[Pkg-aide-maintainers] Bug#683957: aide: Squeeze rules update

Marc Haber mh+debian-packages at zugschlus.de
Sat Oct 21 10:08:51 UTC 2017 

On Sun, Aug 05, 2012 at 11:27:38AM -0700, Bill Wohler wrote:
> Hi Marc, sorry for the long, long delay. My configuration has finally
> settled down under squeeze (just in time for the wheezy release :-( )
> and somehow I arrived at your message in my +todo folder.

Now, it is my turn to apologize for letting this rot away for five
years. You didn't accidentally continue working on your aide config so
that we now have rules for stretch, did you?

Would it be possible that you clone
https://anonscm.debian.org/git/pkg-aide/aide.git and file the easy parts
of your rule improvements as git patches?

> diff -u --exclude .svn --new-file -r aide.conf.d/30_local aide.conf.local.d/30_local
> --- aide.conf.d/30_local	1969-12-31 16:00:00.000000000 -0800
> +++ aide.conf.local.d/30_local	2012-08-04 18:35:27.814118388 -0700
> @@ -0,0 +1,43 @@
> +# Rules expect a non-fully-qualified name. See also FQDN.
> +@@define HOSTNAME tassie

We do define HOSTNAME in 10_aide_hostname since 2007, does that not work
on your system?

> +# See 31_aide_apache2.
> +@@define WEB_SITES_WEEKLY_ROTATION (billwohler|loriheyman|newt)\.com
> +
> +# See 31_aide_webalizer.
> +@@define LOC_WEBSITES @@{WEB_SITES_WEEKLY_ROTATION}

Those would belong into /etc/aide/aide.settings.d, wouldn't they?

> +# Local preferences.
> +/root$ VarDir
> +/root/.emacs.desktop$ VarFile
> +
> +/tmp$ VarDir-n
> +!/tmp/
> +
> +/var/mail$ VarDir
> +!/var/mail/

I am not sure whether those should be the default in the package.

> +/var/local/spool/process$ VarFile

Which package writes that one?

> +/var/local/lib/bogofilter$ VarDir
> +/var/local/lib/bogofilter/DB_CONFIG$ VarFile
> +/var/local/lib/bogofilter/wordlist.db$ VarFile

should go into 31_aide_bogofilter?

> +/var/local/lib/diane/offset VarFile
> +/var/local/lib/diane$ InodeData

Which package writes that?

> +# Local preferences for 31_aide_mailman.
> +/var/lib/mailman/archives$ VarDir
> +!/var/lib/mailman/archives/
> +/var/lib/mailman/data$ VarDir
> +!/var/lib/mailman/data/
> +/var/lib/mailman/lists$ VarDir
> +!/var/lib/mailman/lists/
> +/var/lib/mailman/qfiles$ VarDir
> +!/var/lib/mailman/qfiles/
> +/var/lock/mailman$ VarDir
> +!/var/lock/mailman/

I think these might belong into 31_aide_mailman proper, won't they?

> +/var/run/screen/S-wohler/[0-9]+\.pts-[0-9]+\.tassie$ VarFile
> diff -u --exclude .svn --new-file -r aide.conf.d/30_local_exclude_home aide.conf.local.d/30_local_exclude_home
> --- aide.conf.d/30_local_exclude_home	1969-12-31 16:00:00.000000000 -0800
> +++ aide.conf.local.d/30_local_exclude_home	2012-08-04 18:35:27.822118335 -0700
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +# Exclude home directories of system accounts with uid >= 1000.
> +getent passwd | awk  -F":" '{ if ($3 >= 1000) {print "!" $6}}'
> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_acpid aide.conf.local.d/31_aide_acpid

I am unsure whether that kind of automatism would belong into the
package. If an undesired new account gets created, it would
automatically not show up in aide.

> --- aide.conf.d/31_aide_acpid	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_acpid	2012-08-04 18:35:27.818118296 -0700
> @@ -1,6 +1,6 @@
>  /var/log/acpid$ Log
> -/var/log/acpid\.1$ LowLog
> +/var/log/acpid\.1\.gz$ LowLog
>  /var/log/acpid\.2\.gz$ LoSerMemberLog
>  /var/log/acpid\.3\.gz$ SerMemberLog
>  /var/log/acpid\.4\.gz$ HiSerMemberLog
> -/var/run/acpid\.(socket|pid)$ VarFile
> +/var/run/acpid\.socket$ VarFile

Acpid does rotate directly from /var/log/acpid to /var/log/acpid.1.gz?
That might be a bug in the package, triggering a race condition.

> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_apache2 aide.conf.local.d/31_aide_apache2
> --- aide.conf.d/31_aide_apache2	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_apache2	2012-08-04 18:35:27.814118388 -0700
> @@ -3,12 +3,18 @@
>  @@else
>  @@define APACHE2_LOGS (access|error)
>  @@endif
> -/var/log/apache2/@@{APACHE2_LOGS}\.log$ Log
> -/var/log/apache2/@@{APACHE2_LOGS}\.log\.1$ LowLog
> +/var/log/apache2/@@{APACHE2_LOGS}\.log(\.1)?$ LowLog
That would apply both Log and LowLog to /var/log/apache2/access.log. Is
that intended?

> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_aptitude aide.conf.local.d/31_aide_aptitude
> --- aide.conf.d/31_aide_aptitude	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_aptitude	2012-08-04 18:35:27.818118296 -0700
> @@ -1,13 +1,11 @@
> -/var/log/aptitude$ Log
> -/var/log/aptitude\.1\.gz$ LoSerMemberLog
> -/var/log/aptitude\.[2-5]\.gz$ SerMemberLog
> -/var/log/aptitude\.6\.gz$ HiSerMemberLog
>  /var/backups/aptitude\.pkgstates\.0$ LowLog
>  /var/backups/aptitude\.pkgstates\.1\.gz$ LoSerMemberLog
>  /var/backups/aptitude\.pkgstates\.[2345]\.gz$ SerMemberLog
>  /var/backups/aptitude\.pkgstates\.6\.gz$ HiSerMemberLog
> -/var/lib/aptitude/pkgstates(\.old)?$ VarFile
> -/var/lib/aptitude$ VarDir
> -!/var/lock/aptitude$
> +/var/lock/aptitude$ VarDir
> +/var/log/aptitude(\.1\.gz)?$ LowLog

That makes both /var/log/aptitude and /var/log/aptitude.1.gz a LowLog,
is that intended and correct?

> --- aide.conf.d/31_aide_boinc-client	1969-12-31 16:00:00.000000000 -0800
> +++ aide.conf.local.d/31_aide_boinc-client	2012-08-04 18:35:27.814118388 -0700
> @@ -0,0 +1,23 @@
> +/var/lib/boinc-client$ VarDir
> +/var/lib/boinc-client/client_state.xml$ VarFile
> +/var/lib/boinc-client/client_state_prev.xml$ VarFile
> +/var/lib/boinc-client/daily_xfer_history.xml$ VarFile
> +/var/lib/boinc-client/do_fp$ VarFile
> +/var/lib/boinc-client/get_current_version.xml$ VarFile
> +/var/lib/boinc-client/global_prefs.xml$ VarFile
> +/var/lib/boinc-client/lookup_website.html$ VarFile
> +/var/lib/boinc-client/stderrdae.txt$ VarFile
> +/var/lib/boinc-client/stdoutdae.txt$ VarFile
> +/var/lib/boinc-client/time_stats_log$ VarFile

We could take that for the package, does it still apply?

> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_crack aide.conf.local.d/31_aide_crack
> --- aide.conf.d/31_aide_crack	1969-12-31 16:00:00.000000000 -0800
> +++ aide.conf.local.d/31_aide_crack	2012-08-04 18:35:27.818118296 -0700
> @@ -0,0 +1,3 @@
> +/var/cache/cracklib/cracklib_dict.pwi$ Full-m-c
> +/var/cache/cracklib/cracklib_dict.hwm$ Full-m-c
> +/var/cache/cracklib/cracklib_dict.pwd$ Full-m-c

We could take that for the package, does it still apply?

> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_dlocate aide.conf.local.d/31_aide_dlocate
> --- aide.conf.d/31_aide_dlocate	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_dlocate	2012-08-04 18:35:27.818118296 -0700
> @@ -1,2 +1,2 @@
> -/var/lib/dlocate/(dpkg-list|dlocatedb(|\.stamps|\.old))$ VarFile
> +/var/lib/dlocate/(dpkg-list|dlocate(db)?(\.old|\.stamps)?)$ VarFile
>  /var/lib/dlocate$ VarDir

We could take that for the package, does it still apply?

> --- aide.conf.d/31_aide_logcheck	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_logcheck	2012-08-04 18:35:27.818118296 -0700
> @@ -1,2 +1,4 @@
> -/var/lib/logcheck/offset\.var\.log\.(syslog|auth\.log)$ VarFile
> -/var/(lib|lock)/logcheck$ VarDir
> +/var/lock/logcheck$ VarDir
> +!/var/lock/logcheck/
> +/var/lib/logcheck/offset VarFile
> +/var/lib/logcheck$ VarDir

Do logcheck logs still go in /var/lock or did the move to /run since
then?

> diff -u --exclude .svn --new-file -r aide.conf.d/31_aide_mailman aide.conf.local.d/31_aide_mailman
> --- aide.conf.d/31_aide_mailman	2011-04-11 09:55:31.000000000 -0700
> +++ aide.conf.local.d/31_aide_mailman	2012-08-04 18:35:27.818118296 -0700
> @@ -1,8 +1,7 @@
> -# maintained on q
>  !/var/lib/mailman/data/(bounce-events|heldmsg-[-[:alnum:]]+)-[[:digit:]]+\.pck$
>  /var/lib/mailman/data$ VarDir
>  !/var/lib/mailman/archives/private/[-[:alnum:]]+/database/@@{YEAR4D}-[[:alnum:]]+-(author|subject|thread|article|date)$
> -!/var/lib/mailman/archives/private/[-[:alnum:]]+/@@{YEAR4D}-[[:alnum:]]+/(author|subject|thread|date|index|[[:digit:]]{5,6})\.html$
> +!/var/lib/mailman/archives/private/[-[:alnum:]]+/@@{YEAR4D}-[[:alnum:]]+/(author|subject|thread|date|index|[[:digit:]]{5})\.html$
>  !/var/lib/mailman/archives/private/[-[:alnum:]]+/@@{YEAR4D}-[[:alnum:]]\.txt(\.gz)?$
>  !/var/lib/mailman/archives/private/[-[:alnum:]]+/attachments/[[:digit:]]{8}/[[:digit:]]{8}/[[:alnum:]\.]+$

Ouch, that one was never meant to get into the package. I apologize.
Will fix in the package.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

More information about the Pkg-aide-maintainers mailing list