[Pkg-aide-maintainers] Bug#387463: making aide vserver aware (audit
guests from the root server)
Marc Haber
mh+debian-packages at zugschlus.de
Fri Sep 22 12:23:50 UTC 2006
user aide at packages.debian.org
tags #387463 help
tags #387463 patch-appreciated
thanks
On Thu, Sep 14, 2006 at 04:15:41PM +0200, Christian Thaeter wrote:
> It would be nice if aide can track files in vservers or similar
> chroot-like environments from within the root server.
> Adding this functionality is quite trivial:
>
> Example how I did this
>
> first add /etc/aide/aide.conf.d/20_aide_vservers:
> #!/bin/sh
> echo "@@define VSERVERS $(echo -n '('; for i in $(ls /vservers);\
> do echo -n "|vservers/$i/"; done; echo ')')"
>
> which gives something like:
> @@define VSERVERS (|vservers/foo/|vservers/bar/)
>
> and then expand @@{VSERVERS} in each pathname regex. example:
> # cat /etc/aide/aide.vserver.conf.d/31_aide_adjtime
> /@@{VSERVERS}etc/adjtime$ VarFile
Neat idea. However, I am not convinced that this belongs in the
distribution package as it would be necessary to touch _all_ rules
files. The use case is rather special, and greatly increases rule
complexity. They are already too hard to understand, IMO.
I am open to arguments though.
I would be willing, though, to include a README.vservers file in the
package if you decide to write one.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-aide-maintainers
mailing list