[augeas-devel] rkhunter.conf
Kent Brede
kbrede at unomaha.edu
Fri Apr 4 15:23:13 UTC 2014
As it turns out, I guess unquoted strings are allowed in rkhunter.conf. Until I can learn how to write lenses, I think I'll just quote the two strings and move on. :)
--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu
________________________________
From: Raphaël Pinson <raphael.pinson at camptocamp.com>
Sent: Friday, April 04, 2014 9:29 AM
To: Kent Brede
Cc: augeas-devel
Subject: Re: [augeas-devel] rkhunter.conf
So Shellvars.lns will only work if your unquoted lines were wrong. Otherwise you'll need a specific lens (shouldn't be too hard to write).
--
Raphaël Pinson
Infrastructure Developer & Trainer
+33 479 26 57 93
+33 781 90 00 79
Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget-du-Lac, Cedex
Le 4 avr. 2014 16:02, "Kent Brede" <kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>> a écrit :
OK, I'm a bit farther on this. I followed the instructions here:
https://github.com/hercules-team/augeas/wiki/Loading-specific-files#loading-even-less
After doing a "print" I discovered some errors.
Shellvars doesn't like the following two strings that should be quoted. Apparently EPEL forgot to do that.
SUSPSCAN_DIRS=/tmp /var/tmp
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
After commenting the strings and doing a quick test via Puppet, I verified Shellvars works with this file.
Also just for completeness, in case someone reads this in the future, this is one way to find parse errors:
[root at puppet manifests]# augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
augtool> print /augeas/files/etc/rkhunter.conf
/augeas/files/etc/rkhunter.conf
/augeas/files/etc/rkhunter.conf/path = "/files/etc/rkhunter.conf"
/augeas/files/etc/rkhunter.conf/mtime = "1396619823"
/augeas/files/etc/rkhunter.conf/lens = "Shellvars.lns"
/augeas/files/etc/rkhunter.conf/lens/info = "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
/augeas/files/etc/rkhunter.conf/error = "parse_failed"
/augeas/files/etc/rkhunter.conf/error/pos = "33423"
/augeas/files/etc/rkhunter.conf/error/line = "926"
/augeas/files/etc/rkhunter.conf/error/char = "13"
/augeas/files/etc/rkhunter.conf/error/lens = "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
/augeas/files/etc/rkhunter.conf/error/message = "Syntax error"
Thanks for pointing me in the right direction Ralphael. :)
--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>
________________________________
From: augeas-devel-bounces at redhat.com<mailto:augeas-devel-bounces at redhat.com> <augeas-devel-bounces at redhat.com<mailto:augeas-devel-bounces at redhat.com>> on behalf of Kent Brede <kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>>
Sent: Friday, April 04, 2014 8:02 AM
To: augeas-devel at redhat.com<mailto:augeas-devel at redhat.com>
Subject: Re: [augeas-devel] rkhunter.conf
Thanks for the response Raphael. I tried both version 1.0.0 and 1.1.0. I get no information back from augtool.
[root at firefly ~]# augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
augtool> print /files/etc/rkhunter.conf
augtool>
The file is there.
[root at firefly ~]# ll /etc/rkhunter.conf
-rw-r----- 1 root root 39322 May 13 2012 /etc/rkhunter.conf
The file only contains comments, and options such as:
SUSPSCAN_THRESH=200
SUSPSCAN_DIRS="/tmp /var/tmp"
What am I missing?
--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>
________________________________
From: Raphaël Pinson <raphael.pinson at camptocamp.com<mailto:raphael.pinson at camptocamp.com>>
Sent: Friday, April 04, 2014 4:47 AM
To: Kent Brede
Cc: augeas-devel at redhat.com<mailto:augeas-devel at redhat.com>
Subject: Re: [augeas-devel] rkhunter.conf
Hello Kent,
You don't need to modify the lens in order to test it againt your file. You can just tell Augeas to use this lens for this file. In Augeas >= 1.0.0, you can use:
augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
If your file is present in this location, you should see one of these two:
* Parsed content in /files/etc/rkhunter.conf
* Errors in /augeas/files/etc/rkhunter.conf/error
The only case that I can think of where you wouldn't see any of these (besides the file being absent/empty) is if you're using Augeas 0.7.X, which had a bug in parse error reporting.
Cheers,
Raphaël Pinson
On Thu, Apr 3, 2014 at 11:33 PM, Kent Brede <kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>> wrote:
I'm just getting started with Augeas. Decided I'd like to use it for /etc/rkhunter.conf. It looks to me like shellvars.aug should work for the file. I tried a quick test to see if it would work by adding ". incl "/etc/rkhunter.conf"" under "filter_misc" to shellvars.aug. I realize this isn't probably the approved way of going about this.
What I don't understand is, why doesn't "augtool print /files/etc/rkhunter.conf" report anything back? I see nothing in /augeas//error.
--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>
_______________________________________________
augeas-devel mailing list
augeas-devel at redhat.com<mailto:augeas-devel at redhat.com>
https://www.redhat.com/mailman/listinfo/augeas-devel
--
Raphaël Pinson
Infrastructure Developer & Trainer
+33 479 26 57 93<tel:%2B33%20479%2026%2057%2093>
+33 781 90 00 79<tel:%2B33%20781%2090%2000%2079>
Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget du Lac, Cedex
www.camptocamp.com<http://www.camptocamp.com>
_______________________________________________
augeas-devel mailing list
augeas-devel at redhat.com<mailto:augeas-devel at redhat.com>
https://www.redhat.com/mailman/listinfo/augeas-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20140404/51678612/attachment.htm>
More information about the augeas-devel
mailing list