Bug#1101472: marked as done (Bug report for aide)

Fri, 28 Mar 2025 05:14:33 -0700 

Your message dated Fri, 28 Mar 2025 07:48:07 +0100
with message-id <[email protected]>
and subject line Re: Bug#1101472: Bug report for aide
has caused the Debian Bug report #1101472,
regarding Bug report for aide
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1101472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101472
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: aide
Version: 0.18.3-1+deb12u3
Severity: normal

Hello maintainers,

In a Debian bookworm based OS which is booted in QEMU without any dedicated 
home partition.

The /home partition is moved under /var and is symlinked to /var/home.

I have experimented the following 2 scenarios to verify aide's integrity check 
after adding "report_url=syslog" to aide.conf

Scenario A:


  1.  Created a sample file under /home
  2.
Added that sample file to aide configuration file like below:
     *
#echo "$SAMPLE_FILE  VarFile" >> /etc/aide/aide.conf
  3.  Created aide database file
  4.  Explicitly modified the sample file.
  5.  Ran aide check and found that aide is unable to report integrity failures 
to syslogs.


Scenario B:


  1.  Repeated Scenario A, but the only difference is in this scenario sample 
file is created under /var/home instead of /home.
  2.  In this case, after modifying the file and running aide check, aide is 
able to report the integrity failures to syslogs.


Is this behaviour expected ?


Thanks and regards,
Sai Ashrith

--- End Message ---
--- Begin Message --- 
On Fri, Mar 28, 2025 at 05:07:20AM +0000, [email protected] wrote:

 1.  Created a sample file under /home
 2.
Added that sample file to aide configuration file like below:
    *
#echo "$SAMPLE_FILE  VarFile" >> /etc/aide/aide.conf
 3.  Created aide database file
 4.  Explicitly modified the sample file.
 5.  Ran aide check and found that aide is unable to report integrity failures 
to syslogs.
It is unlikely that a rule that is just appended to the configuration will work as expected. Order matters.
To be able to insert local rules at the "right" place of config, aide's Debian packages work with configuration snippets in /etc/aide/aide.conf.d. Try putting your rule in there.
This is not a bug, closing this report. For questions about basic aide usage, please refer to the mailing list. 

Also, what do you mean by "aide is unable to report"?

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

--- End Message ---

Reply via email to