[Pkg-aide-maintainers] Bug#442214: aide: Aide issues false alarms
Bill Wohler
wohler at newt.com
Sun Feb 10 06:31:55 UTC 2008
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Sat, Nov 24, 2007 at 08:04:54PM -0800, Bill Wohler wrote:
> > Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> > > Care to submit your rules for inclusion in the aide packages?
> >
> > I will be glad to do so once I stop editing them :-).
>
> Great! Looking forward!
Just wanted to let you know that I'm still working on them a little bit
at a time and will let you know when I'm comfortable with them.
> > I've just installed 0.13.1-8 with apt-get source. Unfortunately, as
> > reported in #442214, I always get the following report:
> >
> > removed: /var/log/aide/aide.log.6.gz
> >
> > Once that message goes away, I'll be able to determine if this upgrade
> > closed this issue for me.
>
> Try changing /etc/aide/aide.conf.d/31_aide_aide to read:
> /var/log/aide/aide\.log(\.0)?$ LowLogs
> /var/log/aide/aide\.log\.1\.gz$ RotatedLogs+ANF
> /var/log/aide/aide\.log\.[2345]\.gz$ RotatedLogs
> /var/log/aide/aide\.log\.6\.gz$ RotatedLogs+ARF
I see the pattern here. I applied these in my files, but I still get
false alarms after a fashion. I'm still looking into it (albeit slowly).
I haven't made a small test case yet in hopes that I'll get the rules
right and because I never have time to set it up, but I may punt and do
so at some point.
Thanks for your patience.
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
More information about the Pkg-aide-maintainers
mailing list