[Aide] Problems running AIDE

Eric Webster ewebster at 2co.com
Mon Jun 12 04:32:26 EEST 2006 

We have been using aide-0.10 for quite some time now. I recently reviewed
our setup and wanted to make some changes after reading in the online manual
that the general rules should be at the bottom of the config. We had the
rule to monitor '/' at the very top before and always had some minor
problems with /root and /etc constantly showing in the reports.

Anyways, all I did was move this rule to the bottom of our confs and now can
not get aide to run on a handful of systems here. We use CentOS, v3 and 4
and both are present in the problem systems. I have even tried aide-0.11,
with and without the gen_list.c patch from the archives (I ran gdb on one of
these systems and got a similar error, worth a shot). Init runs fine, but it
seems to die on the compares. We have made a front end web-gui for aide, and
it shows:

aide compare errors  	errors  	
Aide Run Completed 	info 	
error code not 0 	errors 	11

If that helps at all. I am really have a time at tracking this down. I have
reversed my changes only to experience the same problem. The db files
generated seem to be fine to me, but running the conf locally on the system
will generally result in a segfault. Any help would be appreciated here. I
would like to know what the return code we are getting means specifically.
Any way to tell what line in the conf is causing the problem would be
helpful. Our confs are broken into templates, and for some of these hosts, I
have removed all the host specific rules and used only the templates (which
are used on other systems that work just fine) and it still has a problem. I
realize our setup is a little unique, but I can provide any information that
might be needed to troubleshoot this. The basic way it works is that we init
the db, then cron jobs are set to scan hosts at various times. The scans are
actually another init that is pulled back to our central system and then
compared from there. I don't want to go into too much detail just yet as I
haven't been able to isolate the issue. I'm rambling already anyways.

To get an idea, we use this for inits:

# Place of databases
#
gzip_dbout   = no
database     = stdin
database_out = stdout
database_new = file:///dev/null

report_url   = stdout

Everything is done via ssh/sudo commands from a central system.

More information about the Aide mailing list