[Pkg-aide-maintainers] Bug#442214: Bug#442214: aide: Aide issues false alarms
Marc Haber
mh+debian-packages at zugschlus.de
Sun Sep 16 14:14:43 UTC 2007
On Fri, Sep 14, 2007 at 08:33:28AM +0200, Andreas Tille wrote:
> I havn't changed the files in /etc/aide/aide.conf.d (just added a view
> ones for my own application) but Aide reports things like
>
> ---------------------------------------------------
> Added files:
> ---------------------------------------------------
>
> added: /var/log/exim4/mainlog.2.gz
>
> ---------------------------------------------------
> Removed files:
> ---------------------------------------------------
>
> removed: /var/log/exim4/mainlog.10.gz
> removed: /var/log/daemon.log.6.gz
> removed: /var/log/syslog.6.gz
>
> ---------------------------------------------------
> Changed files:
> ---------------------------------------------------
>
> changed: /var/log/exim4/mainlog
> changed: /var/log/exim4/mainlog.1
> changed: /var/log/syslog
> changed: /var/log/daemon.log
>
>
> which perfectly should be suppressed by the configuration shipped with aide.
By default, this only works through one rotation of the logs, and
starting with the second rotation, the changes are going to be
reported _until_ you copy the newly generated databases to the old
ones if no changes were found.
Appropriate settings in /etc/default/aide would be
COMMAND=update
COPYNEWDB=ifnochange
Let me know if this helps.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-aide-maintainers
mailing list