[Aide] Question about report output
James Antill
james-aide-38mkm at and.org
Tue Nov 28 23:02:33 EET 2006
Jason Martens <me at jasonmartens.com> writes:
> Hey all,
> I just started using AIDE, so this may be obvious, but I couldn't
> find the answer anywhere in the docs...
>
> I have a daily report with a lot of lines like this:
> File /var/lib/opennms/rrd/snmp in databases has different attributes,
> 4029,2077
>
> My question is simply, what are the 4029 and 2077 attributes? Size?
> Change time? How can I correlate the report output with the attributes
> I am checking?
Here's a python app. which will decode it. I also thought I'd changed
it to report in Hex, but I might not have bothered...
% aide-attrs 4029
filename
perm
uid
gid
size
ctime
mtime
inode
bcount
lnkcount
% aide-attrs 2077
filename
perm
uid
gid
lnkcount
...here's the script:
#! /usr/bin/python -tt
import sys
attrs = ["filename", "linkname", "perm", "uid", "gid", "size", "atime",
"ctime", "mtime", "inode", "bcount", "lnkcount", "md5", "sha1",
"rmd160", "tiger", "crc32", "haval", "gost", "crc32b", "attr",
"acl", "bsize", "rdev", "dev", "checkmask", "allownewfile",
"allowrmfile", "sha256", "sha512", "whirlpool", "selinux",
"xattrs", "unknown"]
data = int(sys.argv.pop(1))
for i in xrange(0, 31):
if 2**i & data:
print attrs[i]
More information about the Aide
mailing list