Debian Bug report logs - #542621
aide: new feature: ignore files changed by system updates

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: aide: new feature: ignore files changed by system updates

Date: Thu, 20 Aug 2009 09:07:09 -0400

[Message part 1 (text/plain, inline)]

Package: aide
Version: 0.13.1-10
Severity: wishlist
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch

I have added a new feature to the aide package: a new option to remove
files that were changed by system updates from the daily e-mail report.

*** /tmp/tmpLpolp2
In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/{cron.daily,default}/aide: add new FILTERUPDATES option that
    removes files changed by system updates from the daily e-mail report.

We thought you might be interested in doing the same. 


-- System Information:
Debian Release: squeeze/sid
  APT prefers karmic-updates
  APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-6-generic (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

[tmpEHVY8m (text/x-diff, attachment)]

Message #10 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>

To: Debian Bug Tracking System <542621@bugs.debian.org>

Subject: Re: aide: new feature: ignore files changed by system updates

Date: Sat, 22 Aug 2009 19:44:30 +0200

[Message part 1 (text/plain, inline)]

Package: aide

Hi,

I'd like to see such a feature in aide package.

The attached patch improves your patch insofar as it really filters
the aide run log instead of just concatenating the filtered
and non-filtered output. Additionally I added a new option to also
filter changed files from new packages.

I've tested the patch in my local environment and it works as
expected.

Regards 

Hannes

[aide_svn_filterupdates_improved.patch (text/x-diff, attachment)]

Message #15 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Hannes von Haugwitz <hannes@vonhaugwitz.com>, 542621@bugs.debian.org, 542621-submitter@bugs.debian.org

Cc: Marc Haber <mh+debian-packages@zugschlus.de>

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 13:22:53 +0200

On Sat, Aug 22, 2009 at 07:44:30PM +0200, Hannes von Haugwitz wrote:
> I'd like to see such a feature in aide package.
> 
> The attached patch improves your patch insofar as it really filters
> the aide run log instead of just concatenating the filtered
> and non-filtered output. Additionally I added a new option to also
> filter changed files from new packages.

And your patch doesn't completely kill the noise feature, which is
something I'd hate to lose. On the other hand, the new code has like
six temporary files (I actually stopped counting at some point), and
is rather complex for the daily cron job.

I am not yet convinced whether this is desireable, and I'd probably
prefer the method of re-running aide after doing system updates.

Is it really necessary to have a temp file orgy like this, or is this
maybe the point where the shell script should be rewritten in a "real"
programming language?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Message #23 received at 542621-quiet@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@canonical.com>

To: Marc Haber <mh+debian-packages@zugschlus.de>, 542621-quiet@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 09:41:01 -0400

On Sun, 2009-08-30 at 13:22 +0200, Marc Haber wrote:
> On Sat, Aug 22, 2009 at 07:44:30PM +0200, Hannes von Haugwitz wrote:
> > I'd like to see such a feature in aide package.
> > 
> > The attached patch improves your patch insofar as it really filters
> > the aide run log instead of just concatenating the filtered
> > and non-filtered output. Additionally I added a new option to also
> > filter changed files from new packages.
> 
> And your patch doesn't completely kill the noise feature, which is
> something I'd hate to lose. On the other hand, the new code has like
> six temporary files (I actually stopped counting at some point), and
> is rather complex for the daily cron job.

Are you implying that the original patch I submitted kills the noise
feature?

Marc.

Message #28 received at 542621-quiet@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Marc Deslauriers <marc.deslauriers@canonical.com>

Cc: 542621-quiet@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 16:21:27 +0200

On Sun, Aug 30, 2009 at 09:41:01AM -0400, Marc Deslauriers wrote:
> On Sun, 2009-08-30 at 13:22 +0200, Marc Haber wrote:
> > On Sat, Aug 22, 2009 at 07:44:30PM +0200, Hannes von Haugwitz wrote:
> > > I'd like to see such a feature in aide package.
> > > 
> > > The attached patch improves your patch insofar as it really filters
> > > the aide run log instead of just concatenating the filtered
> > > and non-filtered output. Additionally I added a new option to also
> > > filter changed files from new packages.
> > 
> > And your patch doesn't completely kill the noise feature, which is
> > something I'd hate to lose. On the other hand, the new code has like
> > six temporary files (I actually stopped counting at some point), and
> > is rather complex for the daily cron job.
> 
> Are you implying that the original patch I submitted kills the noise
> feature?

The patch seems to do this, yes. At least that's what I reckoned from
a quick skim over the patch. And your patch is a tempfile orgy as well
;)

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Message #33 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>

To: Marc Haber <mh+debian-packages@zugschlus.de>

Cc: 542621@bugs.debian.org, 542621-submitter@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 17:41:41 +0200

Marc Haber <mh+debian-packages@zugschlus.de> wrote:

> 
> And your patch doesn't completely kill the noise feature, which is
> something I'd hate to lose. On the other hand, the new code has like
> six temporary files (I actually stopped counting at some point), and
> is rather complex for the daily cron job.
> 

Currently I'm merging the filter and the de-noise part, so that
the de-noised output is also really filtered.

I'll try to reduce the number of needed temporary files.

Additionally I'm developing another feature to compactify the mail
output. Meaning the "detailed changes" part is outsourced to the log
file and the "changed files" part looks like

f..s.....mc..C..: /var/log/ConsoleKit/history

instead of

changed: /var/log/ConsoleKit/history

Every letter represents a changed attribute (in this case: a file (f)
with changed size (s), Mtime (m), Ctime (c) and one or more Checksums (C)).

That means that in mail you only see what attributes have changed but
not how.

> I am not yet convinced whether this is desireable, and I'd probably
> prefer the method of re-running aide after doing system updates.

The problem with completely re-running aide after system update is that
either you have to review thousands of changed files or you miss
changes not related to system update. In my mind the best solution for
that would be to update only a list of files in aide database. Is that 
possible?

> 
> Is it really necessary to have a temp file orgy like this, or is this
> maybe the point where the shell script should be rewritten in a "real"
> programming language?
> 

As said above, I'll reduce the number of temporary files.
What "real programming language" would you prefer?

regards

Hannes

Message #41 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Hannes von Haugwitz <hannes@vonhaugwitz.com>

Cc: 542621@bugs.debian.org, 542621-submitter@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 17:49:05 +0200

Hi,

On Sun, Aug 30, 2009 at 05:41:41PM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages@zugschlus.de> wrote:
>> And your patch doesn't completely kill the noise feature, which is
>> something I'd hate to lose. On the other hand, the new code has like
>> six temporary files (I actually stopped counting at some point), and
>> is rather complex for the daily cron job.
>>
>
> Currently I'm merging the filter and the de-noise part, so that
> the de-noised output is also really filtered.

On a second and third though, why don't you implement this in a
dedicated binary so that a normal update round can be like

  - update system
  - run aide --update
  - filter output through new program to see only changes that didn't
    come from a package
  - decide whether to cp aide.db.new to aide.db

That way, the complicated stuff can be implemented, for example, in
perl, since it is not mandatory.

> Additionally I'm developing another feature to compactify the mail
> output. Meaning the "detailed changes" part is outsourced to the log
> file and the "changed files" part looks like
>
> f..s.....mc..C..: /var/log/ConsoleKit/history
>
> instead of
>
> changed: /var/log/ConsoleKit/history

Very nice. Please consider implementing this as a patch to the actual
aide binary which can be submitted upstream. This may be a feature to
be of big use outside Debian..

> The problem with completely re-running aide after system update is that
> either you have to review thousands of changed files or you miss
> changes not related to system update. In my mind the best solution for
> that would be to update only a list of files in aide database. Is that  
> possible?

Not that I know of. This might be worthwhile to implement upstream as
well.

> What "real programming language" would you prefer?

If I can choose, it would be a language that doesn't need a run-time
environment or an interpreter on the target system. aide may be used
on systems that need to be small, thus perl, python, ruby, java and
other interpreted or bytecode languages are ruled out. The more I
think about this, the more I get convinced that shell is just right
for the cron job which is mandatory on all systems. For more complex
systems, "plug-ins" to the cron job could be in other languages,
provided that the cron job basically continues to work without these
plug-ins.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Message #49 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>

To: Marc Haber <mh+debian-packages@zugschlus.de>

Cc: 542621@bugs.debian.org, 542621-submitter@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 21:42:56 +0200

Marc Haber <mh+debian-packages@zugschlus.de> wrote:
> On a second and third though, why don't you implement this in a
> dedicated binary so that a normal update round can be like
> 
>   - update system
>   - run aide --update
>   - filter output through new program to see only changes that didn't
>     come from a package
>   - decide whether to cp aide.db.new to aide.db
> 
> That way, the complicated stuff can be implemented, for example, in
> perl, since it is not mandatory.

That would be an option. But I think the filter should also work for
single package installations via aptitude install or dpkg -i. So how to
implement that in an automatic way?

> Very nice. Please consider implementing this as a patch to the actual
> aide binary which can be submitted upstream. This may be a feature to
> be of big use outside Debian..

I can do that, but as far as I can judge the truncation of the "Detailed
changes" part has to be done further on in the cron job script.

> Not that I know of. This might be worthwhile to implement upstream as
> well.
> 

see below

> If I can choose, it would be a language that doesn't need a run-time
> environment or an interpreter on the target system. aide may be used
> on systems that need to be small, thus perl, python, ruby, java and
> other interpreted or bytecode languages are ruled out. The more I
> think about this, the more I get convinced that shell is just right
> for the cron job which is mandatory on all systems. For more complex
> systems, "plug-ins" to the cron job could be in other languages,
> provided that the cron job basically continues to work without these
> plug-ins.

Beside your option above I think we have two more options to handle
package changes:

On the one hand we could filter the aide log by adding a plug-in system
to the cron job and writing a filter program which filters the new and
changed files related to package changes.

On the other hand we could modify the aide database before and after
every package change. Thereby it would be possible to also filter
removed files. This requires a new option to aide binary which
allows to partially updating the aide database from a list of files and
a way to run a program before and after every dpkg run. Is that possible?

regards,

Hannes

Message #57 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Hannes von Haugwitz <hannes@vonhaugwitz.com>

Cc: 542621@bugs.debian.org, 542621-submitter@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Sun, 30 Aug 2009 22:40:20 +0200

On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages@zugschlus.de> wrote:
>> On a second and third though, why don't you implement this in a
>> dedicated binary so that a normal update round can be like
>>
>>   - update system
>>   - run aide --update
>>   - filter output through new program to see only changes that didn't
>>     come from a package
>>   - decide whether to cp aide.db.new to aide.db
>>
>> That way, the complicated stuff can be implemented, for example, in
>> perl, since it is not mandatory.
>
> That would be an option. But I think the filter should also work for
> single package installations via aptitude install or dpkg -i. So how to
> implement that in an automatic way?

a single package installation doesn't create _that_ much noise, I'd
handle this the same as a system update, or manually.

>> Very nice. Please consider implementing this as a patch to the actual
>> aide binary which can be submitted upstream. This may be a feature to
>> be of big use outside Debian..
>
> I can do that, but as far as I can judge the truncation of the "Detailed
> changes" part has to be done further on in the cron job script.

Yes, that still needs to happen in the script.

> On the other hand we could modify the aide database before and after
> every package change. Thereby it would be possible to also filter
> removed files. This requires a new option to aide binary which
> allows to partially updating the aide database from a list of files and
> a way to run a program before and after every dpkg run. Is that possible?

I don't know for dpkg, but apt has pre/post hooks. And I think that
upstream would accept a patch to update only parts of the database,
but be aware that an attacker would be able to use that function to
hide his local changes as well.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Message #65 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>

To: 542621@bugs.debian.org

Cc: 542621-submitter@bugs.debian.org

Subject: Re: Bug#542621: aide: new feature: ignore files changed by system updates

Date: Mon, 31 Aug 2009 08:36:57 +0200

Marc Haber <mh+debian-packages@zugschlus.de> wrote:

> On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
>> Marc Haber <mh+debian-packages@zugschlus.de> wrote:
>> That would be an option. But I think the filter should also work for
>> single package installations via aptitude install or dpkg -i. So how to
>> implement that in an automatic way?
> 
> a single package installation doesn't create _that_ much noise, I'd
> handle this the same as a system update, or manually.

It depends. Look at openoffice.org-common or sun-java6-demo package for
example.

> 
>> On the other hand we could modify the aide database before and after
>> every package change. Thereby it would be possible to also filter
>> removed files. This requires a new option to aide binary which
>> allows to partially updating the aide database from a list of files and
>> a way to run a program before and after every dpkg run. Is that possible?
> 
> I don't know for dpkg, but apt has pre/post hooks. And I think that
> upstream would accept a patch to update only parts of the database,
> but be aware that an attacker would be able to use that function to
> hide his local changes as well.
> 

I think the "plug-in system" option would be the easiest to implement
while the "modify database" option is the better approach but
essentially harder to develop.

So how to proceed?

regards,

Hannes

Message #73 received at 542621@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Hannes von Haugwitz <hannes@vonhaugwitz.com>, 542621@bugs.debian.org

Cc: 542621-submitter@bugs.debian.org

Subject: Re: [Pkg-aide-maintainers] Bug#542621: aide: new feature: ignore files changed by system updates

Date: Mon, 31 Aug 2009 09:12:20 +0200

On Mon, Aug 31, 2009 at 08:36:57AM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages@zugschlus.de> wrote:
>> On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
>>> Marc Haber <mh+debian-packages@zugschlus.de> wrote:
>>> That would be an option. But I think the filter should also work for
>>> single package installations via aptitude install or dpkg -i. So how to
>>> implement that in an automatic way?
>>
>> a single package installation doesn't create _that_ much noise, I'd
>> handle this the same as a system update, or manually.
>
> It depends. Look at openoffice.org-common or sun-java6-demo package for
> example.

Both packages are rather not a clientele of a system which will
probably be installed with aide.

>> I don't know for dpkg, but apt has pre/post hooks. And I think that
>> upstream would accept a patch to update only parts of the database,
>> but be aware that an attacker would be able to use that function to
>> hide his local changes as well.
>
> I think the "plug-in system" option would be the easiest to implement
> while the "modify database" option is the better approach but
> essentially harder to develop.
>
> So how to proceed?

Maybe it would be a good idea to solicit upstream's comments first.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Message #81 received at 542621-close@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: 542621-close@bugs.debian.org

Subject: Bug#542621: fixed in aide 0.14~rc3-1

Date: Mon, 01 Mar 2010 21:32:37 +0000

Source: aide
Source-Version: 0.14~rc3-1

We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive:

aide-common_0.14~rc3-1_all.deb
  to main/a/aide/aide-common_0.14~rc3-1_all.deb
aide-dynamic_0.14~rc3-1_i386.deb
  to main/a/aide/aide-dynamic_0.14~rc3-1_i386.deb
aide-xen_0.14~rc3-1_i386.deb
  to main/a/aide/aide-xen_0.14~rc3-1_i386.deb
aide_0.14~rc3-1.diff.gz
  to main/a/aide/aide_0.14~rc3-1.diff.gz
aide_0.14~rc3-1.dsc
  to main/a/aide/aide_0.14~rc3-1.dsc
aide_0.14~rc3-1_i386.deb
  to main/a/aide/aide_0.14~rc3-1_i386.deb
aide_0.14~rc3.orig.tar.gz
  to main/a/aide/aide_0.14~rc3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 542621@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated aide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 28 Feb 2010 17:20:43 +0100
Source: aide
Binary: aide aide-xen aide-dynamic aide-common aide-config-zg2
Architecture: source i386 all
Version: 0.14~rc3-1
Distribution: experimental
Urgency: low
Maintainer: Aide Maintainers <pkg-aide-maintainers@lists.alioth.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Description: 
 aide       - Advanced Intrusion Detection Environment - static binary
 aide-common - Advanced Intrusion Detection Environment - Common files
 aide-config-zg2 - Advanced Intrusion Detection Environment - Zg2 configuration exte
 aide-dynamic - Advanced Intrusion Detection Environment - dynamic binary
 aide-xen   - Advanced Intrusion Detection Environment - static binary for XEN
Closes: 542621
Changes: 
 aide (0.14~rc3-1) experimental; urgency=low
 .
   * NOT YET RELEASED
 .
   [ Marc Haber ]
   * new upstream CVS snapshot
     * snprintf.c from rsync (more compatible license)
     * new summarize_changes option by Hannes von Haugwitz
     * more compatibility with recent autotools (thanks, Steve Grubb)
   * 31_aide_aptitude: add /var/lib/aptitude
   * aide-common.postinst: remove unneeded CONFDIR variable
   * clarify debian/copyright for snprintf.c and fopen.c
   * fix debian/NEWS version number 0.13.1-10
   * fix broken mail addresse in changelog
   * Standards-Version: 3.8.4 (no changes necessary)
 .
   [ Hannes von Haugwitz ]
   * 31_aide_bind9: /var/run/bind/run has been moved to /var/run/named
   * Added options to filter package updates or installations (closes: #542621)
   * debian/rules: enabled xattr, selinux and posix-acl support
   * 10-manpages.dpatch: "block count" patch is now in upstream source
   * cron.daily/aide:
     - adjusted regex for NOISE to work with new summarize_changes option
     - added log file checksum to truncated mail
     - removed duplicated "at" in ""End of AIDE daily cron job" line
     - don't fail when NOISE removes everything
     - replaced obsolete checksums md5 and sha1 with sha256 and sha512
   * 31_aide_svn-server: new
     - handle variable files in svn repositories
     - provide 31_aide_svn-server_settings
   * 31_aide_trac: new
     - handle trac.db in trac repositories
     - provide 31_aide_trac_settings
   * 31_aide_cups: new
     - handle files in /var/run/cups, /var/spool/cups, /var/log/cups
       and /var/cache/cups
   * 31_aide_samba: new
     - handle files in /var/run/samba, /var/log/samba and /var/lib/samba
   * 31_aide_root-dotfiles: new
     - added rules for some dotfiles in root/ (by default disabled)
   * Added option to truncate the detailed part in the mail
   * Added aide.settings.d directory
   * update-aide.conf: added --settingsd option
   * default/aide: added UPAC_SETTINGSD variable
   * 31_aide_apt:
     - read settings file from aide.settings.d
     - warn if 31_local_apt_settings is used
   * Provide aide.settings.d/31_aide_apt_settings
   * Allow LINES=0 to disable option
   * 31_aide_wpasupplicant: new
     - handle files in /var/run/
     - handle log files
     - handle files in /lib/init/rw/wpasupplicant/
   * debian/control:
     - added Vcs-Git and Vcs-Browser fields
     - added libselinux1-dev, libattr1-dev, libacl1-dev to build dependencies
   * 31_aide_postgresql: new (handle log files and pid file)
   * 31_aide_ifplugd: new (handle pid file)
   * 31_aide_dhcp3-client: added INTERFACES variable
   * 31_aide_nfs: new (handle pid files and files in /var/lib/nfs)
   * 31_aide_at: new
     - handle /var/spool/cron/at(spool|jobs)
     - handle /var/run/atd.pid
   * 31_aide_laptop-mode-tools: new
     - handle files in /var/run/laptop-mode-tools
   * 31_aide_nagios3: new
     - handle files in /var/lib/nagios3
     - handle files in /var/log/nagios3
     - handle files in /var/run/nagios3
     - handle files in /var/cache/nagios3
   * 31_aide_slapd: new
     - handle files in /var/lib/ldap/
     - handle files in /var/run/slapd
     - handle /var/run/ldapi
   * 31_aide_nslcd: new (handle files in /var/run/nslcd)
   * 31_aide_dbus: new (handle files in /var/run/dbus)
   * 31_aide_vpnc: new (handle /var/run/vpnc)
   * 31_aide_portmap: new
     - handle /lib/init/rw/sendsigs.omit.d/portmap
     - handle files in /var/run
   * 31_aide_kerberos: new (handle temp files)
   * 31_aide_dhcpd: new (handle pid file)
   * 31_aide_rkhunter:
     - fixed handling of old log file
     - handle files in /var/lib/rkhunter/db/
   * 31_aide_apcupsd: handle /var/lock/LCK..
   * 31_aide_xfree86-common: replaced with empty dummy, rules
     are now in 31_aide_x11-common
   * 31_aide_x11-common: new (handle dirs in /tmp)
   * 31_aide_opie-server: new (handle /etc/opiekeys)
   * 31_aide_network: new (handle /var/run/network)
   * 31_aide_anubis: new (handle pid file)
   * 31_aide_pcscd: new (handle files in /var/run/pcscd)
   * 31_aide_resolvconf: handle files in /lib/init/rw/resolvconf
   * 31_aide_tiger: new (handle /var/lib/tiger/work and files in /var/log/tiger)
   * 31_aide_alsa: new (handle asound.state file)
   * 31_aide_mdadm: new (handle files in /var/run/mdadm and /lib/init/rw/mdadm)
   * 31_aide_rsyslog: handle /lib/init/rw/sendsigs.omit.d/rsyslog
   * 31_aide_lib-init-rw: new (handle some files in /lib/init/rw)
   * 31_aide_hapsd: new (handle pid file)
   * 31_aide_smartmontools: new (handle pid file)
   * 31_aide_mail: new (handle files in /var/mail)
   * 31_aide_fcron: new (handle spool files, fifo and pid file)
   * 31_aide_lighttpd: new (handle log files, pid file and php sockets)
   * 31_aide_nscd: new (handle /var/run/nscd and cache files)
   * 31_aide_aptitude_frqchg: replaced with empty dummy, rules
     are contained in 31_aide_aptitude
   * 31_aide_hald: removed unneeded rule for acl-list file
   * 31_aide_munin:
     - added rule for munin-node pid file
     - fixed handling of files in /var/run/munin/
   * aide.conf:
     - added new rules (VarTime, VarInode, VarDirInode)
     - added link name attribute to InodeData and VarFile
     - added summarize_changes option (by default disabled)
     - added acl, xattrs and selinux attributes to InodeData, VarFile, VarDir,
       VarDirInode and Log
     - replaced obsolete checksums md5 and sha1 with sha256 and sha512
   * 31_aide_lvm2: fixed handling of cache file and added rule for lock dir
   * 31_aide_libvirt-bin: new
     - handle files in /var/run/libvirt
     - handle /var/lib/libvirt/qemu and /var/cache/libvirt/qemu
   * 31_aide_nrpe: new (handle pid file)
   * 31_aide_aptitude: added rules for log rotation and exclude lock file
   * 31_aide_fail2ban: added rules for /var/run/fail2ban, socket and pid file
   * 31_aide_screen: added rule for /var/run/screen
Checksums-Sha1: 
 2841efec141c41c92328c4cebe399971c48ad182 1448 aide_0.14~rc3-1.dsc
 c834ebd48ed4378bd6b3f15d40744158cb302e89 467198 aide_0.14~rc3.orig.tar.gz
 a2b1d31f68d4be9619fef38162b36ccf0759b733 70680 aide_0.14~rc3-1.diff.gz
 da1e5ab1b17d4d6a74f08658cb2e57e4e68dba97 554078 aide_0.14~rc3-1_i386.deb
 3743200f4a69b3c08e8cbf55f9d017384e4d69ca 98820 aide-common_0.14~rc3-1_all.deb
 e0ba818d4fb74ea0048fbfe4690737d36a4e6484 555478 aide-xen_0.14~rc3-1_i386.deb
 cf8aa4bcd2b6f2d34694db0776ac3531e2caa9f3 111396 aide-dynamic_0.14~rc3-1_i386.deb
Checksums-Sha256: 
 700ab1c83ed47e731c2ad4d4e8e44037ebdc4f07ff90aff6f3a3157a44c93e7d 1448 aide_0.14~rc3-1.dsc
 253189f0e21a08aa86b060cea51c96ca49f540400293f1eb6db9008662dad10e 467198 aide_0.14~rc3.orig.tar.gz
 2aa2fab1f7ec2282a0cd783f35d9a9111051e7e9f6e8b49d5e35609129cbc2f2 70680 aide_0.14~rc3-1.diff.gz
 b23ea7e08b3cd24da3b34a694bfca8b9b5233a5f36885408e17d4cde0963ed33 554078 aide_0.14~rc3-1_i386.deb
 227246bbc6603c78960bf305dbf7499709b56f0914c135e7d9a192e2c991f070 98820 aide-common_0.14~rc3-1_all.deb
 bde7703341d2026294ca4bb7996ecd97109002a734f28826f0e86c149ad2b67e 555478 aide-xen_0.14~rc3-1_i386.deb
 cc372c341086790a6dd67e08f3ad6732a6db6abc0b94571c8db290443e78ea2b 111396 aide-dynamic_0.14~rc3-1_i386.deb
Files: 
 2f4c4fb4561d133242c33df489407dfe 1448 admin optional aide_0.14~rc3-1.dsc
 a8f2e59af2abafebc6e123adccde89d4 467198 admin optional aide_0.14~rc3.orig.tar.gz
 1bbaf4a9b99f3b17516a53a56c55714d 70680 admin optional aide_0.14~rc3-1.diff.gz
 1e9621346375618aa075be70c08797e0 554078 admin optional aide_0.14~rc3-1_i386.deb
 58810549e5f5e7c9abf832f2b9c1bb3e 98820 admin optional aide-common_0.14~rc3-1_all.deb
 524f5d31ea685dedb8fa9d15d828ba43 555478 admin optional aide-xen_0.14~rc3-1_i386.deb
 7f07f466d776f672c6995291020648b4 111396 admin optional aide-dynamic_0.14~rc3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuMHSUACgkQgZalRGu6PIQLoACfW9nJsCXpwQv3z26g2CW70sWI
o4EAn3HRHzT11EA5N6GZ8wDKjShjTBzJ
=Qu1j
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.