Bug#407280: [Pkg-aide-maintainers] Bug#407280: aide: Config fixes for better compliance with default Debian configs

[Marc Haber]

On Wed, Jan 17, 2007 at 12:12:39PM +0100, Tim Stoop wrote:
> Default syslog installation includes /var/log/mail.err and 
> /var/log/mail.warn, both are rotated. So I added them to 31_aide_syslog.

Done in svn, new line is now
@@define LOGFILES (messages|syslog|(auth|daemon|user)\.log|mail\.(log|err|warn|info))

> Since cron-apt downloads new indexes each night and I don't need a 
> confirmation of that each day, I use:
> !/var/cache/apt/lists

There are actually rules for this, see 31_aide_apt_stable and
31_aide_apt_unstable. But, alas, these rules have my local mirror
hardcoded and are thus useless to external users. I'll fix this asap
by introducing a macro.

> Also, my cron-apt config tells the program to download updated packages. 
> Since it already mails me about that, I disable checking of that 
> directory too, since it only duplicates a message cron-apt already sends 
> me (and I'd like to keep warnings to an absolute minimum, to be sure I 
> don't tire of them), I use:
> !/var/cache/apt/archives
> It would probably be better to at least check the settings of the 
> directory (user, etc.) instead of completely ignoring it.

I consider this a bad idea, since this would make
/var/cache/apt/archives a good place for an attacker to hide local
persistent files. That won't happen in the package.

There is already a rule file 31_aide_apt_frqchg which should cater for
frequently changing apt files. 31_aide_apt_unstable also excludes
package files by means of
!/var/cache/apt/archives/[-a-zA-Z0-9%\._+]+_(i386|all)\.deb$

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835