Public bug reported:
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two examples here, there's the
/etc/aide/aide.conf.d/31_aide_libvirt-bin and
/etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of
exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$
d
This won't take effect for some reason, the resulting aide database file
will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g.
creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say
...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot
of rule files and the maintainer might have some ideas as to why it's
ordered like that.
In any case, it would be nice if the exclude rules worked - it's not
only the /machines under /run/systemd, it's everything else too, that
was just an example.
I have all the default rule files copied from
/usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
500 http://hu.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: aide (Ubuntu)
Importance: Undecided
Status: New
** Tags: aide rules
** Description changed:
A number of exclusion rules don't work with aide running on 22.04.
- I'll just list two example here, there's the
/etc/aide/aide.conf.d/31_aide_libvirt-bin and
/etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of
exclusions.
+ I'll just list two examples here, there's the
/etc/aide/aide.conf.d/31_aide_libvirt-bin and
/etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of
exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$
d
This won't take effect for some reason, the resulting aide database file
will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g.
creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say
...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot
of rule files and the maintainer might have some ideas as to why it's
ordered like that.
In any case, it would be nice if the exclude rules worked - it's not
only the /machines under /run/systemd, it's everything else too, that
was just an example.
I have all the default rule files copied from
/usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
- Installed: 0.17.4-1
- Candidate: 0.17.4-1
- Version table:
- *** 0.17.4-1 500
- 500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main
amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 0.17.4-1
+ Candidate: 0.17.4-1
+ Version table:
+ *** 0.17.4-1 500
+ 500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main
amd64 Packages
+ 100 /var/lib/dpkg/status
** Description changed:
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two examples here, there's the
/etc/aide/aide.conf.d/31_aide_libvirt-bin and
/etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of
exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$
d
This won't take effect for some reason, the resulting aide database file
will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g.
creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say
...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot
of rule files and the maintainer might have some ideas as to why it's
ordered like that.
In any case, it would be nice if the exclude rules worked - it's not
only the /machines under /run/systemd, it's everything else too, that
was just an example.
I have all the default rule files copied from
/usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
- 500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main
amd64 Packages
+ 500 http://hu.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1966884
Title:
systemd exclude rules don't take effect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1966884/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
