Version in base suite: 0.19.1-2+deb13u1 Base version: aide_0.19.1-2+deb13u1 Target version: aide_0.19.1-2+deb13u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/a/aide/aide_0.19.1-2+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/a/aide/aide_0.19.1-2+deb13u2.dsc aide.conf.d/10_aide_bits | 12 +++++ aide.conf.d/10_aide_dateformats | 18 ++++---- aide.conf.d/10_aide_days | 9 +++- aide.conf.d/10_aide_hardware | 4 - aide.conf.d/10_aide_lvm_needsroot | 12 +++++ aide.conf.d/11_aide_dateformats_cury | 32 ++++++++------ aide.conf.d/31_aide_apt-cacher-ng | 13 +++-- aide.conf.d/31_aide_bind9 | 49 ++++++++++++++++------ aide.conf.d/31_aide_console-setup | 1 aide.conf.d/31_aide_cryptsetup | 1 aide.conf.d/31_aide_cups | 1 aide.conf.d/31_aide_dehydrated | 17 ++++--- aide.conf.d/31_aide_dev | 4 - aide.conf.d/31_aide_dokuwiki | 2 aide.conf.d/31_aide_fwupd | 2 aide.conf.d/31_aide_gnupg | 3 - aide.conf.d/31_aide_grub-pc | 3 + aide.conf.d/31_aide_icinga2 | 4 - aide.conf.d/31_aide_ksmtuned | 1 aide.conf.d/31_aide_lighttpd | 17 ++++--- aide.conf.d/31_aide_man | 2 aide.conf.d/31_aide_mariadb | 1 aide.conf.d/31_aide_postgresql | 54 ++++++++++++++++++++++++ aide.conf.d/31_aide_postgresql-15 | 41 ------------------ aide.conf.d/31_aide_radvd | 1 aide.conf.d/31_aide_run_systemd_dynamic-uid | 1 aide.conf.d/31_aide_run_systemd_netif | 7 +-- aide.conf.d/31_aide_samba | 6 ++ aide.conf.d/31_aide_schroot | 2 aide.conf.d/31_aide_spamassassin | 2 aide.conf.d/31_aide_ssh-server | 4 + aide.conf.d/31_aide_sudo | 3 - aide.conf.d/31_aide_systemd | 2 aide.conf.d/31_aide_systemd_sessions | 16 +++++-- aide.conf.d/31_aide_systemd_tmpfiles | 6 ++ aide.conf.d/31_aide_torrus | 5 +- aide.conf.d/31_aide_udev | 61 ++++++++++++++++------------ aide.conf.d/31_aide_valkey | 23 ++++++++++ aide.conf.d/31_aide_xfsprogs | 3 + bin/buildcache | 3 + changelog | 47 +++++++++++++++++++++ 41 files changed, 348 insertions(+), 147 deletions(-) diff -Nru aide-0.19.1/debian/aide.conf.d/10_aide_bits aide-0.19.1/debian/aide.conf.d/10_aide_bits --- aide-0.19.1/debian/aide.conf.d/10_aide_bits 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/10_aide_bits 2025-11-07 20:33:42.000000000 +0000 @@ -40,4 +40,16 @@ # 21 bits: 2097152 @@define BITS_21_D (1?[[:digit:]]{1,6}|20([0-8][[:digit:]]{4}|9([0-6][[:digit:]]{3}|7(0[[:digit:]]{2}|1([0-4][[:digit:]]|5[01]))))) +# 30 bits: 1073741824 +@@define BITS_30_D ([[:digit:]]{1,10}|10([0-6][[:digit:]]{8}|7([01][[:digit:]]{7}|2([0-6][[:digit:]]{6}|7([0-3][[:digit:]]{5}|4([0-7][[:digit:]]{4}|8([01][[:digit:]]{3}|2([0-3][[:digit:]]{2}|4([01][[:digit:]]|2[0-4]))))))))) + +# 31 bits: 2147483648 +@@define BITS_31_D (1?[[:digit:]]{1,10}|20([0-9][[:digit:]]{8}|1([0-3][[:digit:]]{7}|4([0-6][[:digit:]]{6}|7([0-3][[:digit:]]{5}|4([0-7][[:digit:]]{4}|8([0-2][[:digit:]]{3}|3([0-5][[:digit:]]{2}|6([0-3][[:digit:]]|4[0-8]))))))))) + +# 32 bits: 4294967296 +@@define BITS_32_D ([0-3]?[[:digit:]]{1,9}|4([01][[:digit:]]{8}|2([0-8][[:digit:]]{7}|9([0-3][[:digit:]]{6}|4([0-8][[:digit:]]{5}|9([0-5][[:digit:]]{4}|6([0-6][[:digit:]]{3}|7([01][[:digit:]]{2}|2([0-8][[:digit:]]|9[0-6]))))))))) + +# 33 bits: 8589934592 +@@define BITS_33_D ([0-7]?[[:digit:]]{1,9}|8([0-4][[:digit:]]{8}|5([0-7][[:digit:]]{7}|8([0-8][[:digit:]]{6}|9([0-8][[:digit:]]{5}|9([0-2][[:digit:]]{4}|3([0-3][[:digit:]]{3}|4([0-4][[:digit:]]{2}|5([0-8][[:digit:]]|9[0-2]))))))))) + # if you want more please send a patch. the _X suffix is reserved for hex. diff -Nru aide-0.19.1/debian/aide.conf.d/10_aide_dateformats aide-0.19.1/debian/aide.conf.d/10_aide_dateformats --- aide-0.19.1/debian/aide.conf.d/10_aide_dateformats 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/10_aide_dateformats 2025-11-07 20:33:42.000000000 +0000 @@ -10,16 +10,16 @@ @@define DATE_YYYYMMDD @@{YYYY}@@{DATE_MMDD} @@define DATE_DDMMYYYY @@{DATE_DDMM}@@{YYYY} @@define DATE_MMDDYYYY @@{DATE_MMDD}@@{YYYY} -@@define TIME_0_60 [0-5][0-9] +@@define TIME_0_59 ([0-5][0-9]) @@define TIME_0_23 ([01][0-9]|2[0-3]) -@@define TIME_HHMM @@{TIME_0_23}@@{TIME_0_60} -@@define TIME_HHMMSS @@{TIME_HHMM}@@{TIME_0_60} -@@define TIME_HH_MM @@{TIME_0_23}:@@{TIME_0_60} -@@define TIME_HH_MM_SS @@{TIME_HH_MM}:@@{TIME_0_60} -@@define TIME_ISO @@{TIME_0_23}:@@{TIME_0_60}:@@{TIME_0_60}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_60}) -@@define DATETIME_ISO8601 @@{YYYY}-@@{DATE_MM_DD}T@@{TIME_0_23}:@@{TIME_0_60}:@@{TIME_0_60}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_60}) -@@define DATETIME_COMPACT @@{YYYY}@@{DATE_MMDD}T@@{TIME_0_23}@@{TIME_0_60}@@{TIME_0_60} -@@define DATETIME_SPACE @@{YYYY}-@@{DATE_MM_DD}[[:space:]]@@{TIME_0_23}:@@{TIME_0_60}(:@@{TIME_0_60})? +@@define TIME_HHMM @@{TIME_0_23}@@{TIME_0_59} +@@define TIME_HHMMSS @@{TIME_HHMM}@@{TIME_0_59} +@@define TIME_HH_MM @@{TIME_0_23}:@@{TIME_0_59} +@@define TIME_HH_MM_SS @@{TIME_HH_MM}:@@{TIME_0_59} +@@define TIME_ISO @@{TIME_0_23}:@@{TIME_0_59}:@@{TIME_0_59}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_59}) +@@define DATETIME_ISO8601 @@{YYYY}-@@{DATE_MM_DD}T@@{TIME_0_23}:@@{TIME_0_59}:@@{TIME_0_59}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_59}) +@@define DATETIME_COMPACT @@{YYYY}@@{DATE_MMDD}T@@{TIME_0_23}@@{TIME_0_59}@@{TIME_0_59} +@@define DATETIME_SPACE @@{YYYY}-@@{DATE_MM_DD}[[:space:]]@@{TIME_0_23}:@@{TIME_0_59}(:@@{TIME_0_59})? # UNIX_TS matches from a 100 megaseconds upwards, that is 1973-03-03T09:46:40 # and still rules out unrealisticaly small numbers. diff -Nru aide-0.19.1/debian/aide.conf.d/10_aide_days aide-0.19.1/debian/aide.conf.d/10_aide_days --- aide-0.19.1/debian/aide.conf.d/10_aide_days 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/10_aide_days 2025-11-07 20:33:42.000000000 +0000 @@ -9,7 +9,8 @@ DATES="now 1_day_ago 2_days_ago" while read -r var format dt; do - printf "@@define DATE_%s %s\\n" "${var}" "$(date +"${format}" --date="${dt}")" + dt="${dt# }" # optional, trim leading space + printf "@@define DATE_%s %s\n" "${var}" "$(date +"${format}" --date="${dt}")" done </dev/null; then if [ "$(dmsetup info --columns --options uuid --noheadings 2>/dev/null| grep -cvi 'no devices found')" != 0 ]; then undefine DM_UUIDS_W_P diff -Nru aide-0.19.1/debian/aide.conf.d/11_aide_dateformats_cury aide-0.19.1/debian/aide.conf.d/11_aide_dateformats_cury --- aide-0.19.1/debian/aide.conf.d/11_aide_dateformats_cury 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/11_aide_dateformats_cury 2025-11-07 20:33:42.000000000 +0000 @@ -1,18 +1,24 @@ -# CURY matches years 2023 up to 2030 -@@if not defined YYYY_CURY -@@define YYYY_CURY 202[3-9]|2030 +# CURY matches years 2025 up to 2032 +@@if not defined DATE_YYYY_CURY +@@define DATE_YYYY_CURY (202[5-9]|203[012]) @@endif -@@define DATE_YYYY_MM_DD_CURY @@{YYYY_CURY}-@@{DATE_MM_DD} -@@define DATE_YYYYMMDD_CURY @@{YYYY_CURY}@@{DATE_MMDD} -@@define DATE_DDMMYYYY_CURY @@{DATE_DDMM}@@{YYYY_CURY} -@@define DATE_MMDDYYYY_CURY @@{DATE_MMDD}@@{YYYY_CURY} -@@define DATETIME_ISO8601_CURY @@{YYYY_CURY}-@@{DATE_MM_DD}T@@{TIME_0_23}:@@{TIME_0_60}:@@{TIME_0_60}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_60}) -@@define DATETIME_COMPACT_CURY @@{YYYY_CURY}@@{DATE_MMDD}T@@{TIME_0_23}@@{TIME_0_60}@@{TIME_0_60} -@@define DATETIME_SPACE_CURY @@{YYYY_CURY}-@@{DATE_MM_DD}[[:space:]]@@{TIME_0_23}:@@{TIME_0_60}(:@@{TIME_0_60})? +@@define DATE_YYYY_MM_DD_CURY @@{DATE_YYYY_CURY}-@@{DATE_MM_DD} +@@define DATE_YYYYMMDD_CURY @@{DATE_YYYY_CURY}@@{DATE_MMDD} +@@define DATE_DDMMYYYY_CURY @@{DATE_DDMM}@@{DATE_YYYY_CURY} +@@define DATE_MMDDYYYY_CURY @@{DATE_MMDD}@@{DATE_YYYY_CURY} +@@define DATETIME_ISO8601_CURY @@{DATE_YYYY_CURY}-@@{DATE_MM_DD}T@@{TIME_0_23}:@@{TIME_0_59}:@@{TIME_0_59}(Z|[+-]@@{TIME_0_23}:@@{TIME_0_59}) +@@define DATETIME_COMPACT_CURY @@{DATE_YYYY_CURY}@@{DATE_MMDD}T@@{TIME_0_23}@@{TIME_0_59}@@{TIME_0_59} +@@define DATETIME_SPACE_CURY @@{DATE_YYYY_CURY}-@@{DATE_MM_DD}[[:space:]]@@{TIME_0_23}:@@{TIME_0_59}(:@@{TIME_0_59})? -# UNIX_TS_CURY matches from 2022-12-25T20:26:40 to 2031-01-01T02:13:19 -# if you still use this after 2030, feel free to adapt those values +# UNIX_TS_CURY matches from 2025-06-16T22:13:20 to 2027-05-18T03:59:59 (1750000000–2019999999) +# if you still use this after 2031, feel free to adapt those values @@if not defined UNIX_TS_CURY -@@define UNIX_TS_CURY (1672(0\d{6}|[1-9]\d{6})|167[3-9]\d{7}|16[8-9]\d{7}|17\d{8}|18\d{8}|19(0\d{8}|1\d{8}|2([0-3]\d{7}|4([0-8]\d{6}|9([0-8]\d{5}|9(9{4})))))) +@@define UNIX_TS_CURY (175\d{7}|17[6-9]\d{7}|18\d{8}|19\d{8}|200\d{7}|201\d{7}) +@@endif + +# UNIX_TS_2015_2033 matches from 2015-04-26T05:33:20 to 2033-05-18T03:59:59 (1430000000–2019999999) +# if you still use this after 2033, feel free to adapt those values +@@if not defined UNIX_TS_2015_2033 +@@define UNIX_TS_2015_2033 (143\d{7}|14[4-9]\d{6}|1[5-9]\d{8}|200\d{7}|201\d{7}) @@endif diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_apt-cacher-ng aide-0.19.1/debian/aide.conf.d/31_aide_apt-cacher-ng --- aide-0.19.1/debian/aide.conf.d/31_aide_apt-cacher-ng 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_apt-cacher-ng 2025-11-07 20:33:42.000000000 +0000 @@ -23,11 +23,11 @@ @@if not defined ACNGARCHS @@define ACNGARCHS (arm64|armhf|amd64|i386|all) @@endif -@@if not defined ACNGDATENR -@@define ACNGDATENR @@{DATE_YYYY_MM_DD_CURY}-@@{TIME_HHMM}\\.[[:digit:]]{2} +@@if not defined ACNGYYYY_MM_DD_HHMM_XX +@@define ACNGYYYY_MM_DD_HHMM_XX @@{DATE_YYYY_MM_DD_CURY}-@@{TIME_HHMM}\\.[[:digit:]]{2} @@endif @@if not defined ACNGDTNR -@@define ACNGDTNR (@@{ACNGDATENR}|T-@@{ACNGDATENR}-F-@@{ACNGDATENR}) +@@define ACNGDTNR (@@{ACNGYYYY_MM_DD_HHMM_XX}|T-@@{ACNGYYYY_MM_DD_HHMM_XX}-F-@@{ACNGYYYY_MM_DD_HHMM_XX}) @@endif /@@{ACNGCACHE}$ d VarDir-n @@ -54,6 +54,7 @@ !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/(source|(Contents|binary)-@@{ACNGARCHS}\\.diff)$ d !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/i18n$ d !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/(Contents-@@{ACNGARCHS}\\.[gx]z)(\\.head|~)?$ f +!/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/(Contents-@@{ACNGARCHS}\\.[gx]z)(\\.head|~)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/(debian-installer/)?binary-@@{ACNGARCHS}/(Packages(\\.(gz|bz2|xz))?)(\\.hea(d|%)|~)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/dep11/(Components-@@{ACNGARCHS}\\.yml\\.xz|icons-(128x128|48x48|64x64)\\.tar\\.gz)(\\.head)?$ f /@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/i18n/Translation-(de|en)\\.diff$ d VarDir @@ -62,10 +63,10 @@ !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/i18n/Translation-(de|en)(\\.diff)?/Index(\\.head|~)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff/Index(~|\\.head)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/binary-@@{ACNGARCHS}/Packages(\\.diff)?/Index(\\.head|~)?$ f -!/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/binary-@@{ACNGARCHS}/Packages(\\.diff)?/@@{ACNRDTNR}\\.gz(\\.head)?$ f +!/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/binary-@@{ACNGARCHS}/Packages(\\.diff)?/@@{ACNGDTNR}\\.gz(\\.head)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/source/Sources\\.diff/Index(\\.head|~)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff(/by-hash)?$ d -!/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff/by-hash/SHA256$ d + /@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff/by-hash/SHA256$ d VarDir !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff/@@{ACNGDTNR}\\.gz(\\.head)?$ f !/@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/Contents-@@{ACNGARCHS}\\.diff/by-hash/SHA256/@@{SHA256SUM}(\\.head)?$ f /@@{ACNGCACHE}/@@{ACNGDISTS}/@@{ACNGMNC}/debian-installer$ d VarDir @@ -108,7 +109,7 @@ @@undef ACNGDISTS @@undef ACNGMNC @@undef ACNGARCHS -@@undef ACNGDATENR +@@undef ACNGYYYY_MM_DD_HHMM_XX @@undef ACNGDTNR @@undef ACNGLOGDIR @@undef ACNGLOGRE diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_bind9 aide-0.19.1/debian/aide.conf.d/31_aide_bind9 --- aide-0.19.1/debian/aide.conf.d/31_aide_bind9 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_bind9 2025-11-07 20:33:42.000000000 +0000 @@ -1,17 +1,40 @@ -@@if defined BINDCHROOT - /@@{BINDCHROOT}/dev/log$ f RotLog - /@@{BINDCHROOT}/dev$ d VarDir -@@endif - /@@{BINDCHROOT}@@{RUN}/named/(session\\.key|named\\.pid)$ f VarFile - /@@{BINDCHROOT}@@{RUN}/named$ d RecreatedDir - /@@{BINDCHROOT}var/cache/bind$ d VarDir - /@@{BINDCHROOT}var/cache/bind/[-[:alnum:].]+$ f VarFile - -@@if defined BIND_SLAVE_DIRS -@@if defined BIND_SLAVE_PATHS - /@@{BINDCHROOT}var/cache/bind/slave/@@{BIND_SLAVE_DIRS}$ d VarDir - /@@{BINDCHROOT}var/cache/bind/slave/@@{BIND_SLAVE_PATHS}$ f VarFile +@@if defined BIND_CHROOT_DIR + /@@{BIND_CHROOT_DIR}/dev/log$ f RotLog + /@@{BIND_CHROOT_DIR}/dev$ d VarDir +@@if not defined BIND_WORKING_DIR +@@define BIND_WORKING_DIR @@{BIND_CHROOT_DIR}/var/cache/bind +@@endif +@@if not defined BIND_RUN_DIR +@@define BIND_RUN_DIR @@{BIND_CHROOT_DIR}/@{RUN}/named @@endif @@endif +@@if not defined BIND_WORKING_DIR +@@define BIND_WORKING_DIR var/cache/bind +@@endif +@@if not defined BIND_RUN_DIR +@@define BIND_RUN_DIR @@{RUN}/named +@@endif + /@@{RUN}/named$ d RecreatedDir + /@@{BIND_RUN_DIR}$ d RecreatedDir + /@@{BIND_RUN_DIR}/(session\\.key|named\\.pid)$ f VarFile + /@@{BIND_WORKING_DIR}$ d VarDir +# remove before forky +# /@@{BIND_WORKING_DIR}/[-[:alnum:].]+$ f VarFile + /@@{BIND_WORKING_DIR}/managed-keys\\.bind$ f VarFile +!/@@{BIND_WORKING_DIR}/managed-keys\\.bind\\.jnl$ f /@@{RUN}/systemd/propagate/named\\.service$ d RecreatedDir + +# the bind packages in trixie do not suggest any structure for +# zone directories. + +ZoneDir = VarDir +ZoneFile = VarFile + +@@if defined BIND_ZONE_DIRS + /@@{BIND_CHROOT_DIR}@@{BIND_ZONE_DIR_PREFIX}@@{BIND_ZONE_DIRS}$ d ZoneDir +@@endif +@@if defined BIND_ZONE_FILES +# the regexp for BIND_ZONE_FILES must contain the respective directory! + /@@{BIND_CHROOT_DIR}@@{BIND_ZONE_DIR_PREFIX}@@{BIND_ZONE_FILES}$ f ZoneFile +@@endif diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_console-setup aide-0.19.1/debian/aide.conf.d/31_aide_console-setup --- aide-0.19.1/debian/aide.conf.d/31_aide_console-setup 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_console-setup 2025-11-07 20:33:42.000000000 +0000 @@ -1,2 +1,3 @@ /@@{RUN}/console-setup$ d RecreatedDir /@@{RUN}/console-setup/(boot_completed|font-loaded)$ f VarFile +/etc/console-setup/cached_setup_(font|keyboard|terminal)\\.sh$ f VarFile diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_cryptsetup aide-0.19.1/debian/aide.conf.d/31_aide_cryptsetup --- aide-0.19.1/debian/aide.conf.d/31_aide_cryptsetup 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_cryptsetup 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1 @@ + /@@{RUN}/cryptsetup$ d RecreatedDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_cups aide-0.19.1/debian/aide.conf.d/31_aide_cups --- aide-0.19.1/debian/aide.conf.d/31_aide_cups 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_cups 2025-11-07 20:33:42.000000000 +0000 @@ -5,6 +5,7 @@ /var/spool/cups(/tmp)?$ d VarDir !/var/spool/cups/c[[:digit:]]{5}$ f +!/var/spool/cups/d[[:digit:]]{5}-001$ f !/var/spool/cups/tmp/cups-dbus-notifier-lockfile$ f !/var/spool/cups/tmp/foomatic-[[:alnum:]]{6}$ f diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_dehydrated aide-0.19.1/debian/aide.conf.d/31_aide_dehydrated --- aide-0.19.1/debian/aide.conf.d/31_aide_dehydrated 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_dehydrated 2025-11-07 20:33:42.000000000 +0000 @@ -3,15 +3,16 @@ @@if defined DEHYDDOMAINS @@define DEHYDRE (cert|chain|combined|fullchain|privkey) -/var/lib/dehydrated$ d VarDir -/var/lib/dehydrated/accounts/@@{BASE64}+$ d VarDir -/var/lib/dehydrated/accounts/@@{BASE64}+/account_id\\.json$ f VarFile -/var/lib/dehydrated/chains$ d VarDir -/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}$ d VarDir -!/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/@@{DEHYDRE}-@@{UNIX_TS_CURY}\\.pem$ f + /var/lib/dehydrated$ d VarDir + /var/lib/dehydrated/accounts/@@{BASE64}+$ d VarDir + /var/lib/dehydrated/accounts/@@{BASE64}+/account_id\\.json$ f VarFile + /var/lib/dehydrated/chains$ d VarDir + /var/lib/dehydrated/certs/@@{DEHYDDOMAINS}$ d VarDir +!/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/@@{DEHYDRE}-@@{UNIX_TS_2015_2033}\\.pem$ f !/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/@@{DEHYDRE}\\.pem$ l !/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/combined\\.pem$ f -!/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/(cert)-@@{UNIX_TS_CURY}\\.csr$ f + /var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/(cert)-@@{UNIX_TS_2015_2033}\\.(csr)$ f Full-c+ANF + /var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/(cert|chain|fullchain|privkey)-@@{UNIX_TS_2015_2033}\\.(pem)$ f Full-c+ANF !/var/lib/dehydrated/certs/@@{DEHYDDOMAINS}/(cert)\\.csr$ l -/var/lib/dehydrated(/acme-challenges)?$ d VarDir + /var/lib/dehydrated(/acme-challenges)?$ d VarDir @@endif diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_dev aide-0.19.1/debian/aide.conf.d/31_aide_dev --- aide-0.19.1/debian/aide.conf.d/31_aide_dev 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_dev 2025-11-07 20:33:42.000000000 +0000 @@ -10,7 +10,7 @@ !/dev/bsg/[[:digit:]]:0:0:0$ c /dev/bus/usb/00[1234]$ d RecreatedDir !/dev/bus/usb/00[1234]/0[01][[:digit:]]$ c -!/dev/disk/by-diskseq/[[:digit:]]{1,2}$ l +!/dev/disk/by-diskseq/[[:digit:]]{1,2}(-part[[:digit:]])?$ l /dev/disk/by-id$ d RecreatedDir !/dev/disk/by-id/((ata|dm-name)[-[:alnum:]_]+)(-part[1234])?$ l !/dev/disk/by-id/((wwn)-0x[[:xdigit:]]{16})(-part[1234])?$ l @@ -22,7 +22,7 @@ !/dev/disk/by-path/pci-@@{PCI_ADDRESS}-ata-[[:digit:]](\.0)?(-part[1234])?$ l !/dev/disk/by-path/pci-@@{PCI_ADDRESS}-usb-@@{USB_ADDRESS}-(port0|scsi-(0:){3}[0123])$ l !/dev/dm-[[:digit:]]{3}$ b -!/dev/input/by-path/platform-i8042-serio-1-(event-)?mouse$ l +!/dev/input/by-path/platform-i8042-serio-[01]-(event-)?mouse$ l !/dev/loop[[:digit:]]$ b !/dev/mapper/[-[:alnum:]_]+$ l !/dev/ram[[:digit:]]$ b diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_dokuwiki aide-0.19.1/debian/aide.conf.d/31_aide_dokuwiki --- aide-0.19.1/debian/aide.conf.d/31_aide_dokuwiki 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_dokuwiki 2025-11-07 20:33:42.000000000 +0000 @@ -10,8 +10,8 @@ !/@@{DOKUWIKI_PATHRE}/locks/@@{MD5SUM}$ d !/@@{DOKUWIKI_PATHRE}/locks/@@{MD5SUM}\\.lock$ f /@@{DOKUWIKI_PATHRE}/log/error$ d VarDir + /@@{DOKUWIKI_PATHRE}/log/error/@@{DATE_YYYY_MM_DD}\\.log$ f VarFile+ANF+ARF /@@{DOKUWIKI_PATHRE}/log/pruned$ f VarFile - /@@{DOKUWIKI_PATHRE}/log/error/@@{DATE_YYYYMMDD}\\.log$ f Full+ANF+ARF /@@{DOKUWIKI_PATHRE}/meta/(_(dokuwiki|media)\\.changes(\\.trimmed)?)$ f VarFile !/@@{DOKUWIKI_PATHRE}/meta/[[:alnum:]]+\\.(changes(\\.trimmed)?|indexed|meta)$ f /@@{DOKUWIKI_PATHRE}/meta/wiki/syntax\\.indexed$ f VarFile diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_fwupd aide-0.19.1/debian/aide.conf.d/31_aide_fwupd --- aide-0.19.1/debian/aide.conf.d/31_aide_fwupd 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_fwupd 2025-11-07 20:33:42.000000000 +0000 @@ -1,7 +1,7 @@ /var/cache/fwupd$ d VarDir /var/cache/fwupd/(devices\\.json|metadata\\.xmlb)$ f VarFile /var/lib/fwupd(/(gnupg|metadata(/lvfs)?))?$ d VarDir - /var/lib/fwupd/metadata/lvfs/metadata\\.xml\\.xz(\\.jcat)?$ f VarFile + /var/lib/fwupd/metadata/lvfs/firmware\\.xml\\.zst(\\.jcat)?$ f VarFile /var/lib/fwupd/pending\\.db$ f VarFile /var/lib/systemd/timers/stamp-fwupd-refresh\\.timer$ f VarFile !/@@{RUN}/systemd/propagate/fwupd\\.service$ d diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_gnupg aide-0.19.1/debian/aide.conf.d/31_aide_gnupg --- aide-0.19.1/debian/aide.conf.d/31_aide_gnupg 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_gnupg 2025-11-07 20:33:42.000000000 +0000 @@ -1,7 +1,8 @@ @@if not defined GNUPGUIDS @@define GNUPGUIDS @@{LOCALUIDS} +@@endif !/@@{RUNUSER}/@@{GNUPGUIDS}/gnupg$ d !/@@{RUNUSER}/@@{GNUPGUIDS}/gnupg(/S.(dirmngr|gpg-agent(\\.(browser|extra|ssh))?|keyboxd|scdaemon))?$ s !/@@{RUNUSER}/@@{GNUPGUIDS}/gnupg/d\\.[0-9a-z]{24}$ d -@@endif +!/@@{RUNUSER}/@@{GNUPGUIDS}/systemd/units/invocation:gpg-agent(-ssh)?\\.socket$ l @@undef GNUPGUIDS diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_grub-pc aide-0.19.1/debian/aide.conf.d/31_aide_grub-pc --- aide-0.19.1/debian/aide.conf.d/31_aide_grub-pc 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_grub-pc 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1,3 @@ +@@if defined AMD64_FIRMWARE_BIOS + /boot/grub/grubenv$ f VarFile +@@endif diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_icinga2 aide-0.19.1/debian/aide.conf.d/31_aide_icinga2 --- aide-0.19.1/debian/aide.conf.d/31_aide_icinga2 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_icinga2 2025-11-07 20:33:42.000000000 +0000 @@ -34,7 +34,7 @@ !/tmp/FileCache_icingaweb(/htmlpurifier\\.cache)?$ d !/tmp/FileCache_icingaweb/icinga-[[:xdigit:]]{8}-[[:xdigit:]]{8}-[[:xdigit:]]{8}\\.min\\.(css|js)$ f -/@@{RUN}/icinga2(/cmd)?$ d RecreatedDir -/@@{RUN}/icinga2/icing2\\.pid?$ f VarFile + /@@{RUN}/icinga2(/cmd)?$ d RecreatedDir + /@@{RUN}/icinga2/icinga2\\.pid?$ f VarFile !/@@{RUN}/icinga2/cmd/icinga2\\.cmd$ p diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_ksmtuned aide-0.19.1/debian/aide.conf.d/31_aide_ksmtuned --- aide-0.19.1/debian/aide.conf.d/31_aide_ksmtuned 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_ksmtuned 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1 @@ +!/@@{RUN}/ksmtune\\.pid$ f diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_lighttpd aide-0.19.1/debian/aide.conf.d/31_aide_lighttpd --- aide-0.19.1/debian/aide.conf.d/31_aide_lighttpd 2023-02-12 08:16:19.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_lighttpd 2025-11-07 20:33:42.000000000 +0000 @@ -1,13 +1,14 @@ @@define LIGHTTP_LOGDIR var/log/lighttpd @@define LIGHTTP_LOGFILERE (access|error|tls-access)\\.log -/@@{LIGHTTP_LOGDIR}$ d VarDir -/@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}$ f ActLog -/@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.1$ f RotLog -/@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.2\\.@@{LOGEXT}$ f CompSerLog -/@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.([3-9]|10|11)\\.@@{LOGEXT}$ f MidlSerLog -/@@{LIGHTTP_LOGDIR°/@@{LIGHTTP_LOGFILERE}\\.12\\.@@{LOGEXT}$ f LastSerLog + /@@{LIGHTTP_LOGDIR}$ d VarDir + /@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}$ f ActLog + /@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.1$ f RotLog + /@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.2\\.@@{LOGEXT}$ f CompSerLog + /@@{LIGHTTP_LOGDIR}/@@{LIGHTTP_LOGFILERE}\\.([3-9]|10|11)\\.@@{LOGEXT}$ f MidlSerLog + /@@{LIGHTTP_LOGDIR°/@@{LIGHTTP_LOGFILERE}\\.12\\.@@{LOGEXT}$ f LastSerLog -/@@{RUN}/lighttpd\\.pid$ f VarFile -/@@{RUN}/lighttpd$ d RecreatedDir + /@@{RUN}/lighttpd\\.pid$ f VarFile + /@@{RUN}/lighttpd$ d RecreatedDir + /var/lib/systemd/timers/stamp-lighttpd-maint\\.timer$ f VarFile @@undef LIGHTTP_LOGDIR @@undef LIGHTTP_LOGFILERE diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_man aide-0.19.1/debian/aide.conf.d/31_aide_man --- aide-0.19.1/debian/aide.conf.d/31_aide_man 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_man 2025-11-07 20:33:42.000000000 +0000 @@ -1,7 +1,7 @@ /var/lib/systemd/timers/stamp-man-db\\.timer$ f VarFile !/@@{RUN}/systemd/propagate/man-db\\.service$ d -@@define LANGS (ca|cs|da|de(\\.UTF-8)?|en|es(\\.UTF-8)?|fi|fr(\\.(ISO8859-1|UTF-8))?|gl|hr|hu|id|it(\\.(ISO8859-1|UTF-8))?|ja(\\.UTF-8)?|jp|ko|nl|pl(\\.(UTF-8|ISO8859-2))?|pt(_BR)?|ro|ru|sv|sk|sl|sr|tr|uk|vi|zh(_(CH|CN|TW))?) +@@define LANGS (ca|cs|da|de(\\.UTF-8)?|en|eo|es(\\.UTF-8)?|fi|fr(\\.(ISO8859-1|UTF-8))?|gl|hr|hu|id|it(\\.(ISO8859-1|UTF-8))?|ja(\\.UTF-8)?|jp|ko|nb|nl|pl(\\.(UTF-8|ISO8859-2))?|pt(_BR)?|ro|ru|sv|sk|sl|sr(_Cyrl)?|ta|tr|uk|vi|zh(_(CH|CN|Han[st]|TW))?) /usr/share/man(/@@{LANGS})?(/man[1378])?$ d VarDir /var/cache/man(/@@{LANGS})?$ d VarDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_mariadb aide-0.19.1/debian/aide.conf.d/31_aide_mariadb --- aide-0.19.1/debian/aide.conf.d/31_aide_mariadb 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_mariadb 2025-11-07 20:33:42.000000000 +0000 @@ -4,6 +4,7 @@ /@@{MARIADB_DATADIR}/mysql/(global|tables)_priv\\.MAD$ f VarFile /@@{MARIADB_DATADIR}/ib(data1|_logfile[01]|tmp1)$ f VarFile /@@{MARIADB_DATADIR}/tc\\.log$ f VarFile + /@@{MARIADB_DATADIR}/undo00[123]$ f VarFile /@@{MARIADB_DATADIR}/aria_log(\\.00000001|_control)$ f VarFile /@@{MARIADB_DATADIR}$ d VarDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_postgresql aide-0.19.1/debian/aide.conf.d/31_aide_postgresql --- aide-0.19.1/debian/aide.conf.d/31_aide_postgresql 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_postgresql 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1,54 @@ +!/dev/shm/PostgreSQL\\.[[:digit:]]+$ f + +@@if not defined PG_VERS +@@define PG_VERS (17) +@@endif +@@if not defined PG_PORTS +@@define PG_PORTS (5432) +@@endif +@@if not defined PG_CLUSTERS +@@define PG_CLUSTERS (main) +@@endif +@@define PG_MCL @@{PG_VERS}/@@{PG_CLUSTERS} +@@define RUNPG @@{RUN}/postgresql +@@define VLPG var/lib/postgresql +@@if not defined PG_DBOIDS +@@define PG_DBOIDS (1|5) +@@endif + + + /@@{RUNPG}$ d RecreatedDir +!/@@{RUNPG}/\\.s\\.PGSQL\\.@@{PG_PORTS}$ s +!/@@{RUNPG}/\\.s\\.PGSQL\\.@@{PG_PORTS}\\.lock$ f + /@@{RUNPG}/@@{PG_VERS}-@@{PG_CLUSTERS}\\.pg_stat_tmp$ d RecreatedDir + /@@{RUNPG}/@@{PG_VERS}-@@{PG_CLUSTERS}\\.pid$ f PidFile +!/@@{RUNPG}/@@{PG_VERS}-@@{PG_CLUSTERS}\\.pg_stat_tmp/(db_[[:digit:]]+|global)\\.stat$ f + + /@@{VLPG}/@@{PG_MCL}(pg_stat|/base(/(@@{PG_DBOIDS}|[[:digit:]]{5,6}))?)?$ d VarDir +!/@@{VLPG}/@@{PG_MCL}/base/[[:digit:]]{5,6}/[[:digit:]]{4,6}(_(fsm|vm))?$ f + /@@{VLPG}/@@{PG_MCL}/(global|pg_(logical|subtrans|wal|xact))$ d VarDir + /@@{VLPG}/@@{PG_MCL}/global/pg_control$ f VarFile +!/@@{VLPG}/@@{PG_MCL}/(base/[[:digit:]]+|global)/pg_internal\\.init$ f + /@@{VLPG}/@@{PG_MCL}/postmaster\\.opts$ f VarFile + /@@{VLPG}/@@{PG_MCL}/postmaster\\.pid$ f PidFile + /@@{VLPG}/@@{PG_MCL}/pg_logical/replorigin_checkpoint$ f VarFile + /@@{VLPG}/@@{PG_MCL}/pg_xact/00[0-4][[:xdigit:]]$ f VarFile+ANF + /@@{VLPG}/@@{PG_MCL}/pg_multixact/offsets/0000$ f VarFile +!/@@{VLPG}/@@{PG_MCL}/pg_subtrans/[[:xdigit:]]{4}$ f +!/@@{VLPG}/@@{PG_MCL}/pg_wal/[[:xdigit:]]{24}$ f + +@@define POSTGRES_LOGDIR var/log/postgresql +@@define POSTGRES_LOGFILES postgresql-@@{PG_VERS}-@@{PG_CLUSTERS}\\.log +/@@{POSTGRES_LOGDIR}$ d LogDir +/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}$ f VarFile +/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.1$ f RotLog+ANF +/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.2\\.@@{LOGEXT}$ f CompSerLog +/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.[3456789]\\.@@{LOGEXT}$ f MidlSerLog +/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.10\\.@@{LOGEXT}$ f LastSerLog + +@@undef PG_VERS +@@undef PG_PORTS +@@undef PG_CLUSTERS +@@undef PG_MCL +@@undef RUNPG +@@undef VLPG diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_postgresql-15 aide-0.19.1/debian/aide.conf.d/31_aide_postgresql-15 --- aide-0.19.1/debian/aide.conf.d/31_aide_postgresql-15 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_postgresql-15 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -!/dev/shm/PostgreSQL\\.[[:digit:]]+$ f - -# this is going to move to 31_aide_postgresql after trixie -@@define PG_VERS (15) -@@define PG_MCL @@{PG_VERS}/main -@@define RUNPG @@{RUN}/postgresql -@@define VLPG var/lib/postgresql - - /@@{RUNPG}$ d RecreatedDir -!/@@{RUNPG}/\\.s\\.PGSQL\\.5432$ s -!/@@{RUNPG}/\\.s\\.PGSQL\\.5432\\.lock$ f - /@@{RUNPG}/@@{PG_VERS}-main\\.pg_stat_tmp$ d RecreatedDir - /@@{RUNPG}/@@{PG_VERS}-main\\.pid$ f PidFile -!/@@{RUNPG}/@@{PG_VERS}-main\\.pg_stat_tmp/(db_[[:digit:]]+|global)\\.stat$ f - - /@@{VLPG}/@@{PG_MCL}(/base(/(1|[[:digit:]]{5,6}))?)?$ d VarDir -!/@@{VLPG}/@@{PG_MCL}/base/[[:digit:]]{5,6}/[[:digit:]]{4,6}(_(fsm|vm))?$ f - /@@{VLPG}/@@{PG_MCL}/(global|pg_(logical|subtrans|wal|xact))$ d VarDir - /@@{VLPG}/@@{PG_MCL}/global/pg_control$ f VarFile -!/@@{VLPG}/@@{PG_MCL}/(base/[[:digit:]]+|global)/pg_internal\\.init$ f - /@@{VLPG}/@@{PG_MCL}/postmaster\\.opts$ f VarFile - /@@{VLPG}/@@{PG_MCL}/postmaster\\.pid$ f PidFile - /@@{VLPG}/@@{PG_MCL}/pg_logical/replorigin_checkpoint$ f VarFile - /@@{VLPG}/@@{PG_MCL}/pg_xact/00[0-4][[:xdigit:]]$ f VarFile+ANF - /@@{VLPG}/@@{PG_MCL}/pg_multixact/offsets/0000$ f VarFile -!/@@{VLPG}/@@{PG_MCL}/pg_subtrans/[[:xdigit:]]{4}$ f -!/@@{VLPG}/@@{PG_MCL}/pg_wal/[[:xdigit:]]{24}$ f - -@@define POSTGRES_LOGDIR var/log/postgresql -@@define POSTGRES_LOGFILES postgresql-@@{PG_VERS}-main\\.log -/@@{POSTGRES_LOGDIR}$ d LogDir -/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}$ f VarFile -/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.1$ f RotLog+ANF -/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.2\\.@@{LOGEXT}$ f CompSerLog -/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.[3456789]\\.@@{LOGEXT}$ f MidlSerLog -/@@{POSTGRES_LOGDIR}/@@{POSTGRES_LOGFILES}\\.10\\.@@{LOGEXT}$ f LastSerLog - -@@undef PG_VERS -@@undef PG_MCL -@@undef RUNPG -@@undef VLPG diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_radvd aide-0.19.1/debian/aide.conf.d/31_aide_radvd --- aide-0.19.1/debian/aide.conf.d/31_aide_radvd 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_radvd 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1 @@ +!/@@{RUN}/radvd\\.pid$ f diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_dynamic-uid aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_dynamic-uid --- aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_dynamic-uid 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_dynamic-uid 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1 @@ + /@@{RUNSYSD}/dynamic-uid$ d RecreatedDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_netif aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_netif --- aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_netif 2022-01-20 20:14:03.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_run_systemd_netif 2025-11-07 20:33:42.000000000 +0000 @@ -1,3 +1,4 @@ -/@@{RUN}/systemd/netif(/(links|lldp|leases))?$ d VarDir -/@@{RUN}/systemd/netif/state$ f VarFile -/@@{RUN}/systemd/netif/(links|lldp|leases)/[0-9]{1,2}$ f VarFile + /@@{RUN}/systemd/netif(/(links|lldp|leases))?$ d VarDir + /@@{RUN}/systemd/netif/state$ f VarFile + /@@{RUN}/systemd/netif/(dhcp-server-lease|links|lldp|leases)/[0-9]{1,2}$ f VarFile + /@@{RUN}/systemd/netif/dhcp-server-lease$ d RecreatedDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_samba aide-0.19.1/debian/aide.conf.d/31_aide_samba --- aide-0.19.1/debian/aide.conf.d/31_aide_samba 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_samba 2025-11-07 20:33:42.000000000 +0000 @@ -1,5 +1,9 @@ /@@{RUN}/samba$ d RecreatedDir - /@@{RUN}/samba/(brlock|gencache|smbd_clientupd|leases|locking|mutex|names|printer_list|serverid|smbXsrv_((client|open|session|tcon|version)_global))\\.tdb$ f VarFile + /@@{RUN}/samba/(brlock|gencache|smbd_(cleanupd|clientupd)|leases|locking|mutex|names|printer_list|serverid|smbXsrv_((client|open|session|tcon|version)_global))\\.tdb$ f VarFile +# the next two lines are a possible improvement that can be used to +# replace the previous line +#!/@@{RUN}/samba/(smbd_(cleanupd)|mutex)\\.tdb$ f +# /@@{RUN}/samba/(brlock|gencache|smbd_(clientupd)|leases|locking|names|printer_list|serverid|smbXsrv_((client|open|session|tcon|version)_global))\\.tdb$ f VarFile /@@{RUN}/samba/(nmbd|smbd|samba-dcerpcd)\\.pid$ f VarFile /@@{RUN}/samba/(msg\\.(lock|sock)|nmbd)$ d RecreatedDir !/@@{RUN}/samba/msg\\.lock/[[:digit:]]+$ f diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_schroot aide-0.19.1/debian/aide.conf.d/31_aide_schroot --- aide-0.19.1/debian/aide.conf.d/31_aide_schroot 2023-02-12 08:16:19.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_schroot 2025-11-07 20:33:42.000000000 +0000 @@ -1 +1 @@ -/@@{RUN}/lock/schroot$ d VarDir +/@@{RUN}/lock/schroot$ d RecreatedDir diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_spamassassin aide-0.19.1/debian/aide.conf.d/31_aide_spamassassin --- aide-0.19.1/debian/aide.conf.d/31_aide_spamassassin 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_spamassassin 2025-11-07 20:33:42.000000000 +0000 @@ -30,7 +30,7 @@ /@@{SAUPDATES}/10_(default_prefs|hasbase)\\.cf$ f VarFile /@@{SAUPDATES}/20_(advance_fee|aux_tlds|body_tests|compensate|dnsbl_tests|drugs|dynrdns|fake_helo_tests|freemail(|_domains|_mailcom_domains)|head_tests|html_tests|imageinfo|mailspike|meta_tests|net_tests|pdfinfo|phrases|porn|ratware|uri_tests|vbounce)\\.cf$ f VarFile /@@{SAUPDATES}/23_(bayes)\\.cf$ f VarFile - /@@{SAUPDATES}/25_(accessdb|antivirus|asn|dcc|dkim|dmarc|dnswl|hashcash|pyzor|razor2|replace|spf|textcat|uribl|url_shortener)\\.cf$ f VarFile + /@@{SAUPDATES}/25_(accessdb|antivirus|asn|dcc|dkim|dmarc|dnswl|hashcash|pyzor|razor2|replace|spf|textcat|uribl|url_(redirectors|shortener))\\.cf$ f VarFile /@@{SAUPDATES}/30_(text_(de|fr|it|nl|pl|pt_br))\\.cf$ f VarFile /@@{SAUPDATES}/50_(scores)\\.cf$ f VarFile /@@{SAUPDATES}/60_(adsp_override_dkim|awl|bayes_stopwords|shortcircuit|txrep|whitelist(|_auth|_dkim|_spf|_subject)|welcomelist(_(auth|dkim|spf|subject))?)\\.cf$ f VarFile diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_ssh-server aide-0.19.1/debian/aide.conf.d/31_aide_ssh-server --- aide-0.19.1/debian/aide.conf.d/31_aide_ssh-server 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_ssh-server 2025-11-07 20:33:42.000000000 +0000 @@ -3,3 +3,7 @@ !/@@{RUN}/sshd$ d !/@@{RUN}/ssh-unix-local/socket$ s /@@{RUN}/systemd/generator/sshd-(unix-local|vsock)\\.socket$ f VarFile +!/@@{RUN}/systemd/units/invocation:sshd-vsock\\.socket$ l + /@@{RUN}/issue\\.d$ d RecreatedDir + /@@{RUN}/issue\\.d/50-ssh-vsock\\.issue$ f VarFile + diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_sudo aide-0.19.1/debian/aide.conf.d/31_aide_sudo --- aide-0.19.1/debian/aide.conf.d/31_aide_sudo 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_sudo 2025-11-07 20:33:42.000000000 +0000 @@ -3,7 +3,8 @@ @@endif @@define SUDO_STATE_DIR @@{RUN}/sudo - /@@{SUDO_STATE_DIR}(/ts)?$ d RecreatedDir + /@@{SUDO_STATE_DIR}$ d RecreatedDir-n +!/@@{SUDO_STATE_DIR}(/ts)?$ d !/@@{SUDO_STATE_DIR}/ts/@@{SUDO_ALLOWED_UIDS}$ f @@undef SUDO_STATE_DIR @@undef SUDO_ALLOWED_UIDS diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_systemd aide-0.19.1/debian/aide.conf.d/31_aide_systemd --- aide-0.19.1/debian/aide.conf.d/31_aide_systemd 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_systemd 2025-11-07 20:33:42.000000000 +0000 @@ -36,7 +36,7 @@ !/@@{RUNSYSD}/transient/user-[0-9]+\\.slice$ f /@@{RUNSYSD}/unit-(private-tmp|root)$ d RecreatedDir /@@{RUNSYSD}/units$ d RecreatedDir -!/@@{RUNSYSD}/units/invocation:(session-c?[0-9]+\\.scope|[-\\\\@:[:alnum:]]+\\.service|([-_[:alnum:]]+|\\\\x2d)+\\.(mount|swap))$ l +!/@@{RUNSYSD}/units/invocation:(session-c?[0-9]+\\.scope|[-\\\\@:[:alnum:]]+\\.service|([-_.[:alnum:]]+|\\\\x2d)+\\.(mount|swap))$ l !/@@{RUNSYSD}/units/invocation:dbus\\.socket$ l /@@{RUNSYSD}/userdb$ d RecreatedDir !/@@{RUNSYSD}/userdb/io\\.systemd\\.DynamicUser$ s diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_systemd_sessions aide-0.19.1/debian/aide.conf.d/31_aide_systemd_sessions --- aide-0.19.1/debian/aide.conf.d/31_aide_systemd_sessions 2022-01-20 20:14:03.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_systemd_sessions 2025-11-07 20:33:42.000000000 +0000 @@ -1,4 +1,12 @@ -/@@{RUN}/systemd/(sessions|transient|users)$ d VarDir -!/@@{RUN}/systemd/sessions/[0-9]+(\\.ref)?$ p -!/@@{RUN}/systemd/transient/session-[0-9]+\\.scope$ f -!/@@{RUN}/systemd/users/[0-9]+$ f +# not sure yet whether we need all users here that have services running +# or whether only shell users +@@if not defined SYSTEMD_UIDS +@@define SYSTEMD_UIDS (@@{BITS_32_D}) +@@endif + /@@{RUN}/systemd/(machine|sessions|transient|users)$ d VarDir +!/@@{RUN}/systemd/sessions/@@{SYSTEMD_UIDS}(\\.ref)?$ p +!/@@{RUN}/systemd/transient/session-@@{SYSTEMD_UIDS}\\.scope$ f +!/@@{RUN}/systemd/users/@@{SYSTEMD_UIDS}$ f +!/@@{RUN}/systemd/io\\.systemd\\.(AskPassword|FactoryReset|Login|Manager)$ s +!/@@{RUN}/systemd/machine/io\\.systemd\\.Machine(Image)?$ s +!/@@{RUN}/user/@@{SYSTEMD_UIDS}/systemd/io\\.systemd\\.(AskPassword|Manager)$ s diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_systemd_tmpfiles aide-0.19.1/debian/aide.conf.d/31_aide_systemd_tmpfiles --- aide-0.19.1/debian/aide.conf.d/31_aide_systemd_tmpfiles 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_systemd_tmpfiles 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1,6 @@ +# not sure yet whether we need all users here that have services running +# or whether only shell users +@@if not defined SYSTEMD_TMPFILES_UIDS +@@define SYSTEMD_TMPFILES_UIDS (@@{BITS_32_D}) +@@endif +!/@@{RUN}/user/@@{SYSTEMD_TMPFILES_UIDS}/systemd/units/invocation:systemd-tmpfiles-setup\\.service$ l diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_torrus aide-0.19.1/debian/aide.conf.d/31_aide_torrus --- aide-0.19.1/debian/aide.conf.d/31_aide_torrus 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_torrus 2025-11-07 20:33:42.000000000 +0000 @@ -29,7 +29,10 @@ printf "!/var/lib/torrus/session_data/store/[0-9a-f]{32}$ f\\n" printf "!/var/lib/torrus/session_data/lock/Apache-Session-[0-9a-f]{32}\\.lock$ f\\n" printf " /var/lib/torrus/session_data/(store|lock)$ d VarDir\\n" -printf "!/var/log/torrus/dbenv_errlog_%d$ f\\n" "$(pidof collector)" +CPID="$(pidof collector)" +if [ "${CPID}" ]; then + printf "!/var/log/torrus/dbenv_errlog_%d$ f\\n" "$(pidof collector)" +fi printf " /var/log/torrus$ d VarDir\\n" printf " /@@{RUN}/torrus$ d RecreatedDir\\n" diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_udev aide-0.19.1/debian/aide.conf.d/31_aide_udev --- aide-0.19.1/debian/aide.conf.d/31_aide_udev 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_udev 2025-11-07 20:33:42.000000000 +0000 @@ -6,12 +6,13 @@ @@define RUNUDEVVIDEO (\\+drm:)?card[01]-(e?DP|HDMI-A|LVDS|VGA|Virtual|Writeback)-[1234] !/@@{RUN}/udev$ d !/@@{RUN}/udev/control$ s +!/@@{RUN}/udev/io.systemd\\.Udev$ s !/@@{RUN}/udev/(data|links(\\.lock)?|tags|watch)$ d !/@@{RUN}/udev/data/@@{RUNUDEVCONT}$ f !/@@{RUN}/udev/data/\\+input:input[[:digit:]]{1,2}$ f !/@@{RUN}/udev/data/\\+module:(af_alg|algif_skcipher|configfs|dm_crypt)$ f !/@@{RUN}/udev/data/\\+acpi:LNX(CPU|[[:upper:]]{5}):[01][[:xdigit:]]$ f -!/@@{RUN}/udev/data/\\+acpi:(device|INT[[:xdigit:]]{4}|QEMUVGID:00|(ACPI|FUJ|FXY|INT|LEN|PNP|MSFT|SMO|QEMU)[[:xdigit:]]{4}:[0123][[:xdigit:]])$ f +!/@@{RUN}/udev/data/\\+acpi:(device|INT[[:xdigit:]]{4}|QEMUVGID:00|(ACPI|FUJ|FXY|INT|IPI|LEN|PNP|MSFT|SMO|QEMU)[[:xdigit:]]{4}:[0123][[:xdigit:]])$ f !/@@{RUN}/udev/data/\\+ata_device:dev[[:digit:]]\\.[01]$ f !/@@{RUN}/udev/data/\\+ata_link:link[[:digit:]]$ f !/@@{RUN}/udev/data/\\+ata_port:ata[[:digit:]]$ f @@ -43,7 +44,7 @@ !/@@{RUN}/udev/data/\\+pci:@@{PCI_ADDRESS}$ f !/@@{RUN}/udev/data/\\+pci_bus:0000:0[012345d]$ f !/@@{RUN}/udev/data/\\+pci_express:@@{PCI_ADDRESS}:pcie0[01][01]$ f -!/@@{RUN}/udev/data/\\+platform:((ACPI|QEMU)000[123C]|INT[[:xdigit:]]{4}|FUJ02E3|LEN0068|MSFT0101|PNP0[018C][01C][03494ABCDE]|QEMUVGID):0[01234]$ f +!/@@{RUN}/udev/data/\\+platform:((ACPI|QEMU)000[123C]|INT[[:xdigit:]]{4}|IPI0001|FUJ02E3|LEN0068|MSFT0101|PNP0[018C][01C][03494ABCDE]|QEMUVGID):0[01234]$ f !/@@{RUN}/udev/data/\\+platform:(acpi-cpufreq|axp20x-(adc|gpio|pek|regulator|usb-power-supply)|alarmtimer\\.0\\.auto|bcm2835-(power|wdt)|coretemp\\.0|cpufreq-dt|display-engine|dock\\.[01])$ f !/@@{RUN}/udev/data/\\+platform:(efivars\\.0|emmc2bus|Fixed\ MDIO\ bus\\.0|gmac-3v3|gpio(-keys(-polled)?|_amd_fch)|gpu|hdmi-(audio-codec\\.[01]\\.auto|connector)|i2c-mux0|i8042|iio_hwmon\\.0|intel_rapl_msr\\.0|iTCO_wdt\\.[01]\\.auto)$ f !/@@{RUN}/udev/data/\\+platform:(leds(-gpio)?|microcode|parport_pc\\.888|pcspkr|phy|platform-(bus@c000000|framebuffer\\.0)|pmu|psci(-cpuidle)?|raspberrypi-(cpufreq|hwmon)|reg-dummy|regulator-(cam1|sd-io-1v8|sd-vcc)|regulatory\\.0|irtc-efi\\.0)$ f @@ -51,7 +52,7 @@ !/@@{RUN}/udev/data/\\+platform:((0|10000)\\.sram|1c00000\\.system-control|1c02000\\.dma-controller|1c05000\\.spi|1c0c000\\.lcd-controller|1c0d000\\.lcd-controller|1c0e000\\.video-codec|1c0f000\\.mmc|1c13000\\.usb)$ f !/@@{RUN}/udev/data/\\+platform:(1c13400\\.phy|1c14000\\.usb|1c14400\\.usb|1c15000\\.crypto-engine|1c16000\\.hdmi|1c18000\\.sata|1c1c000\\.usb|1c1c400\\.usb|1c20000\\.clock|1c20800\\.pinctrl|1c20c00\\.timer|1c20c90\\.watchdog|1c20d00\\.rtc)$ f !/@@{RUN}/udev/data/\\+platform:(1c21800\\.ir|1c22c00\\.codec|1c23800\\.eeprom|1c25000\\.rtp|1c28000\\.serial|1c28c00\\.serial|1c29c00\\.serial|1c2ac00\\.i2c|1c2b400\\.i2c|1c40000\\.gpu|1c50000\\.ethernet|1c60000\\.hstimer|1d00000\\.sram)$ f -!/@@{RUN}/udev/data/\\+platform:(1e00000\\.display-frontend|1e20000\\.display-frontend|1e40000\\.display-backend|1e60000\\.display-backend|3ee64840\\.nvram|3f000000\\.pcie|7fe79000\\.framebuffer|9020000\\.fw-cfg)$ f +!/@@{RUN}/udev/data/\\+platform:(1e00000\\.display-frontend|1e20000\\.display-frontend|1e40000\\.display-backend|1e60000\\.display-backend|[[:xdigit:]]{8}\\.nvram|3f000000\\.pcie|7fe79000\\.framebuffer|9020000\\.fw-cfg)$ f !/@@{RUN}/udev/data/\\+platform:(a000000|a000200|a000400|a000600|a000800|a000a00|a000c00|a000e00|a001000|a001200|a001400|a001600|a001800|a001a00|a001c00|a001e00|a002000|a002200|a002400|a002600|a002800|a002a00|a002c00|a002e00|a003000|a003200|a003400|a003600|a003800|a003a00|a003c00|a003e00)\\.virtio_mmio$ f !/@@{RUN}/udev/data/\\+platform:(fd500000\\.pcie|fd580000\\.ethernet|fd5d2000\\.avs-monitor(:thermal)?|fe003000\\.timer|fe004000\\.txp|fe007000\\.dma-controller|(fe00b840|fe00b880)\\.mailbox|fe100000\\.watchdog|fe101000\\.cprman|fe104000\\.rng|fe200000\\.gpio)$ f !/@@{RUN}/udev/data/\\+platform:((fe205000|fe804000|fef04500|fef09500)\\.i2c|(fe206000|fe207000|fe20a000|fe216000)\\.pixelvalve|fe20c800\\.pwm|fe215000\\.aux|fe215040\\.serial|(fe300000|fe340000)\\.mmc|fe400000\\.hvs)$ f @@ -79,41 +80,43 @@ !/@@{RUN}/udev/data/\\+workqueue:(raid5wq|writeback)$ f !/@@{RUN}/udev/link\\.dvd$ l !/@@{RUN}/udev/links/\\\\x2f[-[:alnum:]_]+(\\\\x2f[-[:alnum:]_\\.]+)?$ d -!/@@{RUN}/udev/links/\\\\x2f[-[:alnum:]_]+(\\\\x2f[-[:alnum:]_\\.]+)?/@@{RUNUDEVCONT}$ f +#!/@@{RUN}/udev/links/\\\\x2f[-[:alnum:]_]+(\\\\x2f[-[:alnum:]_\\.]+)?/@@{RUNUDEVCONT}$ f !/@@{RUN}/udev/links/cdrom$ d !/@@{RUN}/udev/links/cdrom/b[[:digit:]]+:[[:digit:]]$ l +!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-designator\\\\x2f[[:alnum:]]+$ d +!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-designator\\\\x2f[[:alnum:]]+/b254:[13]$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-diskseq\\\\x2f[[:digit:]]{1,2}(-part[[:digit:]])?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-diskseq\\\\x2f[[:digit:]]{1,2}(-part[[:digit:]])?/b(8|11|179|25[34]):([0123]|16)$ l +!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-diskseq\\\\x2f[[:digit:]]{1,2}(-part[[:digit:]])?/b(8|11|179|25[34]):([0123]|1[6789])$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fscsi-[-_[:alnum:]]+_drive-scsi((0-){3})?0(-part[123])?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fscsi-[-_[:alnum:]]+_drive-scsi((0-){3})?0(-part[123])?/b8:[012]$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fscsi-[-_[:alnum:]]+_drive-scsi((0-){3})?0(-part[123])?/b8:[012]$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fusb-[-_[:alnum:]]+-0:0(-part[123])?$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fusb-[-_[:alnum:]]+-0:0(-part[123])?/b8:[0123]$ l -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fscsi-[-_[:alnum:]]+_drive-scsi((0-){3})?0(-part[123])?/b8:[012]$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fscsi-[-_[:alnum:]]+_drive-scsi((0-){3})?0(-part[123])?/b8:[012]$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fata-[-_[:alnum:]]+(-part[123])?$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fata-[-_[:alnum:]]+(-part[123])?/b(8|11|254):([0123]|1[6789])$ l -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fata-[-_[:alnum:]]+(-part[123])?/b(8|11|254):([0123]|1[6789])$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fata-[-_[:alnum:]]+(-part[123])?/b(8|11|254):([0123]|1[6789])$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fdm-name-[-_[:alnum:]]+$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fdm-name-[-_[:alnum:]]+/b25[34]:[[:digit:]]{1,2}$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fdm-name-[-_[:alnum:]]+/b25[34]:[[:digit:]]{1,2}$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fdm-name-[-_[:alnum:]]+/b25[34]:[[:digit:]]{1,2}$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-name-[-_[:alnum:]]+$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-name-[-_[:alnum:]]+/b9:0$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-name-[-_[:alnum:]]+/b9:0$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-uuid-([[:xdigit:]]{8}:){3}[[:xdigit:]]{8}$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-uuid-([[:xdigit:]]{8}:){3}[[:xdigit:]]{8}/b9:(0|127)$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmd-uuid-([[:xdigit:]]{8}:){3}[[:xdigit:]]{8}/b9:(0|127)$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmmc-[[:upper:][:digit:]]+_0x[[:xdigit:]]{8}$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fmmc-[[:upper:][:digit:]]+_0x[[:xdigit:]]{8}/b179:0$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fusb-[-[:alnum:]\\._]+_[[:digit:]]+-0:[0123]$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fusb-[-[:alnum:]\\._]+_[[:digit:]]+-0:[0123]/b8:(0|16|32|48|64|80|96)$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fwwn-0x[[:xdigit:]]{16}(-part[123])?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fwwn-0x[[:xdigit:]]{16}(-part[123])?/b8:([0123]|1[6789])$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fwwn-0x[[:xdigit:]]{16}(-part[123])?/b8:([0123]|1[6789])$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-id\\\\x2fwwn-0x[[:xdigit:]]{16}(-part[123])?/b8:([0123]|1[6789])$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?label\\\\x2f[-.\\\\_[:alnum:]]+$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?label\\\\x2f[-.\\\\_[:alnum:]]+/b(8|11|25[34]):[[:digit:]]{1,2}$ l -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?label\\\\x2f[-.\\\\_[:alnum:]]+/b(8|11|25[34]):[[:digit:]]{1,2}$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?label\\\\x2f[-.\\\\_[:alnum:]]+/b(8|11|25[34]):[[:digit:]]{1,2}$ f !/@@{RUN}/udev/links/\\\\x2fdisk\\\\x2fby-dname\\\\x2f[[:alnum:]]+-[[:alnum:]]+$ d -!/@@{RUN}/udev/links/\\\\x2fdisk\\\\x2fby-dname\\\\x2f[[:alnum:]]+-[[:alnum:]]+/b(8|11|25[34]):[[:digit:]]{1,2}$ f +#!/@@{RUN}/udev/links/\\\\x2fdisk\\\\x2fby-dname\\\\x2f[[:alnum:]]+-[[:alnum:]]+/b(8|11|25[34]):[[:digit:]]{1,2}$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?uuid\\\\x2f(@@{STRICTUUID}|[[:xdigit:]]{4}-[[:xdigit:]]{4}|[[:digit:]]{4}(-[[:digit:]]{2}){6}|[[:xdigit:]]{8}-[[:digit:]]{2})$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?uuid\\\\x2f(@@{STRICTUUID}|[[:xdigit:]]{4}-[[:xdigit:]]{4}|[[:digit:]]{4}(-[[:digit:]]{2}){6}|[[:xdigit:]]{8}-[[:digit:]]{2})/b(8|11|25[34]):[[:digit:]]{1,2}$ l -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?uuid\\\\x2f(@@{STRICTUUID}|[[:xdigit:]]{4}-[[:xdigit:]]{4}|[[:digit:]]{4}(-[[:digit:]]{2}){6}|[[:xdigit:]]{8}-[[:digit:]]{2})/b(8|11|25[34]):[[:digit:]]{1,2}$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-(part)?uuid\\\\x2f(@@{STRICTUUID}|[[:xdigit:]]{4}-[[:xdigit:]]{4}|[[:digit:]]{4}(-[[:digit:]]{2}){6}|[[:xdigit:]]{8}-[[:digit:]]{2})/b(8|11|25[34]):[[:digit:]]{1,2}$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2fplatform-1c0f000\\.mmc$ d !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2fplatform-1c0f000\\.mmc/b179:0$ l !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2fplatform-1c18000\\.sata-ata-1(\\.0)?(-part[12])?$ d @@ -134,30 +137,37 @@ !/@@{RUN}/udev/links/@@{LOCAL_VARIANTS}(-part[12345])?/b(8|11|254):[0125]$ l @@undef LOCAL_VARIANTS !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2f(virtio-)?pci-@@{PCI_ADDRESS}(-ata-[12](\\.[01])?)?(-part[12345])?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2f(virtio-)?pci-@@{PCI_ADDRESS}(-ata-[12](\\.[01])?|-scsi-0:0:0:0)?(-part[12345])?/b(8|11|254):[[:digit:]]{1,2}$ f +# pre-trixie? !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2f(virtio-)?pci-@@{PCI_ADDRESS}(-ata-[12](\\.[01])?|-scsi-0:0:0:0)?(-part[12345])?/b(8|11|254):[[:digit:]]{1,2}$ f !/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2f(virtio-)?pci-@@{PCI_ADDRESS}(-ata-[12](\\.[01])?)?(-part[12345])?/b(8|11|254):[[:digit:]]{1,2}$ l +!/@@{RUN}/udev/links/(\\\\x2f)?disk\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}(-part)\\\\x2fby-(part)?uuid\\\\x2f@@{STRICTUUID}/b(8|11|254):[[:digit:]]{1,2}$ l !/@@{RUN}/udev/links/(\\\\x2f)?dri\\\\x2fby-path\\\\x2f(pci-@@{PCI_ADDRESS}|platform-(fec00000\\.)?gpu)-(card|render)$ d !/@@{RUN}/udev/links/(\\\\x2f)?dri\\\\x2fby-path\\\\x2f(pci-@@{PCI_ADDRESS}|platform-(fec00000\\.)?gpu)-(card|render)/c226:(0|1|128)$ l -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-id\\\\x2fusb-QEMU_QEMU_USB_Tablet_(42|28754-@@{PCI_ADDRESS}:00\\.0-1)(-event)?(-kbd|-mouse)?$ d +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-id\\\\x2fusb-QEMU_QEMU_USB_Tablet_(42(-hidraw)?|28754-@@{PCI_ADDRESS}:00\\.0-1)(-(hidraw|event))?(-kbd|-mouse)?$ d +#!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-id\\\\x2fusb-QEMU_QEMU_USB_Tablet_(42)(-event)?(-mouse)?/c13:(33|67)$ f !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-id\\\\x2fusb-QEMU_QEMU_USB_Tablet_(42|28754-@@{PCI_ADDRESS}:00\\.0-1)(-event)?(-kbd|-mouse)?/c13:(13|32|33|34|65|67)$ l +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-id\\\\x2fusb-QEMU_QEMU_USB_Tablet_(42-hidraw|28754-@@{PCI_ADDRESS}:00\\.0-1-hidraw)/c24[56]:0$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-fef0[05]700\\.hdmi-event$ d !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-fef0[05]700\\.hdmi-event/c13:6[45]$ l -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-event)?(-kbd|-mouse)?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-event)?(-kbd|-mouse)?/c13:(13|32|33|34|65|67)$ f -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-event)?(-kbd|-mouse)?/c13:(13|32|33|65|67)$ l +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-(event|hidraw))?(-kbd|-mouse)?$ d +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-event)?(-kbd|-mouse)?/c13:(13|32|33|34|65|67)$ l +#!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}(-event)?(-kbd|-mouse)?/c13:(13|32|33|34|65|67)$ f +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}-hidraw/c24[56]:0$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-gpio-keys-event$ d !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-gpio-keys-event/c13:64$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-i8042-serio-[012](-event)?(-kbd|-mouse)?$ d -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-i8042-serio-[012](-event)?(-kbd|-mouse)?/c13:(3[23]|6[456])$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-i8042-serio-[012](-event)?(-kbd|-mouse)?/c13:(3[23]|6[456])$ f +!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-i8042-serio-0-event-kbd$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-i8042-serio-[012](-event)?(-kbd|-mouse)?/c13:(3[23]|6[456])$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-pcspkr-event-spkr$ d !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-pcspkr-event-spkr/c13:(68|69|70)$ l !/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-thinkpad_acpi-event$ d -!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-thinkpad_acpi-event/c13:71$ f -!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-id\\\\x2fusb-[-_.[:alnum:]]+-if00-port0+$ d -!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-id\\\\x2fusb-[-_.[:alnum:]]+-if00-port0+/c188:0$ f +#!/@@{RUN}/udev/links/(\\\\x2f)?input\\\\x2fby-path\\\\x2fplatform-thinkpad_acpi-event/c13:71$ f +!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-id\\\\x2fusb-[-_.[:alnum:]]+-if0[01]-port0+$ d +!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-id\\\\x2fusb-[-_.[:alnum:]]+-if0[01]-port0+/c188:[[:digit:]]$ l !/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}-port0$ d -!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}/c188:0$ f +!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-path\\\\x2fpci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}/c188:0$ l +!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-path\\\\x2fplatform-fd500000\\.pcie-pci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}-port0$ d +!/@@{RUN}/udev/links/(\\\\x2f)?serial\\\\x2fby-path\\\\x2fplatform-fd500000\\.pcie-pci-@@{PCI_ADDRESS}-usb(v2)?-@@{USB_ADDRESS}-port0/c188:[[:digit:]]$ f !/@@{RUN}/udev/links/(\\\\x2f)?snd\\\\x2fby-path\\\\x2f(platform-(fe00b840\\.mailbox|fef0[05]700\\.hdmi)|pci-@@{PCI_ADDRESS})$ d !/@@{RUN}/udev/links/(\\\\x2f)?snd\\\\x2fby-path\\\\x2f(platform-(fe00b840\\.mailbox|fef0[05]700\\.hdmi)|pci-@@{PCI_ADDRESS})/c116:[3579]$ l !/@@{RUN}/udev/links/mapper\\\\x2f[-[:alnum:]]+$ d @@ -183,4 +193,5 @@ !/@@{RUN}/udev/tags/systemd/\\+udc:fe980000\\.usb$ f !/@@{RUN}/udev/watch/[[:digit:]]+$ l @@undef RUNUDEVCONT +@@undef RUNUDEVLEDS @@undef RUNUDEVVIDEO diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_valkey aide-0.19.1/debian/aide.conf.d/31_aide_valkey --- aide-0.19.1/debian/aide.conf.d/31_aide_valkey 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_valkey 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1,23 @@ +/var/lib/valkey$ d VarDir +/var/lib/valkey/dump\\.rdb$ f VarFile + +@@if not defined VALKEY_DATADIRRE +@@define VALKEY_DATADIRRE valkey +@@endif +@@if not defined VALKEY_LOGDIR +@@define VALKEY_LOGDIR var/log/valkey +@@endif +@@if not defined VALKEY_LOGFILERE +@@define VALKEY_LOGFILERE valkey-server\\.log +@@endif +/@@{VALKEY_LOGDIR}$ d VarDir +/@@{VALKEY_LOGDIR}/@@{VALKEY_LOGFILERE}$ f ActLog +/@@{VALKEY_LOGDIR}/@@{VALKEY_LOGFILERE}\\.1$ f RotLog +/@@{VALKEY_LOGDIR}/@@{VALKEY_LOGFILERE}\\.2\\.@@{LOGEXT}$ f CompSerLog +/@@{VALKEY_LOGDIR}/@@{VALKEY_LOGFILERE}\\.(1[01]|[3456789])\\.@@{LOGEXT}$ f MidlSerLog +/@@{VALKEY_LOGDIR}/@@{VALKEY_LOGFILERE}\\.12\\.@@{LOGEXT}$ f LastSerLog +/var/lib/@@{VALKEY_DATADIRRE}$ d VarDir +/var/lib/@@{VALKEY_DATADIRRE}/dump\\.rdb$ f VarFile +@@undef VALKEY_LOGDIR +@@undef VALKEY_LOGFILERE +@@undef VALKEY_DATADIRRE diff -Nru aide-0.19.1/debian/aide.conf.d/31_aide_xfsprogs aide-0.19.1/debian/aide.conf.d/31_aide_xfsprogs --- aide-0.19.1/debian/aide.conf.d/31_aide_xfsprogs 1970-01-01 00:00:00.000000000 +0000 +++ aide-0.19.1/debian/aide.conf.d/31_aide_xfsprogs 2025-11-07 20:33:42.000000000 +0000 @@ -0,0 +1,3 @@ + /var/lib/systemd/timers/stamp-xfs_scrub_all\\.timer$ f VarFile + /var/lib/xfsprogs/xfs_scrub_all_media\\.stamp$ f VarFile + diff -Nru aide-0.19.1/debian/bin/buildcache aide-0.19.1/debian/bin/buildcache --- aide-0.19.1/debian/bin/buildcache 2025-08-11 07:25:07.000000000 +0000 +++ aide-0.19.1/debian/bin/buildcache 2025-11-07 20:33:42.000000000 +0000 @@ -29,7 +29,9 @@ #!/bin/sh +# TODO: parse DIR from configuration file DIR="/var/lib/aide" +AIDEUSER="_aide" mkdir -p "$DIR" TEMPFILE=$(mktemp "$DIR/tmp.XXXXXX") CACHEFILE="$DIR/10_aide_rootrules_cache" @@ -44,6 +46,7 @@ mv "${TEMPFILE}" "${CACHEFILE}" fi rm -f "${TEMPFILE}" +chown "${AIDEUSER}" "${CACHEFILE}" # vim: tabstop=4 shiftwidth=4 expandtab # end of file diff -Nru aide-0.19.1/debian/changelog aide-0.19.1/debian/changelog --- aide-0.19.1/debian/changelog 2025-08-11 08:07:47.000000000 +0000 +++ aide-0.19.1/debian/changelog 2025-11-07 20:33:42.000000000 +0000 @@ -1,3 +1,50 @@ +aide (0.19.1-2+deb13u2) trixie; urgency=medium + + * fix issue with 31_aide_lvm: bin/buildcache was a non-functional script + in the original trixie release. This version now runs properly in the + non-root daily job: bin/buildcache is now run from a root timer + * new rules: + * 31_aide_cryptsetup + * 31_aide_grub-pc + * 31_aide_ksmtuned + * 31_aide_radvd + * 31_aide_run_systemd_dynamic-uid + * 31_aide_systemd_tmpfiles + * 31_aide_valkey + * 31_aide_xfsprogs + * update and improve rules: + * 10_aide_bits + * 10_aide_dateformats + * 10_aide_days + * 11_aide_dateformats_cury + * 10_aide_hardware + * 31_aide_apt-cacher-ng + * 31_aide_bind9 + * 31_aide_console-setup + * 31_aide_cups + * 31_aide_dehydrated + * 31_aide_dev + * 31_aide_dokuwiki + * 31_aide_fwupd + * 31_aide_gnupg + * 31_aide_icinga2 + * 31_aide_lighttpd + * 31_aide_man + * 31_aide_mariadb + * 31_aide_run_systemd_netif + * 31_aide_samba + * 31_aide_schroot + * 31_aide_spamassassin + * 31_aide_ssh-server + * 31_aide_sudo + * 31_aide_systemd + * 31_aide_systemd_sessions + * 31_aide_torrus + * 31_aide_udev + * re-work postgreql rules + + -- Marc Haber Fri, 07 Nov 2025 21:33:42 +0100 + aide (0.19.1-2+deb13u1) trixie-security; urgency=high * Apply upstream patch to escape control characters in report and log output