[Pkg-aide-maintainers] pkg-aide development
Hannes von Haugwitz
hannes at vonhaugwitz.com
Mon Aug 31 11:16:40 UTC 2009
Marc Haber <mh+pkg-aide-maintainers at zugschlus.de> wrote:
>
> -rw-r----- 1 root adm 24K 31. Aug 09:07 /var/log/syslog/syslog
> -rw-r----- 1 root adm 6,2M 31. Aug 07:38 /var/log/syslog/syslog-20090831
> -rw-r----- 1 root adm 331K 27. Aug 00:29 /var/log/syslog/syslog-20090827.gz
> -rw-r----- 1 root adm 378K 23. Aug 07:39 /var/log/syslog/syslog-20090823.gz
> -rw-r----- 1 root adm 649K 19. Aug 07:39 /var/log/syslog/syslog-20090819.gz
> -rw-r----- 1 root adm 326K 17. Aug 07:39 /var/log/syslog/syslog-20090817.gz
>
I think it is impossible to statically create rules for such files.
You can't determine the names of the LoSerMemberLog and HiSerMemberLog
because they are changed with every rotation. Dynamically it should work
but it would be very dirty.
>> So would you accept such a patch (with or without handling of dateext)?
>
> I would, if there were a switch to turn this behavior off, and did not
> make up my mind yet whether to have this enabled by default.
Ok.
>
> Probably it would be a good idea to have a framework to "staticize" an
> aide script, running it once and replacing it with its output. That
> way, one could check what it generated and stop the automatism there,
> minimizing the danger of an attacker abusing the mechanism.
If an attacker has root access the game is over anyway.
regards
Hannes
More information about the Pkg-aide-maintainers
mailing list