Support for included files in /etc/aide.d/
Resolves: RHEL-178122
Increase default values for num_workers
Resolves: RHEL-178123
Add pre-configured systemd timer for aide check
Resolves: RHEL-178121
Users upgrading from RHEL 9 (aide 0.16) to RHEL 10 (aide 0.19.2) face
breaking config changes: removed options, renamed options, dropped hashsums,
and deprecated syntax. Without migration the first aide run after upgrade
fails with a fatal parse error (exit code 17).
Adds aide-migrate-config, a script that automatically migrates aide.conf
and all @@include'd files on install or upgrade. It also ships as a
standalone tool for users who need to run it manually.
verbose= is removed without adding replacement log_level= and
report_level= settings; both options default to 'warning' and
'changed_attributes' in AIDE 0.19, so injecting them only clutters
user configs.
Introduce append_setting() to guarantee that any value appended to a
config file starts on a fresh line. Without this, a file lacking a
trailing newline at the point of append would have the new field
concatenated onto the preceding line, silently corrupting the config.
The H group check in needs_migration caused migrate_config_file to run
even when no actual config content needed changing. The result was a
spurious backup and mtime change on the config file during every
0.19.2-5 -> 0.19.2-6 upgrade with an unmodified aide.conf. Move the H
group check to check_and_warn, which runs unconditionally after the
migration loop.
Resolves: RHEL-178317
Signed-off-by: Cropi <alakatos@redhat.com>
syslog_format was a downstream-only RHEL patch against aide 0.16 that
was lost during the rebase to 0.19.2. Users with syslog_format=yes in
their config received a fatal parse error (exit code 17) after upgrade.
Re-implements the option as REPORT_FORMAT_SYSLOG using the 0.19.2
report format module system rather than the old standalone boolean,
fitting the new architecture cleanly. syslog_format=yes/true is
equivalent to report_format=syslog; both spellings are accepted.
Resolves: RHEL-178317
Signed-off-by: Cropi <alakatos@redhat.com>
Document why /boot/grub2/grubenv is excluded from AIDE monitoring. The
file's timestamp gets modified continuously due to the "boot_success"
implementation, which would cause unnecessary noise in security
monitoring reports.
Do not monitor link count in /var/log/journal.
Resolves: RHEL-83776
rebase to 0.19.2
Resolves: RHEL-110573
Switch to libnettle for hashing
prevent aide from crashing if database is a HTTPS URL
Resolves: RHEL-76014
prevent aide from exiting if a file is truncated during check
Resolves: RHEL-1569
