[Pkg-aide-maintainers] Bug#596230: aide accepts the rename of completely different files

Thu Sep 9 12:59:27 UTC 2010

Package: aide
Version: 0.15-2
Severity: important
Tags: patch

Hi,

aide accepts the rename of completely different files.

For instance the file /var/log/cron-apt/log with the attributes 1ad807cfbd
could get the inode of the recently rotated file /var/log/fail2ban.log.2.gz
with the attributes 1a0400081d.

As the DB_CHECKINODE attribute is set for /var/log/fail2ban.log.2.gz aide
checks if the attributes of the two files differ and throws the following
warning:

Entry "/var/log/fail2ban.log.2.gz" "/var/log/cron-apt/log" in databases has different attributes (here3): 1a0400081d 1ad807cfbd

Then aide checks if the attribute values of these two files have
changed, but instead of checking all attributes aide only checks the
common attributes (which have in this case the same values) and accepts
the changed file name from /var/log/cron-apt/log to /var/log/fail2ban.log.2.gz
(the fact that /var/log/fail2ban.log.2.gz has for instance checksums
attributes set is ignored). Since now there is no corresponding entry in
the old database for /var/log/cron-apt/log the file is wrongly reported
as new.

The first patch fixes that issue.

Due to the changes in the first patch aide would no longer accept file
name changes to files which has the DB_CHECKINODE attribute not set. The
second patch fixes that.

Greetings

Hannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Ignore-changed-file-name-if-attributes-does-not-matc.patch
Type: text/x-c
Size: 2546 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-aide-maintainers/attachments/20100909/23a7a7ca/attachment.bin>
-------------- next part --------------
>From c39faa98d3420fb7cd347032d905b5df0ef53677 Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Tue, 7 Sep 2010 12:29:42 +0200
Subject: [PATCH 2/2] Allow absence of DB_CHECKINODE if file name has changed


Signed-off-by: Hannes von Haugwitz <hannes at vonhaugwitz.com>
---
 ChangeLog      |    1 +
 src/gen_list.c |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7a70a87..d891a9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 2010-09-07	Hannes von Haugwitz <hannes at vonhaugwitz.com>
 	* Ignore changed file name if attributes does not match
+	* Allow absence of DB_CHECKINODE if file name has changed
 
 2010-08-08	Richard van den Berg  <richard at vdberg.org>
 	* Added mkgitsnapshot.sh to contrib/
diff --git a/src/gen_list.c b/src/gen_list.c
index 0deec75..c3ea9d6 100644
--- a/src/gen_list.c
+++ b/src/gen_list.c
@@ -1205,7 +1205,7 @@ void add_file_to_tree(seltree* tree,db_line* file,int db,int status,
         oldData = node->old_data;
       }
 
-      localignorelist=(oldData->attr^newData->attr)&(~(DB_NEWFILE|DB_RMFILE));
+      localignorelist=(oldData->attr^newData->attr)&(~(DB_NEWFILE|DB_RMFILE|DB_CHECKINODE));
 
       if (localignorelist!=0) {
          error(220,"Ignoring moved entry (\"%s\" [%llx] => \"%s\" [%llx]) due to different attributes: %llx\n",
-- 
1.7.1

