AIDE does not decompress remote databases #184
Description
I am now a little confused regarding the different results for the two database_in variants file and http. But it could also be that I am overlooking something or have misunderstood something. Okay, so what did I try or do?
- Inital build of AIDE database:
[root@pml010074 aide]# aide --init
Start timestamp: 2025-02-17 19:30:26 +0100 (AIDE 0.18.8)
AIDE successfully initialized database.
New AIDE database written to /var/lib/aide/pml010074.aide.db.new.gz
Number of entries: 467902
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/pml010074.aide.db.new.gz
MD5 : uzkcoKiHI5LFZ87Mp/bzfA==
SHA1 : rE/Wty9+gKzJ8UbYJH7ILOvadRs=
SHA256 : spW4nNaFAu7dg3KNxOvCn6mKLsw+vRIs
P/xOXOq3Ns4=
SHA512 : Ks7ttyQglcVDguEPqnaaEJq/Yw/mTV0m
5G9syGlpoIYqf84HYlWKRnmiEdBqx99o
YzmhDkFHVu/724CUmx8YqA==
RMD160 : vYSqIEVmHGIIVSCvD6Mi3BkkQl4=
TIGER : xn7Crk1l5vzCXaXrEPIn/J6Ae73hLpTK
CRC32 : 6bXwCg==
WHIRLPOOL : YT/VM4bXRGNZFaONAVTQKRJk6POWeFtw
5LiMfeFqy0cnUYieZHLjzwnm1m43foa3
0Fx+q1I0/EpdClu5wqV9tg==
GOST : mOfbLET7EShDy3zJP16bjOylj6UE7MO7
3bC/dPCxJG0=
STRIBOG256: UfCQ+984KU1th61+D5tDhdVQqHED6NNX
8e39qroP4I4=
STRIBOG512: ucGiWgrr1U1gWUbDHycnMtpFrxUFfMeW
UardZMqxOGk/QVS4vmmwkrrwyY4Au/LD
/TMuHsP4ZNFwL+RgOFj27w==
End timestamp: 2025-02-17 19:33:21 +0100 (run time: 2m 55s)
- Copying new databasefile (/var/lib/aide):
[root@pml010074 aide]# cp -p pml010074.aide.db.new.gz pml010074.aide.db.gz
[root@pml010074 aide]# cp -p pml010074.aide.db.new.gz /tmp/http/pml010074.aide.db.gz
The second line is a temporary space for an python3 webserver python3 -m http.server 8000
- Checking with database_in = file:/var/lib/aide/pml010074.aide.db.gz
[root@pml010074 aide]# aide --before "database_in = file:/var/lib/aide/pml010074.aide.db.gz" --check
Start timestamp: 2025-02-17 19:34:44 +0100 (AIDE 0.18.8)
AIDE found NO differences between database and filesystem. Looks okay!!
Number of entries: 467902
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/pml010074.aide.db.gz
MD5 : uzkcoKiHI5LFZ87Mp/bzfA==
SHA1 : rE/Wty9+gKzJ8UbYJH7ILOvadRs=
SHA256 : spW4nNaFAu7dg3KNxOvCn6mKLsw+vRIs
P/xOXOq3Ns4=
SHA512 : Ks7ttyQglcVDguEPqnaaEJq/Yw/mTV0m
5G9syGlpoIYqf84HYlWKRnmiEdBqx99o
YzmhDkFHVu/724CUmx8YqA==
RMD160 : vYSqIEVmHGIIVSCvD6Mi3BkkQl4=
TIGER : xn7Crk1l5vzCXaXrEPIn/J6Ae73hLpTK
CRC32 : 6bXwCg==
WHIRLPOOL : YT/VM4bXRGNZFaONAVTQKRJk6POWeFtw
5LiMfeFqy0cnUYieZHLjzwnm1m43foa3
0Fx+q1I0/EpdClu5wqV9tg==
GOST : mOfbLET7EShDy3zJP16bjOylj6UE7MO7
3bC/dPCxJG0=
STRIBOG256: UfCQ+984KU1th61+D5tDhdVQqHED6NNX
8e39qroP4I4=
STRIBOG512: ucGiWgrr1U1gWUbDHycnMtpFrxUFfMeW
UardZMqxOGk/QVS4vmmwkrrwyY4Au/LD
/TMuHsP4ZNFwL+RgOFj27w==
End timestamp: 2025-02-17 19:40:22 +0100 (run time: 5m 38s)
Result is as expected: AIDE found NO differences between database and filesystem.
- Checking with database_in = http://127.0.0.1:8000/pml010074.aide.db.gz (the same db as local file!)
[root@pml010074 aide]# aide --before "database_in = http://127.0.0.1:8000/pml010074.aide.db.gz" --check
Start timestamp: 2025-02-17 19:47:44 +0100 (AIDE 0.18.8)
AIDE found differences between database and filesystem!!
Summary:
Total number of entries: 467902
Added entries: 467902
Removed entries: 0
Changed entries: 0
---------------------------------------------------
Added entries:
---------------------------------------------------
l+++++++++++++++: /bin
d+++++++++++++++: /boot
...
...
f+++++++++++++++: /usr/share/zsh/site-functions/_upower
f+++++++++++++++: /usr/share/zsh/site-functions/_varlinkctl
f+++++++++++++++: /usr/share/zsh/site-functions/_wpctl
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
http://127.0.0.1:8000/pml010074.aide.db.gz
MD5 : 1B2M2Y8AsgTpgAmY7PhCfg==
SHA1 : 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
SHA256 : 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NM
pJWZG3hSuFU=
SHA512 : z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXc
g/SpIdNs6c5H0NE8XYXysP+DGNKHfuwv
Y7kxvUdBeoGlODJ6+SfaPg==
RMD160 : nBGFpcXp/FRhKAiXfuj1SLIljTE=
TIGER : JPATDGOskzIWFm52sbuSX/Nz3i1JWE56
CRC32 : AAAAAA==
WHIRLPOOL : Gfph11UipGabROOcHS4XJsUwIyEw1Af4
mv7glkmX96c+g75piyiP68+I4+A8TwdX
6olk5Ztj2TcIsTjMQqZusw==
GOST : zoW5nMRnUv/+41yrmnsCeKu0wtIFXP9o
WvSRLElJD40=
STRIBOG256: P1OaIT6XyALMIp1HTGqjKoJaNgsqkzqU
n9klII2c4bs=
STRIBOG512: jpRdogmqhp8EVZKFKbyuRnnphzq3B7VT
FfVs65i+8Kc2L3FVKDVu6DzaXyqsTGrS
ujpxXBvNgcuOn5C/TBwaig==
End timestamp: 2025-02-17 19:44:11 +0100 (run time: 2m 56s)
AIDE found differences between database and filesystem!!
Summary:
Total number of entries: 467902
Added entries: 467902
What? Why? I would have gotten exactly the same result on the second attempt, where I used
database_in = http://127.0.0.1:8000/pml010074.aide.db.gz , as on the first check attempt, where I used
database_in = file:/var/lib/aide/pml010074.aide.db.gz !
Why aren't the results the same? What am I doing wrong, or misunderstanding, or even misusing?