Ubuntu
aide package

package updates not fully filtered by wrapper

Bug #1819927 reported by Steven Grimm
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
aide (Ubuntu)
New
Undecided
Unassigned

Bug Description

We run AIDE on systems that use unattended-upgrade to install security patches. When the upgrades run, we often get large email reports from AIDE. We have FILTERUPDATES=yes in /etc/defaults/aide but the filtering seems to not be very effective a lot of the time, especially when there are kernel updates. Excerpt of one of the reports is included below.

Expected behavior is that the report only shows changes that weren't made as a result of package updates, and that no email is sent if all the changes were from package updates.

Summary:
  Total number of entries: 182042
  Added entries: 27157 (filtered: 0)
  Removed entries: 0 (filtered: 0)
  Changed entries: 32 (filtered: 947)

The following package changes were detected and were filtered from this mail:
libtiff5:amd64 (upgrade)
linux-libc-dev:amd64 (upgrade)
linux-aws:amd64 (upgrade)
linux-image-aws:amd64 (upgrade)
linux-headers-aws:amd64 (upgrade)

---------------------------------------------------
Added entries (filtered: 0):
---------------------------------------------------

f++++++++++++++++: /boot/System.map-4.15.0-1034-aws
f++++++++++++++++: /boot/config-4.15.0-1034-aws
f++++++++++++++++: /boot/initrd.img-4.15.0-1034-aws
f++++++++++++++++: /boot/vmlinuz-4.15.0-1034-aws
f++++++++++++++++: /lib/modprobe.d/blacklist_linux-aws_4.15.0-1034-aws.conf
d++++++++++++++++: /lib/modules/4.15.0-1034-aws
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/initrd
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto
f++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/aes-x86_64.ko
f++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/aesni-intel.ko
f++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/blowfish-x86_64.ko
f++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/camellia-aesni-avx-x86_64.ko
f++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/camellia-aesni-avx2.ko

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: aide 0.16-3
ProcVersionSignature: User Name 4.15.0-1031.33-aws 4.15.18
Uname: Linux 4.15.0-1031-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Wed Mar 13 14:38:12 2019
Ec2AMI: ami-055afcf1091b96750
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1b
Ec2InstanceType: t3.micro
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: aide
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Steven Grimm (sgrimm) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.