Thread: [Aide-devel] aide --check return code
Brought to you by:
hvhaugwitz,
rvdb
From: Steve G. <sg...@re...> - 2006-11-30 11:18:23
|
Hi, We are using the aide package as part of the RBAC self-test requirements. This means that a master script kicks off aide to verify the integrity of trusted databases. The master script really wants to know if there were problems when it runs the --check option, but the return code is "0" regardless of whether it found something or not. Would there be any objections to changing the current behavior such that "1" is returned when it finds files that have changed and "0" otherwise? Thanks, -Steve |
From: Richard v. d. B. <ri...@vd...> - 2006-11-30 11:49:28
|
Steve Grubb wrote: > Would there be any objections to changing the current behavior such that "1" > is returned when it finds files that have changed and "0" otherwise? Not at all. This is also a feature request at Sourceforge: http://sourceforge.net/tracker/index.php?func=detail&aid=1337726&group_id=86976&atid=581582 Apart from returning 0 or 1 when using --check, all error conditions should return another code(s). This should be verified before the return codes of --check can be trusted. If you are planning to make the changes yourself, make sure to submit a patch so I can include it in the aide 0.13 release. Sincerely, Richard van den Berg |
From: Pablo V. <pa...@va...> - 2006-11-30 12:17:53
Attachments:
exitcode.patch
|
On Thu, 30 Nov 2006, Richard van den Berg wrote: > Steve Grubb wrote: > > Would there be any objections to changing the current behavior such that "1" > > is returned when it finds files that have changed and "0" otherwise? > > Not at all. This is also a feature request at Sourceforge: > http://sourceforge.net/tracker/index.php?func=detail&aid=1337726&group_id=86976&atid=581582 > > Apart from returning 0 or 1 when using --check, all error conditions > should return another code(s). This should be verified before the return > codes of --check can be trusted. > > If you are planning to make the changes yourself, make sure to submit a > patch so I can include it in the aide 0.13 release. > > Sincerely, > > Richard van den Berg Exitcodes are nice (and should be easy), so here's a patch for it. <Documentation> If (exitcode>0 && exitcode<8) { if (exitcode&1!=0) { <file addition detected> } if (exitcode&2!=0) { <file deletion detected> } if (exitcode&4!=0) { <file change detected> } } </Documentation> Pablo Virolainen |
From: Steve G. <sg...@re...> - 2006-11-30 18:26:05
|
On Thursday 30 November 2006 07:17, Pablo Virolainen wrote: > Exitcodes are nice (and should be easy) This patch tests out OK for our needs. Thanks, -Steve |
From: Richard v. d. B. <ri...@vd...> - 2006-11-30 19:20:07
|
Steve Grubb wrote: > On Thursday 30 November 2006 07:17, Pablo Virolainen wrote: >> Exitcodes are nice (and should be easy) > > This patch tests out OK for our needs. Did you also check error situations like a corrupt aide.conf file? Aide uses the following codes from includes/report.h: /* Exitcodes */ #define ERROR_WRITING_ERROR 14 #define INVALID_ARGUMENT_ERROR 15 #define UNIMPLEMENTED_FUNCTION_ERROR 16 #define INVALID_CONFIGURELINE_ERROR 17 #define IO_ERROR 18 I believe these are incompatible with the exitcodes patch from Pablo, which I believe implements: (number of new files) * 1 + (number of removed files) * 2 + (number of changed files) * 4 I will negate the above defines so that aide will return 0 when no changes were detected, less than 0 when and error occurred, and the above explained (positive) return codes when changes were detected. All of this only goes for the --check command. I'll also put this in the documentation. Sincerely, Richard van den Berg |
From: Richard v. d. B. <ri...@vd...> - 2006-11-30 19:25:15
|
Never mind, I misread Pablo's code. Wat he implemented is: (new files detected?) * 1 + (removed files detected?) * 2 + (changed files detected?) * 4 Which is always less than 8, and does not conflict with the exit codes from report.h. They will remain unchanged. I'm adding the code to CVS now. Sincerely, Richard van den Berg |
From: Steve G. <sg...@re...> - 2006-11-30 19:33:30
|
On Thursday 30 November 2006 14:19, Richard van den Berg wrote: > Did you also check error situations like a corrupt aide.conf file?=20 No. My thinking was anything other than 0 means a system admin needs to fig= ure=20 out what's wrong. It could be a typo in config file or something mysterious= ly=20 changed...both need investigating. That said, the return code could certain= ly=20 signify what needs to be looked at and maybe help determine how urgent one= =20 needs to investigate. > I believe these are incompatible with the exitcodes patch from Pablo, > which I believe implements: > > (number of new files) =A0 =A0 * 1 + > (number of removed files) * 2 + > (number of changed files) * 4 I was getting a 7 in real world situation...which doesn't appear to be take= n.=20 His patch is always 1 through 7 when any change is detected. > I will negate the above defines so that aide will return 0 when no > changes were detected, less than 0 when and error occurred, and the > above explained (positive) return codes when changes were detected. All > of this only goes for the --check command. Sure, that sounds fine, too. I'd actually like to get a copy of the final=20 patch to pull in to our next release. Thanks, =2DSteve |
From: Richard v. d. B. <ri...@vd...> - 2006-11-30 19:42:38
Attachments:
exitcode-final.patch
|
Steve Grubb wrote: > I'd actually like to get a copy of the final > patch to pull in to our next release. Sure, here's what I just committed to CVS. Sincerely, Richard van den Berg |