[augeas-devel] rkhunter.conf

Kent Brede kbrede at unomaha.edu
Fri Apr 4 14:01:48 UTC 2014 

OK, I'm a bit farther on this.  I followed the instructions here:


https://github.com/hercules-team/augeas/wiki/Loading-specific-files#loading-even-less


After doing a "print" I discovered some errors.


Shellvars doesn't like the following two strings that should be quoted.  Apparently EPEL forgot to do that.


SUSPSCAN_DIRS=/tmp /var/tmp

DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps


After commenting the strings and doing a quick test via Puppet, I verified Shellvars works with this file.


Also just for completeness, in case someone reads this in the future, this is one way to find parse errors:


[root at puppet manifests]# augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
augtool> print /augeas/files/etc/rkhunter.conf
/augeas/files/etc/rkhunter.conf
/augeas/files/etc/rkhunter.conf/path = "/files/etc/rkhunter.conf"
/augeas/files/etc/rkhunter.conf/mtime = "1396619823"
/augeas/files/etc/rkhunter.conf/lens = "Shellvars.lns"
/augeas/files/etc/rkhunter.conf/lens/info = "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
/augeas/files/etc/rkhunter.conf/error = "parse_failed"
/augeas/files/etc/rkhunter.conf/error/pos = "33423"
/augeas/files/etc/rkhunter.conf/error/line = "926"
/augeas/files/etc/rkhunter.conf/error/char = "13"
/augeas/files/etc/rkhunter.conf/error/lens = "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
/augeas/files/etc/rkhunter.conf/error/message = "Syntax error"


Thanks for pointing me in the right direction Ralphael. :)


--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu
________________________________
From: augeas-devel-bounces at redhat.com <augeas-devel-bounces at redhat.com> on behalf of Kent Brede <kbrede at unomaha.edu>
Sent: Friday, April 04, 2014 8:02 AM
To: augeas-devel at redhat.com
Subject: Re: [augeas-devel] rkhunter.conf


Thanks for the response Raphael.  I tried both version 1.0.0 and 1.1.0.  I get no information back from augtool.


[root at firefly ~]# augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
augtool> print /files/etc/rkhunter.conf
augtool>

The file is there.

[root at firefly ~]# ll /etc/rkhunter.conf
-rw-r----- 1 root root 39322 May 13  2012 /etc/rkhunter.conf

The file only contains comments, and options such as:

SUSPSCAN_THRESH=200
SUSPSCAN_DIRS="/tmp /var/tmp"



What am I missing?


--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu
________________________________
From: Raphaël Pinson <raphael.pinson at camptocamp.com>
Sent: Friday, April 04, 2014 4:47 AM
To: Kent Brede
Cc: augeas-devel at redhat.com
Subject: Re: [augeas-devel] rkhunter.conf

Hello Kent,

You don't need to modify the lens in order to test it againt your file. You can just tell Augeas to use this lens for this file. In Augeas >= 1.0.0, you can use:

    augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"

If your file is present in this location, you should see one of these two:

* Parsed content in /files/etc/rkhunter.conf
* Errors in /augeas/files/etc/rkhunter.conf/error

The only case that I can think of where you wouldn't see any of these (besides the file being absent/empty) is if you're using Augeas 0.7.X, which had a bug in parse error reporting.


Cheers,

Raphaël Pinson



On Thu, Apr 3, 2014 at 11:33 PM, Kent Brede <kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>> wrote:
I'm just getting started with Augeas.  Decided I'd like to use it for /etc/rkhunter.conf.  It looks to me like shellvars.aug should work for the file.  I tried a quick test to see if it would work by adding ". incl "/etc/rkhunter.conf"" under "filter_misc" to shellvars.aug.  I realize this isn't probably the approved way of going about this.

What I don't understand is, why doesn't "augtool print /files/etc/rkhunter.conf" report anything back?  I see nothing in /augeas//error.

--
Kent Brede
UNO Linux System Administrator
kbrede at unomaha.edu<mailto:kbrede at unomaha.edu>

_______________________________________________
augeas-devel mailing list
augeas-devel at redhat.com<mailto:augeas-devel at redhat.com>
https://www.redhat.com/mailman/listinfo/augeas-devel



--
Raphaël Pinson
Infrastructure Developer & Trainer
+33 479 26 57 93
+33 781 90 00 79

Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget du Lac, Cedex
www.camptocamp.com<http://www.camptocamp.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20140404/101102ea/attachment.htm>

More information about the augeas-devel mailing list