[Aide] Problems running AIDE

Eric Webster ewebster at 2co.com
Tue Jun 13 06:27:21 EEST 2006 

I put aide-0.11 on all of our systems. Re-init, and then I ran a compare
afterwards. This fixed two of the 10 systems having issues. I put the CVS
snapshot from 6-12 on our central system and the others are working. I
haven't done them all yet but this is great!

On all hosts I have scanned thus far, I see entries for files added such as:

/proc/ide/ide0/hda/capacity

...and so on for all of the partitions in the system. I am wondering if
these may be the offending database entries as it seems odd that they show
on all scans. I hope this helps you figure out what the problem was, but it
looks like you guys have already fixed it.

In our system template rules, which is on every system, we have these rules:

!/proc/(\.)?[0-9]+
/proc                           Q

Q is defined as:
Q       = p+u+g

Does this tell you anything about what the problem might have been?

One more question, and not to push, but when is the next official release
due out? As a general rule of thumb we don't really like to run CVS versions
of software on production systems.

-----Original Message-----
From: aide-bounces at cs.tut.fi [mailto:aide-bounces at cs.tut.fi] On Behalf Of
Eric Webster
Sent: Monday, June 12, 2006 11:09 AM
To: 'Richard van den Berg'; 'Aide user mailinglist'
Subject: Re: [Aide] Problems running AIDE

I will give those a shot, but I won't have a chance to until later this
evening or possibly tomorrow. Thank you for being so quick to respond to my
call for help though.

-----Original Message-----
From: Richard van den Berg [mailto:richard at vdberg.org] 
Sent: Monday, June 12, 2006 3:47 AM
To: ewebster at 2co.com; Aide user mailinglist
Subject: Re: [Aide] Problems running AIDE

Eric Webster wrote:
> Init runs fine, but it seems to die on the compares.
[snip]
> The basic way it works is that we init
> the db, then cron jobs are set to scan hosts at various times. The scans
are
> actually another init that is pulled back to our central system and then
> compared from there.

So, the problems arises when you do a compare between 2 databases on the
central system? That is a functionality that not many people are using,
this could explain why you are the first one to report this.

If you could give the CVS version a try (the last daily snapshot will
do), that would be great. A gdb backtrace should help in locating the
problem. Please do not use aide 0.10, it is known to cause segfaults in
various situations.

Since your problem is with --compare, you can send the 2 databases so I
can troubleshoot this locally on my system.

Sincerely,

Richard van den Berg

_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

More information about the Aide mailing list