Bug 510144 - Aide RPM does not verify if config file modified
Aide RPM does not verify if config file modified
Product: Fedora
Classification: Fedora
Component: aide (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Steve Grubb
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-07-07 17:03 EDT by John Horne
Modified: 2009-11-18 10:35 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-11-18 10:35:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Horne 2009-07-07 17:03:08 EDT
Description of problem:
The aide RPM does not verify if the admin modifies the /etc/aide.conf file.

Version-Release number of selected component (if applicable):
(home built using the FC12 spec file, and the aide CVS source code)

How reproducible:

Steps to Reproduce:
1. Install aide
2. Modify /etc/aide.conf to suit your needs
3. Run 'RPM -V aide'
Actual results:
# rpm -V aide
S.5....T c /etc/aide.conf

Expected results:
The aide rpm should verify cleanly (nothing output)

Additional info:
The RPM spec file has a '%verify' option (or something like that) I think that can be specified for config files, so that 'rpm -V' knows not to check the config file as it will probably have been changed.
Comment 1 John Horne 2009-09-08 19:00:50 EDT
Just upgraded my PC to F11, aide version aide-0.13.1-12.fc11.x86_64 (built from the FC12 aide RPM source).

I changed one line in the aide.spec file:

   %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf


   %config(noreplace) %attr(0600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/aide.conf

This sorted out the rpm verify problem.

Comment 2 Steve Grubb 2009-11-18 10:35:49 EST
After discussing this on Fedora-devel mail list, I do not think its a good idea to purposely hide rpm's ability to detect changed config files. Especially for security packages.

Note You need to log in before you can comment on or make changes to this bug.