[Aide] Problems with AIDE on Debian Sarge (0.10).
Bob Proulx
bob at proulx.com
Tue Sep 6 00:30:10 EEST 2005
Richard van den Berg wrote:
> Virgo Pärna wrote:
> > Ever since I upgraded my Debian Woody computers to Sarge I'm having
> > trouble with AIDE (0.10-6.1). It sometimes shows that files have been
> > added to root file system (on ext3) under /bin, /sbin, /lib directories
> > - but those files existed before.
I suggest that you keep snapshots of your aide.db file on separate
media. Then you can compare the before and after. You should then be
able to catch the problem in the saved aide.db files.
> If aide says files have been added, they are not in the database. So
> either they were not there, or the initial scan did not see
> them. This first thing I would do is a full fsck of your
> filesystems.
>
> If you receive reports of added files, do a grep on the aide.db (it's
> just a text file, optionally gzip compressed) to see if the file indeed
> is not there. If it is there, aide is to blame for sure.
This is just one of those anecdotal things but I am using aide on
Debian Sarge and I am not seeing any of those problems.
The only thing that annoys me is the format change in aide between the
old Debian Woody aide 0.8 and the newer Debian Sarge aide 0.10. But I
guess that is life. I have been too lazy to dig into seeing if there
is a way to customize the output format yet.
Bob
More information about the Aide
mailing list