Package: aide
Version: 0.18.3-1+deb12u3
Severity: normal
Hello maintainers,
In a Debian bookworm based OS which is booted in QEMU without any dedicated
home partition.
The /home partition is moved under /var and is symlinked to /var/home.
I have experimented the following 2 scenarios to verify aide's integrity check
after adding "report_url=syslog" to aide.conf
Scenario A:
1. Created a sample file under /home
2.
Added that sample file to aide configuration file like below:
*
#echo "$SAMPLE_FILE VarFile" >> /etc/aide/aide.conf
3. Created aide database file
4. Explicitly modified the sample file.
5. Ran aide check and found that aide is unable to report integrity failures
to syslogs.
Scenario B:
1. Repeated Scenario A, but the only difference is in this scenario sample
file is created under /var/home instead of /home.
2. In this case, after modifying the file and running aide check, aide is
able to report the integrity failures to syslogs.
Is this behaviour expected ?
Thanks and regards,
Sai Ashrith
