[Aide] I (ignore changed filename) woes

Marc Haber mh+aide at zugschlus.de
Tue Nov 1 18:19:23 EET 2005


On Tue, Nov 01, 2005 at 12:30:10PM +0200, Virolainen Pablo wrote:
> On Tue, 1 Nov 2005, Marc Haber wrote:
> >but what do I do with the "new" .2.gz file? If I use
> >!/var/log/exim4/mainlog.2.gz, I am completely excluding the file from
> >the aide database and will probably get the .3.gz file flagged as new.
> >Is there some way to say "it's ok to have a file matching this regexp
> >appear, include its value to the database but do not list it"?
> >
> >Greetings
> >Marc
> 
> One can implement this by adding new bit to configuration file. We might 
> call it "ANF" (allow new files:)
> 
> you might want to use it something like
> 
> /var/log/exim4/*.2.gz RotatedLogs+ANF

Which version is this patch against? It doesn't cleanly apply against
today's cvs snapshot. I have applied the non-clean parts manually and
am attaching the resulting patch.

Richard, are you willing to apply this to current CVS?

suggested comment line for aide.conf and the man page:
#S:     check for growing size
#I:     ignore changed file names
#ANF:	allow new matching files to show up without being reported

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 30-allow-new-files.dpatch by Marc Haber <mh+debian-packages at zugschlus.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad aide~/include/aide.h aide/include/aide.h
--- aide~/include/aide.h	2005-08-10 09:37:00.000000000 +0000
+++ aide/include/aide.h	2005-11-01 16:00:16.000000000 +0000
@@ -24,6 +24,19 @@
 #include "report.h"
 #include "db_config.h"
 #include <stdlib.h>
+#include <unistd.h>
+
+#ifndef TEMP_FAILURE_RETRY
+/* Evaluate EXPRESSION, and repeat as long as it returns -1 with errno'
+   set to EINTR.  */
+
+# define TEMP_FAILURE_RETRY(expression) \
+   (__extension__                                                              \
+     ({ long int __result;                                                     \
+        do __result = (long int) (expression);                                 \
+        while (__result == -1L && errno == EINTR);                             \
+        __result; }))
+#endif
 
 #ifdef HAVE_SNPRINTF
 #if !defined(HAVE_C99_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
diff -urNad aide~/include/db_config.h aide/include/db_config.h
--- aide~/include/db_config.h	2005-04-28 10:53:05.000000000 +0000
+++ aide/include/db_config.h	2005-11-01 16:00:26.000000000 +0000
@@ -102,6 +102,7 @@
    db_rdev,                     /* "rdev"     */
    db_dev,                      /* "dev"      */
    db_checkmask,                /* "checkmask"*/
+   db_allownewfile,		/* "allownewfile */
    db_unknown } DB_FIELD; 	/* "unknown"  */
 
 /* db_unknown must be last because it is used to determine size of
@@ -142,7 +143,7 @@
 #define DB_CHECKMASK (1<<25)    /* "checkmask"*/
 #define DB_SIZEG     (1<<26)	/* "unknown"  */
 #define DB_CHECKINODE (1<<27) /* "checkinode"*/
-
+#define DB_NEWFILE    (1<<28) /* "allow new file" */
 
 #define DB_HASHES    (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \
 		      DB_GOST|DB_CRC32B)
@@ -174,7 +175,8 @@
    "rdev",
    "dev",
    "checkmask",
-   "unknown" } ; 
+   "unknown",
+   "allownewfiles"} ; 
 
 const static int db_value[] = { 
    db_filename, 	/* "name",   */ 
@@ -203,6 +205,7 @@
    db_rdev,             /* "rdev"     */
    db_dev,              /* "dev"      */
    db_checkmask,	/* "checkmask" */
+   db_allownewfile,	/* "allownewfile" */
    db_unknown };	/* "unknown"  */
 
 /* db_namealias && db_aliasvalue are here to support earlier database 
diff -urNad aide~/src/aide.c aide/src/aide.c
--- aide~/src/aide.c	2005-10-25 12:29:05.000000000 +0000
+++ aide/src/aide.c	2005-11-01 16:00:26.000000000 +0000
@@ -329,7 +329,7 @@
 
   conf->start_time=time(&(conf->start_time));
 
-  
+  do_groupdef("ANF",DB_NEWFILE);
   do_groupdef("p",DB_PERM);
   do_groupdef("i",DB_INODE);
   do_groupdef("I",DB_CHECKINODE);
diff -urNad aide~/src/gen_list.c aide/src/gen_list.c
--- aide~/src/gen_list.c	2005-10-28 14:36:03.000000000 +0000
+++ aide/src/gen_list.c	2005-11-01 16:04:30.000000000 +0000
@@ -697,10 +697,10 @@
   if(!((retval&16)==16)){
     retval|=16;
     top=1;
-  } else{
+  } else {
     top=0;
   }
-    
+  
   /* if no deeper match found */
   if(!((retval&8)==8)&&!((retval&4)==4)){
     if(!check_list_for_match(node->equ_rx_lst,text,attr)){
@@ -1021,7 +1021,7 @@
   if(!node){
     node=new_seltree_node(tree,file->filename,0,NULL);
   }
-
+  
   if(file==NULL){
     error(0, "add_file_to_tree was called with NULL db_line\n");
   }
@@ -1088,37 +1088,45 @@
     /* Check if file was moved (same inode, different name in the other DB)*/
     db_line *oldData;
     db_line *newData;
-    seltree* moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
-    
-    if(moved_node == NULL || moved_node == node) {
-      /* There's mo match for inode or it matches the node with the same name.
-       * In first case we don't have a match to compare with.
-       * In the second - we already compared those files. */
-      return;
-    }
+    seltree* moved_node;
 
-    if(db == DB_NEW) {
-      newData = node->new_data;
-      oldData = moved_node->old_data;
-    } else {
-      newData = moved_node->new_data;
-      oldData = node->old_data;
-    }
+    moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
+    if(!(moved_node == NULL || moved_node == node)) {
+        /* There's mo match for inode or it matches the node with the same name.
+         * In first case we don't have a match to compare with.
+         * In the second - we already compared those files. */
+      if(db == DB_NEW) {
+        newData = node->new_data;
+        oldData = moved_node->old_data;
+      } else {
+        newData = moved_node->new_data;
+        oldData = node->old_data;
+      }
 
-    localignorelist=(oldData->attr^newData->attr);
-    if (localignorelist!=0) {
-      error(5,"File %s in databases has different attributes, %i,%i\n",
-	    oldData->filename,oldData->attr,newData->attr);
-    }
+      localignorelist=(oldData->attr^newData->attr);
+
+      if (localignorelist!=0) {
+        error(5,"File %s in databases has different attributes, %i,%i\n",
+  	    oldData->filename,oldData->attr,newData->attr);
+      }
     
-    localignorelist|=ignorelist|DB_CTIME;
+      localignorelist|=ignorelist|DB_CTIME;
 
-    /* Free the data if same else leave as is for report_tree */
-    if(compare_dbline(oldData, newData, localignorelist)==RETOK){
-      node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
-      moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+      /* Free the data if same else leave as is for report_tree */
+      if(compare_dbline(oldData, newData, localignorelist)==RETOK){
+        node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
+        moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+      }
     }
   }
+  if( (db == DB_NEW) &&
+      (file->attr & DB_CHECKINODE) && 
+      (node->new_data!=NULL) &&
+      (node->old_data==NULL)) {
+	 free_db_line(node->new_data);
+	 node->new_data=NULL;
+	 node->checked=DB_OLD|DB_NEW|NODE_TRAVERSE;
+  }
 }
 
 int check_rxtree(char* filename,seltree* tree,int* attr)


More information about the Aide mailing list