Debian Bug report logs - #596230
aide accepts the rename of completely different files

version graph

Package: aide; Maintainer for aide is Aide Maintainers <aide@packages.debian.org>; Source for aide is src:aide (PTS, buildd, popcon).

Reported by: Hannes von Haugwitz <hannes@vonhaugwitz.com>

Date: Thu, 9 Sep 2010 13:18:02 UTC

Severity: important

Tags: fixed-upstream, patch

Found in version aide/0.15-2

Fixed in version aide/0.15.1-1

Done: Hannes von Haugwitz <hannes@vonhaugwitz.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Aide Maintainers <pkg-aide-maintainers@lists.alioth.debian.org>:
Bug#596230; Package aide. (Thu, 09 Sep 2010 13:18:05 GMT) (full text, mbox, link).

Acknowledgement sent to Hannes von Haugwitz <hannes@vonhaugwitz.com>:
New Bug report received and forwarded. Copy sent to Aide Maintainers <pkg-aide-maintainers@lists.alioth.debian.org>. (Thu, 09 Sep 2010 13:18:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: aide accepts the rename of completely different files
Date: Thu, 09 Sep 2010 14:59:27 +0200
[Message part 1 (text/plain, inline)]
Package: aide
Version: 0.15-2
Severity: important
Tags: patch

Hi,

aide accepts the rename of completely different files.

For instance the file /var/log/cron-apt/log with the attributes 1ad807cfbd
could get the inode of the recently rotated file /var/log/fail2ban.log.2.gz
with the attributes 1a0400081d.

As the DB_CHECKINODE attribute is set for /var/log/fail2ban.log.2.gz aide
checks if the attributes of the two files differ and throws the following
warning:

Entry "/var/log/fail2ban.log.2.gz" "/var/log/cron-apt/log" in databases has different attributes (here3): 1a0400081d 1ad807cfbd

Then aide checks if the attribute values of these two files have
changed, but instead of checking all attributes aide only checks the
common attributes (which have in this case the same values) and accepts
the changed file name from /var/log/cron-apt/log to /var/log/fail2ban.log.2.gz
(the fact that /var/log/fail2ban.log.2.gz has for instance checksums
attributes set is ignored). Since now there is no corresponding entry in
the old database for /var/log/cron-apt/log the file is wrongly reported
as new.

The first patch fixes that issue.

Due to the changes in the first patch aide would no longer accept file
name changes to files which has the DB_CHECKINODE attribute not set. The
second patch fixes that.

Greetings

Hannes

[0001-Ignore-changed-file-name-if-attributes-does-not-matc.patch (text/x-c, attachment)]
[0002-Allow-absence-of-DB_CHECKINODE-if-file-name-has-chan.patch (text/plain, attachment)]

Added tag(s) fixed-upstream. Request was from Hannes von Haugwitz <hannes@vonhaugwitz.com> to control@bugs.debian.org. (Sat, 11 Sep 2010 04:48:02 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Hannes von Haugwitz <hannes@vonhaugwitz.com> to control@bugs.debian.org. (Tue, 14 Sep 2010 04:54:03 GMT) (full text, mbox, link).

Reply sent to Hannes von Haugwitz <hannes@vonhaugwitz.com>:
You have taken responsibility. (Tue, 14 Sep 2010 08:33:29 GMT) (full text, mbox, link).

Notification sent to Hannes von Haugwitz <hannes@vonhaugwitz.com>:
Bug acknowledged by developer. (Tue, 14 Sep 2010 08:33:29 GMT) (full text, mbox, link).

Message #14 received at 596230-close@bugs.debian.org (full text, mbox, reply):

From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
To: 596230-close@bugs.debian.org
Subject: Bug#596230: fixed in aide 0.15.1-1
Date: Tue, 14 Sep 2010 08:32:13 +0000
Source: aide
Source-Version: 0.15.1-1

We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive:

aide-common_0.15.1-1_all.deb
  to main/a/aide/aide-common_0.15.1-1_all.deb
aide-dynamic_0.15.1-1_amd64.deb
  to main/a/aide/aide-dynamic_0.15.1-1_amd64.deb
aide-xen_0.15.1-1_amd64.deb
  to main/a/aide/aide-xen_0.15.1-1_amd64.deb
aide_0.15.1-1.diff.gz
  to main/a/aide/aide_0.15.1-1.diff.gz
aide_0.15.1-1.dsc
  to main/a/aide/aide_0.15.1-1.dsc
aide_0.15.1-1_amd64.deb
  to main/a/aide/aide_0.15.1-1_amd64.deb
aide_0.15.1.orig.tar.gz
  to main/a/aide/aide_0.15.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 596230@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz <hannes@vonhaugwitz.com> (supplier of updated aide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Sep 2010 08:22:03 +0200
Source: aide
Binary: aide aide-xen aide-dynamic aide-common aide-config-zg2
Architecture: source amd64 all
Version: 0.15.1-1
Distribution: unstable
Urgency: low
Maintainer: Aide Maintainers <pkg-aide-maintainers@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Description: 
 aide       - Advanced Intrusion Detection Environment - static binary
 aide-common - Advanced Intrusion Detection Environment - Common files
 aide-config-zg2 - Advanced Intrusion Detection Environment - Zg2 configuration exte
 aide-dynamic - Advanced Intrusion Detection Environment - dynamic binary
 aide-xen   - Advanced Intrusion Detection Environment - static binary for XEN
Closes: 596230
Changes: 
 aide (0.15.1-1) unstable; urgency=low
 .
   * new upstream version, changes include:
     - fixed bug with DB_CHECKINODE (closes: #596230)
   * 31_aide_rkhunter:
     - adjusted rule for rkhunter.dat and rkhunter.dat.old
   * 31_aide_munin:
     - handle exim_mailstats-<IPv4> in /var/lib/munin/plugin-state/
   * 31_aide_apt:
     - handle backups of APT's extended_states file
Checksums-Sha1: 
 36a676bbab8dc14207c215d59696b329abd5725d 1561 aide_0.15.1-1.dsc
 6bcd9022b15e614befaf689c94d56768d1223715 416936 aide_0.15.1.orig.tar.gz
 78c373584453360cb7f0ce129c8bb17e5b862f96 75934 aide_0.15.1-1.diff.gz
 2007e927ce1c367c9a0b5d5e947358e3c84e81a3 598952 aide_0.15.1-1_amd64.deb
 5a858e983f9669b4fe08838f35f7de2a387df1a8 104032 aide-common_0.15.1-1_all.deb
 f2aba4906e4ecd3b23f1641a2f784e4afa463734 598990 aide-xen_0.15.1-1_amd64.deb
 5b5e1fd6c7d6496a0371a1237b0f28c92aa6b0c8 122428 aide-dynamic_0.15.1-1_amd64.deb
Checksums-Sha256: 
 835dad668331b5f236ce060ce4fa116393f6f569a00859fad4c0ea275ff878a5 1561 aide_0.15.1-1.dsc
 48d46352249daae984c5b44b4b2d4a5c3ade8705328fe7a8b92a6facf94abb1f 416936 aide_0.15.1.orig.tar.gz
 04add4f2291936c33cf51668bdd5ef52207763a5e3ab98d1daa80a2a4e9716cb 75934 aide_0.15.1-1.diff.gz
 71a56dfe7b9dfaf1b8d15f0ee2c346bae773f767aa63b43f9fb8d2f7e901c328 598952 aide_0.15.1-1_amd64.deb
 a6004abca3fd05751014d716cec92e3478605a4599098fb6b4b8d8ab43aeebbb 104032 aide-common_0.15.1-1_all.deb
 2ae84a096f2a90d0ff820572edbe9c0fa096634f8164f4d537b3f18770b22d2b 598990 aide-xen_0.15.1-1_amd64.deb
 e6a99df9c0bbc87d3c84c19f30ab543b7d26d85a994168597faf36bd412c0ca6 122428 aide-dynamic_0.15.1-1_amd64.deb
Files: 
 80bdc65abd46e9015df4e0a1189dd749 1561 admin optional aide_0.15.1-1.dsc
 a2182e88c08141dcc3d73fb28025e385 416936 admin optional aide_0.15.1.orig.tar.gz
 46140c8e03494fd54086538a0ea65ba7 75934 admin optional aide_0.15.1-1.diff.gz
 610d24b131d283fd8dc06f71821dbd36 598952 admin optional aide_0.15.1-1_amd64.deb
 2febf512e983609791ffc083343061f1 104032 admin optional aide-common_0.15.1-1_all.deb
 6e85a8855d90ff1f043327e6fc1c428a 598990 admin extra aide-xen_0.15.1-1_amd64.deb
 73aff87b5346f426fbd3b1b17e988d84 122428 admin extra aide-dynamic_0.15.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyPF4YACgkQiz0NKp2eEfUfFQCgkFQd13TyzqbsmP/BaX0AvTv2
5VkAoIzjFBFX5FybeKBhhEKeASf692Bn
=iNo8
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 23 Oct 2010 07:33:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 08:56:08 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.