Hi,aide is a package that builds checksums of the files on a system and compares them to a database during a daily timer run. It therefore can report changes on the system. Upstream is a DD, and I have been maintaining the package in Debian for two decades now. aide is about 500 absolute and 0.2 % in popcon. There are no reverse dependencies; aide is Suggested by two packages and Recommended by two packages as well.
aide relies on "rules" that prevent wanted and unavoidable changes from being reported. Without rules, aide is nearly useless since it generates thousands of false positives. The current package of aide contains ~ 230 rule files.
trixie has a releasable version of aide, while experimental has the same package with a lot of rules adapted to trixie. I apoligize for not having been able to prepare those any earier.
Here is the diffstat between aide (trixie) and aide (experimental): $ diffstat aide_0.19-2_0.19-2+exp1.debdiff aide-common.dailyaidecheck-buildcache.service | 10 +++ aide-common.dailyaidecheck.service | 2 aide-common.install | 1 aide.conf | 12 +-- aide.conf.d/01_aide_readcache | 27 ++++++++ aide.conf.d/10_aide_basenotations | 8 ++ aide.conf.d/10_aide_bits | 43 +++++++++++++ aide.conf.d/10_aide_bootid | 11 --- aide.conf.d/10_aide_checksums | 17 +++++ aide.conf.d/10_aide_constants | 2 aide.conf.d/10_aide_dateformats | 26 +++++++ aide.conf.d/10_aide_lvm_needsroot | 77 +++++++++++++++++++++++ aide.conf.d/10_aide_machineid | 8 -- aide.conf.d/10_aide_prevyear | 3 aide.conf.d/10_aide_run | 9 ++ aide.conf.d/10_aide_usersuids | 29 ++++++++ aide.conf.d/10_aide_uuid | 3 aide.conf.d/11_aide_dateformats_cury | 18 +++++ aide.conf.d/11_aide_majorminor | 3 aide.conf.d/31_aide_acpid | 14 ++-- aide.conf.d/31_aide_amanda-server | 201 +++++++++++++++++++++++++++++++------------------------------ aide.conf.d/31_aide_apache2 | 20 +++--- aide.conf.d/31_aide_apcupsd | 7 +- aide.conf.d/31_aide_apt | 4 + aide.conf.d/31_aide_apt-cacher-ng | 22 +++--- aide.conf.d/31_aide_aptitude | 19 +++-- aide.conf.d/31_aide_atop | 23 +++--- aide.conf.d/31_aide_bind9 | 19 ++--- aide.conf.d/31_aide_borgbackup | 16 ++-- aide.conf.d/31_aide_checksecurity | 15 ++-- aide.conf.d/31_aide_clamav | 22 ++++-- aide.conf.d/31_aide_clamav-freshclam | 30 +++++---- aide.conf.d/31_aide_clamav-unofficial-sigs | 45 +++++++------ aide.conf.d/31_aide_colord | 2 aide.conf.d/31_aide_cron-apt | 17 ++--- aide.conf.d/31_aide_cups | 22 +++--- aide.conf.d/31_aide_dbus | 4 - aide.conf.d/31_aide_debspawn | 4 - aide.conf.d/31_aide_dehydrated | 8 +- aide.conf.d/31_aide_dev | 30 ++++----- aide.conf.d/31_aide_dokuwiki | 10 +-- aide.conf.d/31_aide_exim4_logs | 5 - aide.conf.d/31_aide_git-annex | 19 +++++ aide.conf.d/31_aide_gnupg | 10 ++- aide.conf.d/31_aide_grub-efi | 13 ++- aide.conf.d/31_aide_haproxy | 13 ++- aide.conf.d/31_aide_icinga2 | 42 +++++++----- aide.conf.d/31_aide_initramfs-tools | 4 - aide.conf.d/31_aide_initscripts | 14 +--- aide.conf.d/31_aide_inn2 | 44 ++++++------- aide.conf.d/31_aide_irqbalance | 2 aide.conf.d/31_aide_lastlog | 2 aide.conf.d/31_aide_libvirt | 12 +-- aide.conf.d/31_aide_lvm2 | 65 +++++++++++++++++-- aide.conf.d/31_aide_netdata | 20 +++--- aide.conf.d/31_aide_network | 5 - aide.conf.d/31_aide_oidentd | 2 aide.conf.d/31_aide_openvpn | 12 ++- aide.conf.d/31_aide_openvpn-server | 6 - aide.conf.d/31_aide_php-common | 15 +++- aide.conf.d/31_aide_postgresql-15 | 34 +++++----- aide.conf.d/31_aide_privoxy | 2 aide.conf.d/31_aide_proftpd | 8 +- aide.conf.d/31_aide_qemu-guest-agent | 1 aide.conf.d/31_aide_rkhunter | 20 +++--- aide.conf.d/31_aide_rsnapshot | 11 ++- aide.conf.d/31_aide_runuser | 40 ++++++------ aide.conf.d/31_aide_samba | 44 ++++--------- aide.conf.d/31_aide_sniproxy | 14 ++-- aide.conf.d/31_aide_squid | 6 - aide.conf.d/31_aide_ssh-agent | 8 +- aide.conf.d/31_aide_ssh-server | 3 aide.conf.d/31_aide_sudo | 3 aide.conf.d/31_aide_systemd | 15 +--- aide.conf.d/31_aide_systemd-journald | 18 +++-- aide.conf.d/31_aide_systemd-networkd | 1 aide.conf.d/31_aide_tiger | 20 +++--- aide.conf.d/31_aide_torrus | 27 ++++---- aide.conf.d/31_aide_tt-rss | 15 ++-- aide.conf.d/31_aide_udev | 80 +++++++++++------------- aide.conf.d/31_aide_wtmp | 4 - aide.conf.d/31_aide_wtmpdb | 4 - aide.conf.d/70_aide_dev | 7 +- aide.conf.d/98_aide_vfat | 6 + bin/buildcache | 49 ++++++++++++++ changelog | 104 +++++++++++++++++++++++++++++++ po/pt.po | 129 +++++++++++++++++---------------------- rules | 1 tests/02-aide-path-check | 3 89 files changed, 1193 insertions(+), 652 deletions(-) [22/4906]mh@salida:~/packages/aide $ I am attaching the 2700 lines of debdiff itself.The vast majority of changes is just plain changes in the regexps that make out the rules. Aide does, however, support exeutable rules, we are using that for about 15 rules, and there was one necessary change to the preparation logic by introducing a cache for gathering information that LVM-related executable rules need as root while the acutal rule building does run unprivileged. This is probably the riskiest change.
The debdiff with the non-exeutable parts removed is "just" about 600 lines:
aide-common.dailyaidecheck-buildcache.service | 10 +++ aide-common.dailyaidecheck.service | 2 aide-common.install | 1 aide.conf | 27 ++++++++ aide.conf.d/10_aide_bootid | 11 --- aide.conf.d/10_aide_lvm_needsroot | 77 +++++++++++++++++++++++ aide.conf.d/10_aide_machineid | 8 -- aide.conf.d/10_aide_usersuids | 29 ++++++++ aide.conf.d/31_aide_amanda-server | 201 +++++++++++++++++++++++++++++++------------------------------ aide.conf.d/31_aide_apt | 4 + bin/buildcache | 49 ++++++++++++++ changelog | 104 +++++++++++++++++++++++++++++++ tests/02-aide-path-check | 3 13 files changed, 413 insertions(+), 113 deletions(-)In my opinion as the package maintainer the new rule set is a huge leap ahead.
I therefore would like to ask the release team to consider accepting the package as it is in experimental (with the version number bumped to 0.19-3) for trixie.
I'll accept no answer as a "no", and of course also an explicit "no". So please feel free to ignore this. Your consideration is appreciated.
If you'd prefer a cherry-picked subset of the changes (for example, just the static changes and nothing that actually changes code) for trixie, I'd happily do that. Even a subset of the changes is an advance for the package. Just let me know and I'll do it.
Looking forward to see you all in Brest. Have good and happy travel.
Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Attachment:
aide_0.19-2_0.19-2+exp1.debdiff.zst
Description: application/zstd