2027493 – RHEL 8 aide v0.16 is not following the same rule behavior as RHEL 7 aide v0.15

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2027493 - RHEL 8 aide v0.16 is not following the same rule behavior as RHEL 7 aide v0.15

Summary: RHEL 8 aide v0.16 is not following the same rule behavior as RHEL 7 aide v0.15

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	aide
Sub Component:
Version:	8.4
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Radovan Sroka
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-11-29 19:39 UTC by jfaison
Modified:	2023-08-16 15:20 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-08-16 15:19:58 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHEL-1384	None	None	None	2023-08-16 15:19:57 UTC
Red Hat Issue Tracker	RHELPLAN-104199	None	None	None	2021-11-29 19:50:59 UTC
Red Hat Issue Tracker	SECENGSP-4213	None	None	None	2021-11-29 20:21:18 UTC

Description jfaison 2021-11-29 19:39:42 UTC

Description of problem:
In RHEL 7 (aide v.015) using a rule structure like:


   DATAONLY =  p+n+u+g+selinux+acl+xattrs+sha256+ANF
   DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF
   /tmp/aide/target/ DATAONLY 
   =/tmp/aide/target/dironly DIRCHECK 


Would not traverse the directory structure when the "=" was used.  That rule would only include the directory but not it's contents.  This is the customer's desired behavior.


In RHEL 8 (aide v0.16) the same rule will not include the directory and it's contents.  The equal sign (=) no longer appears to remove subdirectories from the matched fileset.

Version-Release number of selected component (if applicable):
aide-0.16-14.el8.x86_64


How reproducible:
Easily

Steps to Reproduce:

mkdir -p /tmp/aide && cd /tmp/aide && rm -rf *
mkdir -p target/dironly/              \
         target/dironly/ignoredir1/   \
         target/dironly/ignoredir2/   \
         target/dironlyincludeall/

touch target/dironly/ignore1.txt             \
      target/dironly/ignoredir1/ignore2.txt  \
      target/dironly/ignoredir2/ignore3.txt  \
      target/dironlyincludeall/file1.txt

cat <<AIDECONF>old.conf
database=file:/tmp/aide/blah.db
database_out=file:/tmp/aide/old.db 
report_url=file:/tmp/aide/old.log
DATAONLY =  p+n+u+g+selinux+acl+xattrs+sha256+ANF
DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF

/tmp/aide/target/ DATAONLY 
=/tmp/aide/target/dironly DIRCHECK     ## Do not traverse these directories when prefixed with =, same behavior if ended with dollar or not
AIDECONF
aide --init --config=/tmp/aide/old.conf; grep -cH ignore old.db; cat -n old.db

Actual results:
For rhel 8:
     1  @@begin_db
     2  # This file was generated by Aide, version 0.16
     3  # Time of generation was 2021-11-19 19:20:11
     4  @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
     5  /tmp/aide/target/dironly 0 13155435037 40755 739331 0 0 0 0 <snip>
     6  /tmp/aide/target/dironly/ignore1.txt 0 14229178397 100644 734649 0 0 1 <snip>
     7  /tmp/aide/target/dironly/ignoredir1 0 13155436573 40755 739332 0 0 2 0 <snip>
     8  /tmp/aide/target/dironly/ignoredir1/ignore2.txt 0 14229178397 100644 734650 0 0 1 <snip>
     9  /tmp/aide/target/dironly/ignoredir2 0 13155436573 40755 739333 0 0 2 0 <snip>
    10  /tmp/aide/target/dironly/ignoredir2/ignore3.txt 0 14229178397 100644 734651 0 0 1 <snip>
    11  /tmp/aide/target/dironlyincludeall 0 13155435037 40755 739334 0 0 0 0 <snip>
    12  /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 734652 0 0 1 <snip>

Expected results:
     1  @@begin_db
     2  # This file was generated by Aide, version 0.15.1
     3  # Time of generation was 2021-11-19 19:20:02
     4  @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
     5  /tmp/aide/target/dironlyincludeall 0 13155436573 40755 1314966 0 0 2 0 snip=
     6  /tmp/aide/target/dironly 0 13155435037 40755 1314963 0 0 0 0 snip=
     7  /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 1313965 0 0 1 snip=

Additional info:
This test was exclusive to RHEL 8 with these versions:

     [root 03084412 ~]# rpm -q aide
     aide-0.16-14.el8.x86_64

     [root 03084412 ~]# aide -v
     Aide 0.16

Comment 1 Kyle Walker 2022-02-08 20:20:31 UTC

Adding debug-level (-V254) output for ubi7 and ubi8:

UBI7:
    # cat old.db 
    @@begin_db
    # This file was generated by Aide, version 0.15.1
    # Time of generation was 2022-02-08 20:13:00
    @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux 
    /tmp/aide/target/dironly 0 13155435037 40755 457376 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironlyincludeall 0 13155435037 40755 403247485 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=

    # cat old.log
    db_init 2
    Opening file "/tmp/aide/old.db" for w+
    db_out is nonnull /tmp/aide/old.db
    db_init 256
    / match=0, tree=0x562548ce47c0, attr=0
    /tmp match=0, tree=0x562548ce47c0, attr=0
    /mnt match=0, tree=0x562548ce47c0, attr=0
    /media match=0, tree=0x562548ce47c0, attr=0
    /run match=0, tree=0x562548ce47c0, attr=0
    /usr match=0, tree=0x562548ce47c0, attr=0
    /proc match=0, tree=0x562548ce47c0, attr=0
    /sbin match=0, tree=0x562548ce47c0, attr=0
    /boot match=0, tree=0x562548ce47c0, attr=0
    /lib64 match=0, tree=0x562548ce47c0, attr=0
    /srv match=0, tree=0x562548ce47c0, attr=0
    /dev match=0, tree=0x562548ce47c0, attr=0
    /home match=0, tree=0x562548ce47c0, attr=0
    /bin match=0, tree=0x562548ce47c0, attr=0
    /var match=0, tree=0x562548ce47c0, attr=0
    /lib match=0, tree=0x562548ce47c0, attr=0
    /etc match=0, tree=0x562548ce47c0, attr=0
    /opt match=0, tree=0x562548ce47c0, attr=0
    /root match=0, tree=0x562548ce47c0, attr=0
    /sys match=0, tree=0x562548ce47c0, attr=0
    /tmp/.X11-unix match=0, tree=0x562548ce47c0, attr=0
    /tmp/.Test-unix match=0, tree=0x562548ce47c0, attr=0
    /tmp/.ICE-unix match=0, tree=0x562548ce47c0, attr=0
    /tmp/yum.log match=0, tree=0x562548ce47c0, attr=0
    /tmp/.font-unix match=0, tree=0x562548ce47c0, attr=0
    /tmp/aide match=0, tree=0x562548ce47c0, attr=0
    /tmp/.XIM-unix match=0, tree=0x562548ce47c0, attr=0
    /tmp/ks-script-t2KMsy match=0, tree=0x562548ce47c0, attr=0
    /tmp/aide/old.db match=0, tree=0x562548ce47c0, attr=0
    /tmp/aide/old.log match=0, tree=0x562548ce47c0, attr=0
    /tmp/aide/target match=0, tree=0x562548ce47c0, attr=0
    /tmp/aide/old.conf match=0, tree=0x562548ce47c0, attr=0
    "/tmp/aide/target/dironly" matches rule from line #9:
    ^/tmp/aide/target/dironly
    /tmp/aide/target/dironly match=2, tree=0x562548ce47c0, attr=13155435036
    /tmp/aide/target/dironly attr=13155435036
    /tmp/aide/target/dironly attr=13155435037
    encode base64, data length: 32
    encode base64, data length: 29
    "/tmp/aide/target/dironlyincludeall" matches rule from line #9:
    ^/tmp/aide/target/dironly
    /tmp/aide/target/dironlyincludeall match=2, tree=0x562548ce47c0,
    attr=13155435036
    /tmp/aide/target/dironlyincludeall attr=13155435036
    /tmp/aide/target/dironlyincludeall attr=13155435037
    encode base64, data length: 32
    encode base64, data length: 29

UBI8:
    # cat old.db
    @@begin_db
    # This file was generated by Aide, version 0.16
    # Time of generation was 2022-02-08 20:05:52
    @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
    /tmp/aide/target/dironly 0 13155435037 40755 269065260 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironly/ignore1.txt 0 14229178397 100644 269071052 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironly/ignoredir1 0 13155436573 40755 403231864 0 0 2 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironly/ignoredir1/ignore2.txt 0 14229178397 100644 403235418 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironly/ignoredir2 0 13155436573 40755 457345 0 0 2 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironly/ignoredir2/ignore3.txt 0 14229178397 100644 457347 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironlyincludeall 0 13155435037 40755 136361865 0 0 0 0 POSIX,dXNlcjo6cnd4Cmdyb3VwOjpyLXgKb3RoZXI6OnIteAo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=
    /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 136361893 0 0 1 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= POSIX,dXNlcjo6cnctCmdyb3VwOjpyLS0Kb3RoZXI6OnItLQo=,0 0 c3lzdGVtX3U6b2JqZWN0X3I6ZnVzZWZzX3Q6czA=

    # cat old.log
    db_init 2
    Opening file "/tmp/aide/old.db" for w+
    db_out is nonnull /tmp/aide/old.db
    db_init 256
    / match=0, tree=0x55f1ee9d4460, attr=0
    /tmp match=0, tree=0x55f1ee9d4460, attr=0
    /mnt match=0, tree=0x55f1ee9d4460, attr=0
    /media match=0, tree=0x55f1ee9d4460, attr=0
    /run match=0, tree=0x55f1ee9d4460, attr=0
    /usr match=0, tree=0x55f1ee9d4460, attr=0
    /sbin match=0, tree=0x55f1ee9d4460, attr=0
    /proc match=0, tree=0x55f1ee9d4460, attr=0
    /boot match=0, tree=0x55f1ee9d4460, attr=0
    /lib64 match=0, tree=0x55f1ee9d4460, attr=0
    /srv match=0, tree=0x55f1ee9d4460, attr=0
    /dev match=0, tree=0x55f1ee9d4460, attr=0
    /home match=0, tree=0x55f1ee9d4460, attr=0
    /bin match=0, tree=0x55f1ee9d4460, attr=0
    /var match=0, tree=0x55f1ee9d4460, attr=0
    /lib match=0, tree=0x55f1ee9d4460, attr=0
    /etc match=0, tree=0x55f1ee9d4460, attr=0
    /opt match=0, tree=0x55f1ee9d4460, attr=0
    /root match=0, tree=0x55f1ee9d4460, attr=0
    /lost+found match=0, tree=0x55f1ee9d4460, attr=0
    /sys match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/ks-script-p8xmfa6f match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/aide match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/ks-script-wlv7jqlh match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/aide/old.db match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/aide/old.log match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/aide/target match=0, tree=0x55f1ee9d4460, attr=0
    /tmp/aide/old.conf match=0, tree=0x55f1ee9d4460, attr=0
    "/tmp/aide/target/dironly" matches (pcre_exec return value: 0) rule from line #9: /tmp/aide/target/dironly
    "/tmp/aide/target/dironly" matches restriction (0) for rule from line #9: /tmp/aide/target/dironly
    check_node_for_match: equal match for '/tmp/aide/target/dironly'
    /tmp/aide/target/dironly match=2, tree=0x55f1ee9d4460, attr=13155435036
    /tmp/aide/target/dironly attr=13155435036
    /tmp/aide/target/dironly attr=13155435037
    "/tmp/aide/target/dironlyincludeall" matches (pcre_exec return value: 0) rule from line #9: /tmp/aide/target/dironly
    "/tmp/aide/target/dironlyincludeall" matches restriction (0) for rule from line #9: /tmp/aide/target/dironly
    check_node_for_match: equal match for '/tmp/aide/target/dironlyincludeall'
    /tmp/aide/target/dironlyincludeall match=2, tree=0x55f1ee9d4460, attr=13155435036
    /tmp/aide/target/dironlyincludeall attr=13155435036
    /tmp/aide/target/dironlyincludeall attr=13155435037
    "/tmp/aide/target/dironly/ignoredir1" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironly/ignoredir1" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir1'
    /tmp/aide/target/dironly/ignoredir1 match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironly/ignoredir1 attr=14229178396
    /tmp/aide/target/dironly/ignoredir1 attr=13155436573
    "/tmp/aide/target/dironly/ignore1.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironly/ignore1.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironly/ignore1.txt'
    /tmp/aide/target/dironly/ignore1.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironly/ignore1.txt attr=14229178396
    /tmp/aide/target/dironly/ignore1.txt attr=14229178397
    "/tmp/aide/target/dironly/ignoredir2" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironly/ignoredir2" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir2'
    /tmp/aide/target/dironly/ignoredir2 match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironly/ignoredir2 attr=14229178396
    /tmp/aide/target/dironly/ignoredir2 attr=13155436573
    "/tmp/aide/target/dironly/ignoredir1/ignore2.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironly/ignoredir1/ignore2.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir1/ignore2.txt'
    /tmp/aide/target/dironly/ignoredir1/ignore2.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironly/ignoredir1/ignore2.txt attr=14229178396
    /tmp/aide/target/dironly/ignoredir1/ignore2.txt attr=14229178397
    "/tmp/aide/target/dironly/ignoredir2/ignore3.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironly/ignoredir2/ignore3.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironly/ignoredir2/ignore3.txt'
    /tmp/aide/target/dironly/ignoredir2/ignore3.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironly/ignoredir2/ignore3.txt attr=14229178396
    /tmp/aide/target/dironly/ignoredir2/ignore3.txt attr=14229178397
    "/tmp/aide/target/dironlyincludeall/file1.txt" matches (pcre_exec return value: 0) rule from line #8: /tmp/aide/target/
    "/tmp/aide/target/dironlyincludeall/file1.txt" matches restriction (0) for rule from line #8: /tmp/aide/target/
    check_node_for_match: selective match for '/tmp/aide/target/dironlyincludeall/file1.txt'
    /tmp/aide/target/dironlyincludeall/file1.txt match=1, tree=0x55f1ee9d4460, attr=14229178396
    /tmp/aide/target/dironlyincludeall/file1.txt attr=14229178396
    /tmp/aide/target/dironlyincludeall/file1.txt attr=14229178397
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 29
    encode base64, data length: 32
    encode base64, data length: 32
    encode base64, data length: 29
    Start timestamp: 2022-02-08 20:05:52 +0000 (AIDE 0.16)
    AIDE initialized database at /tmp/aide/old.db
    Verbose level: 254

    Number of entries:  8

    ---------------------------------------------------
    The attributes of the (uncompressed) database(s):
    ---------------------------------------------------

    /tmp/aide/old.db
    encode base64, data length: 16
      MD5      : OJ4+3tNVJi34kjThsVTlgg==
    encode base64, data length: 20
      SHA1     : YJl91pt7qr9r8IRqgjTzTpK2JAk=
    encode base64, data length: 20
      RMD160   : UbVa776Hj771iAPYOZwVz+OnmvY=
    encode base64, data length: 24
      TIGER    : Pv61F1FqfLHEpybmEv2AH4UTjUm3ebf3
    encode base64, data length: 32
      SHA256   : ry1R3OzYmvhUAfJiBZyrRD3lwKZ5N4dj
                 tS4lOnK7vMc=
    encode base64, data length: 64
      SHA512   : 3bYaMhxNwyRAk3+6sQsX45LJlISTvc5J
                 EMOYbOSXk7JB54C+0GVkXIc3Zu1IeLMD
                 s5vY3gHL44rPTqt3r8BeFQ==


    End timestamp: 2022-02-08 20:05:52 +0000 (run time: 0m 0s)

Comment 8 Radovan Sroka 2023-08-16 15:15:31 UTC

This bug is going to be migrated.

Contact point for migration questions or issues: rsroka
Guidance for Bugzilla users to test their Jira account or create one if needed:

https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016394
https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016694
https://redhat.service-now.com/help?id=kb_article_view&sysparm_article=KB0016774

Note You need to log in before you can comment on or make changes to this bug.