[Pkg-aide-maintainers] Bug#442214: aide: Aide issues false alarms

Bill Wohler wohler at newt.com
Sun Feb 10 06:31:55 UTC 2008


Marc Haber <mh+debian-packages at zugschlus.de> wrote:

> On Sat, Nov 24, 2007 at 08:04:54PM -0800, Bill Wohler wrote:
> > Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> > > Care to submit your rules for inclusion in the aide packages?
> > 
> > I will be glad to do so once I stop editing them :-).
> 
> Great! Looking forward!

Just wanted to let you know that I'm still working on them a little bit
at a time and will let you know when I'm comfortable with them.

> > I've just installed 0.13.1-8 with apt-get source. Unfortunately, as
> > reported in #442214, I always get the following report:
> > 
> >   removed: /var/log/aide/aide.log.6.gz
> > 
> > Once that message goes away, I'll be able to determine if this upgrade
> > closed this issue for me.
> 
> Try changing /etc/aide/aide.conf.d/31_aide_aide to read:
> /var/log/aide/aide\.log(\.0)?$ LowLogs
> /var/log/aide/aide\.log\.1\.gz$ RotatedLogs+ANF
> /var/log/aide/aide\.log\.[2345]\.gz$ RotatedLogs
> /var/log/aide/aide\.log\.6\.gz$ RotatedLogs+ARF

I see the pattern here. I applied these in my files, but I still get
false alarms after a fashion. I'm still looking into it (albeit slowly).
I haven't made a small test case yet in hopes that I'll get the rules
right and because I never have time to set it up, but I may punt and do
so at some point.

Thanks for your patience.

-- 
Bill Wohler <wohler at newt.com>  http://www.newt.com/wohler/  GnuPG ID:610BD9AD





More information about the Pkg-aide-maintainers mailing list