[Pkg-aide-maintainers] Bug#442376: Bug#442376: aide: Unnecessary output in low-verbosity mode
Bill Wohler
wohler at newt.com
Mon Sep 17 15:23:03 UTC 2007
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Sat, Sep 15, 2007 at 09:01:26AM -0700, Bill Wohler wrote:
> > I have "version=3" in my configuration file, which for years
> > suppressed output when there weren't any changes.
>
> I am not aware of any "version=" option. Please explain.
>
> > However, after upgrading to etch, I'm getting email (appended below).
> > In /etc/default/aide, the relevant options are:
> >
> > QUIETREPORTS=yes
> > NOISE=""
> > AIDEARGS="--config=/etc/aide/aide.conf"
> >
> > Here is the email. Any thoughts?
> >
> > Errors produced (1 lines):
> > not updating aide configuration since manual config option was given
>
> This is considered an error, and thus a report will be generated.
Hi Marc,
I reinstalled aide and used the Debian configuration per your suggestion.
MAILSUBJ="Daily AIDE report for $FQDN"
MAILTO=root
QUIETREPORTS=yes
COMMAND=update
COPYNEWDB=ifnochange
LINES=1000
NOISE=""
AIDEARGS="-V3"
UPAC_CONFDIR="/etc/aide"
UPAC_CONFD="$UPAC_CONFDIR/aide.conf.local.d"
After spending many hours suppressing output of transient postfix and
mailman files and other nominal activities, I finally got aide not to
report any changes in a 5 minute period. However, I still got an email,
appended below, so it appears that QUIETREPORTS=yes is not working as
advertised.
In addition, I would have expected the COPYNEWDB=ifnochange to update my
database in this case, but as you can see, it didn't:
[root at tassie:505]# l -tr
total 10296
-rw------- 1 root root 5250884 Sep 17 07:46 aide.db
-rw------- 1 root root 15823 Sep 17 07:51 aide.conf.autogenerated
-rw------- 1 root root 5250869 Sep 17 07:57 aide.db.new
To: root at newt.com
Subject: Daily AIDE report for tassie.newt.com
Date: Mon, 17 Sep 2007 07:57:51 -0700 (PDT)
From: root at newt.com (root)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
This is an automated report generated by the Advanced Intrusion Detection
Environment on tassie.newt.com started at 2007-09-17 07:51:34.
AIDE produced no errors.
AIDE detected no changes.
The check was done against /var/lib/aide/aide.db with the following characteristics:
Size : 5250884
Bcount : 10280
Mtime : 2007-09-17 07:46:46
Ctime : 2007-09-17 07:51:23
Inode : 14140452
MD5 : wAiXQ2uLLj7Cv2r7a+IvkQ==
SHA1 : /rfZK272N09brFCg/jwrj8AjvVs=
RMD160 : eW2O8KQANsc1JUyP6iWarITfx7Q=
TIGER : CJaA1zvgkmhp8xqdTBxdR1BYKevwB47c
CRC32 : TXzLhw==
HAVAL : 9lsvet3jME+Fz4HrJCMZlmGchD+pG69Q
GOST : JwKH4YCD+97lhpWoNbAJMU6Y+bbnZV5X
The AIDE run created a new database /var/lib/aide/aide.db.new with the following characteristics:
Size : 5250869
Bcount : 10280
Inode : 14140429
MD5 : gIIoksJM8tkcKR1tViJ7vw==
SHA1 : cxQXkkJQkQ36gE5Q0B3BEe+SsXY=
RMD160 : xgLoc3qIE5f+mlNzAKQjOnu9LEY=
TIGER : JYhbEzwwkQjDFKY7Ck7jJs0a6QTsClyf
CRC32 : po45rQ==
HAVAL : J0nrNFrQ/zCyR6XO7qn1ISv3/HqUc4FR
GOST : H2dS0gvQLvg3e+BcGE1cgIqUYqKi5ist
End of AIDE daily cron job at at 2007-09-17 07:57, run time 377 seconds
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
More information about the Pkg-aide-maintainers
mailing list