[Aide] How to properly use ANF?

Sun Nov 13 21:57:02 EET 2005

On Sun, 13 Nov 2005, Marc Haber wrote:

> On Sat, Nov 12, 2005 at 02:53:15PM +0200, Virolainen Pablo wrote:
>> On Sat, 12 Nov 2005, Marc Haber wrote:
>>> Any idea why my ANF clause doesn't keep syslog.2.gz from being listed
>>> as "added"?
>>
>> Propably because ANF isn't working. We will mark file as moved in which
>> causes the file to be handled like "I".
>
> Hmmm
>
>> --- aide-ANF.broken/src/gen_list.c	Sat Nov 12 14:45:14 2005
>> +++ aide-with-ANF/src/gen_list.c	Sat Nov 12 14:45:48 2005
>> @@ -1122,7 +1122,7 @@
>>        (file->attr & DB_NEWFILE) &&
>>        (node->new_data!=NULL) &&
>>        (node->old_data==NULL)) {
>> -	 node->checked|=DB_NEW|NODE_MOVED_IN;
>> +	 node->checked|=DB_NEW;
>>    }
>>  }
>
> Having NODE_MOVED_IN or not doesn't seem to change anything.
> syslog.2.gz is reported as added after log rotation.
>
> Anything more that might be wrong?

Well, syslog.2.gz is new (and reported) because old syslog.2.gz is moved 
to syslog.3.gz.. Well, this means that I need to remake the patch (and 
touch even more to the source code than I originally thaught).

Duke NEMO / C.O.M.A
alias pablo the pallo virolainen
-------------- next part --------------
diff -Nru aide-ANF.broken/include/db.h aide-with-ANF/include/db.h

--- aide-ANF.broken/include/db.h	Fri Nov 12 15:48:17 2004
+++ aide-with-ANF/include/db.h	Sun Nov 13 21:29:55 2005
@@ -52,6 +52,6 @@
 #define NODE_CHECKED      (1<<10)
 #define NODE_MOVED_OUT    (1<<11)
 #define NODE_MOVED_IN     (1<<12)
-
+#define NODE_ALLOW_NEW    (1<<13)
 
 #endif
Binary files aide-ANF.broken/src/.gen_list.c.swp and aide-with-ANF/src/.gen_list.c.swp differ
diff -Nru aide-ANF.broken/src/Makefile.am aide-with-ANF/src/Makefile.am
--- aide-ANF.broken/src/Makefile.am	Sun Nov 13 21:51:25 2005
+++ aide-with-ANF/src/Makefile.am	Sun Nov 13 21:50:57 2005
@@ -68,6 +68,8 @@
 conf_yacc.c:conf_yacc.y
 	${YACC} ${YFLAGS} -d -p conf -o conf_yacc.c $(top_srcdir)/src/conf_yacc.y
 
+conf_yacc.h: conf_yacc.c
+
 conf_lex2.c:conf_lex.c
 
 conf_lex.c:conf_lex.l
diff -Nru aide-ANF.broken/src/compare_db.c aide-with-ANF/src/compare_db.c
--- aide-ANF.broken/src/compare_db.c	Tue Oct 25 14:42:38 2005
+++ aide-with-ANF/src/compare_db.c	Sun Nov 13 21:33:19 2005
@@ -690,8 +690,8 @@
     }else {
       int localignorelist=old->attr ^ ((db_line*)r->data)->attr;
       
-      if (localignorelist!=0) {
+      if ((localignorelist&(~DB_NEWFILE))!=0) {
	error(2,"File %s in databases has different attributes, %i,%i\n",old->filename,old->attr,((db_line*)r->data)->attr);
       }
       
       localignorelist|=ignorelist;
@@ -822,7 +822,7 @@
       }else if(!(node->checked&DB_OLD)&&(node->checked&DB_NEW)){
 	/* File is in new db but not old. (ADDED) */
 	/* unless it was moved in */
-	if(!(node->checked&NODE_MOVED_IN)){
+	if((!(node->checked&NODE_MOVED_IN))&&(!node->checked&NODE_ALLOW_NEW)){
 	  stat[2]++;
 	  node->checked|=NODE_ADDED;
 	}
@@ -839,7 +839,7 @@
 	if(!(node->checked&(NODE_MOVED_IN|NODE_MOVED_OUT))){
 	  stat[4]++;
 	  node->checked|=NODE_CHANGED;
-	}else if(!(node->checked&NODE_MOVED_IN)) {
+	}else if((!(node->checked&NODE_MOVED_IN))&&(!node->checked&NODE_ALLOW_NEW)) {
 	  stat[2]++;
 	  node->checked|=NODE_ADDED;
 	}else if(!(node->checked&NODE_MOVED_OUT)) {
--- aide-ANF.broken/src/gen_list.c	Sat Nov 12 14:45:14 2005
+++ aide-with-ANF/src/gen_list.c	Sun Nov 13 21:42:39 2005
@@ -1058,7 +1058,7 @@
   if((node->checked&DB_OLD)&&(node->checked&DB_NEW)){
     localignorelist=(node->new_data->attr^node->old_data->attr);
     if (localignorelist!=0) {
-      error(2,"File %s in databases has different attributes, %i,%i\n",node->old_data->filename,node->old_data->attr,node->new_data->attr);
+      error(2,"File %s in databases has different attributes (here2), %i,%i\n",node->old_data->filename,node->old_data->attr,node->new_data->attr);
     }
     
     localignorelist|=ignorelist;
@@ -1102,11 +1102,11 @@
         oldData = node->old_data;
       }
 
-      localignorelist=(oldData->attr^newData->attr);
+      localignorelist=(oldData->attr^newData->attr)&(~DB_NEWFILE);
 
       if (localignorelist!=0) {
-        error(5,"File %s in databases has different attributes, %i,%i\n",
-  	    oldData->filename,oldData->attr,newData->attr);
+        error(5,"File \"%s\" \"%s\" in databases has different attributes (here3), %i,%i\n",
+  	    newData->filename,oldData->filename,oldData->attr,newData->attr);
       }
     
       localignorelist|=ignorelist|DB_CTIME;
@@ -1120,9 +1120,8 @@
   }
   if( (db == DB_NEW) &&
       (file->attr & DB_NEWFILE) && 
-      (node->new_data!=NULL) &&
-      (node->old_data==NULL)) {
-	 node->checked|=DB_NEW|NODE_MOVED_IN;
+      (node->new_data!=NULL) ){
+	 node->checked|=NODE_ALLOW_NEW;
   }
 }
 
