On Tue, Nov 01, 2005 at 12:30:10PM +0200, Virolainen Pablo wrote:
> On Tue, 1 Nov 2005, Marc Haber wrote:
> >but what do I do with the "new" .2.gz file? If I use
> >!/var/log/exim4/mainlog.2.gz, I am completely excluding the file from
> >the aide database and will probably get the .3.gz file flagged as new.
> >Is there some way to say "it's ok to have a file matching this regexp
> >appear, include its value to the database but do not list it"?
> >
> >Greetings
> >Marc
>
> One can implement this by adding new bit to configuration file. We might
> call it "ANF" (allow new files:)
>
> you might want to use it something like
>
> /var/log/exim4/*.2.gz RotatedLogs+ANF
Which version is this patch against? It doesn't cleanly apply against
today's cvs snapshot. I have applied the non-clean parts manually and
am attaching the resulting patch.
Richard, are you willing to apply this to current CVS?
suggested comment line for aide.conf and the man page:
#S: check for growing size
#I: ignore changed file names
#ANF: allow new matching files to show up without being reported
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
#! /bin/sh /usr/share/dpatch/dpatch-run
## 30-allow-new-files.dpatch by Marc Haber <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad aide~/include/aide.h aide/include/aide.h
--- aide~/include/aide.h 2005-08-10 09:37:00.000000000 +0000
+++ aide/include/aide.h 2005-11-01 16:00:16.000000000 +0000
@@ -24,6 +24,19 @@
#include "report.h"
#include "db_config.h"
#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef TEMP_FAILURE_RETRY
+/* Evaluate EXPRESSION, and repeat as long as it returns -1 with errno'
+ set to EINTR. */
+
+# define TEMP_FAILURE_RETRY(expression) \
+ (__extension__
\
+ ({ long int __result;
\
+ do __result = (long int) (expression);
\
+ while (__result == -1L && errno == EINTR);
\
+ __result; }))
+#endif
#ifdef HAVE_SNPRINTF
#if !defined(HAVE_C99_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
diff -urNad aide~/include/db_config.h aide/include/db_config.h
--- aide~/include/db_config.h 2005-04-28 10:53:05.000000000 +0000
+++ aide/include/db_config.h 2005-11-01 16:00:26.000000000 +0000
@@ -102,6 +102,7 @@
db_rdev, /* "rdev" */
db_dev, /* "dev" */
db_checkmask, /* "checkmask"*/
+ db_allownewfile, /* "allownewfile */
db_unknown } DB_FIELD; /* "unknown" */
/* db_unknown must be last because it is used to determine size of
@@ -142,7 +143,7 @@
#define DB_CHECKMASK (1<<25) /* "checkmask"*/
#define DB_SIZEG (1<<26) /* "unknown" */
#define DB_CHECKINODE (1<<27) /* "checkinode"*/
-
+#define DB_NEWFILE (1<<28) /* "allow new file" */
#define DB_HASHES (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \
DB_GOST|DB_CRC32B)
@@ -174,7 +175,8 @@
"rdev",
"dev",
"checkmask",
- "unknown" } ;
+ "unknown",
+ "allownewfiles"} ;
const static int db_value[] = {
db_filename, /* "name", */
@@ -203,6 +205,7 @@
db_rdev, /* "rdev" */
db_dev, /* "dev" */
db_checkmask, /* "checkmask" */
+ db_allownewfile, /* "allownewfile" */
db_unknown }; /* "unknown" */
/* db_namealias && db_aliasvalue are here to support earlier database
diff -urNad aide~/src/aide.c aide/src/aide.c
--- aide~/src/aide.c 2005-10-25 12:29:05.000000000 +0000
+++ aide/src/aide.c 2005-11-01 16:00:26.000000000 +0000
@@ -329,7 +329,7 @@
conf->start_time=time(&(conf->start_time));
-
+ do_groupdef("ANF",DB_NEWFILE);
do_groupdef("p",DB_PERM);
do_groupdef("i",DB_INODE);
do_groupdef("I",DB_CHECKINODE);
diff -urNad aide~/src/gen_list.c aide/src/gen_list.c
--- aide~/src/gen_list.c 2005-10-28 14:36:03.000000000 +0000
+++ aide/src/gen_list.c 2005-11-01 16:04:30.000000000 +0000
@@ -697,10 +697,10 @@
if(!((retval&16)==16)){
retval|=16;
top=1;
- } else{
+ } else {
top=0;
}
-
+
/* if no deeper match found */
if(!((retval&8)==8)&&!((retval&4)==4)){
if(!check_list_for_match(node->equ_rx_lst,text,attr)){
@@ -1021,7 +1021,7 @@
if(!node){
node=new_seltree_node(tree,file->filename,0,NULL);
}
-
+
if(file==NULL){
error(0, "add_file_to_tree was called with NULL db_line\n");
}
@@ -1088,37 +1088,45 @@
/* Check if file was moved (same inode, different name in the other DB)*/
db_line *oldData;
db_line *newData;
- seltree* moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
-
- if(moved_node == NULL || moved_node == node) {
- /* There's mo match for inode or it matches the node with the same name.
- * In first case we don't have a match to compare with.
- * In the second - we already compared those files. */
- return;
- }
+ seltree* moved_node;
- if(db == DB_NEW) {
- newData = node->new_data;
- oldData = moved_node->old_data;
- } else {
- newData = moved_node->new_data;
- oldData = node->old_data;
- }
+ moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
+ if(!(moved_node == NULL || moved_node == node)) {
+ /* There's mo match for inode or it matches the node with the same
name.
+ * In first case we don't have a match to compare with.
+ * In the second - we already compared those files. */
+ if(db == DB_NEW) {
+ newData = node->new_data;
+ oldData = moved_node->old_data;
+ } else {
+ newData = moved_node->new_data;
+ oldData = node->old_data;
+ }
- localignorelist=(oldData->attr^newData->attr);
- if (localignorelist!=0) {
- error(5,"File %s in databases has different attributes, %i,%i\n",
- oldData->filename,oldData->attr,newData->attr);
- }
+ localignorelist=(oldData->attr^newData->attr);
+
+ if (localignorelist!=0) {
+ error(5,"File %s in databases has different attributes, %i,%i\n",
+ oldData->filename,oldData->attr,newData->attr);
+ }
- localignorelist|=ignorelist|DB_CTIME;
+ localignorelist|=ignorelist|DB_CTIME;
- /* Free the data if same else leave as is for report_tree */
- if(compare_dbline(oldData, newData, localignorelist)==RETOK){
- node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
- moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+ /* Free the data if same else leave as is for report_tree */
+ if(compare_dbline(oldData, newData, localignorelist)==RETOK){
+ node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
+ moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+ }
}
}
+ if( (db == DB_NEW) &&
+ (file->attr & DB_CHECKINODE) &&
+ (node->new_data!=NULL) &&
+ (node->old_data==NULL)) {
+ free_db_line(node->new_data);
+ node->new_data=NULL;
+ node->checked=DB_OLD|DB_NEW|NODE_TRAVERSE;
+ }
}
int check_rxtree(char* filename,seltree* tree,int* attr)
_______________________________________________
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
