[Aide] update-aide.conf and /etc/aide/aide.conf

[Anchal Nigam]

 Hello.

I am having a hard time figuring out how to set AIDE up. As I understand
it, on Debian systems, it ships with these:

- `/etc/aide/aide.conf`
- `/etc/aide/aide.conf.d/*`

And, `aide` uses `/etc/aide/aide.conf` as the default file for
configuration details. In order to apply the settings in
`/etc/aide/aide.conf` and `/etc/aide/aide.conf.d/*` you have to run
`update-aide.conf` and copy `/var/lib/aide/aide.conf.autogenerated` to
`/etc/aide/aide.conf`.

But this means, next time you make changes to `/etc/aide/aide.conf.d/*` and
run `update-aide.conf`, it'll take the old settings from
`/etc/aide/aide.conf` and **add** to it.

Wouldn't this give undesired results? For example, if
`/etc/aide/aide.conf.d/99_aide_root` has `/ Full`, then the first time you
`update-aide.conf` it will add `/@@{ROOTPREFIX} Full` to
`/etc/aide/aide.conf`. But, if you comment that line out from
`/etc/aide/aide.conf.d/99_aide_root` and run `update-aide.conf` it will add
`/@@{ROOTPREFIX}@@{ROOTPREFIX} Full` to `/etc/aide/aide.conf`.

And you can't just delete `/etc/aide/aide.conf` before running
`update-aide.conf` because it has some important settings like
`database=file:/var/lib/aide/aide.db`.

What is the right way to manage/maintain AIDE settings? My current thought
is to move the stock `/etc/aide/aide.conf` to
`/etc/aide/aide.conf.d/00_aide_stock` and delete `/etc/aide/aide.conf`
before doing `update-aide.conf`. I suppose this would work but it seems
rather hacky and unobvious. I wanted to check in case maybe I am thinking
about this all wrong.

Thank you!
*_Nacho*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20190401/6c5e8fdb/attachment.html>