Bug#1071385: wmenu 0.1.8 available
Package: wmenu Version: 0.1.7-1 Severity: normal Hello, wmenu version [0.1.8] is available, please consider packaging it. It provides a new wmenu-run executable and fixes some bugs. Best regards Hannes [0.1.8] https://lists.sr.ht/~adnano/wmenu-announce/%3cd11c10674z0o.xctdywu4x...@maolood.com%3E
Bug#1070805: aide fails to concurrently read extended attributes
Package: aide Version: 0.18.3-1+deb12u2 Severity: important Tags: upstream patch Hello, aide 0.18 (<= 0.18.7) fails to concurrently read extended attributes (xattrs) due to variables erroneously shared between worker threads. This has been fixed upstream in AIDE [v0.18.8] via [732e7e2e] (and [3831c717] in the default branch). Best regards Hannes [v0.18.8] https://github.com/aide/aide/releases/tag/v0.18.8 [732e7e2e] https://github.com/aide/aide/commit/732e7e2e7dc91bb614c508518c0abc6cab85565c [3831c717] https://github.com/aide/aide/commit/93831c717eaaa19d58da12ebeb28607cc6d43116
[Aide] AIDE 0.18.8 bugfix release
AIDE version 0.18.8 was published. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). This is a bugfix release. The most noteworthy changes between v0.18.7 and v0.18.8 are: * Fix concurrent reading of extended attributes (xattrs) * Raise warning if both input databases are the same The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.8/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.7 release
AIDE version 0.18.7 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.6 and v0.18.7 are: * Add missing library CFLAGS * Fix typo in aide.conf manual page * Fix 64-bit time_t on 32-bit architectures * Fix debug logging for returned attributes * Fix condition for error message of failing to open gzipped files The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.7/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Verifying mounted filesystem
Hello, On Wed, Feb 28, 2024 at 09:39:14PM +, Sloane, Brandon wrote: > Ideally, I would be able to do something along the > lines of: > > aide --check --config /path/to/aide.conf --root /mnt/sysroot > > and have it behave as if aide was called after doing 'chroot /mnt/sysroot'. > However, I have been unable to find anything along the lines of the > hypothetical root command. Use the `root_prefix` config option (see main 5 aide.conf for deatils): aide --check --config /path/to/aide.conf --before 'root_prefix=/mnt/sysroot' Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Aide compilation issue: configure: error: AIDE requires mhash or libcrypt for hashsum calculation
Hi, On Mon, Feb 12, 2024 at 10:49:53PM +, Michael Arguello wrote: > checking for libgcrypt... no > configure: error: libgcrypt not found by pkg-config - Try to add directory > containing libgcrypt.pc to PKG_CONFIG_PATH environment variable > > So, it seems like it can't find libgcrypt, but I know I have it installed. > There are the packages installed on my system: > libgcrypt-1.5.3-14.el7.x86_64 > libgcrypt-devel-1.5.3-14.el7.x86_64 Does one of these packages provide the libgcrypt.pc file? What is the output of the following commands?: pkg-config --path libpcre2-8 pkg-config --path libgcrypt Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Aide compilation issue: configure: error: AIDE requires mhash or libcrypt for hashsum calculation
Hello, On Fri, Feb 09, 2024 at 03:50:34PM +, Michael Arguello wrote: > This is for Aide version 0.18.6. > > I'm trying to run the instructions in the README file: > $ ./configure > $ make > $ make install > > This is on a fresh CentOS7 minimal system. I installed the requirements > listed in the README file. When I run ./configure, I get the following error: > configure: error: AIDE requires mhash or libcrypt for hashsum calculation (I'm not a CentOS user) Can you please try to explicitly enable gcrypt via './configure --with-gcrypt --without-mhash` and provide the full output of the `./configure` run? Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#710970: Please include extended dh_ucf script
Hello, On Sun, Aug 14, 2022 at 01:16:15PM +0200, Niels Thykier wrote: > Yes, I would still be interested in the improvements if you still feel it > would be worth your time and effort to do them. :) Originally I created the bug/patch to ease the maintenance of the numerous rule files in the aide package. Meanwhile Marc (one of the aide maintainers) has developed some ucf helper functions for the same purpose. These functions are now provided by the ucf package [ucf_helper_functions] and are used directly in the aide-common postinst file (see [aide-common.postinst]). Principally I'm still willing to update the dh_ucf patch, but I think it does not make sense to provide the same functionality in two different packages (debhelper and ucf). How do we want to proceed now? @Marc @Manoj What is your opinion as the maintainers of the other involved packages? Best regards Hannes [ucf_helper_functions] https://salsa.debian.org/srivasta/ucf/-/blob/master/ucf_helper_functions.sh [aide-common.postinst[ https://salsa.debian.org/debian/aide/-/blob/master/debian/aide-common.postinst
Bug#1057309: src:haskell-pandoc binary package names conflict with src:pandoc binary packages
Source: haskell-pandoc Version: 3.0.1-2 Severity: serious Control: affects -1 src:pandoc Hi, The binary packages provided by src:haskell-pandoc conflict with the binary packages of src:pandoc; violationg Debian Policy 3.1 ("Every package must have a name that’s unique within the Debian archive."). This also makes the pandoc binary package from src:pandoc uninstallable in unstable: # apt policy pandoc pandoc-data pandoc: Installed: (none) Candidate: 2.17.1.1-3 Version table: 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages pandoc-data: Installed: (none) Candidate: 3.0.1-2 Version table: 3.0.1-2 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages # apt install pandoc Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: pandoc : Depends: pandoc-data (< 2.17.1.1-3.~) but 3.0.1-2 is to be installed E: Unable to correct problems, you have held broken packages. As a workaround you can specify the matching version of pandoc-data: # apt install pandoc pandoc-data=2.17.1.1-3 Best regards Hannes
Bug#1057309: src:haskell-pandoc binary package names conflict with src:pandoc binary packages
Source: haskell-pandoc Version: 3.0.1-2 Severity: serious Control: affects -1 src:pandoc Hi, The binary packages provided by src:haskell-pandoc conflict with the binary packages of src:pandoc; violationg Debian Policy 3.1 ("Every package must have a name that’s unique within the Debian archive."). This also makes the pandoc binary package from src:pandoc uninstallable in unstable: # apt policy pandoc pandoc-data pandoc: Installed: (none) Candidate: 2.17.1.1-3 Version table: 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages pandoc-data: Installed: (none) Candidate: 3.0.1-2 Version table: 3.0.1-2 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages # apt install pandoc Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: pandoc : Depends: pandoc-data (< 2.17.1.1-3.~) but 3.0.1-2 is to be installed E: Unable to correct problems, you have held broken packages. As a workaround you can specify the matching version of pandoc-data: # apt install pandoc pandoc-data=2.17.1.1-3 Best regards Hannes ___ Pkg-haskell-maintainers mailing list Pkg-haskell-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-haskell-maintainers
Bug#1057309: src:haskell-pandoc binary package names conflict with src:pandoc binary packages
Source: haskell-pandoc Version: 3.0.1-2 Severity: serious Control: affects -1 src:pandoc Hi, The binary packages provided by src:haskell-pandoc conflict with the binary packages of src:pandoc; violationg Debian Policy 3.1 ("Every package must have a name that’s unique within the Debian archive."). This also makes the pandoc binary package from src:pandoc uninstallable in unstable: # apt policy pandoc pandoc-data pandoc: Installed: (none) Candidate: 2.17.1.1-3 Version table: 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages pandoc-data: Installed: (none) Candidate: 3.0.1-2 Version table: 3.0.1-2 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages 2.17.1.1-3 500 500 mirror+file:/etc/apt/mirrors/debian.list unstable/main amd64 Packages # apt install pandoc Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: pandoc : Depends: pandoc-data (< 2.17.1.1-3.~) but 3.0.1-2 is to be installed E: Unable to correct problems, you have held broken packages. As a workaround you can specify the matching version of pandoc-data: # apt install pandoc pandoc-data=2.17.1.1-3 Best regards Hannes
Re: [Aide] Monitoring files copy to an USB key
On Tue, Nov 07, 2023 at 09:34:14AM +, s4il0r wrote: > AIDE seems to be very great for this, except that it haven't find how > to run a check when a file is copied to an usb key. > > Does someone have a clue ? > > Or perhaps there is a better tool for my needs ? AIDE is designed to run on a daily (or weekly) basis to report changes in the file system. aide has no daemon mode to monitor file system events. To monitor and act upon filesystem events you can use inotify-tools (see `inotifywait` and `inotifywatch` commands). Best regards Hannes [0] https://github.com/inotify-tools/inotify-tools/wiki ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Excluding directories
On Tue, Oct 24, 2023 at 10:27:11AM -0700, Jeffrey Shepherd wrote: > Are these recommendations valid? What are the implications of omitting > /opt, /run, and /var? I know (for example) with !/opt an attacker > could come in and place a rootkit in /opt. It depends... If you want to monitor a system for malicious file changes it might not be a good idea to exclude such directories. Writing an aide configuration is time consuming and a lot of work, if you want to reduce false positive reports of changed files to a minimum. The Debian/Ubuntu package for example provides a huge amount of fine-grained rules for numerous packages[0]. Best regards Hannes [0] https://salsa.debian.org/debian/aide/-/tree/master/debian/aide.conf.d ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.6 release
AIDE version 0.18.6 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.5 and v0.18.6 are: * Update GPG key in SECURITY.md * Fix double free() during report generation * Improve handling of ACL errors The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.6/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?
On Sat, Jul 22, 2023 at 03:56:02PM +0800, Paul Wise wrote: > You will have to ask the apt developers and archive admins about this, > but at the end of the day reverting it is unlikely to happen, so > probably it is something everyone will just have to learn to live with. What about to add a warning to apt if *-security or *-updates is configured in the sources list and `APT::Default-Release` is set but does not match the security or updates repo? Best regards Hannes
[Aide] AIDE 0.18.5 release
AIDE version 0.18.5 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.4 and v0.18.5 are: * Fix child directory processing on equal match The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.5/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] config changes between 0.17.3 and 0.18.3
Hi, On Mon, Jun 26, 2023 at 01:55:06PM -0700, Paul B. Henson wrote: > However, with 18, this only includes /etc in the db and everything else > is skipped: This issue was also reported on Github some weeks ago[ISSUE] and now I was able to reproduce it, I fixed this issue in [cf5026b]. The fix will be part of the next stable point release of AIDE. [ISSUE] https://github.com/aide/aide/issues/154 [cf5026b] https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6 > Interestingly, when I went to look at the man page, both 17 and 18 say: > >Equals rule: > = > > Files and directories matching the regular expression are added > to the database. The chil‐ > dren of directories are only added if the regular expression > ends with a "/". The children > of sub-directories are not added at all. > > So the behavior of 18 matches the docs and that of 17 does not. The described behaviour only applies to the equals rule, if another rule matches the directory children they should be added to the database. > I tried changing the order: > > /etc$ L > / Default > > and that seems to work? Do I need to not use = rules now, and put more > specific stuff first? Unrelated from the (now fixed) issue, it is generally a good idea to write the most general rules last. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.4 release
AIDE version 0.18.4 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.3 and v0.18.4 are: * Fix handling of extended attributes on symlinks * Add missing ')' to log message * Fix static linking of the aide binary * Don't require database_out for --dry-init * Remove strerror() calls from thread log messages Please note: The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.4/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.3 release
AIDE version 0.18.3 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.2 and v0.18.3 are: * Handle readlink() errors The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.3/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#1034816: aide aborts with error "realloc: failed to allocate memory", exit code 22
tags 1034816 - moreinfo unreproducible thanks Hi Thomas, On Thu, May 11, 2023 at 05:52:01PM +0200, Thomas Dorner wrote: > I narrowed it further down with some more fprintfs. The problem is not > in do_md.c but the call in hsymlnk in gen_list.c. Yes, yesterday I was able to reproduce your issue. Please try the patch available upstream[0] and report back if it fixes the memory allocation errors. Thanks for debugging. Best regards Hannes [0] https://github.com/aide/aide/commit/61778cdb42b88ab9591e43bf8de39693d545a278
Bug#1034816: aide aborts with error "realloc: failed to allocate memory", exit code 22
Hello Thomas, On Wed, Apr 26, 2023 at 07:46:40AM +0200, Thomas Dorner wrote: > > How many files are in the AIDE database on a successful run? Does this > > number significantly differ when the aide check fails? > > You mean the /var/lib/aide/aide.db? > # zcat /var/lib/aide/aide.db | wc > 755240 21146627 442199792 This shouldn't be large enough to fill up 32 GB of memory. Can you try to reproduce the failure and verify that the memory is actually used up by the aide process? > > Is 0.18.2-1 the only version you experience this behaviour or does > > this error also occur with an older version? > > I've never encountered this before, but I did not work with the > specific directory tree parallel to the AIDE run for at least 3 weeks > before the this one. Additionally can you try to directly call aide limited to the specific directory (see --limit option). Best regards hannes
Bug#1034816: aide aborts with error "realloc: failed to allocate memory", exit code 22
Hi Thomas, On Tue, Apr 25, 2023 at 10:54:39AM +0200, Thomas Dorner wrote: > The last two daily aide runs on my desktop machine failed with an error > 22. How many files are in the AIDE database on a successful run? Does this number significantly differ when the aide check fails? > Version 0.18.2-1 had been installed on 2023-04-21, so it did run OK at > least two times. It also run OK after a manual "systemctl start > dailyaidecheck" in a terminal window yesterday. This did not work today > though. Is 0.18.2-1 the only version you experience this behaviour or does this error also occur with an older version? > The last warnings like the 4 last ones above all come from a test > directory used by my current project. The files and directories there > have been deleted and recreated several times during the aide run. Independently of the issue above, it might make sense to exclude this directory. Best regards Hannes
Re: [Aide] Protecting multiple containers
Hello Rick, On Wed, Apr 19, 2023 at 04:54:15PM +, Rick van Rein wrote: > > As this is a common usecase in containerized environments, do we already > > have a "how to handle containers" chapter in our docs? If not, then we > > could invite Rick to contribute to the docs. I am available for > > cooperation in this matter. > > Sure. Where would you like it? Maybe an example section in aide.conf(5) ? > > https://github.com/aide/aide/blob/master/doc/aide.conf.5 Sounds good, just add another passage to the EXAMPLES section of aide.conf.5. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Protecting multiple containers
Hi Rick, On Mon, Apr 17, 2023 at 10:21:27AM +, Rick van Rein wrote: > > Look at aide 0.18's --limit option, it might be what you want. > > Otherwise, please be more verbose in your wishes and give some simple > > exmples. > > Yes, that is almost exactly what I had in mind. Lovely! > (The name differs, to be precise, and you had the idea to make it a regex.) As Marc already mentioned, there is the --limit option (added in AIDE v0.16) to check/update only parts of the database. If you have a common rule set you might want to look at the RULE_PREFIX option (added in AIDE v0.18) for the @@include/@@x_include macro. Another option would be to create one database for each container and use the root_prefix config option to point to the container's root mount point in each AIDE run. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Does AIDE traverse Linux symlinks?
Hello John, On Sat, Apr 08, 2023 at 11:36:59PM -0400, John Jamerson wrote: > If AIDE, by design, traverses Linux symlinks, perhaps there's an > /etc/aide.conf option I've missed or misconfigured? No, AIDE does not follow symlinks. Would it be an option to not only scan /data/app/ but also /releases/app? Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.2 release
AIDE version 0.18.2 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18.1 and v0.18.2 are: * Add warning if rules contain not compiled-in attributes * Add missing lock for tree operations during file system scan The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/v0.18.2/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18.1 release
AIDE version 0.18.1 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.18 and v0.18.1 are: * Fix handling of empty growing files * Fix segfault when using --dry-init * Update README The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Advanced Log Handling with aide 0.18
Hi, On Tue, Feb 28, 2023 at 07:13:04PM +0100, Marc Haber wrote: > Here is my suggestion to handle this kind of log rotation: > > Full = p+u+g+ftype+n+i+s+b+l+X+m+c+H > /var/log/apache$ d p+u+g+ftype+n+i+X > /var/log/apache/access\\.log$ f Full+growing+ANF+I > /var/log/apache/access\\.log\\.1$ f Full+ARF > /var/log/apache/access\\.log\\.2\\.gz$ f Full+I+ANF > /var/log/apache/access\\.log\\.([3-9]|1[0-3])\\.gz$ f Full+I > /var/log/apache/access\\.log\\.14\\.gz$ f Full+ARF > > This seems to work reasonably well for a few days, but I am not fully > sure whether those rules can be improved. May I ask for your comments? The rules look good for this use case. To mitigate the attack window for access.log.2.gz you could run AIDE limited to /var/log/apache/access.log.2.gz right after rotation: aide --config /etc/aide/aide.conf --update --limit '/var/log/apache/access\.log\.2\.gz' The ANF attribute for /var/log/apache/access.log.2.gz should no longer be necessary then. The disadvantage of this approach is that the checksums of the aide database are changed. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.18 release
AIDE version 0.18 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.17.4 and v0.18 are: * BACKWARDS INCOMPATIBLE CHANGES - remove Prelink support (--with-prelink configure option) * Switch from PCRE to PCRE2 * Enable dynamic linking by default * Support multithreading for hashsum calculation - add num_workers config option (default to single worker thread) - add new '--workers' parameter - add new log level 'thread' - add new exit code 23 for thread errors - add --without-pthread configure option - require Autoconf Macro Archive (autoconf-archive) * Remove mmap support for hashsum calculation * Deprecations (to be removed in the release after next): - 'S' attribute is now deprecated, use 'growing+s' attributes instead - '@@ifdef', macro is now deprecated, use '@@if defined' instead - '@@ifndef', macro is now deprecated, use '@@if not defined' instead - '@@ifhost', macro is now deprecated, use '@@if hostname' instead - '@@ifnhost', macro is now deprecated, use '@@if not hostname' instead * Add new 'growing' attribute * Add new 'compressed' attribute * Add new log level 'compare' * Replace 'S' attribute in '>' compound group with 'growing+s' * Add 'report_format' option (available formats: `plain`, `json`) * Add @@if macro * Add 'exists' boolean function * Add 'config_check_warn_unrestricted_rules' option * Support restricted rules with empty restriction * Add prefix option to directory include macros * Add exit code 22 for memory allocation errors * Update e2fs attributes to match upstream - the 'h' attribute has been removed - use `report_ignore_e2fsattrs=VNIE` to ignore read only attributes * Support CRLF line-endings in config files * Use pkg-config to get link flags * Add SECURITY.md * Improve logging * Improve error messages during config parsing * Update documentation * Minor bug fixes * Code clean up The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Questions about AIDE
Hello, On Fri, Dec 16, 2022 at 10:12:47AM +, gouki.i...@yokogawa.com wrote: > * How to make check time faster? > In my device, AIDE takes about 3 times longer than Tripwire to check the same > set of files. > Checking contents are R+sha256. > I would like to make check time faster as possible. Hard to tell, are you using the same hash algorithm for the comparison (if I remember correctly Tripwire does not support sha2 family hash algorithms). > * How to stop checking if aide.db is changed? > > I also would like not to check files if aide.db is edited by someone. Currently there is no signing support for config or database files (see corresponding feature request [0]). In the meantime you have to manually compare the database checksums provided in the report output. > Here is my device spec: > CPU: ARM Cortex-A53 2core > MEM: 2 GB > Aide version: 0.16.2 AIDE v0.16.2 has been released over 3 years ago, please consider to use the latest stable release. Best regards Hannes [0] https://github.com/aide/aide/issues/7 ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Call for testing: AIDE prelink support
On Wed, Nov 02, 2022 at 10:48:37AM -0400, Stephen John Smoogen wrote: > On Wed, 2 Nov 2022 at 10:25, John Horne wrote: > > My understanding though was that prelinking was now basically > > deprecated. We used to use it on CentOS 6 and partly with 7, but, > > as far as I remember, the general advice was then not to use it (no > > real advantage in using it). So we haven't used it since a year or > > two after the patch. As far as I can tell it no longer exists with > > RedHat 8 or 9. Although RedHat/CentOS 7 still has it, the O/S is in > > maintenance mode, and, like us, I suspect people are upgrading those > > servers within the next couple of years. So even if they are using > > prelinking, it will only be for a relatively short while longer (and > > I can't actually remember anyone else mentioning over the years that > > they have a timeout/hang problem). > > > Yeah. I don't think any RHEL (or clone) since 7 has used it. Fedora dropped > it about 6 to 8 years ago and I believe other operating systems did so also > as it caused a lot of issues. EL7 ends support in 2024 and I don't think it > would be useful to continue it. Thanks for your replies. Then I'll completely remove the prelink code in AIDE 0.18. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] Call for testing: AIDE prelink support
Hello, the upcoming AIDE 0.18 release introduces extensive changes of the hash calculation code (also affecting prelink code). As I'm not familiar with prelink I'm looking for users of the AIDE prelink feature to test the latest version in the development branch[GIT], particularly the new multi-thread feature (see --workers parameter/num_workers config option). Please also test 0 workers (i.e. disable multi-threading). If you find any issue, please submit an issue on GitHub[ISSUE] and also report back (to this thread), if everything works as expected. Additionally I'm looking for feedback about the prelink timeout issue addressed by pull request #42 [PR#42]. Note that the original patch dates back to 2010 and needs major changes to apply against the latest code base. If you are affected by this issue and are willing to volunteer for testing a refactored patch, please report back to the issue. Thanks and best regards Hannes [GIT] https://github.com/aide/aide [ISSUE] https://github.com/aide/aide/tree/master [PR#42] https://github.com/aide/aide/pull/42 ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#1022543: Lower intel-rapl-mmio power limit on ThinkPad T490 since 5.18.0-3-amd64
Package: src:linux Version: 6.0.3-1 Severity: important Hello, starting with 5.18.0-3-amd64 I experience significant performance loss (clock speed slows down to 400 MHz) on higher CPU usage. After checking for differences I figured out that the long-term intel rapl mmio power limit now defaults to 5W (AC mode) / 10W (battery mode) compared to 25W with 5.18.0-2-amd64: AC mode: $ uname -a Linux sulfur 6.0.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 1 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 500 Battery mode: $ uname -a Linux sulfur 6.0.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 0 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 1000 Note that the limit in battery mode is actually higher than in AC mode. Booting into 5.18.0-2-amd64 the default power limit is 25W: AC mode: $ uname -a Linux sulfur 5.18.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1 (2022-06-16) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 1 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 2500 Battery mode: $ uname -a Linux sulfur 5.18.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1 (2022-06-16) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 0 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 2500 I can manually set the power limit to 2500 (fixing the performance issues), but the embedded controller changes it back to 500 after some time. Please let me know if I can provide any further information. Best regards Hannes -- Package-specific info: ** Version: Linux version 6.0.0-2-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-7) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) ** Command line: BOOT_IMAGE=/vmlinuz-6.0.0-2-amd64 root=/dev/mapper/sulfur--vg-root ro apparmor=0 quiet ** Not tainted ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: LENOVO product_name: 20N2CTO1WW product_version: ThinkPad T490 chassis_vendor: LENOVO chassis_version: None bios_vendor: LENOVO bios_version: N2IET99W (1.77 ) board_vendor: LENOVO board_name: 20N2CTO1WW board_version: SDK0R32862 WIN ** Loaded modules: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ctr ccm xt_CHECKSUM nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_compat bridge stp llc nf_tables libcrc32c rfcomm cmac algif_hash algif_skcipher af_alg bnep nfnetlink nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth uvcvideo videobuf2_vmalloc jitterentropy_rng videobuf2_memops videobuf2_v4l2 videobuf2_common sha512_ssse3 sha512_generic videodev drbg ansi_cprng mc ecdh_generic ecc intel_pmc_core_pltdrv intel_pmc_core snd_sof_pci_intel_cnl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_bus snd_soc_skl x86_pkg_temp_thermal snd_soc_hdac_hda intel_powerclamp coretemp snd_hda_ext_core snd_soc_sst_ipc snd_hda_codec_hdmi snd_soc_sst_dsp iTCO_wdt kvm_intel snd_soc_acpi_intel_match rtsx_pci_sdmmc intel_pmc_bxt iTCO_vendor_support snd_soc_acpi iwlmvm ee1004 watchdog mei_hdcp mmc_core snd_ctl_led intel_rapl_msr snd_soc_core wmi_bmof snd_hda_codec_realtek intel_wmi_thunderbolt kvm snd_compress mac80211 snd_hda_codec_generic irqbypass snd_hda_intel crc32_pclmul libarc4 snd_intel_dspcfg snd_intel_sdw_acpi ghash_clmulni_intel snd_hda_codec iwlwifi rapl e1000e snd_hda_core intel_cstate snd_hwdep xhci_pci snd_pcm intel_uncore xhci_hcd pcspkr joydev ptp i2c_i801 thinkpad_acpi efi_pstore pps_core snd_timer i2c_smbus cfg80211 thunderbolt mei_me processor_thermal_device_pci_legacy usbcore nvram processor_thermal_device rtsx_pci platform_profile mei processor_thermal_rfim ucsi_acpi ledtrig_audio processor_thermal_mbox typec_ucsi intel_lpss_pci processor_thermal_rapl intel_lpss snd idma64 intel_rapl_common usb_common roles intel_pch_thermal soundcore intel_soc_dts_iosf typec wmi rfkill battery int3403_thermal int340x_thermal_zone ac int3400_thermal button acpi_thermal_rel acpi_pad msr parport_pc ppdev lp parport fuse configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod i915 i2c_algo_bit drm_buddy drm_display_helper drm_kms_helper cec rc_core crc32c_intel ttm nvme nvme_core drm aesni_intel t10_pi psmouse crypto_simd cryptd crc64_rocksoft evdev crc64 crc_t10dif serio_raw crct10dif_generic crct10dif_pclmul crct10dif_common video -- System Information: Debian Release: bookworm/sid APT prefers
Bug#1022543: Lower intel-rapl-mmio power limit on ThinkPad T490 since 5.18.0-3-amd64
Package: src:linux Version: 6.0.3-1 Severity: important Hello, starting with 5.18.0-3-amd64 I experience significant performance loss (clock speed slows down to 400 MHz) on higher CPU usage. After checking for differences I figured out that the long-term intel rapl mmio power limit now defaults to 5W (AC mode) / 10W (battery mode) compared to 25W with 5.18.0-2-amd64: AC mode: $ uname -a Linux sulfur 6.0.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 1 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 500 Battery mode: $ uname -a Linux sulfur 6.0.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 0 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 1000 Note that the limit in battery mode is actually higher than in AC mode. Booting into 5.18.0-2-amd64 the default power limit is 25W: AC mode: $ uname -a Linux sulfur 5.18.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1 (2022-06-16) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 1 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 2500 Battery mode: $ uname -a Linux sulfur 5.18.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1 (2022-06-16) x86_64 GNU/Linux $ cat /sys/class/power_supply/AC/online 0 $ cat /sys/class/powercap/intel-rapl-mmio/intel-rapl-mmio\:0/constraint_0_power_limit_uw 2500 I can manually set the power limit to 2500 (fixing the performance issues), but the embedded controller changes it back to 500 after some time. Please let me know if I can provide any further information. Best regards Hannes -- Package-specific info: ** Version: Linux version 6.0.0-2-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-7) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.0.3-1 (2022-10-21) ** Command line: BOOT_IMAGE=/vmlinuz-6.0.0-2-amd64 root=/dev/mapper/sulfur--vg-root ro apparmor=0 quiet ** Not tainted ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: LENOVO product_name: 20N2CTO1WW product_version: ThinkPad T490 chassis_vendor: LENOVO chassis_version: None bios_vendor: LENOVO bios_version: N2IET99W (1.77 ) board_vendor: LENOVO board_name: 20N2CTO1WW board_version: SDK0R32862 WIN ** Loaded modules: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ctr ccm xt_CHECKSUM nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_compat bridge stp llc nf_tables libcrc32c rfcomm cmac algif_hash algif_skcipher af_alg bnep nfnetlink nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth uvcvideo videobuf2_vmalloc jitterentropy_rng videobuf2_memops videobuf2_v4l2 videobuf2_common sha512_ssse3 sha512_generic videodev drbg ansi_cprng mc ecdh_generic ecc intel_pmc_core_pltdrv intel_pmc_core snd_sof_pci_intel_cnl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_bus snd_soc_skl x86_pkg_temp_thermal snd_soc_hdac_hda intel_powerclamp coretemp snd_hda_ext_core snd_soc_sst_ipc snd_hda_codec_hdmi snd_soc_sst_dsp iTCO_wdt kvm_intel snd_soc_acpi_intel_match rtsx_pci_sdmmc intel_pmc_bxt iTCO_vendor_support snd_soc_acpi iwlmvm ee1004 watchdog mei_hdcp mmc_core snd_ctl_led intel_rapl_msr snd_soc_core wmi_bmof snd_hda_codec_realtek intel_wmi_thunderbolt kvm snd_compress mac80211 snd_hda_codec_generic irqbypass snd_hda_intel crc32_pclmul libarc4 snd_intel_dspcfg snd_intel_sdw_acpi ghash_clmulni_intel snd_hda_codec iwlwifi rapl e1000e snd_hda_core intel_cstate snd_hwdep xhci_pci snd_pcm intel_uncore xhci_hcd pcspkr joydev ptp i2c_i801 thinkpad_acpi efi_pstore pps_core snd_timer i2c_smbus cfg80211 thunderbolt mei_me processor_thermal_device_pci_legacy usbcore nvram processor_thermal_device rtsx_pci platform_profile mei processor_thermal_rfim ucsi_acpi ledtrig_audio processor_thermal_mbox typec_ucsi intel_lpss_pci processor_thermal_rapl intel_lpss snd idma64 intel_rapl_common usb_common roles intel_pch_thermal soundcore intel_soc_dts_iosf typec wmi rfkill battery int3403_thermal int340x_thermal_zone ac int3400_thermal button acpi_thermal_rel acpi_pad msr parport_pc ppdev lp parport fuse configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod i915 i2c_algo_bit drm_buddy drm_display_helper drm_kms_helper cec rc_core crc32c_intel ttm nvme nvme_core drm aesni_intel t10_pi psmouse crypto_simd cryptd crc64_rocksoft evdev crc64 crc_t10dif serio_raw crct10dif_generic crct10dif_pclmul crct10dif_common video -- System Information: Debian Release: bookworm/sid APT prefers
Bug#1019977: Please add pipewire-pulse as alternative dependency
Package: python3-pulsectl Version: 22.3.2-1 Severity: wishlist Hi, pipewire-pulse conflicts on pulseaudio since pipewire/0.3.58-1 (see also #1013276); hence python3-pulsectl can't no longer be installed alongside pipewire. Please consider adding pipewire-pulse as alternative dependency. Best regards Hannes
Bug#710970: [debhelper-devel] Bug#710970: Please include extended dh_ucf script
Hi Niels, On Wed, Apr 12, 2017 at 10:49:00AM +, Niels Thykier wrote: > Let me know when you have an updated patch. :) Sorry for the long delay. Looks like I still owe you an updated patch. Are you still interested the enhancements? Best regards Hannes
Bug#1011957: aideinit fails in amanda-server processing
On Tue, May 31, 2022 at 09:36:43PM +0200, Marc Haber wrote: > Hannes, do you want me to commit the fix or do you prefer doing it > yourself? Done via 778c4a0 Best regards Hannes
Bug#1011957: aideinit fails in amanda-server processing
On Tue, May 31, 2022 at 12:29:04PM +0200, Marc Haber wrote: > how about > >cat --squeeze-blank disklist | while read ... >done > > ? `--squeeze-blank` does only suppress repeated empty lines, (not all blank lines) and does not suppress comment lines. Best regards Hannes
Bug#1011957: aideinit fails in amanda-server processing
On Mon, May 30, 2022 at 09:46:30AM -0500, Barry Trent wrote: > Applied the patch and added some blank lines back to the disklist. Still > doesn't work. Argh, I overlooked the missing -E flag for grep. Please try again. diff --git a/debian/aide.conf.d/31_aide_amanda-server b/debian/aide.conf.d/31_aide_amanda-server index 5750779..7604e0f 100755 --- a/debian/aide.conf.d/31_aide_amanda-server +++ b/debian/aide.conf.d/31_aide_amanda-server @@ -66,7 +66,7 @@ for configfile in $(find /etc/amanda -name amanda.conf ! -path '/etc/amanda/temp printf "@@define AMANDA_INDEXDIR %s\\n" "${AMANDA_INDEXDIR}" if [ -f "disklist" ]; then while read -r host dev rest; do -if echo "${host}" | grep -q '^\\(#.*\\)\\?$'; then continue; fi +if echo "${host}" | grep -Eq '^(#.*)?$'; then continue; fi dev="$(echo "${dev}" | sed 's|[/:]|_|g;s|\\"||g')" if ! skip_multiline_dle; then printf "!/@@{AMANDA_INDEXDIR}/%s/%s/@@{YEAR4D}[0-9]{4}_[0123]\\.gz$ f\\n" "${host}" "${dev}" Best regards Hannes
Bug#1011957: aideinit fails in amanda-server processing
Hello Barry, On Sat, May 28, 2022 at 11:34:44AM -0500, Barry Trent wrote: > Yes! Removing all blank (and "#" comment) lines from disklist solved the > problem on 3 different machines. > > So you've found the issue but, of course, blanks and comments are valid in > the disklist and are even present in the disklist installed as a sample with > amanda-server in DailySet1. I had to remove the DailySet1 which was still > present on one machine to get aideinit to complete without the error. Can you please apply the following patch and report back if it solves your issue? diff --git a/debian/aide.conf.d/31_aide_amanda-server b/debian/aide.conf.d/31_aide_amanda-server index 5750779..78424eb 100755 --- a/debian/aide.conf.d/31_aide_amanda-server +++ b/debian/aide.conf.d/31_aide_amanda-server @@ -66,7 +66,7 @@ for configfile in $(find /etc/amanda -name amanda.conf ! -path '/etc/amanda/temp printf "@@define AMANDA_INDEXDIR %s\\n" "${AMANDA_INDEXDIR}" if [ -f "disklist" ]; then while read -r host dev rest; do -if echo "${host}" | grep -q '^\\(#.*\\)\\?$'; then continue; fi +if echo "${host}" | grep -q '^(#.*)?$'; then continue; fi dev="$(echo "${dev}" | sed 's|[/:]|_|g;s|\\"||g')" if ! skip_multiline_dle; then printf "!/@@{AMANDA_INDEXDIR}/%s/%s/@@{YEAR4D}[0-9]{4}_[0123]\\.gz$ f\\n" "${host}" "${dev}" Best regards Hannes
Bug#1011957: aideinit fails in amanda-server processing
Hi Barry, On Fri, May 27, 2022 at 04:29:54PM -0500, Barry Trent wrote: > *** disklist > zmoby.atcorp.com / comp-root-tar > > symposium.atcorp.com / comp-root-tar > symposium.atcorp.com /bbbcomp-root-tar > moby.atcorp.com / comp-root-tar > coelacanth.atcorp.com / comp-root-tar > sawfish.atcorp.com / comp-root-tar > sawfish.atcorp.com /varcomp-root-tar Is there an empty line in the disklist file? If so, can you please remove this line and try again? Best regards Hannes
Bug#819295: Please add 'flags_array' struct to public library interface
Hello, Sorry for my late reply... On Sat, May 06, 2017 at 11:39:56AM -0400, Theodore Ts'o wrote: > Sorry, no. Just to be clear, is what you want is to be able to > convert flag value to a string (instead of printing it to stdio FILE > handle)? Or to go the other way --- e.g., given a charafter flag such > as 's', convert it to EXT2_SECRM_FL? > > I don't want to expose the array as a public interface, since that > ties my hands as to the implementation. I'm willing to expose new > function interfaces, though. But there you need to be a lot more > explicit what you want, and of course, patches will make it much more > likely that the request will be satisified. :-) That makes sense. I would need the following functions: unsigned long get_flag(char) - return flag for given character - return 0 for invalid characters - example: get_flag('s') returns EXT2_SECRM_FL char get_char(unsigned long flag) - return character for given flag - return '?' for invalid flags - example: get_flag(EXT2_SECRM_FL) returns 's' unsigned long get_readonly_flags() - return all read only flags (so I can provide an option to ignore changes of read only flags) AIDE has an option to ignore changes of given flags and marks then with a colon in the report (e.g. `:ae---` for ignored immutable flag); hence I cannot use the print_flags library function. To iterate over the available flags the following function would help: unsigned long get_available_flags() * return all available flags Unfortunately the bit order of the available flags does not match the order returned by print_flags (sucSiadAmEIjtDTeVCxNPF vs suSDiadAcEjItTeCxFNPVm). A function that returns the flag for a given output position could solve that: unsigned long output_get_flag(int) - return flag for character position - return 0 for positions > num_flags - example: output_get_flag(4) returns EXT2_IMMUTABLE_FL Best regards Hannes
Re: What is the best free HIDS for Debian
Hi Sylvain, On Mon, May 02, 2022 at 08:11:18PM +0200, Sylvain wrote: > I unsuccessfully tried Tripwire, Aide, Integrit and now OSSEC and OSSEC+. > > All these softs throw errors while running or compiling on my Debian 11.3... Can you please be more specific? What are the errors you get from AIDE on Debian 11.3? Best regards Hannes
Re: [Aide] Is there any way to compile aide 0.17.x or master/latest on centos8/Almalinux or similar?
On Tue, Apr 19, 2022 at 11:55:38AM +0200, mg4gh wrote: > I would appreciate if the installation section would contain a list of > other packages that are necessary for the manual installation. > This might help others ... What do you mean by `packages that are necessary for the manual installation`? Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Is there any way to compile aide 0.17.x or master/latest on centos8/Almalinux or similar?
Hi, On Mon, Apr 18, 2022 at 06:58:57PM +0200, mg4gh wrote: > Remark: When trying to work with the master/latest version, then there > were references to pcre2 and even with installing > "pcre2-devel" the .configure was fine but the compile fails (but ok, > it's no stable version) The latest git version should (always) build cleanly. Can you please provide the error you get when building AIDE? Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Is there any way to compile aide 0.17.x or master/latest on centos8/Almalinux or similar?
On Sun, Apr 17, 2022 at 10:50:12PM +, John Horne wrote: > Looking at the Aide 0.16 RPM on Rocky, the SPEC file shows that it uses '-- > disable-static'. FWIW the next release (AIDE v0.18) disables static build by default. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.17.4 security release
AIDE version 0.17.4 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between v0.17.3 and v0.17.4 are: * SECURITY FIX - Precalculate buffer size in base64 functions (CVE-2021-45417) Thanks to David Bouman for reporting this issue (see [1] for details about this issue). The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README [1] https://www.ipi.fi/pipermail/aide/2022-January/001713.html signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions
Summary === David Bouman discovered a heap-based buffer overflow vulnerability in base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL. A local user might exploit this flaw for root privilege escalation. Project === AIDE (https://aide.github.io) Affected versions = AIDE >= 0.13, <= 0.17.3 CVE ID == CVE-2021-45417 Proof of concept To take advantage of the flaw the user needs write access to a mounted file system that supports large enough extended attributes (e.g. XFS) or ACL (e.g. tmpfs). AIDE needs to be compiled with --with-xattr or --with-posix-acl configure flag (this is the case for most distributions). # extended attributes on XFS filesystem $ touch user-file; xattr -w user.comment "$(for i in {1..4} ; do printf '%c' A ; done)" user-file # aide --config=/dev/null --after "$(pwd)/user-file xattrs" --after "database_out=file:/dev/null" --init # ACL on tmpfs file system $ touch user-file; for i in {1000..2000} ; do setfacl -m u:${i}:r user-file ; done # aide --config=/dev/null --after "$(pwd)/user-file acl" --after "database_out=file:/dev/null" --init Analysis The vulnerability is caused by a fixed buffer size (16384 in src/base64.h[base.h]) in the encode_base64/decode_base64 functions[base64.c]. Initially this was safe as the base64 functions were only used for encoding/decoding of the calculated hashsums. However since the addition of extended file attribute and ACL support in AIDE 0.13 encode_base64 is also used for encoding xattr and ACL values before writing them to the database. This allows a user to create a file with a large extended attribute value or large ACL causing aide (ussaly triggered by cron as root) to segfault. The issue is fixed by precalculating the size of the return buffer depending on the input in the encode_base64/decode_base64 functions. [base64.h] https://github.com/aide/aide/blob/v0.17.3/include/base64.h#L38 [base64.c] https://github.com/aide/aide/blob/v0.17.3/src/base64.c Mitigation == Upgrade to AIDE v0.17.4 (only containing the fix for this issue) [v0.17.4] Alternatively apply one of the provided patches: aide-0.17-cve-2021-45417.patch: patch for 0.17.x aide-0.16-cve-2021-45417.patch: patch for 0.16.x (backported for Debian oldstable) Though not tested the patch for 0.16.x might also apply for earlier releases < 0.16. If you cannot upgrade, consider removing `acl` and `xattrs` groups from rules matching files on affected file systems. [v0.17.4] https://github.com/aide/aide/releases/tag/v0.17.4 Credit == The issue was reported by David Bouman. diff --git a/include/base64.h b/include/base64.h index 0ff7116..381ef5d 100644 --- a/include/base64.h +++ b/include/base64.h @@ -36,7 +36,6 @@ #include #include "types.h" -#define B64_BUF 16384 #define FAIL -1 #define SKIP -2 diff --git a/src/base64.c b/src/base64.c index fd01bac..1b0f301 100644 --- a/src/base64.c +++ b/src/base64.c @@ -85,11 +85,9 @@ FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL }; /* Returns NULL on error */ -/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ char* encode_base64(byte* src,size_t ssize) { char* outbuf; - char* retbuf; int pos; int i, l, left; unsigned long triple; @@ -101,7 +99,10 @@ char* encode_base64(byte* src,size_t ssize) error(240,"\n"); return NULL; } - outbuf = (char *)malloc(sizeof(char)*B64_BUF); + + /* length of encoded base64 string (padded) */ + size_t length = sizeof(char)* ((ssize + 2) / 3) * 4; + outbuf = (char *)malloc(length + 1); /* Initialize working pointers */ inb = src; @@ -162,20 +163,14 @@ char* encode_base64(byte* src,size_t ssize) inb++; } - /* outbuf is not completely used so we use retbuf */ - retbuf=(char*)malloc(sizeof(char)*(pos+1)); - memcpy(retbuf,outbuf,pos); - retbuf[pos]='\0'; - free(outbuf); + outbuf[pos]='\0'; - return retbuf; + return outbuf; } -/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) { byte* outbuf; - byte* retbuf; char* inb; int i; int l; @@ -188,10 +183,18 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) if (!ssize||src==NULL) return NULL; + /* exit on unpadded input */ + if (ssize % 4) { +error(3, "decode_base64: '%s' has invalid length (missing padding characters?)", src); +return NULL; + } + + /* calculate length of decoded string, substract padding chars if any (ssize is >= 4) */ + size_t length = sizeof(byte) * ((ssize / 4) * 3)- (src[ssize-1] == '=') - (src[ssize-2] == '='); /* Initialize working pointers */ inb = src; - outbuf = (byte *)malloc(sizeof(byte)*B64_BUF); + outbuf = (byte *)malloc(length + 1); l = 0; triple = 0; @@ -243,15 +246,11
Re: [Aide] Integrity check parameters
Hi, On Sat, Dec 18, 2021 at 03:15:21PM +, Jobet Infosec wrote: > I'm new to Aide. I was wondering about the meaning of the parameters used to > check file integrity: InodeData, StaticFile, RamdiskData, etc... > > Where may I find a detailed description for each one of them? The groups you mention are Debian-specific and defined in /etc/aide/aide.conf Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Hi, On Mon, Dec 06, 2021 at 02:13:30PM +, Jose M Calhariz wrote: > Sorry for no reply until now. I was busy with issues on work and > personal life. I am happy to adopt logcheck. I am not a user of irc, > there was any discussion on IRC that I should know? No, there were no discussions on #logcheck yet. Please let me know if you have any questions. Just contact me via mail or preferably via IRC on #logcheck. Best regards Hannes
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Hi, On Mon, Dec 06, 2021 at 02:13:30PM +, Jose M Calhariz wrote: > Sorry for no reply until now. I was busy with issues on work and > personal life. I am happy to adopt logcheck. I am not a user of irc, > there was any discussion on IRC that I should know? No, there were no discussions on #logcheck yet. Please let me know if you have any questions. Just contact me via mail or preferably via IRC on #logcheck. Best regards Hannes
Re: [Aide] static linking on Linux and Packaging for Distributions
Hi, On Sat, Sep 11, 2021 at 04:17:33PM +0200, Marc Haber wrote: > aide is traditionally linked statically to protect itself against > trojaned / doctored libraries that might affect the authenticity of the > database and the check results. On Linux, this has not been fully > effective for years since some dynamicity remains, especially regarding > NSS. > > During Debian's last glibc transition, this has led to reproducible and > unconditional segfaults once aide uses a nss call, which happens via > libacl when a file possessing an ACL is processed during check. The issue tracker also lists several issues related to static linking[issues]. I have now changed the default from static to dynamic linking[commit]. Advanced users (who know how to deal with the issues) can still re-enable static linking as needed. Best regards Hannes [issues] https://github.com/aide/aide/issues?q=label%3A%22static+linking%22+ [commit] https://github.com/aide/aide/commit/285e791c0d7c70e3f5e72824562dd27be781c2d6 ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
On Sun, Oct 10, 2021 at 06:39:27PM +0200, Hannes von Haugwitz wrote: > @Jose Do you still plan to adopt logcheck? You might want to collaborate > with Richard and Charles to maintain the package all together. @Jose Can you please report back if you still want to maintain logcheck? Best regards Hannes
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
On Sun, Oct 10, 2021 at 06:39:27PM +0200, Hannes von Haugwitz wrote: > @Jose Do you still plan to adopt logcheck? You might want to collaborate > with Richard and Charles to maintain the package all together. @Jose Can you please report back if you still want to maintain logcheck? Best regards Hannes
Bug#992927: mutt: Mutt 2.1.2 is available, fixing a potential data-loss IMAP bug
Hello, Is there any progress with this bug? Best regards Hannes
Bug#992927: mutt: Mutt 2.1.2 is available, fixing a potential data-loss IMAP bug
Hello, Is there any progress with this bug? Best regards Hannes
Re: [Aide] How to disable the mail notifications?
Hello, On Thu, Nov 18, 2021 at 01:44:28AM +, Hg Mi wrote: > We installed AIDE and nullmailer on our system, now we want to > disable the mail notification. Because our system can not send out > the messages, the queued and failed messages consume a lot of disk > space. Could you please tell us how to disable it? AIDE does not send mail notifications; but some distributions deploy cron jobs. For instance on Debian based distributions you can configure the cron job in /etc/default/aide (see `SILENTREPORTS` setting). Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Hi, On Fri, Sep 24, 2021 at 02:42:07PM +0530, Charles wrote: > I would like to adopt the logcheck package On Thu, Sep 23, 2021 at 12:10:16PM +0100, R Lewis wrote: > Very keen to keep logcheck in the distribution and looking to get involved > in Debian (spare time only). > > happy to submit patches etc but how should that be done - to the bts or via > salsa? will anyone review and merge things? @Jose Do you still plan to adopt logcheck? You might want to collaborate with Richard and Charles to maintain the package all together. > Is there an email list to enable collaboration and discussion? You can use the #logcheck channel on the OFTC IRC network to collaborate and discuss logcheck with some users and previous maintainers. Best regards Hannes
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Hi, On Fri, Sep 24, 2021 at 02:42:07PM +0530, Charles wrote: > I would like to adopt the logcheck package On Thu, Sep 23, 2021 at 12:10:16PM +0100, R Lewis wrote: > Very keen to keep logcheck in the distribution and looking to get involved > in Debian (spare time only). > > happy to submit patches etc but how should that be done - to the bts or via > salsa? will anyone review and merge things? @Jose Do you still plan to adopt logcheck? You might want to collaborate with Richard and Charles to maintain the package all together. > Is there an email list to enable collaboration and discussion? You can use the #logcheck channel on the OFTC IRC network to collaborate and discuss logcheck with some users and previous maintainers. Best regards Hannes
Bug#981446: Possible adoption of logcheck
On Fri, Sep 03, 2021 at 01:46:23PM +0100, Jose M Calhariz wrote: > For now my question is: Who is the upstream that you are using? There is no upstream, since logcheck is a native Debian package (see debian/copyright for details[0]). Best regards Hannes [0] https://salsa.debian.org/debian/logcheck/-/blob/master/debian/copyright
Bug#981446: Possible adoption of logcheck
On Fri, Sep 03, 2021 at 01:46:23PM +0100, Jose M Calhariz wrote: > For now my question is: Who is the upstream that you are using? There is no upstream, since logcheck is a native Debian package (see debian/copyright for details[0]). Best regards Hannes [0] https://salsa.debian.org/debian/logcheck/-/blob/master/debian/copyright
Bug#981446: Possible adoption of logcheck
Hi Jose, On Mon, Aug 30, 2021 at 07:58:21PM +0100, Jose M Calhariz wrote: > I am a user of logckeck as I use on all my machines that I sysadmin > and I maintain some packages on Debian like for example at and amanda. > > As now I would like to offer my help to package and fix logcheck as a > learning experience for a possibility in the future to be the > maintainer of logcheck. This is great news! The logcheck VCS repo is in the `debian` group on salsa.debina.org[0]; so (as DD) you can just start to work on the package. Please let me know if you have any questions or want some review. Best regards Hannes [0] https://salsa.debian.org/debian/logcheck/
Bug#981446: Possible adoption of logcheck
Hi Jose, On Mon, Aug 30, 2021 at 07:58:21PM +0100, Jose M Calhariz wrote: > I am a user of logckeck as I use on all my machines that I sysadmin > and I maintain some packages on Debian like for example at and amanda. > > As now I would like to offer my help to package and fix logcheck as a > learning experience for a possibility in the future to be the > maintainer of logcheck. This is great news! The logcheck VCS repo is in the `debian` group on salsa.debina.org[0]; so (as DD) you can just start to work on the package. Please let me know if you have any questions or want some review. Best regards Hannes [0] https://salsa.debian.org/debian/logcheck/
Re: [Aide] AIDE 0.17.3 released - cygwin, patches, and more?
On Thu, Jul 29, 2021 at 08:13:01PM -0400, Jason Pyeron wrote: > Would there be any thoughts about providing this as part of Cygwin? I would > be willing maintain the Cygwin build. Please see the Cygwin project website for how to contribute new packages[0]. If AIDE has beed added, feel free to create a pull request for the aide.github.io repository. Best regards Hannes [0] https://cygwin.com/packaging-contributors-guide.html ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Error checking and package currency.
Hi, On Fri, Jul 30, 2021 at 06:56:46AM -0400, Vince Heuser wrote: > Is there any script that can check the AIDE rules for syntax, i.e., > "aide-lint"? You can use `--config-check` to check your config (and rules) for errors. To test your rules you can use `--dry-init` and `--path-check` (see `man aide` for details). Both `--dry-init` and `--path-check` have been added in AIDE 0.17. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Way to list contents of aide.db?
Hi, On Fri, Jul 23, 2021 at 04:43:10PM -0300, Andreas Hasenack wrote: > is there a way to list the files and directories that are in the aide > database? I wanted to be sure that an explicit inclusion or removal I added > to the config was indeed respected. To test your rules you can use `--dry-init` and `--path-check` (both options have been added in AIDE 0.17): $ aide --config aide.conf --dry-init [ ] d '/': no matching rule [X] d '/dir': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') [X] f '/dir/file': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') [ ] d '/dir/sub': negative rule: '!/dir/sub$ d' (aide.conf:2: '!/dir/sub$ d') [ ] f '/dir/sub/not': negative rule: '!/dir/sub/(?!file) (none)' (aide.conf:1: '!/dir/sub/(?!file)') [X] f '/dir/sub/file': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') $ aide --config aide.conf --path-check f:/dir/sub/another-file [ ] f '/dir/sub/another-file': negative rule: '!/dir/sub/(?!file) (none)' (aide.conf:1: '!/dir/sub/(?!file)') Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] aide.conf: exclude directory *except* one file
Hello, On Wed, Mar 24, 2021 at 11:00:38AM -0700, M wrote: > Is there any advantage to upgrading to the latest AIDE version (I am > on 0.15.1)? AIDE 0.15.1 has been released over 10 years ago. Please check the NEWS file[0] for the changes since then. > > On Wed, 24 Mar 2021 at 11:44, M wrote: > >> I've found some other discussions about this ( > >> https://www.ipi.fi/pipermail/aide/2015-November/001504.html) but I can't > >> seem to get it working with PCREs in AIDE either (negative lookahead?). PCRE support has been added in AIDE 0.16. > >> Goal is: to recursively include all subdirectories, exclude one > >> directory, but *include* a specific file only from the excluded > >> subdirectory. The difficulty here is that directories matching negative rules are completely ignored. To achieve your goal please try the following rules (AIDE >= 0.16): !/dir/sub/(?!file) !/dir/sub$ d /dir R Assuming the following files in the filesytem: / /dir /dir/file /dir/sub /dir/sub/not /dir/sub/file You can now use `--dry-init` to see which entries would be added to the database: $ aide --config aide.conf --dry-init [ ] d '/': no matching rule [X] d '/dir': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') [X] f '/dir/file': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') [ ] d '/dir/sub': negative rule: '!/dir/sub$ d' (aide.conf:2: '!/dir/sub$ d') [ ] f '/dir/sub/not': negative rule: '!/dir/sub/(?!file) (none)' (aide.conf:1: '!/dir/sub/(?!file)') [X] f '/dir/sub/file': selective rule: '/dir (none) l+p+u+g+s+c+m+i+n+md5+acl+selinux+xattrs+ftype+e2fsattrs+caps' (aide.conf:3: '/dir R') You can also use `--path-check` to test your rules: $ aide --config aide.conf --path-check f:/dir/sub/another-file [ ] f '/dir/sub/another-file': negative rule: '!/dir/sub/(?!file) (none)' (aide.conf:1: '!/dir/sub/(?!file)') Both `--dry-init` and `--path-check` have been added in AIDE 0.17. Best regards Hannes [0] https://github.com/aide/aide/blob/master/NEWS ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.17.3 released
AIDE version 0.17.3 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy change between v0.17.2 and v0.17.3 is: * Fix group usage in '--after' config line The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Package: wnpp Severity: normal I would like to put the logcheck package up for adoption. I haven't been using the package for years. If no one speaks up, I eventually will move on with orphaning the package. Feel free to contact me with any questions. The package description is: Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. . Logcheck was part of the Abacus Project of security tools, but this version has been rewritten. Best regards Hannes
Bug#981446: RFA: logcheck -- mails anomalies in the system logfiles to the administrator
Package: wnpp Severity: normal I would like to put the logcheck package up for adoption. I haven't been using the package for years. If no one speaks up, I eventually will move on with orphaning the package. Feel free to contact me with any questions. The package description is: Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. . Logcheck was part of the Abacus Project of security tools, but this version has been rewritten. Best regards Hannes
Bug#912555: reassign 912555 to clamav-freshclam
reassign 912555 clamav-freshclam thanks Hi, 'ignore.d.server/clamav-freshclam' is part of the clamav-freshclam package. Hence I reassign this bug. Best regards Hannes
[Pkg-clamav-devel] Bug#912555: reassign 912555 to clamav-freshclam
reassign 912555 clamav-freshclam thanks Hi, 'ignore.d.server/clamav-freshclam' is part of the clamav-freshclam package. Hence I reassign this bug. Best regards Hannes ___ Pkg-clamav-devel mailing list Pkg-clamav-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
Bug#912550: reassign 912550 to courier-imap
reassign 912550 courier-imap thanks Hi, 'ignore.d.server/courier-imap' is part of the courier-imap package. Hence I reassign this bug. Best regards Hannes
Bug#973591: logcheck-database: rsyslogd update rule
reassign 973591 rsyslog forcemerge 927771 973591 thanks Hi, 'ignore.d.server/rsyslog' is part of the rsyslog package. This issue has been reported in #927771 and fixed rsyslog/8.1905.0-3. Best regards Hannes
[Aide] AIDE 0.17 released
AIDE version 0.17 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between 0.16.2 and 0.17 are: * BACKWARDS INCOMPATIBLE CHANGES - '--verbose' command line option and 'verbose' config option are no longer supported, use 'log_level' and 'report_level' options instead - '--report' command line option is no longer supported, use 'report_url' config option instead - 'ignore_list' config option is no longer supported, use 'report_ignore_changed_attrs' instead - 'report_attributes' config option is no longer supported, use 'report_force_attrs' instead - (restricted) regular rules must start with literal '/', i.e. the rule cannot begin with a macro variable - config lines must end with new line - '@' and ' ' in the configuration are now escaped with '\', that means to match a '\' you have to use four backslashes '' in your rules - 'gzip_dbout=false' fails now with config error when no zlib support is compiled in - remove '--with-initial-errors' configure option - remove PostgreSQL database backend support - remove Sun ACL support - remove config and database signing support * Enhancements: - add new '--log-level' command line option and 'log_level' config option - introduce named log levels - add new 'report' log level to help to debug rule matching - add new 'config' log level to help to debug config and rule parsing - aad new '--dry-init' command - add new '--path-check' command - add directory support for @@include - add new @@x_include config macro - add new @@x_include_setenv config macro - add new default compound group 'H' (all compiled-in hashsums) - add support for per-report_url options - add new 'report_level' config option - add new 'report_append' config option - add exit code 21 for file lock errors - add default config values, available hashsums and compound groups to '--version' output - add Linux capabilities support - show changed attributes in 'different attributes' message - enable 'gost' and 'whirlpool' checksums when using gcrypt - add 'stribog256' and 'stribog512' gcrypt algorithms - add config file names to log output * Miscellaneous behaviour changes: - 'report_summarize_changes': hashsum changes are now indicated with 'H' - print '--help' and '--verion' output to stdout - log messages and errors are always written to stderr - initialise report URLs after configuration parsing - allow empty values for macro variables - SIGUSR1 now toggles debug log level - fail on errors in regular expressions during config parsing - fail on invalid URLs during config check - Fail on double slash in rule path - cache log lines when 'log_level' is not yet set * Deprecations: - 'database' config option is now deprecated, use 'database_in' instead - 'summarize_changes' config option is now deprecated, use 'report_summarize_changes' instead - 'grouped' config option is now deprecated, use 'report_grouped' instead - non-alphanumeric group names are deprecated * Notable bug fixes: - fix line numbers in log messages - remove warning when input database is '/dev/null' - correctly handle UTF-8 in path names and rules - fix compilation with curl and gcrypt - warn on unsupported hash algorithms - improve large-file support * Build system changes: - require C99 compatible compiler - require pkg-config - '--disable-default-db configure option disables default database values - '--without-config' configure option now disables default config file * Remove obsolete aide-attributes.sh script * Remove outdated example aide.conf and manual.html * Fix compiler warnings * Update documentation * Minor bug fixes * Code clean up The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Query over report_url=syslog:
Hi, On Mon, Jan 18, 2021 at 05:34:36PM +, Fisher, Philip wrote: > My query is that I am using in aide.conf: > > report_url=file: > report_url=syslog:LOCAL6 The `report_url=syslog:` syntax is currently not supported in AIDE upstream. Please check if the binary you are using is patched. > Now the reason for wanting the syslog capability to work is so that > each line has a good log timestamp. Our log scraping facility will > remotely copy the file elsewhere for analysis/archive. As far as I > know, AIDE does not timestamp (in 0.14) any lines or AIDE runs. There are some feature requests regarding log format (for example #41[0]). Feel free to leave a comment there. > Our current version on RHEL6 is 0.14 and due to current project > constraints this is not likely to change soon. While accepting this > is an OLD version of AIDE, and NOT maintained anymore I assume, can > the expert(s) clarify: AIDE 0.14 has been released 10 years ago, so you should definitely consider an upgrade to the latest AIDE release (AIDE 0.17 is to be released soon). Best regards Hannes [0] https://github.com/aide/aide/issues/41 ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#978448: Static linking fails with undefined reference to `audit_strsplit_r'
Package: libaudit-dev Version: 1:3.0-1 Severity: normal Control: affects aide Control: block 978245 -1 Dear Maintainer, static linking fails with libaudit-dev 1:3.0-1, due to "undefined reference to `audit_strsplit_r'". Minimal example: $ cat main.c #include #include int main() { audit_log_user_message(0, AUDIT_USER_LOGIN, "test", NULL, NULL, NULL, 0); return 0; } $ gcc -static -o /tmp/main main.c -laudit -lcap-ng /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/libcap-ng.a(cap-ng.o): in function `capng_change_id': (.text+0x18df): warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/libaudit.a(libaudit.o): in function `audit_rule_fieldpair_data': (.text+0x2324): warning: Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: (.text+0x2988): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/libcap-ng.a(cap-ng.o): in function `capng_change_id': (.text+0x18c3): warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/libaudit.a(audit_logging.o): in function `_resolve_addr.constprop.0': (.text+0x246): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/libaudit.a(libaudit.o): in function `load_libaudit_config.constprop.0': (.text+0x23a): undefined reference to `audit_strsplit_r' /usr/bin/ld: (.text+0x25a): undefined reference to `audit_strsplit_r' /usr/bin/ld: (.text+0x280): undefined reference to `audit_strsplit_r' /usr/bin/ld: (.text+0x298): undefined reference to `audit_strsplit_r' /usr/bin/ld: /tmp/main: hidden symbol `audit_strsplit_r' isn't defined /usr/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Best regards Hannes
Re: [Aide] Experimenting with exclusion rules
Hello, On Wed, Dec 16, 2020 at 04:28:09PM -0300, Andreas Hasenack wrote: > Why did the exclusion regexp "!/check/ignore$" ignore the new file > /check/ignore/andreas-was-here? Shouldn't it match just > "/check/ignore" exactly? What am I missing? This is expected behaviour, as children of directories matching negative selection lines are also ignored. I adjusted the description for negative selection lines in aide.conf.5 as follows in 5fd96b2[0]: Negative selection line: ! Files and directories matching the regular expression are ignored and not added to the database. For a better understanding (and as a sneak preview for the new logging feature currently in development) you can see the rule tree and the rule processing for '/check/ignore' below: RULE: rule tree: RULE: + /: RULE: | '/check (none) l+p+u+g+s+c+m+i+n+md5+ftype' (aide.conf:13: '/check R') RULE: | RULE: + /check: RULE: |'!/check/ignore$ (none)' (aide.conf:12: '!/check/ignore$') RULE: process '/check/ignore' (filetype: d) RULE: check '/check/ignore' RULE: node: '/check': skip equal list (reason: list is empty) RULE: node: '/check': skip selective list (reason: list is empty) RULE: node: '/' skip equal list (reason: not on top level) RULE: node: '/': check selective list RULE: '/check/ignore' matches regex '/check' and restriction '(none)' of selective rule (aide.conf:13: '/check R') RULE: selective match for '/check/ignore' (node: '/') RULE: node: '/': skip negative list (reason: list is empty) RULE: node: '/check': check negative list (reason: previous positive match) RULE: '/check/ignore' matches regex '/check/ignore$' and restriction '(none)' of negative rule (aide.conf:12: '!/check/ignore$') RULE: negative match for '/check/ignore' RULE: do NOT add '/check/ignore' to the tree > If I change the exclusion rule to "!/check/ignore/", then the new file > is still ignored, but the "/check/ignore" directory modification is > caught with "d > mc.. .. .: /check/ignore " If you add a trailing slash to the rule '/check/ignore' is no longer matched by your rule, but the childrens of the directory are: RULE: rule tree: RULE: + /: RULE: | '/check (none) l+p+u+g+s+c+m+i+n+md5+ftype' (aide.conf:13: '/check R') RULE: | RULE: + /check: RULE: +/check/ignore: RULE: | '!/check/ignore/ (none)' (aide.conf:12: '!/check/ignore/') RULE: | RULE: process '/check/ignore' (filetype: d) RULE: check '/check/ignore' RULE: node: '/check': skip equal list (reason: list is empty) RULE: node: '/check': skip selective list (reason: list is empty) RULE: node: '/' skip equal list (reason: not on top level) RULE: node: '/': check selective list RULE: '/check/ignore' matches regex '/check' and restriction '(none)' of selective rule (aide.conf:13: '/check R') RULE: selective match for '/check/ignore' (node: '/') RULE: node: '/': skip negative list (reason: list is empty) RULE: node: '/check': skip negative list (reason: list is empty) RULE: ADD '/check/ignore' to the tree (attr: 'l+p+u+g+s+c+m+i+n+md5+ftype') RULE: process '/check/ignore/should-be-ignored' (filetype: f) RULE: check '/check/ignore/should-be-ignored' RULE: node: '/check/ignore': skip equal list (reason: list is empty) RULE: node: '/check/ignore': skip selective list (reason: list is empty) RULE: node: '/check' skip equal list (reason: not on top level) RULE: node: '/check': skip selective list (reason: list is empty) RULE: node: '/' skip equal list (reason: not on top level) RULE: node: '/': check selective list RULE: '/check/ignore/should-be-ignored' matches regex '/check' and restriction '(none)' of selective rule (aide.conf:13: '/check R') RULE: selective match for '/check/ignore/should-be-ignored' (node: '/') RULE: node: '/': skip negative list (reason: list is empty) RULE: node: '/check': skip negative list (reason: list is empty) RULE: node: '/check/ignore': check negative list (reason: previous positive match) RULE: '/check/ignore/should-be-ignored' matches regex '/check/ignore/' and restriction '(none)' of negative rule (aide.conf:12: '!/check/ignore/') RULE: negative match for '/check/ignore/should-be-ignored' RULE: do NOT add '/check/ignore/should-be-ignored' to the tree Best regards Hannes PS.: Please refrain from opening issues at github.com[1] when you asked the very same question here on the AIDE mailing list 2 days ago. [0] https://github.com/aide/aide/commit/5fd96b2fab486264799415ebd818b02ad83dc276 [1] https://github.com/aide/aide/issues/82 ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] !/dev rule example
Hello, On Wed, Dec 16, 2020 at 03:33:03PM -0300, Andreas Hasenack wrote: > the aide.conf(5) manpage says: > > > !/dev > >This ignores the /dev directory structure. > > > Won't that also ignore things like /devandreas-was-here/, /devel and > anything that starts with the string "/dev", including files and other > directories? You are right, I fixed this in 2dda4fa[0]. > Similarly, but this is a debian packaging issue perhaps, there is a > config file with this content: > > !/proc > !/sys Please create a debian bug report for this[1]. Best regards Hannes [0] https://github.com/aide/aide/commit/2dda4fa756241e7265378b22d303415c15918e49 [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=aide ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] WARNING: Old db contains a entry that shouldn't be there, run --init or --update
On Tue, Oct 27, 2020 at 01:58:35PM -0500, vi...@vheuser.com wrote: > How do I find the offending rule? > There is nothing in the log. > > Is there a cookbook recipe for adding a patch to AIDE version 1.6 > to enable finding the offending rule? The current git HEAD should at least tell you which entry in the database raises the warning. You should be able to build from git source with the following commands (provided you have installed all necessary dependencies (see 'Requirements' section in README)): git clone https://github.com/aide/aide cd aide/ sh autogen.sh ./configure make ./aide --version Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Change Ownership/Permissions of log directory and files
Hi, On Wed, Sep 09, 2020 at 09:07:52AM -0400, Paul Carlisle wrote: > Is there a way to configure aide to change the ownership and permissions of > the log directory and files? No, the permissions of the report url depend on the umask and on the user/group of the running AIDE process. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] WARNING: Old db contains a entry that shouldn't be there, run --init or --update
Hi, On Sat, May 02, 2020 at 09:06:33AM -0400, vi...@vheuser.com wrote: > On 2020/02/25 15:23 PM, Hannes von Haugwitz wrote: > > On Mon, Feb 24, 2020 at 08:32:28PM -0500, vi...@vheuser.com wrote: > > > I've search several times and read dozens of posts > > > from people asking newbies to post their config. > > > > > > What I have not found is the means of troubleshooting this problem. > > > How does one find the "entry that shouldn't be there?" > > > > > > Here's the most detailed discussion I found: > > > https://alioth-lists-archive.debian.net/pipermail/pkg-aide-maintainers/2014-September/002196.html > > > > > > There seem to be no posts out there describing what to check. > > > Is this a bug or how does on find the problem? > > The message basically means that there are entries in the database with > > no matching rule in the configuration file(s). A reinitialization of the > > database logically would help here, as the entries wouldn't be re-added > > due to the missing matching rule. > > > > Currently I'm rewriting the report and logging code of AIDE and I plan > > to also improve the handling of the above situation. > > Thanks, Hannes. > Despite having reinitialized the database many times now, I still get this > error. > I have a set of scripts that create the rules based on the current state of > things on the server. > Obviously, one of the scripts is inserting something incorrectly. > How do I find the specific rule that is causing the problem? Does one of your scripts "remove" rules from your config? To ease debugging I rephrased the warning a bit in eb86e78[0]. It now names the first entry of the old databse that causes the warning. Best regards Hannes [0] https://github.com/aide/aide/commit/eb86e787b17def1b54a5d8cd501372b26c2eb5fe ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] WARNING: Old db contains a entry that shouldn't be there, run --init or --update
Hi, On Mon, Feb 24, 2020 at 08:32:28PM -0500, vi...@vheuser.com wrote: > I've search several times and read dozens of posts > from people asking newbies to post their config. > > What I have not found is the means of troubleshooting this problem. > How does one find the "entry that shouldn't be there?" > > Here's the most detailed discussion I found: > https://alioth-lists-archive.debian.net/pipermail/pkg-aide-maintainers/2014-September/002196.html > > There seem to be no posts out there describing what to check. > Is this a bug or how does on find the problem? The message basically means that there are entries in the database with no matching rule in the configuration file(s). A reinitialization of the database logically would help here, as the entries wouldn't be re-added due to the missing matching rule. Currently I'm rewriting the report and logging code of AIDE and I plan to also improve the handling of the above situation. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Re: [Aide] Strange behaviour
Hi, On Mon, Nov 18, 2019 at 02:53:17PM +, MAUPERTUIS, PHILIPPE wrote: > [root@otvmi613s aide]# aide -C -Breport_quiet=no -Bsyslog_format=yes There is no 'syslog_format' option in upstream AIDE (or at least I'm not aware of such an option). Are you using a patched AIDE binary? Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
[Aide] AIDE 0.16.2 released
AIDE version 0.16.2 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between 0.16.1 and 0.16.2 are: * Bug fixes - Fix handling of directory-restricted negative rules - Don't lock '/dev/null' when used as output database - Fix parsing of rules containing '?' quantifier - Fix extended attributes support (xattrs) - Fix processing of go files * Please note: - The addition of the "trusted.*", "user.*" and the "security.*" namespaces to the xattrs attribute might lead to a vast amount of reported changed entries during your next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will exclude the expected but also the unexpected (potentially malicious) changes. The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#901251: IP multicast extended regular expression does not match some matchable lines which are matched online (regexr.com & regextester.com)
Hi, On Sun, Jun 10, 2018 at 05:28:42PM +0200, jean-christophe manciot wrote: > The rule *ulogd* described below (*IP multicast: 224.0.0.0 <--> > 239.255.255.255*) does not match some matchable lines: > ^.*? DST=2(?:2[4-9]|3\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d?|0)){3} .*$ logcheck uses POSIX extended regular expression (ERE). Your regular expression contains non-capturing group notation ('?:'), which is not supported in ERE. You can use `rgxg` to generate an extended regular expression for '224.0.0.0/4': $ rgxg cidr 224.0.0.0/4 (23[0-9]|22[4-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3} With this regular expression `logcheck-test` matches your example log lines. If that solves your issue please close this bug report. Best regards Hannes
Accepted logcheck 1.3.20 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2019 23:27:31 +0100 Source: logcheck Architecture: source Version: 1.3.20 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Closes: 859746 860052 861950 869415 872463 877182 889116 913621 920183 Changes: logcheck (1.3.20) unstable; urgency=medium . * Add MIMEENCODING option, default changed to let mime-construct choose an appropriate encoding, thanks to Anthony DeRobertis for the patch (closes: #860052) * src/logcheck: - fix -D option, thanks to Daniel Reichelt for the patch (closes: #877182) * docs/logcheck.sgml: - add missing dot, thanks to Vincas Dargis for the patch (closes: #859746) * Switch to debhelper 12 * Bump to Standards-Version 4.3.0 (no changes necessary) * Update debian/copyright * Remove inactive Uploaders (closes: #920183): - Eric Evans - Hanspeter Kunz - Marc Haber - martin f. krafft - maximilian attems - Todd Troxell Thanks for helping with the package. * ignore.d.server/postfix: match TLS 1.1 or later (closes: #913621) * ignore.d.server/dhclient: match short dhclient xids (closes: #872463) * ignore.d.server/openvpn: match TLS 1.1 or later (closes: #861950) * ignore.d.server/systemd: support milliseconds for timer messages (closes: #869415) * ignore.d.workstation/wpasupplicant: match interface in CTRL-EVENT-EAP messages (closes: #889116) Checksums-Sha1: 23b381e3aa866c180e22a652e84b0da1b5477a1b 1557 logcheck_1.3.20.dsc 74e8c2ca3d91fdce69063885e019b449c735498d 132004 logcheck_1.3.20.tar.xz 55a766a959bc07dc6bb7669660761386034ec349 5538 logcheck_1.3.20_amd64.buildinfo Checksums-Sha256: dba72f308b71c68191f47c67753c4b1cda0a3f290e2d72ee44d2d717d56f97d7 1557 logcheck_1.3.20.dsc 9fb6d02b933470d0b1d1efb54ea186e0d0d27336f9d146be592f65ce60dfb3e6 132004 logcheck_1.3.20.tar.xz b642a747b99b9726987a6ece2cd0407d6bf8284617804239f6bbd7253591d849 5538 logcheck_1.3.20_amd64.buildinfo Files: 9084e8ddeab49a6bc108cf4e085f6b58 1557 admin optional logcheck_1.3.20.dsc 1c6e9a97f9cc485353c25147cb99fb25 132004 admin optional logcheck_1.3.20.tar.xz 6ba77a4492981c657884a63902faa9cb 5538 admin optional logcheck_1.3.20_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlx5tHsACgkQGO6GOGAi 71fLtQv+LSZ6FzMpENd+UcmyuPKcrqCLxH9nQz5z3PcHdRGcr4Hkdx5gMHryp/8A Nuwdc3iFAm7rICov1F40Hwmgm3pME8ABD6pGR2aHvXZvTocDXn+/R1YlLBifAvPz aU3wZplten6hMqzrYbED+tLSqSPHscK4FnqBuVW3RT+53+q4gX4n40/ASmi39o6h z8V+97L8+FpTXLSR2osp+eVESNQdgNVem1dvt7XnK19PJ6vM/ey2a83iLbXN6I5v v7nNMtgZABgpSeJpWm6zlwPW/zC9N0YX1HRpvdFZEgbHJK4ZB/3UTd7SZttt9vmQ pWcBscY1MYodGQoSlpp8RdNcv/Vru3eOhn0ydTDQx06hdR/8ODWTdW1nLVwKZ2b6 vaGQm235Rl5oyCSSkW8wV0MElN0j1oPw4lECZe5AMiikiI+sPHNKsvIhXD7XvKwT uSSb+Th5+obZaXdIy6LXkK65Aaebf5esoQpqSqjpVl7fWM6aVWOQIh9rnI81FGWD 4z+imzUZ =kqdY -END PGP SIGNATURE-
Accepted aide 0.16.1-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Feb 2019 21:34:34 +0100 Source: aide Architecture: source Version: 0.16.1-1 Distribution: unstable Urgency: medium Maintainer: Aide Maintainers Changed-By: Hannes von Haugwitz Closes: 855313 907580 Changes: aide (0.16.1-1) unstable; urgency=medium . [ Hannes von Haugwitz ] * new upstream version v0.16.1 - changes include: - fix short form of --limit parameter (closes: #855313) - use AC_PATH_TOOL to find pkg-config (closes: #907580) - move upstream to GitHub: - d/control: update Homepage field - d/watch: update download URL - d/copyright: update source URL - adapt debian/patches/10-manpages.patch - remove debian/patches/15-arithmetic-exit.patch (incorporated upstream) * Bump to Standards-Version 4.3.0 (no changes necessary) * 31_aide_gnupg: handle S.scdaemon * 31_aide_systemd_journal, 31_aide_mlocate: use @@{RUN} macro * 31_aide_cereal, 31_aide_systemd_sessions: add missing $ to some rules * aide.wrapper.8: - document default value of DBAGE - remove trailing whitespaces * Switch to debhelper 12 * cron.daily/aide: - avoid subshell usage in conditions - fix shell globbing - fix new lines in filtered packages list - disable checkwinsize shell option * aide.wrapper: refactor DBAGE code * Remove empty lines at the end of rule files * Adjust lintian overrides: - aide,aide-xen: remove 'embedded-library' for libm - aide-common: add 'uses-dpkg-database-directly' (the pkg just provides rules for dpkg files) * debian/copyright: update copyright information * Add debian/upstream/metadata . [ Marc Haber ] ∙ 31_aide_boinc-client: new rule ∙ 31_aide_crack: new rule ∙ 31:aide_dlocate: optimize rule ∙ 31_aide_mailman: add Varir for log directory * aideinit: send most output to stderr . [ Ondřej Nový ] * d/copyright: Change Format URL to correct one * d/control: Remove redundant Priority field in binary package * d/changelog: Remove trailing whitespaces * d/watch: Use https protocol Checksums-Sha1: d2462625e9693aa1e68844aad10d2dbe7cb42ee6 2318 aide_0.16.1-1.dsc b2ef8cbdb8b0e759ddcf46fc1fd52e6874224cc5 391531 aide_0.16.1.orig.tar.gz 9c48797b7ed87f05d724b4fc4ea204c05d261d61 659 aide_0.16.1.orig.tar.gz.asc 622e828678b1cbf25c01689fcd3812ef7bb806e9 86156 aide_0.16.1-1.debian.tar.xz 6658463bd605c596d5d0732be6053431606f3685 7089 aide_0.16.1-1_amd64.buildinfo Checksums-Sha256: a118fcd71a24da6156e48229b597b0a5d62fdfa790dac4912a780dce0ebf99b6 2318 aide_0.16.1-1.dsc 0f2b7cecc70c1a27d35c06c98804fcdb9f326630de5d035afc447122186010b7 391531 aide_0.16.1.orig.tar.gz 25c9a30763919a24ab2d5d464f9f633c6b1782b3ba28f6542ed1c8f0865956db 659 aide_0.16.1.orig.tar.gz.asc f61e6a79ba196593137afeb22216be13f75636e57342f7d01f76d5cc64d3f2e0 86156 aide_0.16.1-1.debian.tar.xz f09384b6c123e5d7e81ef911b9a0ae26774492c6d63a15e01a56681bb92e33d5 7089 aide_0.16.1-1_amd64.buildinfo Files: 46e96ed640ff7df41f4f4db7fc3ae2f0 2318 admin optional aide_0.16.1-1.dsc 1bb877023500451cbad76c8ab1f3ec55 391531 admin optional aide_0.16.1.orig.tar.gz e70591d8282860847a60db54841cc530 659 admin optional aide_0.16.1.orig.tar.gz.asc 68e4e8272f1fffb504e70e23fc38540b 86156 admin optional aide_0.16.1-1.debian.tar.xz 6f1d906a5cf2f7b944d1f81d61257df3 7089 admin optional aide_0.16.1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlx4V3YACgkQGO6GOGAi 71cF6Qv+Pu6+R7z8LIbv80RjY52b2kyCxiMVGxc9QbGUwopFwhRS5+3B8gir67dD l02Pcqw+EI9scInMtnv2EPtp+JlOVY4ThHjQXf/l01DAG5gLGINhCjXc6ulNXr47 KHIF5qymAkOkqE0qse/ZB506Wd1sr3yYo1wrXwZT2EehVXXBBhxkDwPvDafDpmna zb1ouRFvAWS7V3a2cpIQdlK5cmYD1FLoayHEOlfpk5XecuisXdn7jlbHXw9zKKgK i2PgOiVYmaJ0crWmxuWdBNIoidL59w1fW8OdOtqYI5wkvVYK2UV/I/7Y3GnTVBHM Wi7G68IkTfqFttWUHyJdeQ5+JRkLZRDcupL4hHFCgYe7s5M8sZgk9tYBAlA/Jf74 ZLdIpC9H5FGWcbzO8T+/aPytb918NAkgncP1yxVkqfainiiyq0Yv9cDQlnZFXhRy FhAByYl2lfd6i70OKS9Lmqdq2ifaZHfLKmnNLkuDEOvbUtJaPVxNXZHAM1mMrxOV RNWSBWWL =Wrw+ -END PGP SIGNATURE-
[Aide] AIDE 0.16.1 released
AIDE version 0.16.1 has just been released. You can download it from https://github.com/aide/aide/releases Please ALWAYS verify the signature of a release file before using it (see README[0] for details). The most noteworthy changes between 0.16 and 0.16.1 are: * Move to GitHub * Update documentation * Bug fixes The home URL of AIDE is http://aide.github.io Best regards Hannes [0] https://github.com/aide/aide/blob/master/README signature.asc Description: PGP signature ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Bug#895927: sha256 checksum of output database not reproducible with command line tools
tags 895927 + unreproducible thanks Hi Marc, On Tue, Apr 17, 2018 at 04:13:33PM +0200, Marc Haber wrote: > I would like to verify the database mentioned in aide output before > copying it over to the input database name. That does not seem to work: > > [19/5003]mh@ivanova:~ $ ls -al /var/lib/aide/aide.db.new output.aide > -rw-rw-r-- 1 mh mh 2,1M Apr 17 11:36 output.aide > -rw--- 1 root root 71M Apr 17 11:36 /var/lib/aide/aide.db.new > [20/5004]mh@ivanova:~ $ grep SHA512 output.aide | tail -n 1 > SHA512 : LhaYUYpxlUaOFnLffOnCyxm8gq6rwxQW > [21/5005]mh@ivanova:~ $ sudo openssl sha256 -binary /var/lib/aide/aide.db.new > | openssl base64 > rN/Af3eq+dKO6DKmpN1XOs+vpH6IQ3qFrELjhslp1Qs= > [22/5006]mh@ivanova:~ $ sudo zcat /var/lib/aide/aide.db.new | openssl sha256 > -binary | openssl base64 > 5uIy2b4L4ckKlzZ6o5UMlePKyKdRR8u/YhgciUQlFWg= > [23/5007]mh@ivanova:~ $ > > What am I supposed to do with aide.db.new if I want the sha256 (or other) > checksums to match aide's own output? First please note that the checksums in the report are wrapped to multiple lines. Apart from that you seem to grep for sha512 checksum in the output of AIDE but compute the sha256 checksum of the database file. I got the following output for my last AIDE run: # grep -A2 SHA512 /var/log/aide/aide.log | tail -n 3 SHA512 : xCCa+gNpk4/A70vpUDcj07ghhg2v5W5x 7oV+U7qaM1db1CaMdt0G8ew3WSgoHWc5 W3C2FVzT4V95mGXpL0Rfig== # zcat /var/lib/aide/aide.db | openssl sha512 -binary | openssl base64 xCCa+gNpk4/A70vpUDcj07ghhg2v5W5x7oV+U7qaM1db1CaMdt0G8ew3WSgoHWc5 W3C2FVzT4V95mGXpL0Rfig== If that solves your issue please close this bug report. Best regards Hannes
Accepted rgxg 0.1.1-5 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 09 Feb 2019 17:27:25 +0100 Source: rgxg Architecture: source Version: 0.1.1-5 Distribution: unstable Urgency: medium Maintainer: Hannes von Haugwitz Changed-By: Hannes von Haugwitz Changes: rgxg (0.1.1-5) unstable; urgency=medium . * Bump to Standards-Version 4.3.0 * Add Build-Depends-Package field to symbols file * Add more fields to d/u/metadata Checksums-Sha1: 2d28586889dfb0f08251fb31cfb7bcba60bb1bf7 1727 rgxg_0.1.1-5.dsc f7dc914aa53858f97b7b8c4f30ee9687efd349ea 12188 rgxg_0.1.1-5.debian.tar.xz 109b69464f06e3d82f1bb5c90cc9e0389f1c36d3 5829 rgxg_0.1.1-5_amd64.buildinfo Checksums-Sha256: 0860515c108e0799c9dfa244472618958c02821cff5631f126343a3bb8e6915c 1727 rgxg_0.1.1-5.dsc c87747c7219132b07a45fd058b198046d03961a46719c67f0a4dbb5d4712deba 12188 rgxg_0.1.1-5.debian.tar.xz 5ead28e554dca951034013ce6f7ca8b56ff61a6d9b41733cf56984cf51d78ae3 5829 rgxg_0.1.1-5_amd64.buildinfo Files: fbfecfec964b6f64658b28f199a20cb6 1727 misc optional rgxg_0.1.1-5.dsc db5d0d0a775797fffd7e21602b86ae3a 12188 misc optional rgxg_0.1.1-5.debian.tar.xz 10ab8afa6686e26c98602bbe5665cca4 5829 misc optional rgxg_0.1.1-5_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlxfCgIACgkQGO6GOGAi 71dACAwApdVOTJn4Y8mkVqfL5mEZ3ErisFTAc6ykzk8t/EzZz6s9EKn82qRKQjR3 KgiljQlQ6KKRstVCyT2VOJJWmMCNCpFEZgGcjFVERIw+iPOpkNBoFSGa8nOJ9uZo WVEFNf0SPGAF/Pl7Q97NCPeZebHsG2VOUvhdzAlcT8mfKhLvABS8D7EckK77gT7c N3zRQZw0uBHwi0FyCJuJEysoUiGATiqGousFbuX9YidYYXeo8aMx6czBCtC+cnqF IlzxlPacOge5TanBdLqftP46z2AEBpMicpRpRirvHmJT7xcL1nWnMUZJ3eAkSlgg 9K7OkZ6G2TrkK92we8kz7iSYiaVpJs8N4lFfoREAthGaaR2HLzs07TDJerbikRbn 2EkP6ZByOUCaIwUiuNSwjmT3U4lGu9R2gjm4qYs7Cvkz+Y7YkceDdNC1XpkrgZbH 7uUKP9+Hym7ZqkSKkJ5LaKh8EKme3GK5f/H77JXwCQwZ6rQnVpifL+aF9rk3HyYC AZ8MJpI9 =eYky -END PGP SIGNATURE-
Accepted rgxg 0.1.1-4 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 20 Jun 2018 19:32:35 +0200 Source: rgxg Binary: rgxg librgxg-dev librgxg0 Architecture: source Version: 0.1.1-4 Distribution: unstable Urgency: medium Maintainer: Hannes von Haugwitz Changed-By: Hannes von Haugwitz Description: librgxg-dev - development files and documentation for librgxg librgxg0 - C library to generate regular expressions rgxg - command-line tool to generate regular expressions Changes: rgxg (0.1.1-4) unstable; urgency=medium . * Mark librgxg-dev package Multi-Arch: same * Update Vcs-* fields to salsa.d.o Checksums-Sha1: d76f89900b1aa45ae8c03af1350a0fde6d386224 1727 rgxg_0.1.1-4.dsc 29cc90a03649eda92f9b73bc47b9f694bcdb75bd 12056 rgxg_0.1.1-4.debian.tar.xz 86498cfcd93d9686f358521274e65691ce6e70d9 6206 rgxg_0.1.1-4_amd64.buildinfo Checksums-Sha256: 84b87b6d55f66b8e8a8de86528f8d596c34c3d9c8c3788c4b73083fa5f706971 1727 rgxg_0.1.1-4.dsc 30ab1c9b73ad71a770587fcea12133d0c0e0057a54292ebe1eba878b92235608 12056 rgxg_0.1.1-4.debian.tar.xz 6345a6c10386307910db85785703c1d2b0c87bec8f26c202b7d2c916bc87b50b 6206 rgxg_0.1.1-4_amd64.buildinfo Files: 6275793f01577f5a6abdbe5cdb093a93 1727 misc optional rgxg_0.1.1-4.dsc 914394a65121127d7690ed7fc3dfcd78 12056 misc optional rgxg_0.1.1-4.debian.tar.xz 76b432c0882b58d2a60b52ed6c18e028 6206 misc optional rgxg_0.1.1-4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlsrPdMACgkQGO6GOGAi 71edgAv/WltM2CUoHAGzAN9lR8HbDD3lYbEwkYrGxOcfAFFMplZhgVEeGf/qiytZ 3zcSc1RwockviTJYW9WUJglAaWucicIQD8927fzQdNbPfguM2Xn/0Uyw4Yudp+Y8 tY5ZfttTEQKLMXljOdQgWerAbn5RyTNTVWtnsaXaZx1cF+dQF77P0DDnMcQAEZFd KZBMxL6/k3uBhVgBQc/FeRsScajKuleuGiynxxH6lhKw/5+4Zaqld8TliFxl/3fD 8VVZQWQ6AWIUzJD6m+3BfgH2Ib529ob40n3ZeH3BKVJGrPdNNa8YgBjSWbJ5psYa Q8k4Dg/ViTqDcszXrQtPgB0kK9mqyIHFfuH5vyJcW11Vn5bJOlsZAVJkmCokqoFn UDTn0gFGcIru+RXwohgDsLE0F/SSeQ1yO6clVSUm7zdpiDMLUJ4X0o6lkBnZ85mG TzQUs+Ngy/tLqS5uITOPH2mGzVfywN2uAHRTWKk4HhoUY4f0deQThLPN844ixWsM pJgXiwe6 =bWxJ -END PGP SIGNATURE-
Re: [Aide] Hashes for Added and Removed Files?
On Wed, Jun 06, 2018 at 04:00:46PM +, Ben Brewer (IT - IT_CORE) wrote: > I tried increasing the verbosity to the default (20) and the hashes do not > show up. Please provide more information about your setup: Which OS are you running? Which AIDE version are you using ($ aide --version)? How does your config look like? Which command(s) are you executing? > -Original Message- > From: Ben Brewer (IT - IT_CORE) > Sent: Sunday, May 27, 2018 9:36 AM > To: Aide user mailinglist > Subject: RE: [Aide] Hashes for Added and Removed Files? > > Hannes, I do not see any reference to report_detailed_init anywhere in the > documentation or on the web. > > Also, are the various verbosity levels documented anywhere? Because I can't > locate those either. see man aide.conf(5) for the documentation of report_detailed_init The verbose levels seem to be not documented yet, I put it on my TODO list. Best regards Hannes ___ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
Accepted rgxg 0.1.1-3 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 04 Jun 2018 20:30:48 +0200 Source: rgxg Binary: rgxg librgxg-dev librgxg0 Architecture: source Version: 0.1.1-3 Distribution: unstable Urgency: medium Maintainer: Hannes von Haugwitz Changed-By: Hannes von Haugwitz Description: librgxg-dev - development files and documentation for librgxg librgxg0 - C library to generate regular expressions rgxg - command-line tool to generate regular expressions Changes: rgxg (0.1.1-3) unstable; urgency=medium . * Switch to debhelper 11 - set debian/compat to 11 - set build-depend on debhelper >= 11 - drop build-depend on dh-autoreconf * debian/copyright: - use https for copyright format uri * Build auto-generated dbgsym packages and remove librgxg0-dbg * debian/tests: - add 01-smoketest * Add debian/upstream/metadata * debian/control: - bump to Standards-Version 4.1.4 Checksums-Sha1: 14fc50baafb87be885af75d2253d5c4070dd58d8 1725 rgxg_0.1.1-3.dsc aca7f6044d6d49f3299bbd392678e736756c72a3 12008 rgxg_0.1.1-3.debian.tar.xz 268783192993b386c16c30373c1ea8932e4b976d 6206 rgxg_0.1.1-3_amd64.buildinfo Checksums-Sha256: 608bbc2d64675c2bb17e4f01a49e32d03206d72eac11a168220a96213803e909 1725 rgxg_0.1.1-3.dsc 312d5af58313e41cacbc847c601f0f74732cae41c5c77b8478bce017f7a3ba98 12008 rgxg_0.1.1-3.debian.tar.xz 4a6357d8509a0d29c6f4b3878e3ba13870be6a6a125ee4fca26fdde5cfd24989 6206 rgxg_0.1.1-3_amd64.buildinfo Files: 73818b0c3d9ea3528f6fd523a6c529cf 1725 misc optional rgxg_0.1.1-3.dsc 1e876d28e55a0e21a081fa0f0377f20c 12008 misc optional rgxg_0.1.1-3.debian.tar.xz ade50d671e0d44109ebaaa3047c175f2 6206 misc optional rgxg_0.1.1-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlsVkLoACgkQGO6GOGAi 71foFwv9GLpKfmNlGDxO2A/GQL76j0BpHD2BhBObRdHqcGRnhRTxZ9qAvo5y/OII flm12iOg1pmBDQtl5LjcOSIS2cZs2f4X0Qxa1LHJBiLB3ibyjEg87Qp25QaFRyvn 1BLOt2p+nSbfUnoaqdX+Q4Dyd67AyMd3AloIIZqIKv1zlNJPpgbaYL1Mgt7cKnq0 gPrbaA0I/6Cj13nqR7Sas8q0H8Dy+QKedr1nBFE5NHkP+bjNZiyalJSIT2yojLqP Sh8mJ/amUAB+JOxKp9A0TkwOqf2EyNvUwXWn+v0pHCAAlwLgngCkW403DGObTXfB 3ZsWjuR1KUsXp0YvXIc/TxZOSog0I1SiOYTZDzZhHfCb86qSiBODpBnaZZJvsQ4Q sYHS/+KmIouO3jiTeY2D7e6NOEOZXdcNtb/3tiTVau+FawQ/8tysTlk2s1XvX2xI KTVw1X1QBFJcSo/Vm9RrW9Afb9a3QIK+M4CfRCl+dyuGWbmDCzJ03xQsHl7kuh53 Vs1kZWqH =/a1G -END PGP SIGNATURE-
Accepted logcheck 1.3.19 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 30 May 2018 23:59:13 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.19 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 899934 Changes: logcheck (1.3.19) unstable; urgency=medium . * debian/control: - update Vcs-* fields to salsa.d.o - build-depend on debhelper (>= 11) - bump to Standards-Version 4.1.4 (no changes necessary) - update Maintainer field (closes: #899934) * debian/compat: - bump to dh compatibility level 11 * Remove references to alioth.debian.org * Update debian/README.Debian Checksums-Sha1: bb3357b1ebd6483b0a6adc28b013682c183037cc 1782 logcheck_1.3.19.dsc 34ddd312a5a0506f587e3b3615295a274c498b9e 131148 logcheck_1.3.19.tar.xz 212dd665eafee11178aacd36d3cc9011e23d7e90 5894 logcheck_1.3.19_amd64.buildinfo Checksums-Sha256: 62dd9d850ad413f32311c4e34df317685b3ffde30b15d2c690204631935b03d1 1782 logcheck_1.3.19.dsc 06294c092b2115eca3d054c57778718c91dd2e0fd1c46650b7343c2a92672ca9 131148 logcheck_1.3.19.tar.xz e2f5cd10878e98119ace7623825afc280de546f0a19df3fd7ae0c813f4a1f04d 5894 logcheck_1.3.19_amd64.buildinfo Files: 1cf2d1b28cc30958c78c58e70fcbc163 1782 admin optional logcheck_1.3.19.dsc 7b50d10da6f185228627c55fdd51f624 131148 admin optional logcheck_1.3.19.tar.xz 95ce848c6450380a7a949e6692321608 5894 admin optional logcheck_1.3.19_amd64.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAlsPJ5wACgkQGO6GOGAi 71cmhQv8D+gfXyD4rRhURUB0O1YuRJ4szU9/FNTuiisO2Uwn7rZkGFSkMDgWgbjz Sr9sI62TgbLH1Ms4uCKgvM3jWNG/WFZB+tMdJGHOblVjan3c57Zut2EHpWzFWxD+ jaZVJmqO1EFb2IgONl99cDpDOpIsCTxRt6NQYqz2mAC7UjaHi3DtqiLUrn93dRwQ AzZt/hVtZTtakxlPFzo+zdfolQaE4alhz5vjcz0xfjm0O/FWKwrmIu0hbGfwZNEu 7ZJLWy+bfakdrL67BsA2iRleN7EKik8ATXBNfwEd45Zygg7NLe02rsbOCFt8HBzd 9shmoAS3t2vCZUMbe/X0psMflcUO56XAyyRY2Yn8oJReOJqSb5oFZSNfCEEQp8Pz g8QawxEh/r4ELZJ+Oa2Sk+mP0g8xAHBKU2w+gy+3rLvQjYb6bTGa0ZV4yc3n9mXK uWht06kNc2sHUjNC6q2gztj7Yn8SFerCoaxrAkuf6AwclgSr5HCP9K1DDII8q9L5 utQc8jYt =6CrH -END PGP SIGNATURE-
Bug#898478: Please upgrade package to kpcli 3.2
Package: kpcli Version: 3.1-3 Severity: wishlist Hi, kpcli 3.2 was released in Dec 2017. Please consider to upgrade the package. Thanks. Best regards Hannes
Bug#882066: ansible-lint fails with ansible 2.4
Package: ansible-lint Version: 3.4.13+git.20170811-1-1 Severity: important Hi, ansible-lint fails with ansible 2.4: $ ansible-lint Traceback (most recent call last): File "/usr/bin/ansible-lint", line 11, in load_entry_point('ansible-lint==3.4.13', 'console_scripts', 'ansible-lint')() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 572, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2769, in load_entry_point return ep.load() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2422, in load return self.resolve() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2428, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python2.7/dist-packages/ansiblelint/__init__.py", line 28, in import ansiblelint.utils File "/usr/lib/python2.7/dist-packages/ansiblelint/utils.py", line 53, in from ansible.plugins import module_loader ImportError: cannot import name module_loader $ The issue is fixed upstream since 3.4.15. So please update the package to the latest upstream version. Thanks and best regards Hannes -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (900, 'testing'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.13.8 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ansible-lint depends on: ii ansible 2.4.0.0+dfsg-1 ii python 2.7.14-1 ii python-six 1.11.0-1 ii python-yaml 3.12-1+b1 ansible-lint recommends no packages. ansible-lint suggests no packages.
Bug#855313: Invalid option -l
# fixed in upstream 4863aa9 tags 855313 + fixed-upstream thanks On Sat, Oct 21, 2017 at 12:57:13PM +0200, Marc Haber wrote: > --limit works, and the source code looks correct as well: > { "limit", required_argument, NULL, 'l'}, > > Hannes, that's your issue ;-) Fixed upstream [0] Best regards Hannes [0] https://sourceforge.net/p/aide/code/ci/4863aa9
Bug#832159: ITP: qutebrowser -- A keyboard-driven, vim-like browser based on PyQt5.
Hi, Is there any progress with packaging qutebrowser? Best regards Hannes
Bug#832159: ITP: qutebrowser -- A keyboard-driven, vim-like browser based on PyQt5.
Hi, Is there any progress with packaging qutebrowser? Best regards Hannes