Adding AIDE to HIDS tools

roles/Sharingan/package/LICENSE

@@ -0,0 +1,31 @@
+# http://www.wtfpl.net/about/
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
+
+                        ANINIX ADDENDUM
+
+ Trademark 2017 (https://aninix.net/)
+
+ The "AniNIX" name and |> logo are trademarked as of 2017/11/21.
+ AniNIX materials may be reproduced and re-used (though you must
+ contact the admins of the network to get written permission to use
+ the AniNIX name or logo) so long as such reproduction or re-use
+ does not inhibit the original AniNIX use of the same.
+
+ Attribution is appreciated for other materials but not legally
+ required or necessary.
+
+ "AniNIX" trademark serial: 87177883
+ |> Logo trademark serial: 87177887

roles/Sharingan/package/Makefile

@@ -0,0 +1,22 @@
+compile:
+	@echo Nothing to do
+
+install:
+	mkdir -p ${pkgdir}/usr/local/sbin/
+	for i in aidecheck aideinit; do install -m 0750 -o root -g http $$i ${pkgdir}/usr/local/sbin/; done
+
+test: compile
+	@echo Nothing to do
+
+clean:
+	git clean -fX
+	git clean -fd
+
+diff:
+	@echo Nothing to do.
+
+reverse:
+	@echo Nothing to do.
+
+checkperm:
+	@echo Nothing to do.

roles/Sharingan/package/PKGBUILD

@@ -0,0 +1,46 @@
+depends=('bash>=4.4' 'aide')
+makedepends=('make>=4.2')
+checkdepends=()
+optdepends=()
+pkgname="sharingan-scripts"
+pkgver="$(git describe --tag --abbrev=0)"."$(git rev-parse --short HEAD)"
+pkgrel=1
+pkgrel() {
+    echo $(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))
+}
+epoch="$(git log | grep -c commit)"
+pkgdesc="$(head -n 1 README.md)"
+arch=("x86_64")
+url="$(git config remote.origin.url | sed 's/.git$//')"
+license=('custom')
+groups=()
+provides=("${pkgname}")
+conflicts=()
+replaces=("${pkgname,,}", "aninix-${pkgname,,}")
+backup=()
+options=()
+install=
+changelog=
+source=()
+noextract=()
+md5sums=()
+validpgpkeys=()
+
+prepare() {
+    git pull
+}
+
+build() {
+    make -C ..
+}
+
+check() {
+    chmod -R u+r ../pkg
+	make -C .. test
+}
+
+package() {
+    export pkgdir="${pkgdir}"
+	make -C .. install
+    install -D -m644 ../../../../LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}

roles/Sharingan/package/README.md

@@ -0,0 +1,4 @@
+This is a collection of scripts we use for managing HIDS data.
+
+1. aideinit: Initialize, record, and sign a database
+1. aidecheck: Verify there are no discrepancies from a database

roles/Sharingan/package/aidecheck

@@ -0,0 +1,59 @@
+#!/usr/bin/bash
+
+# File: aidecheck
+#
+# Description: This script checks a signed AIDE DB.
+#
+# Package: AniNIX/Sharingan
+# Copyright: WTFPL
+#
+# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
+
+function usage() {
+    echo "Usage: $0 [ config reference ]"
+    exit $1
+}
+
+function main() {
+    ### Initialize the DB
+    base="$1"
+    dbdir="$(grep -m 1 -E '^@@define DBDIR' "$base" | cut -f 3 -d ' ')"
+    dbin="$(grep -m 1 -E '^database_in' "$base" | cut -f 2 -d '=' | sed "s#file:...DBDIR.#${dbdir}#")"
+    dbout="$(grep -m 1 -E '^database_out' "$base" | cut -f 2 -d '=' | sed "s#file:...DBDIR.#${dbdir}#")"
+
+    set -x
+
+    if ! gpg --verify "$dbin".sig "$dbin"; then
+        echo "$dbin doesn't match signature."
+        exit 1
+    fi
+
+    sudo aide -c "$base" -C
+
+}
+
+### MAIN
+if [ `basename "$0"` == "aidecheck" ]; then
+
+    # Allow -h for helptext
+    if [ "$1" == '-h' ]; then
+        echo "Checks an AIDE DB"
+        usage 0
+    else
+
+        # Find the config
+        if [ -z "${1}" ]; then
+            base='/etc/aide.conf'
+        else
+            base="/etc/aide/${1}.conf"
+        fi
+        if [ -f "$base" ]; then
+            main "$base"
+        else
+
+            # If it doesn't, explain and exit.
+            echo "$base does not exist"
+            usage 1
+        fi
+    fi
+fi

roles/Sharingan/package/aideinit

@@ -0,0 +1,59 @@
+#!/usr/bin/bash
+
+# File: aideinit
+#
+# Description: This script initializes an AIDE DB and signs it
+#
+# Package: AniNIX/Sharingan
+# Copyright: WTFPL
+#
+# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
+
+function usage() {
+    echo "Usage: $0 [ config reference ]"
+    exit $1
+}
+
+function main() {
+    ### Initialize the DB
+    base="$1"
+    dbdir="$(grep -m 1 -E '^@@define DBDIR' "$base" | cut -f 3 -d ' ')"
+    dbin="$(grep -m 1 -E '^database_in' "$base" | cut -f 2 -d '=' | sed "s#file:...DBDIR.#${dbdir}#")"
+    dbout="$(grep -m 1 -E '^database_out' "$base" | cut -f 2 -d '=' | sed "s#file:...DBDIR.#${dbdir}#")"
+
+    # sudo chattr -i "$dbin"*
+
+    sudo aide -c "$base" -i 2>&1 | sudo tee "$dbin".out
+    sudo mv "$dbout" "$dbin"
+    sudo chmod 0644 "$dbin"
+    gpg -bs --output - "$dbin" | sudo tee "$dbin".sig &>/dev/null
+    sudo chown root: "$dbin"*
+    sudo chmod 0755 "$dbin"*
+    # sudo chattr +i "$dbin"*
+}
+
+### MAIN
+if [ `basename "$0"` == "aideinit" ]; then
+
+    # Allow -h for helptext
+    if [ "$1" == '-h' ]; then
+        echo "Initializes an AIDE DB"
+        usage 0
+    else
+
+        # Find the config
+        if [ -z "${1}" ]; then
+            base='/etc/aide.conf'
+        else
+            base="/etc/aide/${1}.conf"
+        fi
+        if [ -f "$base" ]; then
+            main "$base"
+        else
+
+            # If it doesn't, explain and exit.
+            echo "$base does not exist"
+            usage 1
+        fi
+    fi
+fi