Discussion:
[Aide] Capturing changes in directory but a privileged subdirectory
John Kristoff
2016-06-07 03:23:31 UTC
Permalink
I'm using 0.16b1 on a Linux machiine and trying to do something like
this in an aide.conf:

/boot R
!/boot/lost\+found

I'm initializing the database and running as an unprivileged user. I'm
struggling to figure out how to exclude the priviledged (root only)
lost+found directories (and others like it) from being accessed by AIDE,
because I'm getting errors like this:

open_dir(): Permission denied: /boot/lost+found

I've tried a variety of ways to get around this, but I must be missing
something obvious. How can I exclude a handful of subdirectories, but
get everything else by default?

Thank you,

John
Hannes von Haugwitz
2016-06-07 04:28:36 UTC
Permalink
Hello John,
Post by John Kristoff
I'm using 0.16b1 on a Linux machiine and trying to do something like
/boot R
!/boot/lost\+found
I'm initializing the database and running as an unprivileged user. I'm
struggling to figure out how to exclude the priviledged (root only)
lost+found directories (and others like it) from being accessed by AIDE,
open_dir(): Permission denied: /boot/lost+found
I can reproduce your issue; it seems to be a bug at a first glance. I'll
look into it and report back.

Best regards

Hannes
Hannes von Haugwitz
2016-06-08 21:25:14 UTC
Permalink
Hi,
Post by Hannes von Haugwitz
Post by John Kristoff
I'm using 0.16b1 on a Linux machiine and trying to do something like
/boot R
!/boot/lost\+found
I'm initializing the database and running as an unprivileged user. I'm
struggling to figure out how to exclude the priviledged (root only)
lost+found directories (and others like it) from being accessed by AIDE,
open_dir(): Permission denied: /boot/lost+found
I can reproduce your issue; it seems to be a bug at a first glance. I'll
look into it and report back.
I (hopefully) fixed your issue in git fe17bdd [0]. Please try and report back if
it works or not.

Best regards

Hannes

[0] https://sourceforge.net/p/aide/code/ci/fe17bddce77468e69241796c745d84cbbff7fa05/
John Kristoff
2016-06-08 22:11:38 UTC
Permalink
On Wed, 8 Jun 2016 21:25:14 +0000
Post by Hannes von Haugwitz
I (hopefully) fixed your issue in git fe17bdd [0]. Please try and
report back if it works or not.
Unfortunately not. Here is my aide.conf:

database = file:aide.db
database_out = file:aide.db.new
report_url = file:aide_report.txt

/boot R
!/boot/lost+found

If I run (binary name customized to platform):

./aide.amd64 -i -c aide.conf

aide_report.txt's first output line is:

open_dir(): Permission denied: /boot/lost+found

John
Hannes von Haugwitz
2016-06-08 23:02:49 UTC
Permalink
Hi,
Post by John Kristoff
On Wed, 8 Jun 2016 21:25:14 +0000
Post by Hannes von Haugwitz
I (hopefully) fixed your issue in git fe17bdd [0]. Please try and
report back if it works or not.
database = file:aide.db
database_out = file:aide.db.new
report_url = file:aide_report.txt
/boot R
!/boot/lost+found
Please try:

/boot R
!/boot/lost\+found

Best regards

Hannes
John Kristoff
2016-06-08 23:09:48 UTC
Permalink
On Thu, 9 Jun 2016 01:02:49 +0200
Post by John Kristoff
/boot R
!/boot/lost\+found
Thanks for pointing out my typo. :-) I did have that before of course
your patch of course. Looks much better now, thank you so much.

John

Loading...