Subject: aide: Failed to include files added in aide.conf in the aide db when
it is initialized in case the path of files mentioned in aide.conf are w.r.t
symlink directories
Package: aide
X-Debbugs-Cc: [email protected]
Version: 0.18.3-1+deb12u3
Severity: important
Dear Maintainer,
In case of bullseye (17.0.3), when I tried to add a file under a symlink
directory (/lib) which points to (/usr/lib), and initialized aide database,
I noticed that in case of bullseye it took that as an entry, you can see that
in number of entries.
root@debian:/lib# aide -c /etc/aide/aide.conf --init
Start timestamp: 2025-04-11 14:55:06 +0530 (AIDE 0.17.3)
AIDE initialized database at /var/lib/aide/aide.db.new
Number of entries: 1
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new
SHA256 : 8QfM4/Mro0bQhMCUinAVdTqs8vnp2RvR
gfOdwU81lKg=
SHA512 : 6vEeABuJ9vc6A8ynl1zE0V69+jwPrY5y
POHmNOVSxNbwWY3YCbRmwXOKyoybLKVE
pqU8oaHcE4BsvmiLF3MpLQ==
RMD160 : 3Tk77kKRJWeGOvMjXgEuBUaUJfU=
TIGER : K1w+cRPV6jFCuq3cJ8pSfudnOqu36XbL
CRC32 : qc830g==
HAVAL : WVO2hNph/UhVccxnESrSLNzFiABLdUCg
ZI5clgNjQ5Y=
WHIRLPOOL : hCpWmHis0LPvfmZRVBFAdF09ObwXYCRB
f2u6cH38Bv8FFPBOSQ+et4wzlI+05ukS
8mJIYMag6JljAZQ3/UjKzw==
GOST : 7dxCJCfHe6GOILuDqAnKleB4iIfDSoVX
3EPP/wQZKWE=
End timestamp: 2025-04-11 14:55:06 +0530 (run time: 0m 0s)
And it was able detect changes made to the file (permission change) like below:
Start timestamp: 2025-04-11 14:57:09 +0530 (AIDE 0.17.3)
AIDE found differences between database and filesystem!!
Summary:
Total number of entries: 1
Added entries: 0
Removed entries: 0
Changed entries: 1
---------------------------------------------------
Changed entries:
---------------------------------------------------
f p.. . A. . : /lib/sample
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /lib/sample
Perm : -rw-r--r-- | -rwxrwxrwx
ACL : A: user::rw- | A: user::rwx
A: group::r-- | A: group::rwx
A: other::r-- | A: other::rwx
But when it came to bookworm (18.0.3), when I tried to add a file under a
symlink directory (/lib) and initialized aide database. The file itself is not
taken as an entry in the database.
Start timestamp: 2025-04-11 02:10:43 -0700 (AIDE 0.18.3)
AIDE successfully initialized database.
New AIDE database written to /var/lib/aide/aide.db.new
Ignored e2fs attributes: EINV
Number of entries: 0
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new
MD5 : pl93YpGJN9FrSnoqT0E3dw==
SHA1 : rPt7WKDC/q2REGf6zvHo5TYRXo8=
SHA256 : +Vk/YPBigq7YMPdzEAa2BnhQKpKhcDgO
ufnUJdXz+ww=
SHA512 : wJrUxFj+aQ98FXzB3CgL0TuYips7zww6
FMMOvSOoReI5C+y5ESPOlwayxtYdFetu
ksE3lSPfoZ0XRt0jK6tyUQ==
RMD160 : Q7t7ldGDvKL1dtkWebY7ADg5rF0=
TIGER : Una57HNtE4LT2CtfSQm3/MJJHc0CcMf3
CRC32 : Iks/HQ==
CRC32B : 9KQcKQ==
HAVAL : Ew+OiFudOadA+OXb0OnlLF2dNM7/W3S/
GdxH7C3h4lQ=
WHIRLPOOL : 65MSMeuSnYHCLCgWnMe4C1s8EPylzOVw
ty4A+dG1kRseQRQbmT2RqAOwXgd0HOHs
ipqJzSjmtcnxf+7Wgkdphg==
GOST : jcvRfvMgkH6BaQMTYegf8COtLbaMB/6i
TuLy7JXdZPI=
End timestamp: 2025-04-11 02:10:43 -0700 (run time: 0m 0s)
And eventually it was not able to detect the change as well.
Is this behavior introduced in aide from bookworm ?
-- System Information:
Debian Release: 12.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-32-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages aide depends on:
ii libacl1 2.3.1-3
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u10
ii libcap2 1:2.66-4
ii libext2fs2 1.47.0-2
ii libmhash2 0.9.9.9-9
ii libpcre2-8-0 10.42-1
ii libselinux1 3.4-1+b6
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages aide recommends:
ii aide-common 0.18.3-1+deb12u3
Versions of packages aide suggests:
pn figlet <none>
-- no debconf information
Thanks and regards,
Sai Ashrith
