[Pkg-aide-maintainers] Bug#542621: aide: new feature: ignore files changed by system updates

Sun Aug 30 15:49:05 UTC 2009

Hi,

On Sun, Aug 30, 2009 at 05:41:41PM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages at zugschlus.de> wrote:
>> And your patch doesn't completely kill the noise feature, which is
>> something I'd hate to lose. On the other hand, the new code has like
>> six temporary files (I actually stopped counting at some point), and
>> is rather complex for the daily cron job.
>>
>
> Currently I'm merging the filter and the de-noise part, so that
> the de-noised output is also really filtered.

On a second and third though, why don't you implement this in a
dedicated binary so that a normal update round can be like

  - update system
  - run aide --update
  - filter output through new program to see only changes that didn't
    come from a package
  - decide whether to cp aide.db.new to aide.db

That way, the complicated stuff can be implemented, for example, in
perl, since it is not mandatory.

> Additionally I'm developing another feature to compactify the mail
> output. Meaning the "detailed changes" part is outsourced to the log
> file and the "changed files" part looks like
>
> f..s.....mc..C..: /var/log/ConsoleKit/history
>
> instead of
>
> changed: /var/log/ConsoleKit/history

Very nice. Please consider implementing this as a patch to the actual
aide binary which can be submitted upstream. This may be a feature to
be of big use outside Debian..

> The problem with completely re-running aide after system update is that
> either you have to review thousands of changed files or you miss
> changes not related to system update. In my mind the best solution for
> that would be to update only a list of files in aide database. Is that  
> possible?

Not that I know of. This might be worthwhile to implement upstream as
well.

> What "real programming language" would you prefer?

If I can choose, it would be a language that doesn't need a run-time
environment or an interpreter on the target system. aide may be used
on systems that need to be small, thus perl, python, ruby, java and
other interpreted or bytecode languages are ruled out. The more I
think about this, the more I get convinced that shell is just right
for the cron job which is mandatory on all systems. For more complex
systems, "plug-ins" to the cron job could be in other languages,
provided that the cron job basically continues to work without these
plug-ins.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190