Your message dated Mon, 01 Mar 2010 21:32:37 +0000
with message-id <[email protected]>
and subject line Bug#542621: fixed in aide 0.14~rc3-1
has caused the Debian Bug report #542621,
regarding aide: new feature: ignore files changed by system updates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
542621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542621
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: aide
Version: 0.13.1-10
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: origin-ubuntu karmic ubuntu-patch
I have added a new feature to the aide package: a new option to remove
files that were changed by system updates from the daily e-mail report.
*** /tmp/tmpLpolp2
In Ubuntu, we've applied the attached patch to achieve the following:
* debian/{cron.daily,default}/aide: add new FILTERUPDATES option that
removes files changed by system updates from the daily e-mail report.
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-6-generic (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u aide-0.13.1/debian/changelog aide-0.13.1/debian/changelog
diff -u aide-0.13.1/debian/cron.daily/aide aide-0.13.1/debian/cron.daily/aide
--- aide-0.13.1/debian/cron.daily/aide
+++ aide-0.13.1/debian/cron.daily/aide
@@ -74,8 +74,15 @@
COMMAND="${COMMAND:-check}"
COPYNEWDB="${COPYNEWDB:-no}"
QUIETREPORTS="${QUIETREPORTS:-no}"
+FILTERUPDATES="${FILTERUPDATES:-no}"
ONEXIT=""
+# Get the database's date
+DATABASEDATE=""
+if [ -f $DATABASE ]; then
+ DATABASEDATE="$(stat -c %y $DATABASE | sed -e "s/\..*//")"
+fi
+
# functions
mytempfile() {
@@ -276,20 +283,65 @@
printf >> "$LOGFILE" "AIDE produced no errors.\n"
fi
- # include de-noised log into mail
+ # include filtered log into mail
if [ -n "${ARUNLOG:-}" ] && [ -s "$ARUNLOG" ]; then
- if [ -n "${NOISE:-}" ]; then
+ if [ "$FILTERUPDATES" = "yes" ] || [ -n "${NOISE:-}" ]; then
+ FILTERTMP="$(mytempfile aidefilter1)"
+ FILTERTMP2="$(mytempfile aidefilter2)"
+ FILTERTMP3="$(mytempfile aidefilter3)"
NOISETMP="$(mytempfile aidenoise1)"
NOISETMP2="$(mytempfile aidenoise2)"
- < "$ARUNLOG" sed -n '1,/^Detailed information about changes:/p' | \
- grep '^\(changed\|removed\|added\):' | \
- grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" >> "$NOISETMP2"
-
- if [ -n "$NOISE" ]; then
- < "$NOISETMP2" grep -v "^\(changed\|removed\|added\): $NOISE" >> "$NOISETMP"
- printf >> "$MAILFILE" "De-Noised output removes everything matching %s.\n" "$NOISE"
+
+ # Figure out where the dpkg log file is
+ DPKGLOG="$(< /etc/dpkg/dpkg.cfg grep "^log" | head -n 1 | cut -d ' ' -f 2)"
+
+ # Filter software updates
+ if [ "$FILTERUPDATES" = "yes" ] && [ -s "$DPKGLOG" ]; then
+ # Create a list of files modified by system updates
+ declare -a PACKAGES
+ REGEX="^([^ ]+ [^ ]+) upgrade ([^ ]+) [^ ]+ [^ ]+$"
+ while read line; do
+ if [[ $line =~ $REGEX ]] && [[ "$DATABASEDATE" < ${BASH_REMATCH[1]} ]]; then
+ packages[${#packag...@]}]="${BASH_REMATCH[2]}"
+ fi
+ done < "$DPKGLOG"
+ if [ "${#packag...@]}" -ne 0 ]; then
+ dpkg-query -L ${packag...@]} | sed -e "/^$/d" -e "/\/\./d" >> "$FILTERTMP3"
+ < "$ARUNLOG" sed -n '1,/^Detailed information about changes:/p' | \
+ grep '^\(changed\|removed\|added\):' | \
+ grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" >> "$FILTERTMP2"
+ REGEX="^(changed|removed|added): (.*)"
+ while read line; do
+ if [[ $line =~ $REGEX ]]; then
+ if [ -z "$(grep "^${BASH_REMATCH[2]}$" "$FILTERTMP3")" ]; then
+ echo "$line" >> "$FILTERTMP"
+ fi
+ fi
+ done < "$FILTERTMP2"
+ printf >> "$MAILFILE" "The following software updates were detected and were filtered from this list:\n"
+ printf >> "$MAILFILE" "%s\n" "${packag...@]}"
+ printf >> "$MAILFILE" "\n"
+ fi
+ fi
+
+ # Apply noise filter
+ if [ -n "${NOISE:-}" ]; then
+ if [ -s "$FILTERTMP" ]; then
+ < "$FILTERTMP" cat >> "$NOISETMP2"
+ else
+ < "$ARUNLOG" sed -n '1,/^Detailed information about changes:/p' | \
+ grep '^\(changed\|removed\|added\):' | \
+ grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" >> "$NOISETMP2"
+ fi
+
+ if [ -n "$NOISE" ]; then
+ < "$NOISETMP2" grep -v "^\(changed\|removed\|added\): $NOISE" >> "$NOISETMP"
+ printf >> "$MAILFILE" "De-Noised output removes everything matching: %s.\n\n" "$NOISE"
+ fi
+ else
+ < "$FILTERTMP" cat >> "$NOISETMP"
fi
if [ -s "$NOISETMP" ]; then
@@ -298,17 +350,18 @@
printf "AIDE has returned long output which has been truncated in this mail\n" | \
frame >> "$MAILFILE"
printf >> "$MAILFILE" \
- "De-Noised output is %d lines, truncated to %d.\n" "$loglines" "$LINES"
+ "Filtered output is %d lines, truncated to %d.\n" "$loglines" "$LINES"
< "$NOISETMP" head -n "$LINES" >> "$MAILFILE"
- printf >> "$MAILFILE" "\nEnd of truncated De-Noised AIDE output. The full output can be found in %s.\n\n" "$LOGFILE"
+ printf >> "$MAILFILE" "\nEnd of truncated filtered AIDE output. The full output can be found in %s.\n\n" "$LOGFILE"
else
- printf >> "$MAILFILE" "De-Noised output of the daily AIDE run (%d lines):\n" "$loglines"
+ printf >> "$MAILFILE" "Filtered output of the daily AIDE run (%d lines):\n" "$loglines"
< "$NOISETMP" cat >> "$MAILFILE"
- printf >> "$MAILFILE" "\nEnd of De-Noised AIDE output.\n\n"
+ printf >> "$MAILFILE" "\nEnd of Filtered AIDE output.\n\n"
fi
else
- printf >> "$MAILFILE" "AIDE detected no changes after removing noise.\n\n"
+ printf >> "$MAILFILE" "AIDE detected no changes after applying filters.\n\n"
fi
+
printf >> "$MAILFILE" "============================================================================\n"
fi
diff -u aide-0.13.1/debian/default/aide aide-0.13.1/debian/default/aide
--- aide-0.13.1/debian/default/aide
+++ aide-0.13.1/debian/default/aide
@@ -40,6 +40,13 @@
# been reported. This is needed for ANF/ARF to work reliably.
COPYNEWDB=no
+# Set this to yes to suppress files changed by package updates and security
+# updates from appearing in the e-mail report. Changed files will still
+# be listed in the log file. This option parses the /var/log/dpkg.log file
+# and may work better when COPYNEWDB=yes since the dpkg.log file only
+# contains recent information
+FILTERUPDATES=no
+
# This parameter defines how many lines to return per e-mail. Output longer
# than this value will be truncated in the e-mail sent out.
LINES=1000
--- End Message ---
--- Begin Message ---
Source: aide
Source-Version: 0.14~rc3-1
We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive:
aide-common_0.14~rc3-1_all.deb
to main/a/aide/aide-common_0.14~rc3-1_all.deb
aide-dynamic_0.14~rc3-1_i386.deb
to main/a/aide/aide-dynamic_0.14~rc3-1_i386.deb
aide-xen_0.14~rc3-1_i386.deb
to main/a/aide/aide-xen_0.14~rc3-1_i386.deb
aide_0.14~rc3-1.diff.gz
to main/a/aide/aide_0.14~rc3-1.diff.gz
aide_0.14~rc3-1.dsc
to main/a/aide/aide_0.14~rc3-1.dsc
aide_0.14~rc3-1_i386.deb
to main/a/aide/aide_0.14~rc3-1_i386.deb
aide_0.14~rc3.orig.tar.gz
to main/a/aide/aide_0.14~rc3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated aide package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 28 Feb 2010 17:20:43 +0100
Source: aide
Binary: aide aide-xen aide-dynamic aide-common aide-config-zg2
Architecture: source i386 all
Version: 0.14~rc3-1
Distribution: experimental
Urgency: low
Maintainer: Aide Maintainers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Description:
aide - Advanced Intrusion Detection Environment - static binary
aide-common - Advanced Intrusion Detection Environment - Common files
aide-config-zg2 - Advanced Intrusion Detection Environment - Zg2 configuration
exte
aide-dynamic - Advanced Intrusion Detection Environment - dynamic binary
aide-xen - Advanced Intrusion Detection Environment - static binary for XEN
Closes: 542621
Changes:
aide (0.14~rc3-1) experimental; urgency=low
.
* NOT YET RELEASED
.
[ Marc Haber ]
* new upstream CVS snapshot
* snprintf.c from rsync (more compatible license)
* new summarize_changes option by Hannes von Haugwitz
* more compatibility with recent autotools (thanks, Steve Grubb)
* 31_aide_aptitude: add /var/lib/aptitude
* aide-common.postinst: remove unneeded CONFDIR variable
* clarify debian/copyright for snprintf.c and fopen.c
* fix debian/NEWS version number 0.13.1-10
* fix broken mail addresse in changelog
* Standards-Version: 3.8.4 (no changes necessary)
.
[ Hannes von Haugwitz ]
* 31_aide_bind9: /var/run/bind/run has been moved to /var/run/named
* Added options to filter package updates or installations (closes: #542621)
* debian/rules: enabled xattr, selinux and posix-acl support
* 10-manpages.dpatch: "block count" patch is now in upstream source
* cron.daily/aide:
- adjusted regex for NOISE to work with new summarize_changes option
- added log file checksum to truncated mail
- removed duplicated "at" in ""End of AIDE daily cron job" line
- don't fail when NOISE removes everything
- replaced obsolete checksums md5 and sha1 with sha256 and sha512
* 31_aide_svn-server: new
- handle variable files in svn repositories
- provide 31_aide_svn-server_settings
* 31_aide_trac: new
- handle trac.db in trac repositories
- provide 31_aide_trac_settings
* 31_aide_cups: new
- handle files in /var/run/cups, /var/spool/cups, /var/log/cups
and /var/cache/cups
* 31_aide_samba: new
- handle files in /var/run/samba, /var/log/samba and /var/lib/samba
* 31_aide_root-dotfiles: new
- added rules for some dotfiles in root/ (by default disabled)
* Added option to truncate the detailed part in the mail
* Added aide.settings.d directory
* update-aide.conf: added --settingsd option
* default/aide: added UPAC_SETTINGSD variable
* 31_aide_apt:
- read settings file from aide.settings.d
- warn if 31_local_apt_settings is used
* Provide aide.settings.d/31_aide_apt_settings
* Allow LINES=0 to disable option
* 31_aide_wpasupplicant: new
- handle files in /var/run/
- handle log files
- handle files in /lib/init/rw/wpasupplicant/
* debian/control:
- added Vcs-Git and Vcs-Browser fields
- added libselinux1-dev, libattr1-dev, libacl1-dev to build dependencies
* 31_aide_postgresql: new (handle log files and pid file)
* 31_aide_ifplugd: new (handle pid file)
* 31_aide_dhcp3-client: added INTERFACES variable
* 31_aide_nfs: new (handle pid files and files in /var/lib/nfs)
* 31_aide_at: new
- handle /var/spool/cron/at(spool|jobs)
- handle /var/run/atd.pid
* 31_aide_laptop-mode-tools: new
- handle files in /var/run/laptop-mode-tools
* 31_aide_nagios3: new
- handle files in /var/lib/nagios3
- handle files in /var/log/nagios3
- handle files in /var/run/nagios3
- handle files in /var/cache/nagios3
* 31_aide_slapd: new
- handle files in /var/lib/ldap/
- handle files in /var/run/slapd
- handle /var/run/ldapi
* 31_aide_nslcd: new (handle files in /var/run/nslcd)
* 31_aide_dbus: new (handle files in /var/run/dbus)
* 31_aide_vpnc: new (handle /var/run/vpnc)
* 31_aide_portmap: new
- handle /lib/init/rw/sendsigs.omit.d/portmap
- handle files in /var/run
* 31_aide_kerberos: new (handle temp files)
* 31_aide_dhcpd: new (handle pid file)
* 31_aide_rkhunter:
- fixed handling of old log file
- handle files in /var/lib/rkhunter/db/
* 31_aide_apcupsd: handle /var/lock/LCK..
* 31_aide_xfree86-common: replaced with empty dummy, rules
are now in 31_aide_x11-common
* 31_aide_x11-common: new (handle dirs in /tmp)
* 31_aide_opie-server: new (handle /etc/opiekeys)
* 31_aide_network: new (handle /var/run/network)
* 31_aide_anubis: new (handle pid file)
* 31_aide_pcscd: new (handle files in /var/run/pcscd)
* 31_aide_resolvconf: handle files in /lib/init/rw/resolvconf
* 31_aide_tiger: new (handle /var/lib/tiger/work and files in /var/log/tiger)
* 31_aide_alsa: new (handle asound.state file)
* 31_aide_mdadm: new (handle files in /var/run/mdadm and /lib/init/rw/mdadm)
* 31_aide_rsyslog: handle /lib/init/rw/sendsigs.omit.d/rsyslog
* 31_aide_lib-init-rw: new (handle some files in /lib/init/rw)
* 31_aide_hapsd: new (handle pid file)
* 31_aide_smartmontools: new (handle pid file)
* 31_aide_mail: new (handle files in /var/mail)
* 31_aide_fcron: new (handle spool files, fifo and pid file)
* 31_aide_lighttpd: new (handle log files, pid file and php sockets)
* 31_aide_nscd: new (handle /var/run/nscd and cache files)
* 31_aide_aptitude_frqchg: replaced with empty dummy, rules
are contained in 31_aide_aptitude
* 31_aide_hald: removed unneeded rule for acl-list file
* 31_aide_munin:
- added rule for munin-node pid file
- fixed handling of files in /var/run/munin/
* aide.conf:
- added new rules (VarTime, VarInode, VarDirInode)
- added link name attribute to InodeData and VarFile
- added summarize_changes option (by default disabled)
- added acl, xattrs and selinux attributes to InodeData, VarFile, VarDir,
VarDirInode and Log
- replaced obsolete checksums md5 and sha1 with sha256 and sha512
* 31_aide_lvm2: fixed handling of cache file and added rule for lock dir
* 31_aide_libvirt-bin: new
- handle files in /var/run/libvirt
- handle /var/lib/libvirt/qemu and /var/cache/libvirt/qemu
* 31_aide_nrpe: new (handle pid file)
* 31_aide_aptitude: added rules for log rotation and exclude lock file
* 31_aide_fail2ban: added rules for /var/run/fail2ban, socket and pid file
* 31_aide_screen: added rule for /var/run/screen
Checksums-Sha1:
2841efec141c41c92328c4cebe399971c48ad182 1448 aide_0.14~rc3-1.dsc
c834ebd48ed4378bd6b3f15d40744158cb302e89 467198 aide_0.14~rc3.orig.tar.gz
a2b1d31f68d4be9619fef38162b36ccf0759b733 70680 aide_0.14~rc3-1.diff.gz
da1e5ab1b17d4d6a74f08658cb2e57e4e68dba97 554078 aide_0.14~rc3-1_i386.deb
3743200f4a69b3c08e8cbf55f9d017384e4d69ca 98820 aide-common_0.14~rc3-1_all.deb
e0ba818d4fb74ea0048fbfe4690737d36a4e6484 555478 aide-xen_0.14~rc3-1_i386.deb
cf8aa4bcd2b6f2d34694db0776ac3531e2caa9f3 111396
aide-dynamic_0.14~rc3-1_i386.deb
Checksums-Sha256:
700ab1c83ed47e731c2ad4d4e8e44037ebdc4f07ff90aff6f3a3157a44c93e7d 1448
aide_0.14~rc3-1.dsc
253189f0e21a08aa86b060cea51c96ca49f540400293f1eb6db9008662dad10e 467198
aide_0.14~rc3.orig.tar.gz
2aa2fab1f7ec2282a0cd783f35d9a9111051e7e9f6e8b49d5e35609129cbc2f2 70680
aide_0.14~rc3-1.diff.gz
b23ea7e08b3cd24da3b34a694bfca8b9b5233a5f36885408e17d4cde0963ed33 554078
aide_0.14~rc3-1_i386.deb
227246bbc6603c78960bf305dbf7499709b56f0914c135e7d9a192e2c991f070 98820
aide-common_0.14~rc3-1_all.deb
bde7703341d2026294ca4bb7996ecd97109002a734f28826f0e86c149ad2b67e 555478
aide-xen_0.14~rc3-1_i386.deb
cc372c341086790a6dd67e08f3ad6732a6db6abc0b94571c8db290443e78ea2b 111396
aide-dynamic_0.14~rc3-1_i386.deb
Files:
2f4c4fb4561d133242c33df489407dfe 1448 admin optional aide_0.14~rc3-1.dsc
a8f2e59af2abafebc6e123adccde89d4 467198 admin optional
aide_0.14~rc3.orig.tar.gz
1bbaf4a9b99f3b17516a53a56c55714d 70680 admin optional aide_0.14~rc3-1.diff.gz
1e9621346375618aa075be70c08797e0 554078 admin optional aide_0.14~rc3-1_i386.deb
58810549e5f5e7c9abf832f2b9c1bb3e 98820 admin optional
aide-common_0.14~rc3-1_all.deb
524f5d31ea685dedb8fa9d15d828ba43 555478 admin optional
aide-xen_0.14~rc3-1_i386.deb
7f07f466d776f672c6995291020648b4 111396 admin optional
aide-dynamic_0.14~rc3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuMHSUACgkQgZalRGu6PIQLoACfW9nJsCXpwQv3z26g2CW70sWI
o4EAn3HRHzT11EA5N6GZ8wDKjShjTBzJ
=Qu1j
-----END PGP SIGNATURE-----
--- End Message ---
