[Aide] aide reporting directory changes even if not configured to
Virolainen Pablo
pablo at cs.tut.fi
Wed Dec 7 09:43:39 EET 2005
On Wed, 7 Dec 2005, Marc Haber wrote:
> On Tue, Dec 06, 2005 at 01:24:34PM +0200, Virolainen Pablo wrote:
>> On Mon, 5 Dec 2005, Marc Haber wrote:
>>>> I cannot explain this without looking at the source. I know that
>>>> "...R}/var/backups" rule is not even checked.
>>>
>>> How do you find out?
>>
>> Well, I changed verbosity level to get debug messages (and added some
>> debug messages).
>
> Can you give a patch for these debug messages? I think it would be
> extremely handy to see which and how rules are considered.
> That is a complete replacement for the gen_list.c function, and from
> what I see, it reverses from a first-match to a last-match approach by
> comparing the regexp list starting from the last node?
I thaught you wanted to change the semantic to be like that.
For the patch, you should get something like following
dump of the tree entries with data attachet to it. Data has line number,
type (like in config file) and the regexp.
tree: "/"
tree: "/home"
tree: "/home/pablo"
tree: "/home/pablo/aide"
tree: "/home/pablo/aide/aide"
tree: "/home/pablo/aide/aide/test"
tree: "/home/pablo/aide/aide/test/root"
18 ^/home/pablo/aide/aide/test/root/
19! ^/home/pablo/aide/aide/test/root/var$
tree: "/home/pablo/aide/aide/test/root/var"
22 ^/home/pablo/aide/aide/test/root/var/
23 ^/home/pablo/aide/aide/test/root/var/backups$
tree: "/home/pablo/aide/aide/test/root/var/log"
24 ^/home/pablo/aide/aide/test/root/var/log/dpkg\.log$
25 ^/home/pablo/aide/aide/test/root/var/log/dpkg\.log-[0-9]{8}\.gz$
26 ^/home/pablo/aide/aide/test/root/var/log/dpkg\.log-[0-9]{8}$
And matching log part (one entry for each compare) and result of the
search.
"/home/pablo/aide/aide/test/root/var" matches rule from line #18: ^/home/pablo/aide/aide/test/root/
"/home/pablo/aide/aide/test/root/var" matches rule from line #19: ^/home/pablo/aide/aide/test/root/var$
/home/pablo/aide/aide/test/root/var match=0, tree=135423576, attr=0
"/home/pablo/aide/aide/test/root/var/backups" matches rule from line #23: ^/home/pablo/aide/aide/test/root/var/backups$
"/home/pablo/aide/aide/test/root/var/backups" doesn't match rule from line #19: ^/home/pablo/aide/aide/test/root/var$
/home/pablo/aide/aide/test/root/var/backups match=1, tree=135423576, attr=2588
/home/pablo/aide/aide/test/root/var/backups attr=2588
/home/pablo/aide/aide/test/root/var/backups attr=2589
open_dir():No such file or directory: /home/pablo/aide/aide/test/root/var/log
There are rules referring to non-existent directories!
"/home/pablo/aide/aide/test/root/var/backups/dpkg.log" doesn't match rule from line #23:^/home/pablo/aide/aide/test/root/var/backups$
"/home/pablo/aide/aide/test/root/var/backups/dpkg.log" matches rule from line #22: ^/home/pablo/aide/aide/test/root/var/
"/home/pablo/aide/aide/test/root/var/backups/dpkg.log" doesn't match rule from line #19: ^/home/pablo/aide/aide/test/root/var$
/home/pablo/aide/aide/test/root/var/backups/dpkg.log match=1, tree=135423576, attr=524220
/home/pablo/aide/aide/test/root/var/backups/dpkg.log attr=524220
/home/pablo/aide/aide/test/root/var/backups/dpkg.log attr=524221
Duke NEMO / C.O.M.A
alias pablo the pallo virolainen
-------------- next part --------------
--- gen_list.c.orig Wed Dec 7 09:26:59 2005
+++ gen_list.c Wed Dec 7 09:29:20 2005
@@ -19,6 +19,7 @@
*/
#include "aide.h"
+
#include <string.h>
#include <assert.h>
#include <stdlib.h>
@@ -295,9 +296,13 @@
rxtok=strrxtok(curr_rule->rx);
curnode=get_seltree_node(tree,rxtok);
+
if(curnode==NULL){
curnode=new_seltree_node(tree,rxtok,1,curr_rule);
}
+
+ error(240,"Handling %s with %c \"%s\" with node \"%s\"\n",rxtok,type,curr_rule->rx,curnode->path);
+
/* We have to add '^' to the first charaster of string...
*
@@ -633,13 +638,15 @@
int check_list_for_match(list* rxrlist,char* text,int* attr)
{
- list* r=NULL;
+ list* r=rxrlist;
int retval=1;
- for(r=rxrlist;r;r=r->next){
+ for(;r;r=r->prev){
if((retval=regexec((regex_t*)((rx_rule*)r->data)->crx,text,0,0,0))==0){
*attr=((rx_rule*)r->data)->attr;
- error(231,"Matches rule from line #%ld: %s\n",((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
+ error(231,"\"%s\" matches rule from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
break;
+ } else {
+ error(232,"\"%s\" doesn't match rule from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
}
}
return retval;
@@ -663,8 +670,10 @@
//we don't need to worry about buff-overflow, so strcmp is safe
if((retval=strcmp(temp, text))==0){
*attr=((rx_rule*)r->data)->attr;
- error(231,"Matches string from line #%ld: %s\n",((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
+ error(231,"\"%s\" matches string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
break;
+ } else {
+ error(231,"\"%s\" doesn't match string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
}
}
return retval;
@@ -887,6 +896,31 @@
return file_lst;
}
+void print_tree(seltree* tree) {
+
+ list* r;
+ rx_rule* rxc;
+ error(245,"tree: \"%s\"\n",tree->path);
+
+ for(r=tree->sel_rx_lst;r!=NULL;r=r->next) {
+ rxc=r->data;
+ error(246,"%i\t%s\n",rxc->conf_lineno,rxc->rx);
+ }
+ for(r=tree->equ_rx_lst;r!=NULL;r=r->next) {
+ rxc=r->data;
+ error(246,"%i=\t%s\n",rxc->conf_lineno,rxc->rx);
+ }
+
+ for(r=tree->neg_rx_lst;r!=NULL;r=r->next) {
+ rxc=r->data;
+ error(246,"%i!\t%s\n",rxc->conf_lineno,rxc->rx);
+ }
+
+ for(r=tree->childs;r!=NULL;r=r->next) {
+ print_tree(r->data);
+ }
+}
+
seltree* gen_tree(list* prxlist,list* nrxlist,list* erxlist)
{
seltree* tree=NULL;
@@ -896,6 +930,8 @@
gen_seltree(prxlist,tree,'s');
gen_seltree(nrxlist,tree,'n');
gen_seltree(erxlist,tree,'e');
+
+ print_tree(tree);
return tree;
}
More information about the Aide
mailing list