-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-8.4.0
-
None
-
Moderate
-
rhel-sst-security-special-projects
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
In RHEL 7 (aide v.015) using a rule structure like:
DATAONLY = p+n+u+g+selinux+acl+xattrs+sha256+ANF
DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF
/tmp/aide/target/ DATAONLY
=/tmp/aide/target/dironly DIRCHECK
Would not traverse the directory structure when the "=" was used. That rule would only include the directory but not it's contents. This is the customer's desired behavior.
In RHEL 8 (aide v0.16) the same rule will not include the directory and it's contents. The equal sign (=) no longer appears to remove subdirectories from the matched fileset.
Version-Release number of selected component (if applicable):
aide-0.16-14.el8.x86_64
How reproducible:
Easily
Steps to Reproduce:
mkdir -p /tmp/aide && cd /tmp/aide && rm -rf *
mkdir -p target/dironly/ \
target/dironly/ignoredir1/ \
target/dironly/ignoredir2/ \
target/dironlyincludeall/
touch target/dironly/ignore1.txt \
target/dironly/ignoredir1/ignore2.txt \
target/dironly/ignoredir2/ignore3.txt \
target/dironlyincludeall/file1.txt
cat <<AIDECONF>old.conf
database=file:/tmp/aide/blah.db
database_out=file:/tmp/aide/old.db
report_url=file:/tmp/aide/old.log
DATAONLY = p+n+u+g+selinux+acl+xattrs+sha256+ANF
DIRCHECK = p+i+u+g+selinux+acl+xattrs+ANF
/tmp/aide/target/ DATAONLY
=/tmp/aide/target/dironly DIRCHECK ## Do not traverse these directories when prefixed with =, same behavior if ended with dollar or not
AIDECONF
aide --init --config=/tmp/aide/old.conf; grep -cH ignore old.db; cat -n old.db
Actual results:
For rhel 8:
1 @@begin_db
2 # This file was generated by Aide, version 0.16
3 # Time of generation was 2021-11-19 19:20:11
4 @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
5 /tmp/aide/target/dironly 0 13155435037 40755 739331 0 0 0 0 <snip>
6 /tmp/aide/target/dironly/ignore1.txt 0 14229178397 100644 734649 0 0 1 <snip>
7 /tmp/aide/target/dironly/ignoredir1 0 13155436573 40755 739332 0 0 2 0 <snip>
8 /tmp/aide/target/dironly/ignoredir1/ignore2.txt 0 14229178397 100644 734650 0 0 1 <snip>
9 /tmp/aide/target/dironly/ignoredir2 0 13155436573 40755 739333 0 0 2 0 <snip>
10 /tmp/aide/target/dironly/ignoredir2/ignore3.txt 0 14229178397 100644 734651 0 0 1 <snip>
11 /tmp/aide/target/dironlyincludeall 0 13155435037 40755 739334 0 0 0 0 <snip>
12 /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 734652 0 0 1 <snip>
Expected results:
1 @@begin_db
2 # This file was generated by Aide, version 0.15.1
3 # Time of generation was 2021-11-19 19:20:02
4 @@db_spec name lname attr perm inode uid gid lcount sha256 acl xattrs selinux
5 /tmp/aide/target/dironlyincludeall 0 13155436573 40755 1314966 0 0 2 0 snip=
6 /tmp/aide/target/dironly 0 13155435037 40755 1314963 0 0 0 0 snip=
7 /tmp/aide/target/dironlyincludeall/file1.txt 0 14229178397 100644 1313965 0 0 1 snip=
Additional info:
This test was exclusive to RHEL 8 with these versions:
[root 03084412 ~]# rpm -q aide
aide-0.16-14.el8.x86_64
[root 03084412 ~]# aide -v
Aide 0.16
