| 2022-03-29 08:19:09 |
Lévai Dániel |
description |
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two example here, there's the /etc/aide/aide.conf.d/31_aide_libvirt-bin and /etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$ d
This won't take effect for some reason, the resulting aide database file will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g. creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say ...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot of rule files and the maintainer might have some ideas as to why it's ordered like that.
In any case, it would be nice if the exclude rules worked - it's not only the /machines under /run/systemd, it's everything else too, that was just an example.
I have all the default rule files copied from /usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status |
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two examples here, there's the /etc/aide/aide.conf.d/31_aide_libvirt-bin and /etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$ d
This won't take effect for some reason, the resulting aide database file will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g. creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say ...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot of rule files and the maintainer might have some ideas as to why it's ordered like that.
In any case, it would be nice if the exclude rules worked - it's not only the /machines under /run/systemd, it's everything else too, that was just an example.
I have all the default rule files copied from /usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status |
|
| 2022-03-29 08:21:28 |
Lévai Dániel |
description |
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two examples here, there's the /etc/aide/aide.conf.d/31_aide_libvirt-bin and /etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$ d
This won't take effect for some reason, the resulting aide database file will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g. creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say ...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot of rule files and the maintainer might have some ideas as to why it's ordered like that.
In any case, it would be nice if the exclude rules worked - it's not only the /machines under /run/systemd, it's everything else too, that was just an example.
I have all the default rule files copied from /usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
500 https://malcolm.ecentrum.hu/mirrors/ubuntu/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status |
A number of exclusion rules don't work with aide running on 22.04.
I'll just list two examples here, there's the /etc/aide/aide.conf.d/31_aide_libvirt-bin and /etc/aide/aide.conf.d/31_aide_systemd rule files that has a couple of exclusions.
If I take 31_aide_systemd as an example:
@@define RUNSYSD @@{RUN}/systemd
[...]
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$ d
This won't take effect for some reason, the resulting aide database file will in fact include e.g. /run/systemd/machines/*
If I insert an explicit exclusion before everything else however, e.g. creating a /etc/aide/aide.conf.d/00_exclude file and putting let's say ...
!/run/systemd/machines
... in there, then aide won't include that in the database file.
It might be some innocent ordering issue I presume, but there are a lot of rule files and the maintainer might have some ideas as to why it's ordered like that.
In any case, it would be nice if the exclude rules worked - it's not only the /machines under /run/systemd, it's everything else too, that was just an example.
I have all the default rule files copied from /usr/share/aide/config/aide/aide.conf.d to /etc/aide/aide.conf.d.
The release I'm using is
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
And my aide version is
aide:
Installed: 0.17.4-1
Candidate: 0.17.4-1
Version table:
*** 0.17.4-1 500
500 http://hu.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status |
|
