[Pkg-aide-maintainers] Bug#469507: aide-common: No rule for kern.log

Francois Gouget fgouget at free.fr
Wed Mar 5 15:52:22 UTC 2008 

Package: aide-common
Version: 0.13.1-8
Severity: normal


aide issues warnings about /var/log/kern.log* files being added, changed and removed. This is a standard rotated log. I think this should be taken care of in 31_aide_syslog. I would propose the following rules for that:

---
/var/log/kern\.log\.0$ LowLogs
/var/log/kern\.log\.1\.gz$ RotatedLogs+ANF
/var/log/kern\.log\.[2345]\.gz$ RotatedLogs
/var/log/kern\.log\.9\.gz$ RotatedLogs+ARF
/var/log/kern\.log$ Logs
---

I'm not 100% sure these rules are correct as I never managed to get to
the zero-change point in order for ifnochange to kick in.

I will also note that the rules in 31_aide_syslog are a bit looser.
They use [0-9]+ to handle all the logs all at once (some keep a history
of only the last 4 files, others 6), and don't use +ARF on the last log
either (won't that prevent ifnochange from ever kicking in?). Also these
differences in how rotated logs are handled make it confusing when
trying to add rules for new logs (not that things are not confusing to
start with).

Well, I hope the above rules will be useful anyway.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.9fg2 (PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages aide-common depends on:
ii  aide [aide-binary] 0.13.1-8              Advanced Intrusion Detection Envir
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-2 A simple mail user agent
ii  debconf [debconf-2 1.5.19                Debian configuration management sy
ii  liblockfile1       1.06.2                NFS-safe locking library, includes
ii  mailx              1:20071201-2          Transitional package for mailx ren
ii  ucf                3.004                 Update Configuration File: preserv

Versions of packages aide-common recommends:
ii  cron                          3.0pl1-103 management of regular background p

-- debconf information excluded

More information about the Pkg-aide-maintainers mailing list