#2 open_dir():Not a directory: /bin/login

closed
None
5
2004-11-02
2003-11-05
Michael Schwendt
No

An entry like

=/ p+u+g

in aide.conf with default verbosity of 5 gives lots of
warnings for files upon aide --check, such as:

open_dir():Not a directory: /bin/mktemp
open_dir():Not a directory: /bin/bash
open_dir():Not a directory: /bin/bash2
open_dir():Not a directory: /bin/sh
open_dir():Not a directory: /bin/mount
open_dir():Not a directory: /bin/umount

Discussion

  • Zhi Wen Wong
    Zhi Wen Wong
    2004-07-02

    Logged In: YES
    user_id=1065305

    I found it is because the equal rule isn't implemented in
    compare. For example, "=/bin R". The
    check_node_for_match() function will return 2 (match for
    equal rule) for both /bin and /bin/myfile. Actually,
    /bin/myfile should not return 2 because we want /bin only.

    I modified in my own machine by making
    check_node_for_match() return 0 for /bin/myfile for "=/bin"
    rule.

    I will send the fixed gen_list.c to AIDE developer.

    I paste the diff of CVS's gen_list.c and my gen_list.c here.

    ------------------ cut ------------------
    626a627,651
    > //this is used to check if $text if equal to a node in
    $rxrlist
    > //should be used to check equ_rx_lst only
    > int check_list_for_equal(list* rxrlist,char* text,int* attr)
    > {
    > list* r=NULL;
    > int retval=1;
    > char *temp;
    >
    > for(r=rxrlist;r;r=r->next){
    > temp=((rx_rule*)r->data)->rx;
    >
    > //FIXME, if rx not begin with ^, may need to do
    something else
    > if(temp[0]=='^') //^ is for reg exp, we can ignore
    this character
    > temp++;
    >
    > //we don't need to worry about buff-overflow, so
    strcmp is safe
    > if((retval=strcmp(temp, text))==0){
    > *attr=((rx_rule*)r->data)->attr;
    > error(231,"Matches string from line #%ld:
    %s\n",((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
    > break;
    > }
    > }
    > return retval;
    > }
    >
    659c684,691
    < if(!check_list_for_match(node->equ_rx_lst,text,attr)){
    ---
    > if(!check_list_for_match(node->equ_rx_lst,text,attr)){
    > /*
    > Zhi Wen Wong added this line to fix bug that equ not work
    for
    > compare
    > if we do "=/bin", we should only check /bin
    > so, /bin/bash or /bin/something should return 0 as neg
    > */
    > if(!check_list_for_equal(node->equ_rx_lst,text,attr))
    661c693
    < };
    ---
    > };
    -------------- cut ---------------------------

    I just want to help. But I can be wrong, so please run more
    tests.

     
  • Zhi Wen Wong
    Zhi Wen Wong
    2004-07-02

    Logged In: YES
    user_id=1065305

    may be I can submit using patch next time

     
    • status: open --> closed
     
  • Logged In: YES
    user_id=330646

    What system did you have this problem with? Can you check
    the current CVS version to see if the problem is still there?

     
    • assigned_to: nobody --> rvdb