
+ buf = mmap(0,r_size,PROT_READ,MAP_SHARED,filedes,curpos);
+ #endif
+ curpos+=r_size;
diff --git a/SOURCES/aide.conf b/SOURCES/aide.conf
new file mode 100644
index 0000000..b8bdf42
--- /dev/null
+++ b/SOURCES/aide.conf
@@ -0,0 +1,312 @@
+# Example configuration file for AIDE.
+
+@@define DBDIR /var/lib/aide
+@@define LOGDIR /var/log/aide
+
+# The location of the database to be read.
+database=file:@@{DBDIR}/aide.db.gz
+
+# The location of the database to be written.
+#database_out=sql:host:port:database:login_name:passwd:table
+#database_out=file:aide.db.new
+database_out=file:@@{DBDIR}/aide.db.new.gz
+
+# Whether to gzip the output to database.
+gzip_dbout=yes
+
+# Default.
+verbose=5
+
+report_url=file:@@{LOGDIR}/aide.log
+report_url=stdout
+#report_url=stderr
+#NOT IMPLEMENTED report_url=mailto:root@foo.com
+#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
+
+# These are the default rules.
+#
+#p: permissions
+#i: inode:
+#n: number of links
+#u: user
+#g: group
+#s: size
+#b: block count
+#m: mtime
+#a: atime
+#c: ctime
+#S: check for growing size
+#acl: Access Control Lists
+#selinux SELinux security context
+#xattrs: Extended file attributes
+#md5: md5 checksum
+#sha1: sha1 checksum
+#sha256: sha256 checksum
+#sha512: sha512 checksum
+#rmd160: rmd160 checksum
+#tiger: tiger checksum
+
+#haval: haval checksum (MHASH only)
+#gost: gost checksum (MHASH only)
+#crc32: crc32 checksum (MHASH only)
+#whirlpool: whirlpool checksum (MHASH only)
+
+FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
+
+#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
+#L: p+i+n+u+g+acl+selinux+xattrs
+#E: Empty group
+#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
+
+# You can create custom rules like this.
+# With MHASH...
+# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
+ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
+
+# Everything but access time (Ie. all changes)
+EVERYTHING = R+ALLXTRAHASHES
+
+# Sane, with one good hash.
+# NORMAL = sha256
+NORMAL = sha256
+
+# For directories, don't bother doing hashes.
+DIR = p+i+n+u+g+acl+selinux+xattrs
+
+# Access control only.
+PERMS = p+u+g+acl+selinux+xattrs
+
+# Access + inode changes + file type.
+STATIC = p+u+g+acl+selinux+xattrs+i+n+b+c+ftype
+
+# Logfiles only check access w/o xattrs.
+LOG = p+u+g+n+acl+selinux+ftype
+
+# Content + file type.
+CONTENT = sha256+ftype
+
+# Extended content + file type + access.
+CONTENT_EX = sha256+ftype+p+u+g+n+acl+selinux+xattrs
+
+# Some files get updated automatically, so the inode/ctime/mtime change
+# but we want to know when the data inside them changes.
+DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
+
+# Next decide what directories/files you want in the database. Aide
+# uses a first match system. Put file specific instructions before generic
+# matches. e.g. Put file matches before directories.
+
+/boot/ CONTENT_EX
+/bin/ CONTENT_EX
+/sbin/ CONTENT_EX
+/lib/ CONTENT_EX
+/lib64/ CONTENT_EX
+/opt/ CONTENT
+
+# Admin's dot files constantly change, just check perms.
+/root/\..* PERMS
+# Otherwise get all of /root.
+/root/ CONTENT_EX
+
+# These are too volatile.
+!/usr/src/
+!/usr/tmp/
+# Otherwise get all of /usr.
+/usr/ CONTENT_EX
+
+# Check only permissions, user, group, seliunx for /etc, but
+# cover some important files closely.
+!/etc/mtab$
+
+# Ignore backup files
+!/etc/.*~
+
+# trusted databases
+/etc/hosts$ CONTENT_EX
+/etc/host.conf$ CONTENT_EX
+/etc/hostname$ CONTENT_EX
+/etc/issue$ CONTENT_EX
+/etc/issue.net$ CONTENT_EX
+/etc/protocols$ CONTENT_EX
+/etc/services$ CONTENT_EX
+/etc/localtime$ CONTENT_EX
+/etc/alternatives/ CONTENT_EX
+/etc/mime.types$ CONTENT_EX
+/etc/terminfo/ CONTENT_EX
+/etc/exports$ CONTENT_EX
+/etc/fstab$ CONTENT_EX
+/etc/passwd$ CONTENT_EX
+/etc/group$ CONTENT_EX
+/etc/gshadow$ CONTENT_EX
+/etc/shadow$ CONTENT_EX
+/etc/security/opasswd$ CONTENT_EX
+/etc/skel/ CONTENT_EX
+
+# networking
+/etc/hosts.allow$ CONTENT_EX
+/etc/hosts.deny$ CONTENT_EX
+/etc/firewalld/ CONTENT_EX
+/etc/NetworkManager/ CONTENT_EX
+/etc/networks$ CONTENT_EX
+/etc/dhcp/ CONTENT_EX
+/etc/wpa_supplicant/ CONTENT_EX
+/etc/resolv.conf$ DATAONLY
+/etc/nscd.conf$ NORMAL
+
+# logins and accounts
+/etc/login.defs$ CONTENT_EX
+/etc/libuser.conf$ CONTENT_EX
+/var/log/faillog$ PERMS
+/var/log/lastlog$ PERMS
+/var/run/faillock/ PERMS
+/etc/pam.d/ CONTENT_EX
+/etc/security$ CONTENT_EX
+/etc/securetty$ CONTENT_EX
+/etc/polkit-1/ CONTENT_EX
+/etc/sudo.conf$ CONTENT_EX
+/etc/sudoers$ CONTENT_EX
+/etc/sudoers.d/ CONTENT_EX
+
+# Shell/X starting files
+/etc/profile$ CONTENT_EX
+/etc/profile.d/ CONTENT_EX
+/etc/bashrc$ CONTENT_EX
+/etc/bash_completion.d/ CONTENT_EX
+/etc/zprofile$ CONTENT_EX
+/etc/zshrc$ CONTENT_EX
+/etc/zlogin$ CONTENT_EX
+/etc/zlogout$ CONTENT_EX
+/etc/X11/ CONTENT_EX
+/etc/shells$ CONTENT_EX
+
+# Pkg manager
+/etc/yum.conf$ CONTENT_EX
+/etc/yumex.conf$ CONTENT_EX
+/etc/yumex.profiles.conf$ CONTENT_EX
+/etc/yum/ CONTENT_EX
+/etc/yum.repos.d/ CONTENT_EX
+
+# This gets new/removes-old filenames daily.
+!/var/log/sa/
+# As we are checking it, we've truncated yesterdays size to zero.
+!/var/log/aide.log
+
+# auditing
+# AIDE produces an audit record, so this becomes perpetual motion.
+# /var/log/audit/ PERMS+ANF+ARF
+/etc/audit/ CONTENT_EX
+/etc/audisp/ CONTENT_EX
+/etc/libaudit.conf$ CONTENT_EX
+/etc/aide.conf$ CONTENT_EX
+
+# System logs
+/etc/rsyslog.conf$ CONTENT_EX
+/etc/rsyslog.d/ CONTENT_EX
+/etc/logrotate.conf$ CONTENT_EX
+/etc/logrotate.d/ CONTENT_EX
+/var/log/ LOG+ANF+ARF
+/var/run/utmp$ LOG
+
+# secrets
+/etc/pkcs11/ CONTENT_EX
+/etc/pki/ CONTENT_EX
+/etc/ssl/ CONTENT_EX
+/etc/certmonger/ CONTENT_EX
+
+# init system
+/etc/systemd/ CONTENT_EX
+/etc/sysconfig/ CONTENT_EX
+/etc/rc.d/ CONTENT_EX
+/etc/tmpfiles.d/ CONTENT_EX
+/etc/machine-id$ CONTENT_EX
+
+# boot config
+/etc/grub.d/ CONTENT_EX
+/etc/grub2.cfg$ CONTENT_EX
+/etc/dracut.conf$ CONTENT_EX
+/etc/dracut.conf.d/ CONTENT_EX
+
+# glibc linker
+/etc/ld.so.cache$ CONTENT_EX
+/etc/ld.so.conf$ CONTENT_EX
+/etc/ld.so.conf.d/ CONTENT_EX
+
+# kernel config
+/etc/sysctl.conf$ CONTENT_EX
+/etc/sysctl.d/ CONTENT_EX
+/etc/modprobe.d/ CONTENT_EX
+/etc/modules-load.d/ CONTENT_EX
+/etc/depmod.d/ CONTENT_EX
+/etc/udev/ CONTENT_EX
+/etc/crypttab$ CONTENT_EX
+
+#### Daemons ####
+
+# cron jobs
+/var/spool/at/ CONTENT
+/etc/at.allow$ CONTENT
+/etc/at.deny$ CONTENT
+/etc/cron.allow$ CONTENT_EX
+/etc/cron.deny$ CONTENT_EX
+/etc/cron.d/ CONTENT_EX
+/etc/cron.daily/ CONTENT_EX
+/etc/cron.hourly/ CONTENT_EX
+/etc/cron.monthly/ CONTENT_EX
+/etc/cron.weekly/ CONTENT_EX
+/etc/crontab$ CONTENT_EX
+/var/spool/cron/root/ CONTENT
+/etc/anacrontab$ CONTENT_EX
+
+# time keeping
+/etc/ntp.conf$ CONTENT_EX
+/etc/ntp/ CONTENT_EX
+/etc/chrony.conf$ CONTENT_EX
+/etc/chrony.keys$ CONTENT_EX
+
+# mail
+/etc/aliases$ CONTENT_EX
+/etc/aliases.db$ CONTENT_EX
+/etc/postfix/ CONTENT_EX
+/etc/mail.rc$ CONTENT_EX
+/etc/mailcap$ CONTENT_EX
+
+# ssh
+/etc/ssh/sshd_config$ CONTENT_EX
+/etc/ssh/ssh_config$ CONTENT_EX
+
+# stunnel
+/etc/stunnel/ CONTENT_EX
+
+# ftp
+/etc/vsftpd.conf$ CONTENT
+/etc/vsftpd/ CONTENT
+
+# printing
+/etc/cups/ CONTENT_EX
+/etc/cupshelpers/ CONTENT_EX
+/etc/avahi/ CONTENT_EX
+
+# web server
+/etc/httpd/ CONTENT_EX
+
+# dns
+/etc/named/ CONTENT_EX
+/etc/named.conf$ CONTENT_EX
+/etc/named.iscdlv.key$ CONTENT_EX
+/etc/named.rfc1912.zones$ CONTENT_EX
+/etc/named.root.key$ CONTENT_EX
+
+# xinetd
+/etc/xinetd.d/ CONTENT_EX
+
+# Now everything else in /etc.
+/etc/ PERMS
+
+# With AIDE's default verbosity level of 5, these would give lots of
+# warnings upon tree traversal. It might change with future version.
+#
+#=/lost\+found DIR
+#=/home DIR
+
+# Ditto /var/log/sa/ same reason...
+!/var/log/httpd/
diff --git a/SOURCES/aide.logrotate b/SOURCES/aide.logrotate
new file mode 100644
index 0000000..614c6a6
--- /dev/null
+++ b/SOURCES/aide.logrotate
@@ -0,0 +1,9 @@
+/var/log/aide/*.log {
+ weekly
+ missingok
+ rotate 4
+ compress
+ delaycompress
+ copytruncate
+ minsize 100k
+}
diff --git a/SPECS/aide.spec b/SPECS/aide.spec
new file mode 100644
index 0000000..600dfe4
--- /dev/null
+++ b/SPECS/aide.spec
@@ -0,0 +1,292 @@
+# segfaults
+%{!?_with_curl: %{!?_without_curl: %global _without_curl --without-curl}}
+
+Summary: Intrusion detection environment
+Name: aide
+Version: 0.15.1
+Release: 13%{?dist}
+URL: http://sourceforge.net/projects/aide
+License: GPLv2+
+Group: Applications/System
+Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz
+Source1: aide.conf
+Source2: README.quickstart
+Source3: aide.logrotate
+# Customize the database file location in the man page.
+Patch1: aide-0.14-man.patch
+# fix aide in FIPS mode
+Patch2: aide-0.15.1-fipsfix.patch
+# warn if processing prelinked binary objects and the prelink binary is not available
+Patch3: aide-0.15.1-prelinkwarn.patch
+Patch4: aide-0.15-syslog-format.patch
+Patch5: aide-0.15-error-messages.patch
+
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
+BuildRequires: mktemp
+%ifnarch aarch64 ppc64le
+BuildRequires: prelink
+%endif
+BuildRequires: elfutils-libelf-devel
+%if 0%{?rhel} == 0
+Buildrequires: mhash-devel
+%endif
+Buildrequires: zlib-devel libgcrypt-devel
+Buildrequires: flex bison
+Buildrequires: libattr-devel e2fsprogs-devel
+Buildrequires: libacl-devel libselinux-devel
+Buildrequires: audit-libs-devel >= 1.2.8-2
+%if "%{?_with_curl}x" != "x"
+Buildrequires: curl-devel
+%endif
+
+%description
+AIDE (Advanced Intrusion Detection Environment) is a file integrity
+checker and intrusion detection program.
+
+
+%prep
+%setup -q
+%patch1 -p1 -b .man
+%patch2 -p1 -b .fipsfix
+%patch3 -p1 -b .prelinkwarn
+%patch4 -p1 -b .syslog-format
+%patch5 -p1 -b .error-messages
+
+%build
+%configure --with-config_file=%{_sysconfdir}/aide.conf \
+ --with-zlib \
+ --disable-static \
+%if 0%{?rhel} == 0
+ --with-mhash \
+%endif
+ %{?_with_curl} %{?_without_curl} \
+ --with-posix-acl \
+ --with-selinux \
+%ifnarch aarch64 ppc64le
+ --with-prelink \
+%else
+ --without-prelink \
+%endif
+ --with-xattr \
+ --with-e2fsattrs \
+ --with-audit
+
+make
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
+install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
+mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide
+install -p %{SOURCE2} README.quickstart
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
+install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%files
+%defattr(0644,root,root,0755)
+%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/
+%doc README.quickstart
+%attr(0700,root,root) %{_sbindir}/aide
+%{_mandir}/man1/*
+%{_mandir}/man5/*
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/aide
+%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
+%dir %attr(0700,root,root) %{_localstatedir}/log/aide
+
+
+%changelog
+* Mon Mar 20 2017 Radovan Sroka <rsroka@redhat.com> - 0.15.1-13
+- RHEL 7.4 ERRATUM
+ Resolves: rhbz#1400548
+
+* Tue Mar 07 2017 Radovan Sroka <rsroka@redhat.com> - 0.15.1-12
+- RHEL 7.4 ERRATUM
+ Resolves: rhbz#1377215
+
+* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-11
+- Corrected typos in the default configuration file
+ Resolves: rhbz#1304334
+
+* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-10
+- Updated the default configuration file. New defaults contributed
+ by Steve Grubb.
+ Resolves: rhbz#1304334
+
+* Mon Aug 4 2014 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-9
+- Don't require prelink on aarch64 and ppc64le
+ Resolves: rhbz#1078555
+ Resolves: rhbz#1125462
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.15.1-8
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.15.1-7
+- Mass rebuild 2013-12-27
+
+* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-6
+- warn if processing prelinked binary objects and the prelink binary
+ is not available
+ Resolves: rbhz#1004826
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Nov 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-4
+- added patch to fix aide in FIPS mode
+- use only FIPS approved digest algorithms in aide.conf so that
+ aide works by default in FIPS mode
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Nov 11 2010 Steve Grubb <sgrubb@redhat.com> - 0.15.1-1
+- New upstream release
+
+* Tue May 18 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-5
+- Apply 2 upstream bug fixes
+
+* Tue May 18 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-4
+- Use upstream's patch to fix bz 590566
+
+* Sat May 15 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-3
+- Fix bz 590561 aide does not detect the change of SElinux context
+- Fix bz 590566 aide reports a changed file when it has not been changed
+
+* Wed Apr 28 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-2
+- Fix bz 574764 by replacing abort calls with exit
+- Apply libgcrypt init patch
+
+* Tue Mar 16 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-1
+- New upstream release final 0.14
+
+* Thu Feb 25 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.4.rc3
+- New upstream release
+
+* Thu Feb 25 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.3.rc2
+- New upstream release
+
+* Tue Feb 23 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.2.rc1
+- Fix dirent detection on 64bit systems
+
+* Mon Feb 22 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.1.rc1
+- New upstream release
+
+* Fri Feb 19 2010 Steve Grubb <sgrubb@redhat.com> - 0.13.1-16
+- Add logrotate script and spec file cleanups
+
+* Fri Dec 11 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-15
+- Get rid of .dedosify files
+
+* Wed Dec 09 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-14
+- Revise patch for Initialize libgcrypt correctly (#530485)
+
+* Sat Nov 07 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-13
+- Initialize libgcrypt correctly (#530485)
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.13.1-12
+- rebuilt with new audit
+
+* Wed Aug 19 2009 Steve Grubb <sgrubb@redhat.com> 0.13.1-11
+- rebuild for new audit-libs
+- Correct regex for root's dot files (#509370)
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Jun 08 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-9
+- Make aide smarter about prelinked files (Peter Vrabec)
+- Add /lib64 to default config
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Jan 30 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-6
+- enable xattr support and update config file
+
+* Fri Sep 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.13.1-5
+- fix selcon patch to apply without fuzz
+
+* Fri Feb 15 2008 Steve Conklin <sconklin@redhat.com>
+- rebuild for gcc4.3
+
+* Tue Aug 21 2007 Michael Schwendt <mschwendt[AT]users.sf.net>
+- rebuilt
+
+* Sun Jul 22 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13.1-2
+- Apply Steve Conklin's patch to increase displayed portion of
+ selinux context.
+
+* Sun Dec 17 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13.1-1
+- Update to 0.13.1 release.
+
+* Sun Dec 10 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13-1
+- Update to 0.13 release.
+- Include default aide.conf from RHEL5 as doc example file.
+
+* Sun Oct 29 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-3.20061027cvs
+- CAUTION! This changes the database format and results in a report of
+ false inconsistencies until an old database file is updated.
+- Check out CVS 20061027 which now contains Red Hat's
+ acl/xattr/selinux/audit patches.
+- Patches merged upstream.
+- Update manual page substitutions.
+
+* Mon Oct 23 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-2
+- Add "memory leaks and performance updates" patch as posted
+ to aide-devel by Steve Grubb.
+
+* Sat Oct 07 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-1
+- Update to 0.12 release.
+- now offers --disable-static, so -no-static patch is obsolete
+- fill last element of getopt struct array with zeroes
+
+* Mon Oct 02 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-3
+- rebuilt
+
+* Mon Sep 11 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-2
+- rebuilt
+
+* Sun Feb 19 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-1
+- Update to 0.11 release.
+- useless-includes patch merged upstream.
+- old Russian man pages not available anymore.
+- disable static linking.
+
+* Fri Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
+- rebuilt
+
+* Fri Nov 28 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.1
+- Update to 0.10 release.
+- memleaks patch merged upstream.
+- rootpath patch merged upstream.
+- fstat patch not needed anymore.
+- Updated URL.
+
+* Thu Nov 13 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.0.2.cvs20031104
+- Added buildreq m4 to work around incomplete deps of bison package.
+
+* Tue Nov 04 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.0.1.cvs20031104
+- Only tar.gz available upstream.
+- byacc not needed when bison -y is available.
+- Installed Russian manual pages.
+- Updated with changes from CVS (2003-11-04).
+- getopt patch merged upstream.
+- bison-1.35 patch incorporated upstream.
+
+* Tue Sep 09 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.2.20030902
+- Added fixes for further memleaks.
+
+* Sun Sep 07 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.1.20030902
+- Initial package version.
+