Bug 2027493
| Summary: | RHEL 8 aide v0.16 is not following the same rule behavior as RHEL 7 aide v0.15 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | jfaison |
| Component: | aide | Assignee: | Radovan Sroka <rsroka> |
| Status: | CLOSED MIGRATED | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | dapospis, kemyers, kwalker, tscherf |
| Target Milestone: | rc | Keywords: | MigratedToJIRA, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-16 15:19:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Adding debug-level (-V254) output for ubi7 and ubi8:
UBI7:
# cat old.db
@@begin_db
# This file was generated by Aide, version 0.15.1
# Time of generation was 2022-02-08 20:13:00
@@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
/tmp/aide/target/dironly 0 13155435037 40755 457376 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironlyincludeall 0 13155435037 40755 403247485 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
# cat old.log
db_init 2
Opening file "/tmp/aide/old.db" for w+
db_out is nonnull /tmp/aide/old.db
db_init 256
/ match=0, tree=0x562548ce47c0, attr=0
/tmp match=0, tree=0x562548ce47c0, attr=0
/mnt match=0, tree=0x562548ce47c0, attr=0
/media match=0, tree=0x562548ce47c0, attr=0
/run match=0, tree=0x562548ce47c0, attr=0
/usr match=0, tree=0x562548ce47c0, attr=0
/proc match=0, tree=0x562548ce47c0, attr=0
/sbin match=0, tree=0x562548ce47c0, attr=0
/boot match=0, tree=0x562548ce47c0, attr=0
/lib64 match=0, tree=0x562548ce47c0, attr=0
/srv match=0, tree=0x562548ce47c0, attr=0
/dev match=0, tree=0x562548ce47c0, attr=0
/home match=0, tree=0x562548ce47c0, attr=0
/bin match=0, tree=0x562548ce47c0, attr=0
/var match=0, tree=0x562548ce47c0, attr=0
/lib match=0, tree=0x562548ce47c0, attr=0
/etc match=0, tree=0x562548ce47c0, attr=0
/opt match=0, tree=0x562548ce47c0, attr=0
/root match=0, tree=0x562548ce47c0, attr=0
/sys match=0, tree=0x562548ce47c0, attr=0
/tmp/.X11-unix match=0, tree=0x562548ce47c0, attr=0
/tmp/.Test-unix match=0, tree=0x562548ce47c0, attr=0
/tmp/.ICE-unix match=0, tree=0x562548ce47c0, attr=0
/tmp/yum.log match=0, tree=0x562548ce47c0, attr=0
/tmp/.font-unix match=0, tree=0x562548ce47c0, attr=0
/tmp/aide match=0, tree=0x562548ce47c0, attr=0
/tmp/.XIM-unix match=0, tree=0x562548ce47c0, attr=0
/tmp/ks-script-t2KMsy match=0, tree=0x562548ce47c0, attr=0
/tmp/aide/old.db match=0, tree=0x562548ce47c0, attr=0
/tmp/aide/old.log match=0, tree=0x562548ce47c0, attr=0
/tmp/aide/target match=0, tree=0x562548ce47c0, attr=0
/tmp/aide/old.conf match=0, tree=0x562548ce47c0, attr=0
"/tmp/aide/target/dironly" matches rule from line #9:
^/tmp/aide/target/dironly
/tmp/aide/target/dironly match=2, tree=0x562548ce47c0, attr=13155435036
/tmp/aide/target/dironly attr=13155435036
/tmp/aide/target/dironly attr=13155435037
encode base64, data length: 32
encode base64, data length: 29
"/tmp/aide/target/dironlyincludeall" matches rule from line #9:
^/tmp/aide/target/dironly
/tmp/aide/target/dironlyincludeall match=2, tree=0x562548ce47c0,
attr=13155435036
/tmp/aide/target/dironlyincludeall attr=13155435036
/tmp/aide/target/dironlyincludeall attr=13155435037
encode base64, data length: 32
encode base64, data length: 29
UBI8:
# cat old.db
@@begin_db
# This file was generated by Aide, version 0.16
# Time of generation was 2022-02-08 20:05:52
@@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
/tmp/aide/target/dironly 0 13155435037 40755 269065260 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironly/ignore1.txt 0 14229178397 100644 269071052 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironly/ignoredir1 0 13155436573 40755 403231864 0 0 2 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironly/ignoredir1/ignore2.txt 0 14229178397 100644 403235418 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironly/ignoredir2 0 13155436573 40755 457345 0 0 2 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironly/ignoredir2/ignore3.txt 0 14229178397 100644 457347 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironlyincludeall 0 13155435037 40755 136361865 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
/tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 136361893 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
# cat old.log
db_init 2
Opening file "/tmp/aide/old.db" for w+
db_out is nonnull /tmp/aide/old.db
db_init 256
/ match=0, tree=0x55f1ee9d4460, attr=0
/tmp match=0, tree=0x55f1ee9d4460, attr=0
/mnt match=0, tree=0x55f1ee9d4460, attr=0
/media match=0, tree=0x55f1ee9d4460, attr=0
/run match=0, tree=0x55f1ee9d4460, attr=0
/usr match=0, tree=0x55f1ee9d4460, attr=0
/sbin match=0, tree=0x55f1ee9d4460, attr=0
/proc match=0, tree=0x55f1ee9d4460, attr=0
/boot match=0, tree=0x55f1ee9d4460, attr=0
/lib64 match=0, tree=0x55f1ee9d4460, attr=0
/srv match=0, tree=0x55f1ee9d4460, attr=0
/dev match=0, tree=0x55f1ee9d4460, attr=0
/home match=0, tree=0x55f1ee9d4460, attr=0
/bin match=0, tree=0x55f1ee9d4460, attr=0
/var match=0, tree=0x55f1ee9d4460, attr=0
/lib match=0, tree=0x55f1ee9d4460, attr=0
/etc match=0, tree=0x55f1ee9d4460, attr=0
/opt match=0, tree=0x55f1ee9d4460, attr=0
/root match=0, tree=0x55f1ee9d4460, attr=0
/lost+found match=0, tree=0x55f1ee9d4460, attr=0
/sys match=0, tree=0x55f1ee9d4460, attr=0
/tmp/ks-script-p8xmfa6f match=0, tree=0x55f1ee9d4460, attr=0
/tmp/aide match=0, tree=0x55f1ee9d4460, attr=0
/tmp/ks-script-wlv7jqlh match=0, tree=0x55f1ee9d4460, attr=0
/tmp/aide/old.db match=0, tree=0x55f1ee9d4460, attr=0
/tmp/aide/old.log match=0, tree=0x55f1ee9d4460, attr=0
/tmp/aide/target match=0, tree=0x55f1ee9d4460, attr=0
/tmp/aide/old.conf match=0, tree=0x55f1ee9d4460, attr=0
"/tmp/aide/target/dironly" matches (pcre_exec return value: 0) rule from line #9: /tmp/aide/target/dironly
"/tmp/aide/target/dironly" matches restriction (0) for rule from line #9: /tmp/aide/target/dironly
check_node_for_match: equal match for '/tmp/aide/target/dironly'
/tmp/aide/target/dironly match=2, tree=0x55f1ee9d4460, attr=13155435036
/tmp/aide/target/dironly attr=13155435036
/tmp/aide/target/dironly attr=13155435037
"/tmp/aide/target/dironlyincludeall" matches (pcre_exec return value: 0) rule from line #9: /tmp/aide/target/dironly
"/tmp/aide/target/dironlyincludeall" matches restriction (0) for rule from line #9: /tmp/aide/target/dironly
check_node_for_match: equal match for '/tmp/aide/target/dironlyincludeall'
/tmp/aide/target/dironlyincludeall match=2, tree=0x55f1ee9d4460, attr=13155435036
/tmp/aide/target/dironlyincludeall attr=13155435036
/tmp/aide/target/dironlyincludeall attr=13155435037
"/tmp/aide/target/dironly/ignoredir1" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironly/ignoredir1" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir1'
/tmp/aide/target/dironly/ignoredir1 match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironly/ignoredir1 attr=14229178396
/tmp/aide/target/dironly/ignoredir1 attr=13155436573
"/tmp/aide/target/dironly/ignore1.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironly/ignore1.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironly/ignore1.txt'
/tmp/aide/target/dironly/ignore1.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironly/ignore1.txt attr=14229178396
/tmp/aide/target/dironly/ignore1.txt attr=14229178397
"/tmp/aide/target/dironly/ignoredir2" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironly/ignoredir2" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir2'
/tmp/aide/target/dironly/ignoredir2 match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironly/ignoredir2 attr=14229178396
/tmp/aide/target/dironly/ignoredir2 attr=13155436573
"/tmp/aide/target/dironly/ignoredir1/ignore2.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironly/ignoredir1/ignore2.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir1/ignore2.txt'
/tmp/aide/target/dironly/ignoredir1/ignore2.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironly/ignoredir1/ignore2.txt attr=14229178396
/tmp/aide/target/dironly/ignoredir1/ignore2.txt attr=14229178397
"/tmp/aide/target/dironly/ignoredir2/ignore3.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironly/ignoredir2/ignore3.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir2/ignore3.txt'
/tmp/aide/target/dironly/ignoredir2/ignore3.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironly/ignoredir2/ignore3.txt attr=14229178396
/tmp/aide/target/dironly/ignoredir2/ignore3.txt attr=14229178397
"/tmp/aide/target/dironlyincludeall/file1.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
"/tmp/aide/target/dironlyincludeall/file1.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
check_node_for_match: selective match for '/tmp/aide/target/dironlyincludeall/file1.txt'
/tmp/aide/target/dironlyincludeall/file1.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
/tmp/aide/target/dironlyincludeall/file1.txt attr=14229178396
/tmp/aide/target/dironlyincludeall/file1.txt attr=14229178397
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 29
encode base64, data length: 32
encode base64, data length: 32
encode base64, data length: 29
Start timestamp: 2022-02-08 20:05:52 +0000 (AIDE 0.16)
AIDE initialized database at /tmp/aide/old.db
Verbose level: 254
Number of entries: 8
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/tmp/aide/old.db
encode base64, data length: 16
MD5 : OJ4+3tNVJi34kjThsVTlgg==
encode base64, data length: 20
SHA1 : YJl91pt7qr9r8IRqgjTzTpK2JAk=
encode base64, data length: 20
RMD160 : UbVa776Hj771iAPYOZwVz+OnmvY=
encode base64, data length: 24
TIGER : Pv61F1FqfLHEpybmEv2AH4UTjUm3ebf3
encode base64, data length: 32
SHA256 : ry1R3OzYmvhUAfJiBZyrRD3lwKZ5N4dj
tS4lOnK7vMc=
encode base64, data length: 64
SHA512 : 3bYaMhxNwyRAk3+6sQsX45LJlISTvc5J
EMOYbOSXk7JB54C+0GVkXIc3Zu1IeLMD
s5vY3gHL44rPTqt3r8BeFQ==
End timestamp: 2022-02-08 20:05:52 +0000 (run time: 0m 0s)
This bug is going to be migrated. Contact point for migration questions or issues: rsroka Guidance for Bugzilla users to test their Jira account or create one if needed: https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016394 https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016694 https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016774 |
Description of problem: In RHEL 7 (aide v.015) using a rule structure like: DATAONLY = p+n+u+g+selinux+acl+xattrs+sha256+ANF DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF /tmp/aide/target/ DATAONLY =/tmp/aide/target/dironly DIRCHECK Would not traverse the directory structure when the "=" was used. That rule would only include the directory but not it's contents. This is the customer's desired behavior. In RHEL 8 (aide v0.16) the same rule will not include the directory and it's contents. The equal sign (=) no longer appears to remove subdirectories from the matched fileset. Version-Release number of selected component (if applicable): aide-0.16-14.el8.x86_64 How reproducible: Easily Steps to Reproduce: mkdir -p /tmp/aide && cd /tmp/aide && rm -rf * mkdir -p target/dironly/ \ target/dironly/ignoredir1/ \ target/dironly/ignoredir2/ \ target/dironlyincludeall/ touch target/dironly/ignore1.txt \ target/dironly/ignoredir1/ignore2.txt \ target/dironly/ignoredir2/ignore3.txt \ target/dironlyincludeall/file1.txt cat <<AIDECONF>old.conf database=file:/tmp/aide/blah.db database_out=file:/tmp/aide/old.db report_url=file:/tmp/aide/old.log DATAONLY = p+n+u+g+selinux+acl+xattrs+sha256+ANF DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF /tmp/aide/target/ DATAONLY =/tmp/aide/target/dironly DIRCHECK ## Do not traverse these directories when prefixed with =, same behavior if ended with dollar or not AIDECONF aide --init --config=/tmp/aide/old.conf; grep -cH ignore old.db; cat -n old.db Actual results: For rhel 8: 1 @@begin_db 2 # This file was generated by Aide, version 0.16 3 # Time of generation was 2021-11-19 19:20:11 4 @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux 5 /tmp/aide/target/dironly 0 13155435037 40755 739331 0 0 0 0 <snip> 6 /tmp/aide/target/dironly/ignore1.txt 0 14229178397 100644 734649 0 0 1 <snip> 7 /tmp/aide/target/dironly/ignoredir1 0 13155436573 40755 739332 0 0 2 0 <snip> 8 /tmp/aide/target/dironly/ignoredir1/ignore2.txt 0 14229178397 100644 734650 0 0 1 <snip> 9 /tmp/aide/target/dironly/ignoredir2 0 13155436573 40755 739333 0 0 2 0 <snip> 10 /tmp/aide/target/dironly/ignoredir2/ignore3.txt 0 14229178397 100644 734651 0 0 1 <snip> 11 /tmp/aide/target/dironlyincludeall 0 13155435037 40755 739334 0 0 0 0 <snip> 12 /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 734652 0 0 1 <snip> Expected results: 1 @@begin_db 2 # This file was generated by Aide, version 0.15.1 3 # Time of generation was 2021-11-19 19:20:02 4 @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux 5 /tmp/aide/target/dironlyincludeall 0 13155436573 40755 1314966 0 0 2 0 snip= 6 /tmp/aide/target/dironly 0 13155435037 40755 1314963 0 0 0 0 snip= 7 /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 1313965 0 0 1 snip= Additional info: This test was exclusive to RHEL 8 with these versions: [root 03084412 ~]# rpm -q aide aide-0.16-14.el8.x86_64 [root 03084412 ~]# aide -v Aide 0.16