Comments (7)
Can you please provide more information about your issue (e.g. operating system, AIDE version, used configuration, used commands, expected output, etc)?
Generally AIDE creates hashes for new files as long as there exists a corresponding rule for the file path.
from aide.
I would prefer not to have that discussion over a public GitHub thread. Any chance you would mind sharing your email address so I can reach you?
from aide.
I cannot see how the requested information, such as operating system or the AIDE version should contain sensitive information. If the configuration or the rules contain sensitive information, please create a minimal example configuration which reproduces your issues.
from aide.
@hvhaugwitz - related to some of my previous work, I saw a similar behaviour as stated here.
Objective - Capture hashes of files which are created (dropped) in /tmp, /var/tmp or /home/... directories. (assume some whitelisting is in place in aide.conf and the type of files we are expecting are going to be low in numbers, but when those files appear, we want to capture it's hash).
"verbose" seemed to have helped; changed its value to 20 for desired effect; newly created files and hashes were also written in aide.log
Used similar config as below -
database=file:@@{DBDIR}/aide.db.gz
database_out=file:@@{DBDIR}/aide.db.new.gz
gzip_dbout=yes
verbose=20
report_url=syslog:LOG_LOCAL3
report_url=stdout
PCI = l+p+i+u+g+acl+sha256
PCI_LOG = l+p+i+u+g+acl+S+l+ftype+n
/etc PCI
/bin PCI
/sbin PCI
/lib PCI
/home PCI
/var/tmp PCI
/tmp PCI
/var/log/kern.log$ PCI_LOG
/var/log/last.log$ PCI_LOG
When this config was run with aide 0.15.1, newly created files (but not modified)were only logged as file=/etc/boss.py; added
; even with verbose set to 20;
but
when tested with latest version available, newly created files did get logged along with its hash.
My Question, or rather ask for help, would be, which piece of code is making that difference? I do not posses coding skills to feel confident about it but if there are any tweaks in config, which I can do, or get a patch of aide 0.15, that would be great to know.
There are certain reason's beyond my control which do not allow me to update to Aide 0.16.2-21-gfcf0f3a.
from aide.
@nutanv I'm not sure if I understand your issue correctly. Are you looking for the commit that adds details about added and removed entries to the report (05d3911)? If not, you can use git bisect
to find the commit that adds the desired behaviour.
from aide.
The issue is - Report hash values (in aide.log) of newly created files (not neccessarily modified but just created) in watched directories. I'll check your commit above and get back. thanks for the tip of bisect.
from aide.
@bengbrewer2 @nutanv Can you please try AIDE 0.17.1 and report back if the issues you were seeing still exist? Especially look at the new report_level
and log_level
config options.. Otherwise I will close this issue within the next couple of weeks.
from aide.
Related Issues (20)
- Escape sequences in JSON output
- please consider relaxing file owner restrictions HOT 1
- Documented configuration parameter "syslog_format = true" not working. HOT 3
- Aide on Mobian Pinephone pro HOT 8
- Aide processes did not terminate in Redhat Entreprise 7.9 HOT 1
- Suggestion: Make a specific file comparison from a previous database HOT 2
- debian 10 - runtime error HOT 1
- undefined macro AC_MSG_ERROR & AC_DEFINE HOT 1
- handle interruptions
- AIDE rpm not located in RHEL UBI 8 AppStream repo HOT 1
- Remove old and obsolete algorithms in favor of modern HOT 7
- Connecting the application to the payment gateway
- Errors on database initialization with AIDE 0.18.1 on macOS HOT 2
- equals rule processing change with 0.18? HOT 4
- Please add password protection when updating the database HOT 6
- Use lgetxattr and not getxattr in do_md.c
- free(): double free detected in tcache 2 HOT 1
- Please update your gpg key HOT 1
- Unexpected character '@' error when rules start with a macro variable whose value begins with a slash HOT 1
- `/usr/bin/aide --config /var/lib/aide/aide.conf.autogenerated --update` cores under "some circumstance" HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aide.