Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-141674

aide reads /var/log/lastlog file by default while it should just check permissions

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • aide
    • None
    • Yes
    • Important
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      The default /etc/aide.conf we ship has the following directive:

      /var/log/lastlog LSPP

      This leads to reading the file, which can be huge, hence delay aide --init or aide --update by several dozens of minutes.

      It's a regression compared to RHEL9 (the file had PERMS attribute).

      What is the impact of this issue to you?

      Usability of aide compromized

      Please provide the package NVR for which the bug is seen:

      aide-0.18.6-8.el10_1.2

      How reproducible is this bug?

      Always

      Steps to reproduce

      1. Create a large /var/log/lastlog 
        # truncate -s 500GB /var/log/lastlog
      2. Execute aide --init

      Expected results

      Initialization in 1 minute or so.

      Actual results

      Initialization requires 15 minutes or so.

              rh-ee-alakatos Attila Lakatos
              rhn-support-rmetrich Renaud Métrich
              Attila Lakatos Attila Lakatos
              Patrik Končitý Patrik Končitý
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: