#31 Paths with dots in aide.conf do not work

0.10
closed-fixed
5
2005-10-05
2005-03-13
Bob Proulx
No

On first look it appears that some filenames are lost
and aide will not scan them for changes. Here is how
you can create one test case for aide-0.10. I used
Debian's sid aide-0.10-4.

mkdir -p /var/tmp/www/www.proulx.com/public_html
echo foo > /var/tmp/www/www.proulx.com/public_html/foo

cat >/var/tmp/www/conf <<EOF
database = file:/var/tmp/www/db
database_out = file:/var/tmp/www/db.new
/var/tmp/www/www.proulx.com/public_html R
EOF

cd /var/tmp/www
find
.
./db
./conf
./www.proulx.com
./www.proulx.com/public_html
./www.proulx.com/public_html/foo

aide --config=/var/tmp/www/conf --init --verbose=255
...
/var/tmp/www/www.proulx.com match=0, tree=6266912, attr=0

Interestingly if I change the dots to underscores
things work.

ln -s www.proulx.com www_proulx_com
perl -pe 's/www.proulx.com/www_proulx_com/' conf > conf_
aide --config=/var/tmp/www/conf_ --init --verbose=255
...
New start_path=/var/tmp/www/www_proulx_com
Matches rule from line #4:
/var/tmp/www/www_proulx_com/public_html

The current CVS source for today exhibits the same
behavior.

Bob Proulx <bob@proulx.com>

Discussion

  • Richard van den Berg

    • summary: fails to match some filenames --> Paths with dots in aide.conf do not work
     
  • Richard van den Berg

    Logged In: YES
    user_id=330646

    I have not been able to figure this one out yet. It seems
    that dots in pathnames inside aide.conf break things. I have
    changed the summary to reflect this.

     
  • Richard van den Berg

    • labels: --> Config Parser
    • milestone: --> 0.10
    • assigned_to: nobody --> rvdb
    • status: open --> closed-fixed
     
  • Richard van den Berg

    Logged In: YES
    user_id=330646

    The problem was that escaping special characters in
    directory names did not work. The correct syntax for your
    test case is:

    /var/tmp/www/www\.proulx\.com/public_html R

    The full set of characters is ()^$*[]. they will need to be
    escaped with a backslash when they are used in directory names.

     
  • Richard van den Berg

    Logged In: YES
    user_id=330646

    This bug/patch has been fixed in CVS. Please note that anonymous
    access to CVS lags about 2 hours behind the authenticated access
    that developers use.

    If you don't know how to use CVS, you can try the daily snapshot
    which within 24 hours should include this change:
    http://aide.sourceforge.net/aide-CVS-snapshot.tar.gz

     
  • Bob Proulx

    Bob Proulx - 2005-10-05

    Logged In: YES
    user_id=123587

    Thank you very much for addressing this issue. But I don't
    understand part of the comments made and would like
    clarification. The path is a regular expression. But the
    comments indicate that all regular expression metacharacters
    must be escaped. But shouldn't a dot be allowed to match
    any filename character?

    It would seem to me then that one.two.three would match
    one.two.three if the dots were not escaped. They would also
    match other letters at the dot, of course, but knowing that
    those do not exist then not escaping the dots would be okay.
    Other paths such as those with brackets and such are not so
    lucky and would need escaping because they do not match
    themselves.

    In any case, when the CVS syncs up I will pull an update and
    test. Thanks again.

     
  • Richard van den Berg

    Logged In: YES
    user_id=330646

    At this moment, regexes in directory names are not
    supported. The selection line is a regex, but it is only
    used as a regex when matching files, not directories. So

    /usr/lib/.*\.so.* R
    /var/log/syslog.* R

    will work. But

    /opt/.*/bin/.* R

    will not. The reason is that the selection path is parsed
    from left to right when looking for directories to traverse.
    This process does not use regex matching, but stops at
    characters that are special to regexes. To avoid this, the
    special characters can be escaped.

    In the future the directory matching might be changed to use
    regex matching. When that happens, the escaping of dots is
    not needed anymore.

     

Log in to post a comment.