[Pkg-aide-maintainers] Bug#442376: Bug#442376: aide: Unnecessary output in low-verbosity mode

Bill Wohler wohler at newt.com
Mon Sep 17 15:23:03 UTC 2007


Marc Haber <mh+debian-packages at zugschlus.de> wrote:

> On Sat, Sep 15, 2007 at 09:01:26AM -0700, Bill Wohler wrote:
> > I have "version=3" in my configuration file, which for years
> > suppressed output when there weren't any changes.
> 
> I am not aware of any "version=" option. Please explain.
> 
> >  However, after upgrading to etch, I'm getting email (appended below).
> >  In /etc/default/aide, the relevant options are:
> > 
> >   QUIETREPORTS=yes
> >   NOISE=""
> >   AIDEARGS="--config=/etc/aide/aide.conf"
> > 
> > Here is the email. Any thoughts?
> > 
> >   Errors produced  (1 lines):
> >   not updating aide configuration since manual config option was given
> 
> This is considered an error, and thus a report will be generated.

Hi Marc,

I reinstalled aide and used the Debian configuration per your suggestion.

  MAILSUBJ="Daily AIDE report for $FQDN"
  MAILTO=root
  QUIETREPORTS=yes
  COMMAND=update
  COPYNEWDB=ifnochange
  LINES=1000
  NOISE=""
  AIDEARGS="-V3"
  UPAC_CONFDIR="/etc/aide"
  UPAC_CONFD="$UPAC_CONFDIR/aide.conf.local.d"

After spending many hours suppressing output of transient postfix and
mailman files and other nominal activities, I finally got aide not to
report any changes in a 5 minute period. However, I still got an email,
appended below, so it appears that QUIETREPORTS=yes is not working as
advertised.

In addition, I would have expected the COPYNEWDB=ifnochange to update my
database in this case, but as you can see, it didn't:

  [root at tassie:505]# l -tr
  total 10296
  -rw------- 1 root root 5250884 Sep 17 07:46 aide.db
  -rw------- 1 root root   15823 Sep 17 07:51 aide.conf.autogenerated
  -rw------- 1 root root 5250869 Sep 17 07:57 aide.db.new


To: root at newt.com
Subject: Daily AIDE report for tassie.newt.com
Date: Mon, 17 Sep 2007 07:57:51 -0700 (PDT)
From: root at newt.com (root)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5

This is an automated report generated by the Advanced Intrusion Detection 
Environment on tassie.newt.com started at 2007-09-17 07:51:34.

AIDE produced no errors.

AIDE detected no changes.

The check was done against /var/lib/aide/aide.db with the following characteristics:
  Size     : 5250884
  Bcount   : 10280
  Mtime    : 2007-09-17 07:46:46
  Ctime    : 2007-09-17 07:51:23
  Inode    : 14140452
  MD5      : wAiXQ2uLLj7Cv2r7a+IvkQ==
  SHA1     : /rfZK272N09brFCg/jwrj8AjvVs=
  RMD160   : eW2O8KQANsc1JUyP6iWarITfx7Q=
  TIGER    : CJaA1zvgkmhp8xqdTBxdR1BYKevwB47c
  CRC32    : TXzLhw==
  HAVAL    : 9lsvet3jME+Fz4HrJCMZlmGchD+pG69Q
  GOST     : JwKH4YCD+97lhpWoNbAJMU6Y+bbnZV5X

The AIDE run created a new database /var/lib/aide/aide.db.new with the following characteristics:
  Size     : 5250869
  Bcount   : 10280
  Inode    : 14140429
  MD5      : gIIoksJM8tkcKR1tViJ7vw==
  SHA1     : cxQXkkJQkQ36gE5Q0B3BEe+SsXY=
  RMD160   : xgLoc3qIE5f+mlNzAKQjOnu9LEY=
  TIGER    : JYhbEzwwkQjDFKY7Ck7jJs0a6QTsClyf
  CRC32    : po45rQ==
  HAVAL    : J0nrNFrQ/zCyR6XO7qn1ISv3/HqUc4FR
  GOST     : H2dS0gvQLvg3e+BcGE1cgIqUYqKi5ist

End of AIDE daily cron job at at 2007-09-17 07:57, run time 377 seconds

-- 
Bill Wohler <wohler at newt.com>  http://www.newt.com/wohler/  GnuPG ID:610BD9AD





More information about the Pkg-aide-maintainers mailing list