diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
| commit | bd1b9654a597b2214071c1188ad683e708721f4b (patch) | |
| tree | fcc22946609eb505eadb3fb5cfcea61369a50d2c /aide-0.15-syslog-format.patch | |
| parent | 374ae3091442fd5cd7442a65ca2bffeada2fb3bc (diff) | |
automatic import of aideopeneuler24.03_LTSopeneuler23.09
Diffstat (limited to 'aide-0.15-syslog-format.patch')
| -rw-r--r-- | aide-0.15-syslog-format.patch | 496 |
1 files changed, 496 insertions, 0 deletions
diff --git a/aide-0.15-syslog-format.patch b/aide-0.15-syslog-format.patch new file mode 100644 index 0000000..0361434 --- /dev/null +++ b/aide-0.15-syslog-format.patch @@ -0,0 +1,496 @@ +diff -up ./doc/aide.conf.5.in.syslog_format ./doc/aide.conf.5.in +--- ./doc/aide.conf.5.in.syslog_format 2016-07-25 22:58:12.000000000 +0200 ++++ ./doc/aide.conf.5.in 2018-09-27 19:09:09.697371212 +0200 +@@ -57,6 +57,25 @@ inclusive. This parameter can only be gi + occurrence is used. If \-\-verbose or \-V is used then the value from that + is used. The default is 5. If verbosity is 20 then additional report + output is written when doing \-\-check, \-\-update or \-\-compare. ++.IP "syslog_format" ++Valid values are yes,true,no and false. This option enables new syslog format ++which is suitable for logging. Every change is logged as one simple line. This option ++changes verbose level to 0 and prints everything that was changed. It is suggested ++to use this option with "report_url=syslog:...". Default value is "false/no". ++Maximum size of message is 1KB which is limitation of syslog call. If message is ++greater than limit, message will be truncated. ++Option summarize_changes has no impact for this format. ++.nf ++.eo ++ ++Output always starts with: ++"AIDE found differences between database and filesystem!!" ++And it is followed by summary: ++summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1 ++And finally there are logs about changes: ++dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;... ++.ec ++.fi + .IP "report_url" + The url that the output is written to. There can be multiple instances + of this parameter. Output is written to all of them. The default is +diff -up ./include/db_config.h.syslog_format ./include/db_config.h +--- ./include/db_config.h.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/db_config.h 2018-09-27 19:09:09.697371212 +0200 +@@ -311,6 +311,7 @@ typedef struct db_config { + FILE* db_out; + + int config_check; ++ int syslog_format; + + struct md_container *mdc_in; + struct md_container *mdc_out; +diff -up ./src/aide.c.syslog_format ./src/aide.c +--- ./src/aide.c.syslog_format 2018-09-27 19:09:09.695371197 +0200 ++++ ./src/aide.c 2018-09-27 19:09:09.698371220 +0200 +@@ -283,6 +283,7 @@ static void setdefaults_before_config() + } + + /* Setting some defaults */ ++ conf->syslog_format=0; + conf->report_db=0; + conf->tree=NULL; + conf->config_check=0; +@@ -495,6 +496,10 @@ static void setdefaults_after_config() + if(conf->verbose_level==-1){ + conf->verbose_level=5; + } ++ if(conf->syslog_format==1){ ++ conf->verbose_level=0; ++ } ++ + } + + +diff -up ./src/compare_db.c.syslog_format ./src/compare_db.c +--- ./src/compare_db.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/compare_db.c 2018-09-27 19:09:09.698371220 +0200 +@@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[] + #endif + }; + +-const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") ++const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") + #ifdef WITH_MHASH + , _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL") + #endif +@@ -269,12 +269,19 @@ static int xattrs2array(xattrs_type* xat + if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) { + length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc(length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s = %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); ++ + } else { + val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz); + length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc( length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s <=> %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); + free(val); + } + } +@@ -302,6 +309,26 @@ static int acl2array(acl_type* acl, char + } + if (acl->acl_a || acl->acl_d) { + int j, k, i; ++ if (conf->syslog_format) { ++ *values = malloc(2 * sizeof(char*)); ++ ++ char *A, *D = "<NONE>"; ++ ++ if (acl->acl_a) { A = acl->acl_a; } ++ if (acl->acl_d) { D = acl->acl_d; } ++ ++ (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0 ++ snprintf((*values)[0], strlen(A) + 3, "A:%s", A); ++ ++ (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0 ++ snprintf((*values)[1], strlen(D) + 3, "D:%s", D); ++ ++ i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; } ++ i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; } ++ ++ return 2; ++ } ++ + if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } } + if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } } + *values = malloc(n * sizeof(char*)); +@@ -338,25 +365,25 @@ static char* e2fsattrs2string(unsigned l + + static char* get_file_type_string(mode_t mode) { + switch (mode & S_IFMT) { +- case S_IFREG: return _("File"); +- case S_IFDIR: return _("Directory"); ++ case S_IFREG: return conf->syslog_format ? "file" : _("File"); ++ case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory"); + #ifdef S_IFIFO +- case S_IFIFO: return _("FIFO"); ++ case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO"); + #endif +- case S_IFLNK: return _("Link"); +- case S_IFBLK: return _("Block device"); +- case S_IFCHR: return _("Character device"); ++ case S_IFLNK: return conf->syslog_format ? "link" : _("Link"); ++ case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device"); ++ case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device"); + #ifdef S_IFSOCK +- case S_IFSOCK: return _("Socket"); ++ case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket"); + #endif + #ifdef S_IFDOOR +- case S_IFDOOR: return _("Door"); ++ case S_IFDOOR: return conf->syslog_format ? "door" : _("Door"); + #endif + #ifdef S_IFPORT +- case S_IFPORT: return _("Port"); ++ case S_IFPORT: return conf->syslog_format ? "port" : _("Port"); + #endif + case 0: return NULL; +- default: return _("Unknown file type"); ++ default: return conf->syslog_format ? "unknown" : _("Unknown file type"); + } + } + +@@ -554,6 +581,51 @@ static void print_dbline_attributes(db_l + } + } + ++ ++static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE ++ changed_attrs, DB_ATTR_TYPE force_attrs) { ++ char **ovalue, **nvalue; ++ int onumber, nnumber, i, j; ++ int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE); ++ DB_ATTR_TYPE attrs; ++ char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s", (nline==NULL?oline:nline)->filename); ++ attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs); ++ for (j=0; j < length; ++j) { ++ if (details_attributes[j]&attrs) { ++ onumber=get_attribute_values(details_attributes[j], oline, &ovalue); ++ nnumber=get_attribute_values(details_attributes[j], nline, &nvalue); ++ ++ if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) { ++ ++ error(0, ";%s_old=|", details_string[j]); ++ ++ for (i = 0 ; i < onumber ; i++) { ++ error(0, "%s|", ovalue[i]); ++ } ++ ++ error(0, ";%s_new=|", details_string[j]); ++ ++ for (i = 0 ; i < nnumber ; i++) { ++ error(0, "%s|", nvalue[i]); ++ } ++ ++ } else { ++ ++ error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue); ++ ++ } ++ ++ for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL; ++ for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL; ++ } ++ } ++ error(0, "\n"); ++} ++ + static void print_attributes_added_node(db_line* line) { + print_dbline_attributes(NULL, line, 0, line->attr); + } +@@ -562,6 +634,26 @@ static void print_attributes_removed_nod + print_dbline_attributes(line, NULL, 0, line->attr); + } + ++static void print_attributes_added_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; added\n", line->filename); ++ ++} ++ ++static void print_attributes_removed_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; removed\n", line->filename); ++ ++} ++ + static void terse_report(seltree* node) { + list* r=NULL; + if ((node->checked&(DB_OLD|DB_NEW)) != 0) { +@@ -626,6 +718,26 @@ static void print_report_details(seltree + } + } + ++static void print_syslog_format(seltree* node) { ++ list* r=NULL; ++ ++ if (node->checked&NODE_CHANGED) { ++ print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs); ++ } ++ ++ if (node->checked&NODE_ADDED) { ++ print_attributes_added_node_syslog(node->new_data); ++ } ++ ++ if (node->checked&NODE_REMOVED) { ++ print_attributes_removed_node_syslog(node->old_data); ++ } ++ ++ for(r=node->childs;r;r=r->next){ ++ print_syslog_format((seltree*)r->data); ++ } ++} ++ + static void print_report_header() { + char *time; + int first = 1; +@@ -747,39 +859,53 @@ int gen_report(seltree* node) { + send_audit_report(); + #endif + if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) { +- print_report_header(); +- if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { +- if (conf->grouped) { +- if (nadd) { +- error(2,(char*)report_top_format,_("Added entries")); +- print_report_list(node, NODE_ADDED); +- } +- if (nrem) { +- error(2,(char*)report_top_format,_("Removed entries")); +- print_report_list(node, NODE_REMOVED); +- } +- if (nchg) { +- error(2,(char*)report_top_format,_("Changed entries")); +- print_report_list(node, NODE_CHANGED); +- } +- } else if (nadd || nrem || nchg) { +- if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } +- else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } +- else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } +- else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } +- else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } +- else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } +- else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } +- print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); +- } +- if (nadd || nrem || nchg) { +- error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); +- print_report_details(node); +- } +- } +- print_report_databases(); +- conf->end_time=time(&(conf->end_time)); +- print_report_footer(); ++ ++ if (!conf->syslog_format) { ++ print_report_header(); ++ } ++ ++ if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { ++ if (!conf->syslog_format && conf->grouped) { ++ if (nadd) { ++ error(2,(char*)report_top_format,_("Added entries")); ++ print_report_list(node, NODE_ADDED); ++ } ++ if (nrem) { ++ error(2,(char*)report_top_format,_("Removed entries")); ++ print_report_list(node, NODE_REMOVED); ++ } ++ if (nchg) { ++ error(2,(char*)report_top_format,_("Changed entries")); ++ print_report_list(node, NODE_CHANGED); ++ } ++ } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) { ++ if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } ++ else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } ++ else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } ++ else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } ++ else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } ++ else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } ++ else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } ++ print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); ++ } ++ if (nadd || nrem || nchg) { ++ if (!conf->syslog_format) { ++ error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); ++ print_report_details(node); ++ } else { ++ /* Syslog Format */ ++ error(0, "AIDE found differences between database and filesystem!!\n"); ++ error(0, "summary;total_number_of_files=%ld;added_files=%ld;" ++ "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg); ++ print_syslog_format(node); ++ } ++ } ++ } ++ if (!conf->syslog_format) { ++ print_report_databases(); ++ conf->end_time=time(&(conf->end_time)); ++ print_report_footer(); ++ } + } + + return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0; +diff -up ./src/conf_lex.l.syslog_format ./src/conf_lex.l +--- ./src/conf_lex.l.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_lex.l 2018-09-27 19:09:09.698371220 +0200 +@@ -401,6 +401,12 @@ int var_in_conflval=0; + return (TROOT_PREFIX); + } + ++^[\t\ ]*"syslog_format"{E} { ++ error(230,"%li:syslog_format =\n",conf_lineno); ++ BEGIN CONFVALHUNT; ++ return (SYSLOG_FORMAT); ++} ++ + ^[\t\ ]*"recstop"{E} { + error(230,"%li:recstop =\n",conf_lineno); + BEGIN CONFVALHUNT; +diff -up ./src/conf_yacc.y.syslog_format ./src/conf_yacc.y +--- ./src/conf_yacc.y.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_yacc.y 2018-09-27 19:09:09.699371228 +0200 +@@ -89,6 +89,7 @@ extern long conf_lineno; + %token TREPORT_URL + %token TGZIPDBOUT + %token TROOT_PREFIX ++%token SYSLOG_FORMAT + %token TUMASK + %token TTRUE + %token TFALSE +@@ -160,7 +161,7 @@ line : rule | equrule | negrule | define + | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt + | groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version + | database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet +- | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped ++ | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped + | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt + | TEOF { + newlinelastinconfig=1; +@@ -408,6 +409,15 @@ conf->gzip_dbout=0; + #endif + } ; + ++syslogformat : SYSLOG_FORMAT TTRUE { ++conf->syslog_format=1; ++} | ++ SYSLOG_FORMAT TFALSE { ++conf->syslog_format=0; ++} ; ++ ++ ++ + recursion_stopper : TRECSTOP TSTRING { + /* FIXME implement me */ + +diff -up ./src/error.c.syslog_format ./src/error.c +--- ./src/error.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/error.c 2018-09-27 19:13:40.312416750 +0200 +@@ -38,6 +38,9 @@ + /*for locale support*/ + #include "util.h" + ++#define MAX_BUFFER_SIZE 1024 ++static char syslog_buffer[MAX_BUFFER_SIZE+1]; ++ + int cmp_url(url_t* url1,url_t* url2){ + + return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0)); +@@ -48,7 +51,9 @@ int error_init(url_t* url,int initial) + { + list* r=NULL; + FILE* fh=NULL; +- int sfac; ++ int sfac; ++ ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); + + if (url->type==url_database) { + conf->report_db++; +@@ -163,13 +168,24 @@ void error(int errorlevel,char* error_ms + } + #ifdef HAVE_SYSLOG + if(conf->initial_report_url->type==url_syslog){ +-#ifdef HAVE_VSYSLOG +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +-#else +- char buf[1024]; +- vsnprintf(buf,1024,error_msg,ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } ++ + va_end(ap); + return; + } +@@ -181,17 +197,25 @@ void error(int errorlevel,char* error_ms + + #ifdef HAVE_SYSLOG + if (conf->report_syslog!=0) { +-#ifdef HAVE_VSYSLOG +- va_start(ap,error_msg); +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +- va_end(ap); +-#else +- char buf[1024]; +- va_start(ap,error_msg); +- vsnprintf(buf,1024,error_msg,ap); ++ va_start(ap, error_msg); ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } + va_end(ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif + } + #endif + |