Public bug reported:
Ubuntu 16.04, AIDE 0.16a2-19-g16ed855.
AIDE supports configuring it to output the database to stdout and
receive its databases from stdin:
aide.conf
```
database=stdin
database_out=stdout
database_new=stdin
gzip_dbout=no
```
aideinit, however, explicitly checks on file:
```
if [ -z "$outfile" ]; then
outfile=$(egrep "^[[:space:]]*database_out=file:" $config | cut -d: -f2)
[ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new"
fi
```
Running aideinit with stdout set in the config file will make it prefix
stdout with "Running aide --init...", making AIDE unable to read the
output when importing it again over stdin (Pipe database must have one
db_spec specification).
$ aideinit 2>/dev/null
```
Running aide --init...
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux
e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
To compare, called `aide --init` with the correct config does not
display this behaviour:
$ update-aide.conf && aide -c /var/lib/aide/aide.conf.autogenerated --init
```
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux
e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
This makes it difficult to send the database off to another system
without saving it locally (to protect against an attacker on the system
hiding their traces by modifying the AIDE database).
** Affects: aide (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
+ Ubuntu 16.04, AIDE 0.16a2-19-g16ed855.
+
AIDE supports configuring it to output the database to stdout and
receive its databases from stdin:
aide.conf
```
database=stdin
database_out=stdout
database_new=stdin
gzip_dbout=no
```
aideinit, however, explicitly checks on file:
```
if [ -z "$outfile" ]; then
- outfile=$(egrep "^[[:space:]]*database_out=file:" $config | cut -d: -f2)
- [ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new"
+ outfile=$(egrep "^[[:space:]]*database_out=file:" $config | cut -d: -f2)
+ [ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new"
fi
```
Running aideinit with stdout set in the config file will make it prefix
stdout with "Running aide --init...", making AIDE unable to read the
output when importing it again over stdin (Pipe database must have one
db_spec specification).
$ aideinit 2>/dev/null
```
Running aide --init...
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux
e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
To compare, called `aide --init` with the correct config does not
display this behaviour:
$ update-aide.conf && aide -c /var/lib/aide/aide.conf.autogenerated --init
```
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux
e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
This makes it difficult to send the database off to another system
without saving it locally (to protect against an attacker on the system
hiding their traces by modifying the AIDE database).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817722
Title:
aideinit corrupts stdout database
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1817722/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
