[Aide] aide.db ignore/include in initial run?

Marc Haber mh+aide at zugschlus.de
Wed Apr 12 10:19:34 EEST 2023 

Hi,

I maintain the packages and the rules in Debian.

On Mon, Apr 10, 2023 at 05:17:41PM -0500, Matt Zagrabelny wrote:
> Running Debian:
> 
> aide-common    0.17.3-4+deb11u1
> 
> After install I run:
> 
> aideinit
> 
> then I run (by hand):
> 
> /etc/cron.daily/aide
> 
> In the resulting email from cron I see:
> 
> ----------%<-----------BEGIN
> Summary:
>   Total number of entries:      163267
>   Added entries:                1
>   Removed entries:              0
>   Changed entries:              0
> 
> ---------------------------------------------------
> Added entries:
> ---------------------------------------------------
> 
> f+++++++++++++++++: /var/lib/aide/aide.db
> ----------%<-----------END

Yes, that's the currently intended behavior.

> Is there a way to have the aideinit determine the checksum value for
> /var/lib/aide/aide.db and include it in the initial run, thus causing the
> initial email to have 0 added entries?

In 0.17.3 there is no clean way to do that. In later versions, you can
do a partly update of the database in a second step.

This is one of the things that you cannot do right.

You could try changing /etc/aide/aide.conf.d/31_aide_aide:

diff --git a/debian/aide.conf.d/31_aide_aide b/debian/aide.conf.d/31_aide_aide
index 48fbcf6..22d995b 100644
--- a/debian/aide.conf.d/31_aide_aide
+++ b/debian/aide.conf.d/31_aide_aide
@@ -1,5 +1,6 @@
 /var/lib/aide$ d VarDir-n
-/var/lib/aide/aide\\.db(\\.new)?$ f VarFile
+/var/lib/aide/aide\\.db\\.new$ f VarFile
+/var/lib/aide/aide\\.db$ f VarFile+ANF
 !/var/lib/aide/dailyaidecheck$ d
 !/var/lib/aide/dailyaidecheck/((error|a(run|err))log|mailfile)$ f
 /var/log/aide$ d VarDir

If you decide to do that, please let me know how it goes. This might be
a valid change for the post-bookworm package as well.

Why are you wondering about this? Are you planning to roll out a big
number of Debian systems using aide?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

More information about the Aide mailing list