[Aide] LOG >
Blackburn, Marvin
mblackburn at glenraven.com
Mon Dec 10 21:56:43 EET 2007
-----Original Message-----
From: aide-bounces at cs.tut.fi [mailto:aide-bounces at cs.tut.fi] On Behalf Of
Richard van den Berg
Sent: Saturday, December 08, 2007 5:14 PM
To: Aide user mailinglist
Subject: Re: [Aide] LOG >
Blackburn, Marvin wrote:
> This line is in the aide.conf file. I"m not sure what it means.
The "LOG >" line defines the group "LOG" to contain ">" which in general
means "growing log file".
> I have taken out referenences to selinux in the file but I get the
> following message when it parses the directiories that have this rule.
>
> lgetfilecon_raw failed for /var/log/messages.3:No data available
That makes sense. In aide.c the ">" group is defined as:
p=0LLU;
#ifdef WITH_ACL
p|=DB_ACL;
#endif
#ifdef WITH_SELINUX
p|=DB_SELINUX;
#endif
#ifdef WITH_XATTR
p|=DB_XATTRS;
#endif
do_groupdef(">",DB_PERM|DB_INODE|DB_LNKCOUNT|DB_UID|DB_GID|DB_SIZEG|
DB_LINKNAME|p);
So DB_SELINUX is included in the ">" group. Don't use ">" or define LOG
as ">" without the selinux bit:
LOG >-selinux
Sincerely,
Richard van den Berg
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
using Log = >-selinux works great.
Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3921 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20071210/63351309/attachment.bin
More information about the Aide
mailing list