[Pkg-aide-maintainers] Bug#442214: Bug#442214: Bug#442214: aide: Aide issues false alarms
Marc Haber
mh+debian-packages at zugschlus.de
Fri Sep 21 12:14:57 UTC 2007
On Fri, Sep 21, 2007 at 07:01:33AM +0200, Andreas Tille wrote:
> On Sun, 16 Sep 2007, Marc Haber wrote:
> > By default, this only works through one rotation of the logs, and
> > starting with the second rotation, the changes are going to be
> > reported _until_ you copy the newly generated databases to the old
> > ones if no changes were found.
> >
> > Appropriate settings in /etc/default/aide would be
> > COMMAND=update
> > COPYNEWDB=ifnochange
> >
> > Let me know if this helps.
>
> Not really. I have now
>
> # grep "^CO*" /etc/default/aide
> COMMAND=update
> COPYNEWDB=ifnochange
>
> but ...
>
> ---------------------------------------------------
> Added files:
> ---------------------------------------------------
>
> added: /var/log/exim4/mainlog.2.gz
>
> ---------------------------------------------------
> Removed files:
> ---------------------------------------------------
>
> removed: /var/log/exim4/mainlog.10.gz
> removed: /var/log/daemon.log.6.gz
> removed: /var/log/syslog.6.gz
>
> ---------------------------------------------------
> Changed files:
> ---------------------------------------------------
>
> changed: /var/log/exim4/mainlog
> changed: /var/log/exim4/mainlog.1
> changed: /var/log/syslog
> changed: /var/log/daemon.log
> changed: /var/log/zope2.9/default/Z2.log
>
>
>
> So I think this problem is not yet solved. Or did I missed something?
In a previous run, aide detected changes (most probably the zope log
file), and thus the newly generated database was not copied over the
old one. After the next log rotation, the log-related rules didn't
apply any more and you got the report quoted above.
As a rule, if you once get a report that shows changes, you'll get all
log reported as changed the next day if you don't interfere manually.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-aide-maintainers
mailing list