diff --git a/.aide.metadata b/.aide.metadata new file mode 100644 index 0000000..78c4b28 --- /dev/null +++ b/.aide.metadata @@ -0,0 +1 @@ +c5998c04a223416142323fa1bd18db0936099827 SOURCES/aide-0.15.1.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e9de9a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/aide-0.15.1.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/README.quickstart b/SOURCES/README.quickstart new file mode 100644 index 0000000..87adc63 --- /dev/null +++ b/SOURCES/README.quickstart @@ -0,0 +1,40 @@ +1) Customize /etc/aide.conf to your liking. In particular, add + important directories and files which you would like to be + covered by integrity checks. Avoid files which are expected + to change frequently or which don't affect the safety of your + system. + +2) Run "/usr/sbin/aide --init" to build the initial database. + With the default setup, that creates /var/lib/aide/aide.db.new.gz + +3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz + in a secure location, e.g. on separate read-only media (such as + CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures + of those files in a secure location, so you have means to verify + that nobody modified those files. + +4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz + which is the location of the input database. + +5) Run "/usr/sbin/aide --check" to check your system for inconsistencies + compared with the AIDE database. Prior to running a check manually, + ensure that the AIDE binary and database have not been modified + without your knowledge. + + Caution! + + With the default setup, an AIDE check is not run periodically as a + cron job. It cannot be guaranteed that the AIDE binaries, config + file and database are intact. It is not recommended that you run + automated AIDE checks without verifying AIDE yourself frequently. + In addition to that, AIDE does not implement any password or + encryption protection for its own files. + + It is up to you how to put a file integrity checker to good effect + and how to set up automated checks if you think it adds a level of + safety (e.g. detecting failed/incomplete compromises or unauthorized + modification of special files). On a compromised system, the + intruder could disable the automated check. Or he could replace the + AIDE binary, config file and database easily when they are not + located on read-only media. + diff --git a/SOURCES/aide-0.14-man.patch b/SOURCES/aide-0.14-man.patch new file mode 100644 index 0000000..8192636 --- /dev/null +++ b/SOURCES/aide-0.14-man.patch @@ -0,0 +1,15 @@ +diff -ur aide.orig/doc/aide.1.in aide/doc/aide.1.in +--- aide.orig/doc/aide.1.in 2010-02-24 13:53:49.000000000 -0500 ++++ aide/doc/aide.1.in 2010-02-24 13:57:44.000000000 -0500 +@@ -75,9 +75,9 @@ + .SH FILES + .B @sysconfdir@/aide.conf + Default aide configuration file. +-.B @sysconfdir@/aide.db ++.B @localstatedir@/lib/aide.db + Default aide database. +-.B @sysconfdir@/aide.db.new ++.B @localstatedir@/lib/aide.db.new + Default aide output database. + .SH SEE ALSO + .BR aide.conf (5) diff --git a/SOURCES/aide-0.15.1-fipsfix.patch b/SOURCES/aide-0.15.1-fipsfix.patch new file mode 100644 index 0000000..2b80c39 --- /dev/null +++ b/SOURCES/aide-0.15.1-fipsfix.patch @@ -0,0 +1,103 @@ +diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c +--- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100 +@@ -484,9 +484,28 @@ int main(int argc,char**argv) + #endif + umask(0177); + init_sighandler(); +- + setdefaults_before_config(); + ++#if WITH_GCRYPT ++ error(255,"Gcrypt library initialization\n"); ++ /* ++ * Initialize libgcrypt as per ++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ * ++ * ++ */ ++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); ++ gcry_control(GCRYCTL_INIT_SECMEM, 1); ++ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ++#endif /* WITH_GCRYPT */ ++ ++ + if(read_param(argc,argv)==RETFAIL){ + error(0, _("Invalid argument\n") ); + exit(INVALID_ARGUMENT_ERROR); +@@ -641,6 +660,9 @@ int main(int argc,char**argv) + } + #endif + } ++#ifdef WITH_GCRYPT ++ gcry_control(GCRYCTL_TERM_SECMEM, 0); ++#endif /* WITH_GCRYPT */ + return RETOK; + } + const char* aide_key_3=CONFHMACKEY_03; +diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c +--- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100 +@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- error(255,"Gcrypt library initialization\n"); +- if(!gcry_check_version(GCRYPT_VERSION)) { +- error(0,"libgcrypt version mismatch\n"); +- exit(VERSION_MISMATCH_ERROR); +- } +- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); +- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } +@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { + + /*. There might be more hashes in the library. Add those here.. */ + +- gcry_md_reset(md->mdh); ++ gcry_md_close(md->mdh); + #endif + + #ifdef WITH_MHASH +diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c +--- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100 +@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s) + return(AIDE_SYSLOG_FACILITY); + } + +-/* We need these dummy stubs to fool the linker into believing that +- we do not need them at link time */ +- +-void* dlopen(char*filename,int flag) +-{ +- return NULL; +-} +- +-void* dlsym(void*handle,char*symbol) +-{ +- return NULL; +-} +- +-void* dlclose(void*handle) +-{ +- return NULL; +-} +- +-const char* dlerror(void) +-{ +- return NULL; +-} +- + const char* aide_key_2=CONFHMACKEY_02; + const char* db_key_2=DBHMACKEY_02; diff --git a/SOURCES/aide-0.15.1-prelinkwarn.patch b/SOURCES/aide-0.15.1-prelinkwarn.patch new file mode 100644 index 0000000..674629d --- /dev/null +++ b/SOURCES/aide-0.15.1-prelinkwarn.patch @@ -0,0 +1,78 @@ +diff -up aide-0.15.1/src/do_md.c.prelinkwarn aide-0.15.1/src/do_md.c +--- aide-0.15.1/src/do_md.c.prelinkwarn 2010-08-08 19:39:31.000000000 +0200 ++++ aide-0.15.1/src/do_md.c 2013-11-08 13:13:54.634961991 +0100 +@@ -70,6 +70,40 @@ + #ifdef WITH_PRELINK + #include + #include ++#include ++ ++bool g_prelink_present = false; ++bool g_prelink_detect = true; ++bool g_noprelink_warn = true; ++ ++bool prelink_present(void) ++{ ++ /* don't perform the check if we already did it */ ++ if (!g_prelink_detect) ++ return g_prelink_present; ++ ++ /* check whether the prelink binary is present and executable */ ++ if (access(PRELINK_PATH, X_OK) == 0) ++ g_prelink_present = true; ++ else ++ g_prelink_present = false; ++ ++ g_prelink_detect = false; ++ return g_prelink_present; ++} ++ ++void noprelink_warn(void) ++{ ++ if (g_noprelink_warn) { ++ error(0, ++ "WARNING: AIDE detected prelinked binary objects on your" ++ " system but the prelink tool (%s) is missing!\n", PRELINK_PATH); ++ error(0, ++ "WARNING: prelinked files will be processed without a prelink undo operation!" ++ " Please install prelink to fix this.\n"); ++ g_noprelink_warn = false; ++ } ++} + + /* + * Is file descriptor prelinked binary/library? +@@ -265,12 +299,19 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + */ + pid=0; + if ( is_prelinked(filedes) ) { +- close(filedes); +- pid = open_prelinked(line->filename, &filedes); +- if (pid == 0) { +- error(0, "Error on starting prelink undo\n"); +- return; +- } ++ /* first detect whether the prelink binary is available */ ++ if (prelink_present()) { ++ close(filedes); ++ pid = open_prelinked(line->filename, &filedes); ++ if (pid == 0) { ++ error(0, "Error on starting prelink undo\n"); ++ return; ++ } ++ } else { ++ /* we've detected a prelinked file but the prelink binary is not available */ ++ /* warn the user about this situation (once) and process the file as is */ ++ noprelink_warn(); ++ } + } + #endif + +@@ -296,6 +337,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + #ifdef __hpux + buf = mmap(0,r_size,PROT_READ,MAP_PRIVATE,filedes,curpos); + #else ++ + buf = mmap(0,r_size,PROT_READ,MAP_SHARED,filedes,curpos); + #endif + curpos+=r_size; diff --git a/SOURCES/aide.conf b/SOURCES/aide.conf new file mode 100644 index 0000000..cd95c01 --- /dev/null +++ b/SOURCES/aide.conf @@ -0,0 +1,223 @@ +# Example configuration file for AIDE. + +@@define DBDIR /var/lib/aide +@@define LOGDIR /var/log/aide + +# The location of the database to be read. +database=file:@@{DBDIR}/aide.db.gz + +# The location of the database to be written. +#database_out=sql:host:port:database:login_name:passwd:table +#database_out=file:aide.db.new +database_out=file:@@{DBDIR}/aide.db.new.gz + +# Whether to gzip the output to database +gzip_dbout=yes + +# Default. +verbose=5 + +report_url=file:@@{LOGDIR}/aide.log +report_url=stdout +#report_url=stderr +#NOT IMPLEMENTED report_url=mailto:root@foo.com +#NOT IMPLEMENTED report_url=syslog:LOG_AUTH + +# These are the default rules. +# +#p: permissions +#i: inode: +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#acl: Access Control Lists +#selinux SELinux security context +#xattrs: Extended file attributes +#md5: md5 checksum +#sha1: sha1 checksum +#sha256: sha256 checksum +#sha512: sha512 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum + +#haval: haval checksum (MHASH only) +#gost: gost checksum (MHASH only) +#crc32: crc32 checksum (MHASH only) +#whirlpool: whirlpool checksum (MHASH only) + +FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 + +#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 +#L: p+i+n+u+g+acl+selinux+xattrs +#E: Empty group +#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs + +# You can create custom rules like this. +# With MHASH... +# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 +ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger +# Everything but access time (Ie. all changes) +EVERYTHING = R+ALLXTRAHASHES + +# Sane, with multiple hashes +# NORMAL = R+rmd160+sha256+whirlpool +NORMAL = FIPSR+sha512 + +# For directories, don't bother doing hashes +DIR = p+i+n+u+g+acl+selinux+xattrs + +# Access control only +PERMS = p+i+u+g+acl+selinux + +# Logfile are special, in that they often change +LOG = > + +# Just do sha256 and sha512 hashes +LSPP = FIPSR+sha512 + +# Some files get updated automatically, so the inode/ctime/mtime change +# but we want to know when the data inside them changes +DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 + +# Next decide what directories/files you want in the database. + +/boot NORMAL +/bin NORMAL +/sbin NORMAL +/lib NORMAL +/lib64 NORMAL +/opt NORMAL +/usr NORMAL +/root NORMAL +# These are too volatile +!/usr/src +!/usr/tmp + +# Check only permissions, inode, user and group for /etc, but +# cover some important files closely. +/etc PERMS +!/etc/mtab +# Ignore backup files +!/etc/.*~ +/etc/exports NORMAL +/etc/fstab NORMAL +/etc/passwd NORMAL +/etc/group NORMAL +/etc/gshadow NORMAL +/etc/shadow NORMAL +/etc/security/opasswd NORMAL + +/etc/hosts.allow NORMAL +/etc/hosts.deny NORMAL + +/etc/sudoers NORMAL +/etc/skel NORMAL + +/etc/logrotate.d NORMAL + +/etc/resolv.conf DATAONLY + +/etc/nscd.conf NORMAL +/etc/securetty NORMAL + +# Shell/X starting files +/etc/profile NORMAL +/etc/bashrc NORMAL +/etc/bash_completion.d/ NORMAL +/etc/login.defs NORMAL +/etc/zprofile NORMAL +/etc/zshrc NORMAL +/etc/zlogin NORMAL +/etc/zlogout NORMAL +/etc/profile.d/ NORMAL +/etc/X11/ NORMAL + +# Pkg manager +/etc/yum.conf NORMAL +/etc/yumex.conf NORMAL +/etc/yumex.profiles.conf NORMAL +/etc/yum/ NORMAL +/etc/yum.repos.d/ NORMAL + +/var/log LOG +/var/run/utmp LOG + +# This gets new/removes-old filenames daily +!/var/log/sa +# As we are checking it, we've truncated yesterdays size to zero. +!/var/log/aide.log + +# LSPP rules... +# AIDE produces an audit record, so this becomes perpetual motion. +# /var/log/audit/ LSPP +/etc/audit/ LSPP +/etc/libaudit.conf LSPP +/usr/sbin/stunnel LSPP +/var/spool/at LSPP +/etc/at.allow LSPP +/etc/at.deny LSPP +/etc/cron.allow LSPP +/etc/cron.deny LSPP +/etc/cron.d/ LSPP +/etc/cron.daily/ LSPP +/etc/cron.hourly/ LSPP +/etc/cron.monthly/ LSPP +/etc/cron.weekly/ LSPP +/etc/crontab LSPP +/var/spool/cron/root LSPP + +/etc/login.defs LSPP +/etc/securetty LSPP +/var/log/faillog LSPP +/var/log/lastlog LSPP + +/etc/hosts LSPP +/etc/sysconfig LSPP + +/etc/inittab LSPP +/etc/grub/ LSPP +/etc/rc.d LSPP + +/etc/ld.so.conf LSPP + +/etc/localtime LSPP + +/etc/sysctl.conf LSPP + +/etc/modprobe.conf LSPP + +/etc/pam.d LSPP +/etc/security LSPP +/etc/aliases LSPP +/etc/postfix LSPP + +/etc/ssh/sshd_config LSPP +/etc/ssh/ssh_config LSPP + +/etc/stunnel LSPP + +/etc/vsftpd.ftpusers LSPP +/etc/vsftpd LSPP + +/etc/issue LSPP +/etc/issue.net LSPP + +/etc/cups LSPP + +# With AIDE's default verbosity level of 5, these would give lots of +# warnings upon tree traversal. It might change with future version. +# +#=/lost\+found DIR +#=/home DIR + +# Ditto /var/log/sa reason... +!/var/log/and-httpd + +# Admins dot files constantly change, just check perms +/root/\..* PERMS diff --git a/SOURCES/aide.logrotate b/SOURCES/aide.logrotate new file mode 100644 index 0000000..614c6a6 --- /dev/null +++ b/SOURCES/aide.logrotate @@ -0,0 +1,9 @@ +/var/log/aide/*.log { + weekly + missingok + rotate 4 + compress + delaycompress + copytruncate + minsize 100k +} diff --git a/SPECS/aide.spec b/SPECS/aide.spec new file mode 100644 index 0000000..85c35f3 --- /dev/null +++ b/SPECS/aide.spec @@ -0,0 +1,271 @@ +# segfaults +%{!?_with_curl: %{!?_without_curl: %global _without_curl --without-curl}} + +Summary: Intrusion detection environment +Name: aide +Version: 0.15.1 +Release: 9%{?dist} +URL: http://sourceforge.net/projects/aide +License: GPLv2+ +Group: Applications/System +Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz +Source1: aide.conf +Source2: README.quickstart +Source3: aide.logrotate +# Customize the database file location in the man page. +Patch1: aide-0.14-man.patch +# fix aide in FIPS mode +Patch2: aide-0.15.1-fipsfix.patch +# warn if processing prelinked binary objects and the prelink binary is not available +Patch3: aide-0.15.1-prelinkwarn.patch + +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) +BuildRequires: mktemp +%ifnarch aarch64 ppc64le +BuildRequires: prelink +%endif +BuildRequires: elfutils-libelf-devel +%if 0%{?rhel} == 0 +Buildrequires: mhash-devel +%endif +Buildrequires: zlib-devel libgcrypt-devel +Buildrequires: flex bison +Buildrequires: libattr-devel e2fsprogs-devel +Buildrequires: libacl-devel libselinux-devel +Buildrequires: audit-libs-devel >= 1.2.8-2 +%if "%{?_with_curl}x" != "x" +Buildrequires: curl-devel +%endif + +%description +AIDE (Advanced Intrusion Detection Environment) is a file integrity +checker and intrusion detection program. + + +%prep +%setup -q +%patch1 -p1 -b .man +%patch2 -p1 -b .fipsfix +%patch3 -p1 -b .prelinkwarn + +%build +%configure --with-config_file=%{_sysconfdir}/aide.conf \ + --with-zlib \ + --disable-static \ +%if 0%{?rhel} == 0 + --with-mhash \ +%endif + %{?_with_curl} %{?_without_curl} \ + --with-posix-acl \ + --with-selinux \ +%ifnarch aarch64 ppc64le + --with-prelink \ +%else + --without-prelink \ +%endif + --with-xattr \ + --with-e2fsattrs \ + --with-audit + +make + + +%install +rm -rf $RPM_BUILD_ROOT +make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} +install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir} +mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide +install -p %{SOURCE2} README.quickstart +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(0644,root,root,0755) +%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/ +%doc README.quickstart +%attr(0700,root,root) %{_sbindir}/aide +%{_mandir}/man1/* +%{_mandir}/man5/* +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/aide +%dir %attr(0700,root,root) %{_localstatedir}/lib/aide +%dir %attr(0700,root,root) %{_localstatedir}/log/aide + + +%changelog +* Mon Aug 4 2014 Daniel Kopecek - 0.15.1-9 +- Don't require prelink on aarch64 and ppc64le + Resolves: rhbz#1078555 + Resolves: rhbz#1125462 + +* Fri Jan 24 2014 Daniel Mach - 0.15.1-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.15.1-7 +- Mass rebuild 2013-12-27 + +* Fri Nov 08 2013 Daniel Kopecek - 0.15.1-6 +- warn if processing prelinked binary objects and the prelink binary + is not available + Resolves: rbhz#1004826 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.15.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 22 2012 Daniel Kopecek - 0.15.1-4 +- added patch to fix aide in FIPS mode +- use only FIPS approved digest algorithms in aide.conf so that + aide works by default in FIPS mode + +* Wed Jul 18 2012 Fedora Release Engineering - 0.15.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jan 12 2012 Fedora Release Engineering - 0.15.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 11 2010 Steve Grubb - 0.15.1-1 +- New upstream release + +* Tue May 18 2010 Steve Grubb - 0.14-5 +- Apply 2 upstream bug fixes + +* Tue May 18 2010 Steve Grubb - 0.14-4 +- Use upstream's patch to fix bz 590566 + +* Sat May 15 2010 Steve Grubb - 0.14-3 +- Fix bz 590561 aide does not detect the change of SElinux context +- Fix bz 590566 aide reports a changed file when it has not been changed + +* Wed Apr 28 2010 Steve Grubb - 0.14-2 +- Fix bz 574764 by replacing abort calls with exit +- Apply libgcrypt init patch + +* Tue Mar 16 2010 Steve Grubb - 0.14-1 +- New upstream release final 0.14 + +* Thu Feb 25 2010 Steve Grubb - 0.14-0.4.rc3 +- New upstream release + +* Thu Feb 25 2010 Steve Grubb - 0.14-0.3.rc2 +- New upstream release + +* Tue Feb 23 2010 Steve Grubb - 0.14-0.2.rc1 +- Fix dirent detection on 64bit systems + +* Mon Feb 22 2010 Steve Grubb - 0.14-0.1.rc1 +- New upstream release + +* Fri Feb 19 2010 Steve Grubb - 0.13.1-16 +- Add logrotate script and spec file cleanups + +* Fri Dec 11 2009 Steve Grubb - 0.13.1-15 +- Get rid of .dedosify files + +* Wed Dec 09 2009 Steve Grubb - 0.13.1-14 +- Revise patch for Initialize libgcrypt correctly (#530485) + +* Sat Nov 07 2009 Steve Grubb - 0.13.1-13 +- Initialize libgcrypt correctly (#530485) + +* Fri Aug 21 2009 Tomas Mraz - 0.13.1-12 +- rebuilt with new audit + +* Wed Aug 19 2009 Steve Grubb 0.13.1-11 +- rebuild for new audit-libs +- Correct regex for root's dot files (#509370) + +* Fri Jul 24 2009 Fedora Release Engineering - 0.13.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 08 2009 Steve Grubb - 0.13.1-9 +- Make aide smarter about prelinked files (Peter Vrabec) +- Add /lib64 to default config + +* Mon Feb 23 2009 Fedora Release Engineering - 0.13.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jan 30 2009 Steve Grubb - 0.13.1-6 +- enable xattr support and update config file + +* Fri Sep 26 2008 Tom "spot" Callaway - 0.13.1-5 +- fix selcon patch to apply without fuzz + +* Fri Feb 15 2008 Steve Conklin +- rebuild for gcc4.3 + +* Tue Aug 21 2007 Michael Schwendt +- rebuilt + +* Sun Jul 22 2007 Michael Schwendt - 0.13.1-2 +- Apply Steve Conklin's patch to increase displayed portion of + selinux context. + +* Sun Dec 17 2006 Michael Schwendt - 0.13.1-1 +- Update to 0.13.1 release. + +* Sun Dec 10 2006 Michael Schwendt - 0.13-1 +- Update to 0.13 release. +- Include default aide.conf from RHEL5 as doc example file. + +* Sun Oct 29 2006 Michael Schwendt - 0.12-3.20061027cvs +- CAUTION! This changes the database format and results in a report of + false inconsistencies until an old database file is updated. +- Check out CVS 20061027 which now contains Red Hat's + acl/xattr/selinux/audit patches. +- Patches merged upstream. +- Update manual page substitutions. + +* Mon Oct 23 2006 Michael Schwendt - 0.12-2 +- Add "memory leaks and performance updates" patch as posted + to aide-devel by Steve Grubb. + +* Sat Oct 07 2006 Michael Schwendt - 0.12-1 +- Update to 0.12 release. +- now offers --disable-static, so -no-static patch is obsolete +- fill last element of getopt struct array with zeroes + +* Mon Oct 02 2006 Michael Schwendt - 0.11-3 +- rebuilt + +* Mon Sep 11 2006 Michael Schwendt - 0.11-2 +- rebuilt + +* Sun Feb 19 2006 Michael Schwendt - 0.11-1 +- Update to 0.11 release. +- useless-includes patch merged upstream. +- old Russian man pages not available anymore. +- disable static linking. + +* Fri Apr 7 2005 Michael Schwendt +- rebuilt + +* Fri Nov 28 2003 Michael Schwendt - 0:0.10-0.fdr.1 +- Update to 0.10 release. +- memleaks patch merged upstream. +- rootpath patch merged upstream. +- fstat patch not needed anymore. +- Updated URL. + +* Thu Nov 13 2003 Michael Schwendt - 0:0.10-0.fdr.0.2.cvs20031104 +- Added buildreq m4 to work around incomplete deps of bison package. + +* Tue Nov 04 2003 Michael Schwendt - 0:0.10-0.fdr.0.1.cvs20031104 +- Only tar.gz available upstream. +- byacc not needed when bison -y is available. +- Installed Russian manual pages. +- Updated with changes from CVS (2003-11-04). +- getopt patch merged upstream. +- bison-1.35 patch incorporated upstream. + +* Tue Sep 09 2003 Michael Schwendt - 0:0.9-0.fdr.0.2.20030902 +- Added fixes for further memleaks. + +* Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 +- Initial package version. +