[Pkg-aide-maintainers] Bug#542621: aide: new feature: ignore files changed by system updates
Marc Haber
mh+debian-packages at zugschlus.de
Sun Aug 30 20:40:20 UTC 2009
On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages at zugschlus.de> wrote:
>> On a second and third though, why don't you implement this in a
>> dedicated binary so that a normal update round can be like
>>
>> - update system
>> - run aide --update
>> - filter output through new program to see only changes that didn't
>> come from a package
>> - decide whether to cp aide.db.new to aide.db
>>
>> That way, the complicated stuff can be implemented, for example, in
>> perl, since it is not mandatory.
>
> That would be an option. But I think the filter should also work for
> single package installations via aptitude install or dpkg -i. So how to
> implement that in an automatic way?
a single package installation doesn't create _that_ much noise, I'd
handle this the same as a system update, or manually.
>> Very nice. Please consider implementing this as a patch to the actual
>> aide binary which can be submitted upstream. This may be a feature to
>> be of big use outside Debian..
>
> I can do that, but as far as I can judge the truncation of the "Detailed
> changes" part has to be done further on in the cron job script.
Yes, that still needs to happen in the script.
> On the other hand we could modify the aide database before and after
> every package change. Thereby it would be possible to also filter
> removed files. This requires a new option to aide binary which
> allows to partially updating the aide database from a list of files and
> a way to run a program before and after every dpkg run. Is that possible?
I don't know for dpkg, but apt has pre/post hooks. And I think that
upstream would accept a patch to update only parts of the database,
but be aware that an attacker would be able to use that function to
hide his local changes as well.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-aide-maintainers
mailing list