Accepting request 874872 from home:polslinux:branches:security

- Update default config file to match v0.17 OBS-URL: https://build.opensuse.org/request/show/874872 OBS-URL: https://build.opensuse.org/package/show/security/aide?expand=0&rev=40
2021-02-24 14:06:14 +00:00 · 2021-02-24 14:06:14 +00:00 · 4a50fc21e6
commit 4a50fc21e6
parent f6cb70b2bb
3 changed files with 52 additions and 44 deletions
--- a/aide.changes
+++ b/aide.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update default config file to match v0.17 
+
 -------------------------------------------------------------------
 Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>

--- a/aide.conf
+++ b/aide.conf
@ -1,86 +1,85 @@
 #
-#	AIDE _Example_ Configuration 
+# AIDE _Example_ Configuration 
 #
-#	Thanks to the Debian people and Dirk Müller <dmuell@gmx.net>
+# Thanks to the Debian people and Dirk Müller <dmuell@gmx.net>
 #
-#	Use at your own risk!
+# Use at your own risk!
 #
-#	Matthias G. Eckermann <mge@suse.de>
+# Matthias G. Eckermann <mge@suse.de>
 #

 #
 # Configuration parameters
 #
-database=file:/var/lib/aide/aide.db
+database_in=file:/var/lib/aide/aide.db
 database_out=file:/var/lib/aide/aide.db.new
-verbose=1
 report_url=stdout
 warn_dead_symlinks=yes

 #
 # Custom rules
 #
-Binlib 		= p+i+n+u+g+s+b+m+c+sha256+sha512 
-ConfFiles 	= p+i+n+u+g+s+b+m+c+sha256+sha512
-Logs 		= p+i+n+u+g+S 
-Devices 	= p+i+n+u+g+s+b+c+sha256+sha512
-Databases 	= p+n+u+g 
-StaticDir 	= p+i+n+u+g 
-ManPages 	= p+i+n+u+g+s+b+m+c+sha256+sha512
+Binlib   = p+i+n+u+g+s+b+m+c+sha256+sha512 
+ConfFiles  = p+i+n+u+g+s+b+m+c+sha256+sha512
+Logs   = p+i+n+u+g+S 
+Devices  = p+i+n+u+g+s+b+c+sha256+sha512
+Databases  = p+n+u+g 
+StaticDir  = p+i+n+u+g 
+ManPages  = p+i+n+u+g+s+b+m+c+sha256+sha512

 #
 # Directories and files
 # 
 # Kernel, system map, etc. 
-/boot 					Binlib 
+/boot      Binlib 

 # watch config files, but exclude, what changes at boot time, ...
 !/etc/mtab 
 !/etc/lvm*
-/etc 					ConfFiles
+/etc      ConfFiles

 # Binaries 
-/bin					Binlib 
-/sbin 					Binlib 
+/bin     Binlib 
+/sbin      Binlib 

 # Libraries 
-/lib					Binlib 
+/lib     Binlib 

 # Complete /usr and /opt
-/usr 					Binlib 
-/opt 					Binlib 
+/usr      Binlib 
+/opt      Binlib 

 # Log files 
-/var/log$				StaticDir 
-#/var/log/aide/aide.log(.[0-9])?(.gz)? 	Databases 
-#/var/log/aide/error.log(.[0-9])?(.gz)?	Databases 
-#/var/log/setuid.changes(.[0-9])?(.gz)?	Databases 
-/var/log 				Logs 
+/var/log$    StaticDir 
+#/var/log/aide/aide.log(.[0-9])?(.gz)?  Databases 
+#/var/log/aide/error.log(.[0-9])?(.gz)? Databases 
+#/var/log/setuid.changes(.[0-9])?(.gz)? Databases 
+/var/log     Logs 

 # Devices 
 !/dev/pts 
-/dev 					Devices 
+/dev      Devices 

 # Other miscellaneous files 
-/var/run$ 				StaticDir 
+/var/run$     StaticDir 
 !/var/run 
-/var/lib				Databases
+/var/lib    Databases

 # Test only the directory when dealing with /proc 
-/proc$ 					StaticDir 
+/proc$      StaticDir 
 !/proc 
 
 # manpages can be trojaned, especially depending on *roff implementation 
-#/usr/man 				ManPages 
-#/usr/share/man 			ManPages 
-#/usr/local/man 			ManPages 
+#/usr/man     ManPages 
+#/usr/share/man    ManPages 
+#/usr/local/man    ManPages 
 
 # check sources for modifications 
-#/usr/src 				L 
-#/usr/local/src 			L 
+#/usr/src     L 
+#/usr/local/src    L 

 # Check headers for same 
-#/usr/include 				L 
-#/usr/local/include 			L 
+#/usr/include     L 
+#/usr/local/include    L 


--- a/aide.spec
+++ b/aide.spec
@ -81,10 +81,12 @@ mkdir -p doc/examples%{_sysconfdir}/cron.daily/
 cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh

 %post
-# with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail
-sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf
-sed -i '/verbose=/d' %{_sysconfdir}/aide.conf
-sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf
+if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then
+  # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail
+  sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf
+  sed -i '/verbose=/d' %{_sysconfdir}/aide.conf
+  sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf
+fi

 %check
 rm -rf %{_localstatedir}/tmp/aide-test
@ -95,10 +97,12 @@ install -m 700 -d $TESTDIR%{_localstatedir}/lib/aide
 install -m 700 -d $TESTDIR%{_sysconfdir}
 install -m 600    %{SOURCE1} $TESTDIR%{_sysconfdir}/aide.conf.new
 sed -e "s#%{_localstatedir}/lib/aide#$TESTDIR%{_localstatedir}/lib/aide#g" <$TESTDIR%{_sysconfdir}/aide.conf.new >$TESTDIR%{_sysconfdir}/aide.conf
-# with the 0.17 update, the config file changed a bit. Wwe have to adapt those parameters, otherwise the program will fail
-sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf
-sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf
-sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf
+if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then
+  # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail
+  sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf
+  sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf
+  sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf
+fi
 $TESTDIR/usr/bin/aide -D -c $TESTDIR%{_sysconfdir}/aide.conf
 sleep 2
 sync