[Aide] I (ignore changed filename) woes
Virolainen Pablo
pablo at cs.tut.fi
Tue Nov 1 12:30:10 EET 2005
On Tue, 1 Nov 2005, Marc Haber wrote:
> but what do I do with the "new" .2.gz file? If I use
> !/var/log/exim4/mainlog.2.gz, I am completely excluding the file from
> the aide database and will probably get the .3.gz file flagged as new.
> Is there some way to say "it's ok to have a file matching this regexp
> appear, include its value to the database but do not list it"?
>
> Greetings
> Marc
One can implement this by adding new bit to configuration file. We might
call it "ANF" (allow new files:)
you might want to use it something like
/var/log/exim4/*.2.gz RotatedLogs+ANF
Duke NEMO / C.O.M.A
alias pablo the pallo virolainen
-------------- next part --------------
diff -ru ../../aide2/aide/include/aide.h include/aide.h
--- ../../aide2/aide/include/aide.h Tue Sep 20 21:20:28 2005
+++ include/aide.h Wed Aug 10 12:37:00 2005
@@ -24,19 +24,6 @@
#include "report.h"
#include "db_config.h"
#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef TEMP_FAILURE_RETRY
+/* Evaluate EXPRESSION, and repeat as long as it returns -1 with `errno'
+ set to EINTR. */
+
+# define TEMP_FAILURE_RETRY(expression) \
+ (__extension__ \
+ ({ long int __result; \
+ do __result = (long int) (expression); \
+ while (__result == -1L && errno == EINTR); \
+ __result; }))
+#endif
#ifdef HAVE_SNPRINTF
#if !defined(HAVE_C99_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
diff -ru ../../aide2/aide/include/db_config.h include/db_config.h
--- ../../aide2/aide/include/db_config.h Thu Apr 28 13:53:05 2005
+++ include/db_config.h Tue Nov 1 11:49:36 2005
@@ -102,6 +102,7 @@
db_rdev, /* "rdev" */
db_dev, /* "dev" */
db_checkmask, /* "checkmask"*/
+ db_allownewfile, /* "allownewfile */
db_unknown } DB_FIELD; /* "unknown" */
/* db_unknown must be last because it is used to determine size of
@@ -142,7 +143,7 @@
#define DB_CHECKMASK (1<<25) /* "checkmask"*/
#define DB_SIZEG (1<<26) /* "unknown" */
#define DB_CHECKINODE (1<<27) /* "checkinode"*/
-
+#define DB_NEWFILE (1<<28) /* "allow new file" */
#define DB_HASHES (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \
DB_GOST|DB_CRC32B)
@@ -174,7 +175,8 @@
"rdev",
"dev",
"checkmask",
- "unknown" } ;
+ "unknown",
+ "allownewfiles"} ;
const static int db_value[] = {
db_filename, /* "name", */
@@ -203,6 +205,7 @@
db_rdev, /* "rdev" */
db_dev, /* "dev" */
db_checkmask, /* "checkmask" */
+ db_allownewfile, /* "allownewfile" */
db_unknown }; /* "unknown" */
/* db_namealias && db_aliasvalue are here to support earlier database
diff -ru ../../aide2/aide/src/aide.c src/aide.c
--- ../../aide2/aide/src/aide.c Wed Apr 6 12:50:25 2005
+++ src/aide.c Tue Nov 1 11:51:07 2005
@@ -329,7 +329,7 @@
conf->start_time=time(&(conf->start_time));
-
+ do_groupdef("ANF",DB_NEWFILE);
do_groupdef("p",DB_PERM);
do_groupdef("i",DB_INODE);
do_groupdef("I",DB_CHECKINODE);
diff -ru ../../aide2/aide/src/gen_list.c src/gen_list.c
--- ../../aide2/aide/src/gen_list.c Mon Aug 8 13:57:54 2005
+++ src/gen_list.c Tue Nov 1 12:15:37 2005
@@ -696,10 +696,10 @@
if(!((retval&16)==16)){
retval|=16;
top=1;
- } else{
+ } else {
top=0;
}
-
+
/* if no deeper match found */
if(!((retval&8)==8)&&!((retval&4)==4)){
if(!check_list_for_match(node->equ_rx_lst,text,attr)){
@@ -1020,7 +1020,7 @@
if(!node){
node=new_seltree_node(tree,file->filename,0,NULL);
}
-
+
if(file==NULL){
error(0, "add_file_to_tree was called with NULL db_line\n");
}
@@ -1087,36 +1087,44 @@
/* Check if file was moved (same inode, different name in the other DB)*/
db_line *oldData;
db_line *newData;
- seltree* moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
+ seltree* moved_node;
- if(moved_node == NULL || moved_node == node) {
+ moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
+ if(!(moved_node == NULL || moved_node == node)) {
/* There's mo match for inode or it matches the node with the same name.
* In first case we don't have a match to compare with.
* In the second - we already compared those files. */
- return;
- }
+ if(db == DB_NEW) {
+ newData = node->new_data;
+ oldData = moved_node->old_data;
+ } else {
+ newData = moved_node->new_data;
+ oldData = node->old_data;
+ }
- if(db == DB_NEW) {
- newData = node->new_data;
- oldData = moved_node->old_data;
- } else {
- newData = moved_node->new_data;
- oldData = node->old_data;
- }
+ localignorelist=(oldData->attr^newData->attr);
- localignorelist=(oldData->attr^newData->attr);
- if (localignorelist!=0) {
- error(5,"File %s in databases has different attributes, %i,%i\n",
- oldData->filename,oldData->attr,newData->attr);
- }
+ if (localignorelist!=0) {
+ error(5,"File %s in databases has different attributes, %i,%i\n",
+ oldData->filename,oldData->attr,newData->attr);
+ }
- localignorelist|=ignorelist;
+ localignorelist|=ignorelist|DB_CTIME;
- /* Free the data if same else leave as is for report_tree */
- if(compare_dbline(oldData, newData, localignorelist)==RETOK){
- node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
- moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+ /* Free the data if same else leave as is for report_tree */
+ if(compare_dbline(oldData, newData, localignorelist)==RETOK){
+ node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
+ moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+ }
}
+ }
+ if( (db == DB_NEW) &&
+ (file->attr & DB_CHECKINODE) &&
+ (node->new_data!=NULL) &&
+ (node->old_data==NULL)) {
+ free_db_line(node->new_data);
+ node->new_data=NULL;
+ node->checked=DB_OLD|DB_NEW|NODE_TRAVERSE;
}
}
More information about the Aide
mailing list