Integration with rpm/yum
Brought to you by:
hvhaugwitz,
rvdb
Menu
▾
▴
#27 Integration with rpm/yum
Periodically I've update machines' software with rpm or yum (which is a wrapper for yum).
All of the files that get touched via an update, and the directories that they live in, get changed.
It would be nice to have the packaging information associated with an RPM be used to selectively update entries in the database.
I could do:
% aide --update
% mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
but that's a sledgehammer approach, and unrelated changes would also be unwittingly captured.
The RPM package describes the user, group, mode, SHA, xattrs, and ACL associated with a file. Most of the information that's needed to prime a new (or replacement) entry into aide.db.gz ... The rest can be derived by inspection. For each entry, you'd also need to note that the dirname for that entry (its parent) had also changed, and update the modification time silently.
For new package installs that have associated directories, new entries for those directories would need to be created.
A separate libaide.so would likely be needed, along with Python bindings for it so that it might be callable from inside a yum plugin.
https://github.com/aide/aide/issues/30