Public bug reported:
We run AIDE on systems that use unattended-upgrade to install security
patches. When the upgrades run, we often get large email reports from
AIDE. We have FILTERUPDATES=yes in /etc/defaults/aide but the filtering
seems to not be very effective a lot of the time, especially when there
are kernel updates. Excerpt of one of the reports is included below.
Expected behavior is that the report only shows changes that weren't
made as a result of package updates, and that no email is sent if all
the changes were from package updates.
Summary:
Total number of entries: 182042
Added entries: 27157 (filtered: 0)
Removed entries: 0 (filtered: 0)
Changed entries: 32 (filtered: 947)
The following package changes were detected and were filtered from this mail:
libtiff5:amd64 (upgrade)
linux-libc-dev:amd64 (upgrade)
linux-aws:amd64 (upgrade)
linux-image-aws:amd64 (upgrade)
linux-headers-aws:amd64 (upgrade)
---------------------------------------------------
Added entries (filtered: 0):
---------------------------------------------------
f++++++++++++++++: /boot/System.map-4.15.0-1034-aws
f++++++++++++++++: /boot/config-4.15.0-1034-aws
f++++++++++++++++: /boot/initrd.img-4.15.0-1034-aws
f++++++++++++++++: /boot/vmlinuz-4.15.0-1034-aws
f++++++++++++++++: /lib/modprobe.d/blacklist_linux-aws_4.15.0-1034-aws.conf
d++++++++++++++++: /lib/modules/4.15.0-1034-aws
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/initrd
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86
d++++++++++++++++: /lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto
f++++++++++++++++:
/lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/aes-x86_64.ko
f++++++++++++++++:
/lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/aesni-intel.ko
f++++++++++++++++:
/lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/blowfish-x86_64.ko
f++++++++++++++++:
/lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/camellia-aesni-avx-x86_64.ko
f++++++++++++++++:
/lib/modules/4.15.0-1034-aws/kernel/arch/x86/crypto/camellia-aesni-avx2.ko
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: aide 0.16-3
ProcVersionSignature: User Name 4.15.0-1031.33-aws 4.15.18
Uname: Linux 4.15.0-1031-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Wed Mar 13 14:38:12 2019
Ec2AMI: ami-055afcf1091b96750
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1b
Ec2InstanceType: t3.micro
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: aide
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: aide (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic ec2-images
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819927
Title:
package updates not fully filtered by wrapper
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1819927/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
