[Pkg-aide-maintainers] Bug#442214: aide: Aide issues false alarms
wohler at newt.com
Sun Jul 27 15:42:14 UTC 2008
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
> > Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> > > This might be necessary for the ANF/ARF feature to properly
> > > +handle logs that have been rotated multiple times. COPYNEWDB="no" is
> > > +the default because automatically copying the database unconditionally
> > > +(COPYNEWDB="yes") might be dangerous since detected changes are only
> > > +reported once. Additionally, if you do not manually increase the
> > > +verbosity level by setting (for example) AIDEARGE="-V5" in
> > > +/etc/default/aide, you lose the possibility of inspecting the changes
> > > +more closely.
> > Since COPYNEWDB="yes" was parenthetical, that last sentence seems more
> > associated with the subject of the previous subject, namely,
> > COPYNEWDB="no". What do you think of this?
> I do not understand clearly. COPYNEWDB="no" always allows you to
> inspect the changes more closely by re-running aide.
It seems the warning (beginning with Additionally) applies if
> > COPYNEWDB="no" is the default because automatically copying the database
> > unconditionally (COPYNEWDB="yes") might be dangerous since detected
> > changes are only reported once. Because changes are only reported once
> > when using COPYNEWDB="yes" and you lose the possibility of inspecting
> > the changes more closely, increase the verbosity level by setting, for
> > example, AIDEARGE="-V5" in /etc/default/aide so that the report has
> > enough detail to diagnose problems.
> "Changes are only reported once" is repeated, that's a stylistical
> issue that jumps even into my non-native eyes.
> Additionally, the long
> second sentence is kind of hard to parse.
> I still prefer my version,
> but that may be a language issue.
:-). I'd be toast if this were German.
If you can't think of some verbiage to associate the warning more
tightly with COPYNEWDB="yes" than COPYNEWDB="no" in a few moments, don't
worry about it.
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
More information about the Pkg-aide-maintainers