Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   aide error (http://www.linux-archive.org/debian-user/700009-aide-error.html)

09-02-2012 11:25 PM
aide error
 
Helo list

Does somebody know how to deal with this?

# aideinit
Running aide --init...
911:syntax error:� 
911:Error while reading configuration:� 
Configuration error
AIDE --init return code 17

It is an exact copy/paste!

Thanks for your kindness.

PS:
Is there an up to date aide manual/how to, for Debian Squeeze?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: ef2dc683490c67c1324d788e6ec232d3.squirrel@mail.vcn .bc.ca">http://lists.debian.org/ef2dc683490c67c1324d788e6ec232d3.squirrel@mail.vcn .bc.ca

Bob Proulx 09-03-2012 01:00 AM
aide error
 
latinfo@vcn.bc.ca wrote:
> Does somebody know how to deal with this?
>
> # aideinit
> Running aide --init...
> 911:syntax error:� 
> 911:Error while reading configuration:� 
> Configuration error
> AIDE --init return code 17
>
> It is an exact copy/paste!

You have one of these files corrupted / munged:

# ls -log /etc/aide/aide.conf /etc/aide/aide.conf.d

That has 146 files on my system and may be hard to debug to root
cause. But one of those files is corrupted.

The aideinit script concatenates all of those together and generates a
single global overall configuration file from that set:

/var/lib/aide/aide.conf.autogenerated

Look for the problem there. It is on line 911.

# less +911 /var/lib/aide/aide.conf.autogenerated

After you find the error then fix it in the /etc/aide/* file.

Depending upon things you could choose to purge the package, which
would delete all of the /etc/aide files, and then install it again.
You are running 'aideinit' so I assume this is the first time. In
which case there isn't any significant configuration.

> Is there an up to date aide manual/how to, for Debian Squeeze?

The only Debian specific information is:

/usr/share/doc/aide/NEWS.Debian.gz

All else is in the man page and the upstream web documentation.

Bob

Camaleón 09-03-2012 03:51 PM
aide error
 
On Sun, 02 Sep 2012 16:25:18 -0700, latinfo wrote:

> Helo list
>
> Does somebody know how to deal with this?

(...)

It seems to be a known/reported issue:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661758

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k22jlm$vnl$11@ger.gmane.org

09-05-2012 12:03 AM
aide error
 
> On Sun, 02 Sep 2012 16:25:18 -0700, latinfo wrote:
>
>> Helo list
>>
>> Does somebody know how to deal with this?
>
> (...)
>
> It seems to be a known/reported issue:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661758
>
> Greetings,
>
> --
> Camaleón

Thanks to Bob and Camaleon; patching aide works correctly. The patch is at
the link that Camaleon gave before.

Greetings.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: a5a9c2dbaeac48d538550e9258374f95.squirrel@mail.vcn .bc.ca">http://lists.debian.org/a5a9c2dbaeac48d538550e9258374f95.squirrel@mail.vcn .bc.ca

Bob Proulx 09-05-2012 02:19 AM
aide error
 
latinfo@vcn.bc.ca wrote:
> Camaleón wrote:
> > It seems to be a known/reported issue:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661758
>
> Thanks to Bob and Camaleon; patching aide works correctly. The patch is at
> the link that Camaleon gave before.

Oh wow. It is a data dependent problem! The problem is that they
dynamically create aide configuration based upon the contents of /dev
which is variable dependent upon the devices and device labels and
other things that are attached to the system at that moment.

And since that variable user data wasn't expected isn't any escaping
done. So the result is user generated data input (such as unicode
disk labels) improperly quoted. It will work fine on one system but
fail on another depending upon what is attached.

Bob

09-05-2012 04:02 AM
aide error
 
> latinfo@vcn.bc.ca wrote:
>> Camaleón wrote:
>> > It seems to be a known/reported issue:
>> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661758
>>
>> Thanks to Bob and Camaleon; patching aide works correctly. The patch is
>> at
>> the link that Camaleon gave before.
>
> Oh wow. It is a data dependent problem! The problem is that they
> dynamically create aide configuration based upon the contents of /dev
> which is variable dependent upon the devices and device labels and
> other things that are attached to the system at that moment.
>
> And since that variable user data wasn't expected isn't any escaping
> done. So the result is user generated data input (such as unicode
> disk labels) improperly quoted. It will work fine on one system but
> fail on another depending upon what is attached.
>
> Bob

So well, this is the patch:

--- a/aide.conf.d/70_aide_dev 2012-03-04 11:10:49.258794862 +0100
+++ b/aide.conf.d/70_aide_dev 2012-03-04 07:57:26.282852021 +0100
@@ -6,20 +6,11 @@ echo "!/dev/pts/[0-9]{1,2}$"
if [ -e /dev/.udev ]; then
# we have udev

- # We generate a RamdiskData entry for each file found in /dev (as
- # these files change inode and mtim/ctime at each boot anyway).
- # /dev/.static is excluded as this is bind-mounted from the persistent
- # root /dev, which should be a lot more static.
-
# Making this any more paranoid would probably mean to implementing most
# of udev. Please feel free to submit patches ;)
-
- # -path is -wholename on sid, but -path still works on sarge and sid
- find /dev -path /dev/.static -prune -o -print |
- sed -e 's/^(.*)/1$ RamdiskData/'
- -e 's,,\,g' -e 's,.,.,g'
- -e 's,#,#,g'
echo "/dev/.static$ RamdiskData"
+ echo "/dev/.static Full"
+ echo "/dev RamdiskData"
else
# we have static /dev
cat <<EOF

It was not needed on Squeeze amd64 server!



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 69ec219b342e37af9bcdab5ebe43f905.squirrel@mail.vcn .bc.ca">http://lists.debian.org/69ec219b342e37af9bcdab5ebe43f905.squirrel@mail.vcn .bc.ca

Bob Proulx 09-05-2012 04:56 AM
aide error
 
Why did you tag your message as spam? I removed the tag.

latinfo@vcn.bc.ca wrote:
> Bob Proulx wrote:
> > Oh wow. It is a data dependent problem! The problem is that they
> > dynamically create aide configuration based upon the contents of /dev
> > which is variable dependent upon the devices and device labels and
> > other things that are attached to the system at that moment.
> >
> > And since that variable user data wasn't expected isn't any escaping
> > done. So the result is user generated data input (such as unicode
> > disk labels) improperly quoted. It will work fine on one system but
> > fail on another depending upon what is attached.
>
> So well, this is the patch:
> ...
> It was not needed on Squeeze amd64 server!

It is data dependent. Whether you need it or not depends.

> - find /dev -path /dev/.static -prune -o -print |
> - sed -e 's/^(.*)/1$ RamdiskData/'
> - -e 's,,\,g' -e 's,.,.,g'
> - -e 's,#,#,g'

There is the problem. You can run that command manually to see what
output it produces. It produces aide configuration that looks like
this:

/dev$ RamdiskData
/dev/md31$ RamdiskData
/dev/md30$ RamdiskData
...
/dev/disk/by-label$ RamdiskData
/dev/disk/by-label/Debianx20testingx20amd64x201$ RamdiskData
...
/dev/disk/by-id/dm-name-v1-frenzy$ RamdiskData
/dev/disk/by-id/dm-name-v1-lcl$ RamdiskData
/dev/disk/by-id/dm-name-v1-var$ RamdiskData
/dev/disk/by-id/dm-name-v1-home$ RamdiskData
/dev/disk/by-id/dm-name-v1-bak1$ RamdiskData
...
/dev/disk/by-id/usb-Generic_USB_SM_Reader_058F312D81B-0:2$ RamdiskData
/dev/disk/by-id/usb-Generic_USB_SM_Reader_058F312D81B-0:2$ RamdiskData
...
/dev/disk/by-id/scsi-SATA_Hitachi_HDS7210_JP2911HQ1WGRMA-part6$ RamdiskData
...

As you can see there are names that are created by udev to match
things on the user's system. In the above it is printing all of my
lvm partition names of which I only showed a few. It is printing
everything that is attached to the usb bus. It is printing everything
that is on SATA bus. It is printing everything from the cdrom. None
of the above is problematic. But neither was I seeing any problem.

All it takes is for me to have one of those devices, a usb device or a
cdrom with a label where the label contents contain characters,
perhaps unicode characters, perhaps just unexpected content, and the
generated aide data file won't be correct. The sed part was able to
protect some things but it isn't 100% general purpose. It won't
handle some localization. The resulting configuration file would be
problematic. It would throw a syntax error. As it was doing for you.

The patch removes that section from the aide default configuration.
It replaced it with:

+ echo "/dev/.static Full"
+ echo "/dev RamdiskData"

That would certainly avoid the problem.

Bob


All times are GMT. The time now is 01:50 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.