** Description changed:
Binary package hint: aide-common
INSTALLED AIDE VERSION
0.13.1-7
PROBLEM DESCRIPTION
The aide.conf.autogenerated file is not properly generated. Not fully
understanding how the debian based aide package works, I can only guess
that the problem is either incorrect permissions on the executable files
in /etc/aide/aide.conf.d, or the application which is responsible for
concatenating the /etc/aide/aide.conf file with snippets in
/etc/aide/aide.conf.d is malfunctioning.
The symptoms presented in the system are email notifications that are
similar to the following:
<BEGIN EMAIL>
This is an automated report generated by the Advanced Intrusion Detection
Environment on mlab-1420 started at 2007-10-27 14:16:53.
******************************************************************************
* AIDE returned with exit code 17. Invalid configuration! *
******************************************************************************
Errors produced (3 lines):
37:syntax error:[
37:Error while reading configuration:[
Configuration error
End of AIDE error output.
funny, AIDE did not leave a log.
The check was done against /var/lib/aide/aide.db with the following
characteristics:
Mtime : 2007-10-27 11:06:08
Ctime : 2007-10-27 11:06:08
Inode : 246640
The AIDE run created a new database /var/lib/aide/aide.db.new with the
following characteristics:
End of AIDE daily cron job at at 2007-10-27 14:16, run time 0 seconds
<END EMAIL>
To reproduce the problem, merely perform a fresh install of aide in
Gutsy.
TEMPORARY SOLUTION
The update-aide.conf manpage states that the executable files in
/etc/aide/aide.conf.d will be run and the stdout is used in the
aide.conf.autogenerated file. The /etc/aide/aide.conf.d/* files as
installed, are not marked as executable in their permissions. It may be
that update-aide.conf is supposed to identify the snippets with shell
code and run it. Regardless, the contents of all the
/etc/aide/aide.conf.d files are being inserted verbatim into the
aide.conf.autogenerated file (minus the shell identification line, i.e.
#!/bin/sh).
The workaround, and perhaps the solution is to modify the permissions of
all the files with shell script to be executable. I ran the following
shell script in a terminal, and was then able to properly generate the
*.autogenerated file:
<BEGIN SHELL SCRIPT>
#!/bin/sh
chmod 755 10_aide_hostname
chmod 755 30_aide_apache2
chmod 755 30_inn2_vars
chmod 755 31_aide_amanda-server
chmod 755 31_aide_apt
chmod 755 31_aide_ifupdown
chmod 755 31_aide_torrus
chmod 755 70_aide_dev
update-aide.conf
<END SHELL SCRIPT>
Those may not be the correct permissions to apply, but it did get me
over the hurdle.
The other aide related bug I posted can either be marked a duplicate of
this, or just closed.
+
+ TESTCASE
+ :: How to reproduce the issue ::
+ - Install the current version of aide
+ - Check that none of the scripts have the execute bit set in
/usr/share/aide/config/aide/aide.conf.d/
+
+ :: Check the fix ::
+ - Install the -proposed version of aide
+ - Check that some scripts have the execute bit set in
/usr/share/aide/config/aide/aide.conf.d/
+ All files listed by
+ # for file in /etc/aide/aide.conf.d/* ; do head -1 $file | grep -q
'^\#\!' && ls -l $file ; done
+ should show the execution bit set (e.g. mode -rwxr-xr-x)
--
aide.conf.autogenerated NOT properly generated
https://bugs.launchpad.net/bugs/157858
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
