[augeas-devel] rkhunter.conf
Raphaël Pinson
raphael.pinson at camptocamp.com
Fri Apr 4 15:25:29 UTC 2014
As you wish :-)
Did you try with Simplevars.lns by any chance?
--
Raphaël Pinson
Infrastructure Developer & Trainer
+33 479 26 57 93
+33 781 90 00 79
Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget-du-Lac, Cedex
Le 4 avr. 2014 17:23, "Kent Brede" <kbrede at unomaha.edu> a écrit :
> As it turns out, I guess unquoted strings are allowed in rkhunter.conf.
> Until I can learn how to write lenses, I think I'll just quote the two
> strings and move on. :)
>
>
> --
> Kent Brede
> UNO Linux System Administrator
> kbrede at unomaha.edu
> ------------------------------
> *From:* Raphaël Pinson <raphael.pinson at camptocamp.com>
> *Sent:* Friday, April 04, 2014 9:29 AM
> *To:* Kent Brede
> *Cc:* augeas-devel
> *Subject:* Re: [augeas-devel] rkhunter.conf
>
>
> So Shellvars.lns will only work if your unquoted lines were wrong.
> Otherwise you'll need a specific lens (shouldn't be too hard to write).
>
> --
> Raphaël Pinson
> Infrastructure Developer & Trainer
> +33 479 26 57 93
> +33 781 90 00 79
>
> Camptocamp France
> Savoie Technolac
> BP 352
> 48, avenue du Lac du Bourget
> 73372 Le Bourget-du-Lac, Cedex
> Le 4 avr. 2014 16:02, "Kent Brede" <kbrede at unomaha.edu> a écrit :
>
>> OK, I'm a bit farther on this. I followed the instructions here:
>>
>>
>>
>> https://github.com/hercules-team/augeas/wiki/Loading-specific-files#loading-even-less
>>
>>
>> After doing a "print" I discovered some errors.
>>
>>
>> Shellvars doesn't like the following two strings that should be quoted.
>> Apparently EPEL forgot to do that.
>>
>>
>> SUSPSCAN_DIRS=/tmp /var/tmp
>>
>> DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
>>
>>
>> After commenting the strings and doing a quick test via Puppet, I
>> verified Shellvars works with this file.
>>
>>
>> Also just for completeness, in case someone reads this in the future,
>> this is one way to find parse errors:
>>
>>
>> [root at puppet manifests]# augtool --transform "Shellvars.lns incl
>> /etc/rkhunter.conf"
>> augtool> print /augeas/files/etc/rkhunter.conf
>> /augeas/files/etc/rkhunter.conf
>> /augeas/files/etc/rkhunter.conf/path = "/files/etc/rkhunter.conf"
>> /augeas/files/etc/rkhunter.conf/mtime = "1396619823"
>> /augeas/files/etc/rkhunter.conf/lens = "Shellvars.lns"
>> /augeas/files/etc/rkhunter.conf/lens/info =
>> "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
>> /augeas/files/etc/rkhunter.conf/error = "parse_failed"
>> /augeas/files/etc/rkhunter.conf/error/pos = "33423"
>> /augeas/files/etc/rkhunter.conf/error/line = "926"
>> /augeas/files/etc/rkhunter.conf/error/char = "13"
>> /augeas/files/etc/rkhunter.conf/error/lens =
>> "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
>> /augeas/files/etc/rkhunter.conf/error/message = "Syntax error"
>>
>>
>> Thanks for pointing me in the right direction Ralphael. :)
>>
>>
>> --
>> Kent Brede
>> UNO Linux System Administrator
>> kbrede at unomaha.edu
>> ------------------------------
>> *From:* augeas-devel-bounces at redhat.com <augeas-devel-bounces at redhat.com>
>> on behalf of Kent Brede <kbrede at unomaha.edu>
>> *Sent:* Friday, April 04, 2014 8:02 AM
>> *To:* augeas-devel at redhat.com
>> *Subject:* Re: [augeas-devel] rkhunter.conf
>>
>>
>> Thanks for the response Raphael. I tried both version 1.0.0 and 1.1.0.
>> I get no information back from augtool.
>>
>>
>> [root at firefly ~]# augtool --transform "Shellvars.lns incl
>> /etc/rkhunter.conf"
>> augtool> print /files/etc/rkhunter.conf
>> augtool>
>>
>> The file is there.
>>
>> [root at firefly ~]# ll /etc/rkhunter.conf
>> -rw-r----- 1 root root 39322 May 13 2012 /etc/rkhunter.conf
>>
>> The file only contains comments, and options such as:
>>
>> SUSPSCAN_THRESH=200
>> SUSPSCAN_DIRS="/tmp /var/tmp"
>>
>>
>>
>> What am I missing?
>>
>>
>> --
>> Kent Brede
>> UNO Linux System Administrator
>> kbrede at unomaha.edu
>> ------------------------------
>> *From:* Raphaël Pinson <raphael.pinson at camptocamp.com>
>> *Sent:* Friday, April 04, 2014 4:47 AM
>> *To:* Kent Brede
>> *Cc:* augeas-devel at redhat.com
>> *Subject:* Re: [augeas-devel] rkhunter.conf
>>
>> Hello Kent,
>>
>> You don't need to modify the lens in order to test it againt your file.
>> You can just tell Augeas to use this lens for this file. In Augeas >=
>> 1.0.0, you can use:
>>
>> augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
>>
>> If your file is present in this location, you should see one of these
>> two:
>>
>> * Parsed content in /files/etc/rkhunter.conf
>> * Errors in /augeas/files/etc/rkhunter.conf/error
>>
>> The only case that I can think of where you wouldn't see any of these
>> (besides the file being absent/empty) is if you're using Augeas 0.7.X,
>> which had a bug in parse error reporting.
>>
>>
>> Cheers,
>>
>> Raphaël Pinson
>>
>>
>>
>> On Thu, Apr 3, 2014 at 11:33 PM, Kent Brede <kbrede at unomaha.edu> wrote:
>>
>>> I'm just getting started with Augeas. Decided I'd like to use it for
>>> /etc/rkhunter.conf. It looks to me like shellvars.aug should work for the
>>> file. I tried a quick test to see if it would work by adding ". incl
>>> "/etc/rkhunter.conf"" under "filter_misc" to shellvars.aug. I realize this
>>> isn't probably the approved way of going about this.
>>>
>>> What I don't understand is, why doesn't "augtool print
>>> /files/etc/rkhunter.conf" report anything back? I see nothing in
>>> /augeas//error.
>>>
>>> --
>>> Kent Brede
>>> UNO Linux System Administrator
>>> kbrede at unomaha.edu
>>>
>>> _______________________________________________
>>> augeas-devel mailing list
>>> augeas-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/augeas-devel
>>>
>>
>>
>>
>> --
>> Raphaël Pinson
>> Infrastructure Developer & Trainer
>> +33 479 26 57 93
>> +33 781 90 00 79
>>
>> Camptocamp France
>> Savoie Technolac
>> BP 352
>> 48, avenue du Lac du Bourget
>> 73372 Le Bourget du Lac, Cedex
>> www.camptocamp.com
>>
>> _______________________________________________
>> augeas-devel mailing list
>> augeas-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/augeas-devel
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20140404/98134353/attachment.htm>
More information about the augeas-devel
mailing list