[augeas-devel] rkhunter.conf
Raphaël Pinson
raphael.pinson at camptocamp.com
Fri Apr 4 14:29:41 UTC 2014
So Shellvars.lns will only work if your unquoted lines were wrong.
Otherwise you'll need a specific lens (shouldn't be too hard to write).
--
Raphaël Pinson
Infrastructure Developer & Trainer
+33 479 26 57 93
+33 781 90 00 79
Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget-du-Lac, Cedex
Le 4 avr. 2014 16:02, "Kent Brede" <kbrede at unomaha.edu> a écrit :
> OK, I'm a bit farther on this. I followed the instructions here:
>
>
>
> https://github.com/hercules-team/augeas/wiki/Loading-specific-files#loading-even-less
>
>
> After doing a "print" I discovered some errors.
>
>
> Shellvars doesn't like the following two strings that should be quoted.
> Apparently EPEL forgot to do that.
>
>
> SUSPSCAN_DIRS=/tmp /var/tmp
>
> DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
>
>
> After commenting the strings and doing a quick test via Puppet, I
> verified Shellvars works with this file.
>
>
> Also just for completeness, in case someone reads this in the future,
> this is one way to find parse errors:
>
>
> [root at puppet manifests]# augtool --transform "Shellvars.lns incl
> /etc/rkhunter.conf"
> augtool> print /augeas/files/etc/rkhunter.conf
> /augeas/files/etc/rkhunter.conf
> /augeas/files/etc/rkhunter.conf/path = "/files/etc/rkhunter.conf"
> /augeas/files/etc/rkhunter.conf/mtime = "1396619823"
> /augeas/files/etc/rkhunter.conf/lens = "Shellvars.lns"
> /augeas/files/etc/rkhunter.conf/lens/info =
> "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
> /augeas/files/etc/rkhunter.conf/error = "parse_failed"
> /augeas/files/etc/rkhunter.conf/error/pos = "33423"
> /augeas/files/etc/rkhunter.conf/error/line = "926"
> /augeas/files/etc/rkhunter.conf/error/char = "13"
> /augeas/files/etc/rkhunter.conf/error/lens =
> "/usr/share/augeas/lenses/dist/shellvars.aug:163.12-.99:"
> /augeas/files/etc/rkhunter.conf/error/message = "Syntax error"
>
>
> Thanks for pointing me in the right direction Ralphael. :)
>
>
> --
> Kent Brede
> UNO Linux System Administrator
> kbrede at unomaha.edu
> ------------------------------
> *From:* augeas-devel-bounces at redhat.com <augeas-devel-bounces at redhat.com>
> on behalf of Kent Brede <kbrede at unomaha.edu>
> *Sent:* Friday, April 04, 2014 8:02 AM
> *To:* augeas-devel at redhat.com
> *Subject:* Re: [augeas-devel] rkhunter.conf
>
>
> Thanks for the response Raphael. I tried both version 1.0.0 and 1.1.0. I
> get no information back from augtool.
>
>
> [root at firefly ~]# augtool --transform "Shellvars.lns incl
> /etc/rkhunter.conf"
> augtool> print /files/etc/rkhunter.conf
> augtool>
>
> The file is there.
>
> [root at firefly ~]# ll /etc/rkhunter.conf
> -rw-r----- 1 root root 39322 May 13 2012 /etc/rkhunter.conf
>
> The file only contains comments, and options such as:
>
> SUSPSCAN_THRESH=200
> SUSPSCAN_DIRS="/tmp /var/tmp"
>
>
>
> What am I missing?
>
>
> --
> Kent Brede
> UNO Linux System Administrator
> kbrede at unomaha.edu
> ------------------------------
> *From:* Raphaël Pinson <raphael.pinson at camptocamp.com>
> *Sent:* Friday, April 04, 2014 4:47 AM
> *To:* Kent Brede
> *Cc:* augeas-devel at redhat.com
> *Subject:* Re: [augeas-devel] rkhunter.conf
>
> Hello Kent,
>
> You don't need to modify the lens in order to test it againt your file.
> You can just tell Augeas to use this lens for this file. In Augeas >=
> 1.0.0, you can use:
>
> augtool --transform "Shellvars.lns incl /etc/rkhunter.conf"
>
> If your file is present in this location, you should see one of these
> two:
>
> * Parsed content in /files/etc/rkhunter.conf
> * Errors in /augeas/files/etc/rkhunter.conf/error
>
> The only case that I can think of where you wouldn't see any of these
> (besides the file being absent/empty) is if you're using Augeas 0.7.X,
> which had a bug in parse error reporting.
>
>
> Cheers,
>
> Raphaël Pinson
>
>
>
> On Thu, Apr 3, 2014 at 11:33 PM, Kent Brede <kbrede at unomaha.edu> wrote:
>
>> I'm just getting started with Augeas. Decided I'd like to use it for
>> /etc/rkhunter.conf. It looks to me like shellvars.aug should work for the
>> file. I tried a quick test to see if it would work by adding ". incl
>> "/etc/rkhunter.conf"" under "filter_misc" to shellvars.aug. I realize this
>> isn't probably the approved way of going about this.
>>
>> What I don't understand is, why doesn't "augtool print
>> /files/etc/rkhunter.conf" report anything back? I see nothing in
>> /augeas//error.
>>
>> --
>> Kent Brede
>> UNO Linux System Administrator
>> kbrede at unomaha.edu
>>
>> _______________________________________________
>> augeas-devel mailing list
>> augeas-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/augeas-devel
>>
>
>
>
> --
> Raphaël Pinson
> Infrastructure Developer & Trainer
> +33 479 26 57 93
> +33 781 90 00 79
>
> Camptocamp France
> Savoie Technolac
> BP 352
> 48, avenue du Lac du Bourget
> 73372 Le Bourget du Lac, Cedex
> www.camptocamp.com
>
> _______________________________________________
> augeas-devel mailing list
> augeas-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/augeas-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20140404/aa2cd9fa/attachment.htm>
More information about the augeas-devel
mailing list