| 2019-02-26 13:13:02 |
Sylvia van Os |
description |
AIDE supports configuring it to output the database to stdout and receive its databases from stdin:
aide.conf
```
database=stdin
database_out=stdout
database_new=stdin
gzip_dbout=no
```
aideinit, however, explicitly checks on file:
```
if [ -z "$outfile" ]; then
outfile=$(egrep "^[[:space:]]*database_out=file:" $config | cut -d: -f2)
[ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new"
fi
```
Running aideinit with stdout set in the config file will make it prefix stdout with "Running aide --init...", making AIDE unable to read the output when importing it again over stdin (Pipe database must have one db_spec specification).
$ aideinit 2>/dev/null
```
Running aide --init...
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
To compare, called `aide --init` with the correct config does not display this behaviour:
$ update-aide.conf && aide -c /var/lib/aide/aide.conf.autogenerated --init
```
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
This makes it difficult to send the database off to another system without saving it locally (to protect against an attacker on the system hiding their traces by modifying the AIDE database). |
Ubuntu 16.04, AIDE 0.16a2-19-g16ed855.
AIDE supports configuring it to output the database to stdout and receive its databases from stdin:
aide.conf
```
database=stdin
database_out=stdout
database_new=stdin
gzip_dbout=no
```
aideinit, however, explicitly checks on file:
```
if [ -z "$outfile" ]; then
outfile=$(egrep "^[[:space:]]*database_out=file:" $config | cut -d: -f2)
[ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new"
fi
```
Running aideinit with stdout set in the config file will make it prefix stdout with "Running aide --init...", making AIDE unable to read the output when importing it again over stdin (Pipe database must have one db_spec specification).
$ aideinit 2>/dev/null
```
Running aide --init...
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
To compare, called `aide --init` with the correct config does not display this behaviour:
$ update-aide.conf && aide -c /var/lib/aide/aide.conf.autogenerated --init
```
@@begin_db
# This file was generated by Aide, version 0.16a2-19-g16ed855
# Time of generation was 2019-02-26 12:49:20
@@db_spec name lname attr perm inode uid gid size lcount acl xattrs selinux e2fsattrs bcount mtime ctime rmd160 tiger crc32 haval gost sha256 sha512
```
This makes it difficult to send the database off to another system without saving it locally (to protect against an attacker on the system hiding their traces by modifying the AIDE database). |
|
