[Pkg-aide-maintainers] pkg-aide development

Marc Haber mh+pkg-aide-maintainers at zugschlus.de
Mon Aug 31 07:09:47 UTC 2009


On Mon, Aug 31, 2009 at 06:40:11AM +0200, Hannes von Haugwitz wrote:
>> On Sun, Aug 30, 2009 at 06:41:13PM +0200, Hannes von Haugwitz wrote:
>>> Within the next two weeks I'll provide more patches. Among others a   
>>> script with generates aide rules out of the logrotate config files
>>
>> Does that script also handle dateext? 
>
> Not yet. Could you send me a ls -l example of such log files?

-rw-r----- 1 root adm  24K 31. Aug 09:07 /var/log/syslog/syslog
-rw-r----- 1 root adm 6,2M 31. Aug 07:38 /var/log/syslog/syslog-20090831
-rw-r----- 1 root adm 331K 27. Aug 00:29 /var/log/syslog/syslog-20090827.gz
-rw-r----- 1 root adm 378K 23. Aug 07:39 /var/log/syslog/syslog-20090823.gz
-rw-r----- 1 root adm 649K 19. Aug 07:39 /var/log/syslog/syslog-20090819.gz
-rw-r----- 1 root adm 326K 17. Aug 07:39 /var/log/syslog/syslog-20090817.gz

>> Additionally, I think that this
>> is going a little too far.
>
> So would you accept such a patch (with or without handling of dateext)?

I would, if there were a switch to turn this behavior off, and did not
make up my mind yet whether to have this enabled by default.

Probably it would be a good idea to have a framework to "staticize" an
aide script, running it once and replacing it with its output. That
way, one could check what it generated and stop the automatism there,
minimizing the danger of an attacker abusing the mechanism.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



More information about the Pkg-aide-maintainers mailing list