Giter Site home page Giter Site logo

Comments (7)

hvhaugwitz avatar hvhaugwitz commented on June 16, 2024

Can you please provide more information about your issue (e.g. operating system, AIDE version, used configuration, used commands, expected output, etc)?

Generally AIDE creates hashes for new files as long as there exists a corresponding rule for the file path.

from aide.

bengbrewer2 avatar bengbrewer2 commented on June 16, 2024

I would prefer not to have that discussion over a public GitHub thread. Any chance you would mind sharing your email address so I can reach you?

from aide.

hvhaugwitz avatar hvhaugwitz commented on June 16, 2024

I cannot see how the requested information, such as operating system or the AIDE version should contain sensitive information. If the configuration or the rules contain sensitive information, please create a minimal example configuration which reproduces your issues.

from aide.

nutanv avatar nutanv commented on June 16, 2024

@hvhaugwitz - related to some of my previous work, I saw a similar behaviour as stated here.

Objective - Capture hashes of files which are created (dropped) in /tmp, /var/tmp or /home/... directories. (assume some whitelisting is in place in aide.conf and the type of files we are expecting are going to be low in numbers, but when those files appear, we want to capture it's hash).

"verbose" seemed to have helped; changed its value to 20 for desired effect; newly created files and hashes were also written in aide.log

Used similar config as below -

database=file:@@{DBDIR}/aide.db.gz
database_out=file:@@{DBDIR}/aide.db.new.gz
gzip_dbout=yes
verbose=20
report_url=syslog:LOG_LOCAL3
report_url=stdout
PCI = l+p+i+u+g+acl+sha256
PCI_LOG = l+p+i+u+g+acl+S+l+ftype+n
/etc            PCI
/bin            PCI
/sbin           PCI
/lib            PCI
/home           PCI
/var/tmp       PCI
/tmp              PCI

/var/log/kern.log$ PCI_LOG
/var/log/last.log$ PCI_LOG

When this config was run with aide 0.15.1, newly created files (but not modified)were only logged as file=/etc/boss.py; added; even with verbose set to 20;

but

when tested with latest version available, newly created files did get logged along with its hash.

image

My Question, or rather ask for help, would be, which piece of code is making that difference? I do not posses coding skills to feel confident about it but if there are any tweaks in config, which I can do, or get a patch of aide 0.15, that would be great to know.

There are certain reason's beyond my control which do not allow me to update to Aide 0.16.2-21-gfcf0f3a.

from aide.

hvhaugwitz avatar hvhaugwitz commented on June 16, 2024

@nutanv I'm not sure if I understand your issue correctly. Are you looking for the commit that adds details about added and removed entries to the report (05d3911)? If not, you can use git bisect to find the commit that adds the desired behaviour.

from aide.

nutanv avatar nutanv commented on June 16, 2024

The issue is - Report hash values (in aide.log) of newly created files (not neccessarily modified but just created) in watched directories. I'll check your commit above and get back. thanks for the tip of bisect.

from aide.

hvhaugwitz avatar hvhaugwitz commented on June 16, 2024

@bengbrewer2 @nutanv Can you please try AIDE 0.17.1 and report back if the issues you were seeing still exist? Especially look at the new report_level and log_level config options.. Otherwise I will close this issue within the next couple of weeks.

from aide.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.