[Aide] My personal guide to AIDE

Marc Haber mh+aide at zugschlus.de
Tue Apr 22 14:18:42 EEST 2008 

On Sun, Mar 23, 2008 at 10:08:51PM +0000, Russell Gadd wrote:
> Marc Haber wrote:
> > I am not a big fan of HOWTO type documentation as they lead people to
> > do things that they don't understand.
> > 
> I understand your point if the document encourages people to just follow 
> blindly. However as you say this is a system targeted at experienced 
> sysadmins, and they are reading this because they haven't used aide or 
> haven't used in in Debian. I was suggesting it really as just a summary 
> outline of the steps involved. Otherwise you've got to probably write 
> down your own summary of the operations involved to see the picture, 
> taking parts from all the various documents. Maybe you are right and it 
> would be best to make people get it into their heads by working it out 
> for themselves.
> 
> > I am not a big fan of duplicating information, ...
> 
> Yes, you're a programmer and realise the potential for inconsistency :)

And also the potential for excessive work.

> It looks like you have modified the README more than once since the Etch
> copy which I am using.

Yes, the aide packages evolve.

> 1. "Configuring AIDE the Debian way" 4th para:
> 
> After changing aide configuration, you might want to re-build your
> database either by using the aideinit script, aide --init or aide
> --update.
> 
> Either/or sounds to me like there are only 2 alternatives, you have to
> read this a couple of times to realise that there are 3. I suggest
> 
> After changing your aide configuration, you might want to re-build your
> database either by using the aideinit script, or aide itself via aide
> --init or aide --update.

Applied in svn.

> 2. "Common configuration issues" 2nd para
>    (a) typo: s/encourages/encouraged/
>    (b) "Aide rules can both be ... or .."? - either/or or both?

Both, as long as the file names do not conflict.

>    (c) A few points here, just so it reads better: suggest change
> 
>  From a security point of view, it is
> desir[e]able to have the aide rules come with the respective package,
> since this makes sure that only files are excluded from the aide check
> that are actually in use on the system. This approach minimizes the
> 
> to
> 
>  From a security point of view, it is desirable to have the aide rules
> come with the respective package, since this makes sure that the only
> files excluded from the aide check are those that are actually in use on
> the system. This approach also minimizes the

Applied in svn.

>    (d) Generally the last sentence of this paragraph sounds like you are
>    talking to your fellow maintainers.

Yes, it is.

>  I presume a maintainer can arrange for the new rules to be
>  automatically inserted into /etc/aide/aide.conf.d/. However I'm not
>  sure why your suggested naming convention would really minimise the
>  potential for conflict. Even if the names don't clash presumably the
>  original rules need to be removed.

Yes, that needs to be coordinated with the aide packaging. But since
the files in /etc/aide are dpkg-conffiles, the local admin can
interfere here if the packages are not synchronized.

In an ideal world, Debian will only release if aide rules are in sync
in both aide and "third" packages.

>  I'm out of my depth here, as I don't know how the maintainers
>  cooperate on such things. Ultimately the user will want there to be
>  no clash of rules so maybe you could add "In such a case, if there
>  are existing rules for this package already in the aide configuration
>  they will be in /etc/aide/aide.conf.d/nn_aide_foo and will need to be
>  removed." This doesn't tell the maintainer or the user to do it, but
>  the warning is there.

I have done this a little more verbosely:
Fellow Debian maintainers, if you include aide rules in your package,
please file a bug against aide, so that the respective rules can be
removed from the aide package. Users, if you detect a conflict between
a rule in the aide package and a rule from another package, please
file a bug against aide so that the issue can be cleared up. Of
course, the local admin of a system can locally resolve the rule
conflict by editing the files - they are dpkg-conffiles.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Aide mailing list