[Aide] Can't read database file
Jesse
jessebikman at gmail.com
Tue Jun 30 19:41:28 EEST 2009
When I run sudo strace /usr/sbin/aide -i -c aide_web.conf, this is what the
tail end of my output looks like:
getxattr("/afs/uncc.edu/coe/coe-web/seem/login/index.php",
"system.posix_acl_access", 0xbf903010, 132) = -1 EOPNOTSUPP (Operation not
supported)
getxattr("/afs/uncc.edu/coe/coe-web/seem/login/index.php",
"system.posix_acl_default", 0xbf903010, 132) = -1 EOPNOTSUPP (Operation not
supported)
llistxattr("/afs/uncc.edu/coe/coe-web/seem/login/index.php", 0x845c888,
1024) = 17
lgetxattr("/afs/uncc.edu/coe/coe-web/seem/login/index.php",
"security.selinux", "system_u:object_r:nfs_t:s0", 255) = 27
open("/afs/uncc.edu/coe/coe-web/seem/login/index.php",
O_RDONLY|O_LARGEFILE|O_NOATIME) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=194, ...}) = 0
mmap2(NULL, 194, PROT_READ, MAP_SHARED, 6, 0) = 0xb7f99000
munmap(0xb7f99000, 194) = 0
close(6) = 0
write(3, "/afs/uncc.edu/coe/coe-web/seem/l"..., 175) = 175
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
close(5) = 0
open("/afs/uncc.edu/coe/coe-web/seem/resources",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=2048, ...}) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
getdents64(5, /* 3 entries */, 4096) = 80
lstat64("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess",
{st_mode=S_IFREG|0644, st_size=21, ...}) = 0
time(NULL) = 1246379567
getxattr("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess",
"system.posix_acl_access", 0xbf903010, 132) = -1 EOPNOTSUPP (Operation not
supported)
getxattr("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess",
"system.posix_acl_default", 0xbf903010, 132) = -1 EOPNOTSUPP (Operation not
supported)
llistxattr("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess", 0x845c888,
1024) = 17
lgetxattr("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess",
"security.selinux", "system_u:object_r:nfs_t:s0", 255) = 27
open("/afs/uncc.edu/coe/coe-web/seem/resources/.htaccess",
O_RDONLY|O_LARGEFILE|O_NOATIME) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=21, ...}) = 0
mmap2(NULL, 21, PROT_READ, MAP_SHARED, 6, 0) = 0xb7f99000
munmap(0xb7f99000, 21) = 0
close(6) = 0
write(3, "/afs/uncc.edu/coe/coe-web/seem/r"..., 178) = 178
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
getdents64(5, /* 0 entries */, 4096) = 0
close(3) = 0
munmap(0xb7fc0000, 4096) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fc0000
write(1, "\n", 1
) = 1
write(1, "AIDE, version 0.12+xattrs+sha256"..., 45AIDE, version
0.12+xattrs+sha256+audit+fixes
) = 45
write(1, "\n", 1
) = 1
write(1, "### AIDE database at /tmp/aide.d"..., 52### AIDE database at
/tmp/aide.db.new initialized.
) = 52
exit_group(0) = ?
Process 10524 detached
It seems to work because it tells me that the AIDE database is initialized
in /tmp/aide.db.new.
When I run sudo strace /usr/sbin/aide -c aide_web.conf however, I find this
output:
execve("/usr/sbin/aide", ["/usr/sbin/aide", "-c", "aide_web.conf"], [/* 19
vars */]) = 0
brk(0) = 0x8b95000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe7000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=146998, ...}) = 0
mmap2(NULL, 146998, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fc3000
close(3) = 0
open("/lib/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\204"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=208344, ...}) = 0
mmap2(0x433e5000, 155776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x433e5000
mmap2(0x4340a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24) = 0x4340a000
close(3) = 0
open("/lib/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\363\371"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=26028, ...}) = 0
mmap2(0x43f9e000, 27288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x43f9e000
mmap2(0x43fa4000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x43fa4000
close(3) = 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\205"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=93512, ...}) = 0
mmap2(0x42925000, 93016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x42925000
mmap2(0x4293a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0x4293a000
close(3) = 0
open("/lib/libaudit.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0pY\217B"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=76756, ...}) = 0
mmap2(0x428f4000, 74020, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x428f4000
mmap2(0x42905000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x42905000
close(3) = 0
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\266"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=27836, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fc2000
mmap2(0x4448b000, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x4448b000
mmap2(0x44490000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0x44490000
mmap2(0x44492000, 155964, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x44492000
close(3) = 0
open("/usr/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\346"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=75284, ...}) = 0
mmap2(0x4342d000, 76656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x4342d000
mmap2(0x4343f000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x4343f000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\277"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576952, ...}) = 0
mmap2(0x432a6000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x432a6000
mmap2(0x433dd000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x433dd000
mmap2(0x433e0000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x433e0000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P|\371C"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=15972, ...}) = 0
mmap2(0x43f97000, 17248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x43f97000
mmap2(0x43f9b000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0x43f9b000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\352 at C"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(0x4340e000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x4340e000
mmap2(0x43410000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x43410000
close(3) = 0
open("/lib/libsepol.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\316"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=242880, ...}) = 0
mmap2(0x42aba000, 286624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x42aba000
mmap2(0x42af5000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a) = 0x42af5000
mmap2(0x42af6000, 40864, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x42af6000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fc1000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fc0000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fc06d0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
mprotect(0x4340a000, 4096, PROT_READ) = 0
mprotect(0x44490000, 4096, PROT_READ) = 0
mprotect(0x433dd000, 8192, PROT_READ) = 0
mprotect(0x428f0000, 4096, PROT_READ) = 0
mprotect(0x43410000, 4096, PROT_READ) = 0
munmap(0xb7fc3000, 146998) = 0
access("/etc/selinux/", F_OK) = 0
brk(0) = 0x8b95000
brk(0x8bb6000) = 0x8bb6000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=448, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe6000
read(3, "# This file controls the state o"..., 4096) = 448
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fe6000, 4096) = 0
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe6000
read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 4096) = 729
close(3) = 0
munmap(0xb7fe6000, 4096) = 0
open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
read(3, "1", 19) = 1
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110)
= 0
sendmsg(3, {msg_name(0)=NULL, msg_iov(5)=[{"\1\0\0\0", 4}, {"\1\0\0\0", 4},
{"\1\0\0\0", 4}, {"\0", 1}, {"\0", 1}], msg_controllen=0, msg_flags=0},
MSG_NOSIGNAL) = 14
readv(3, [{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0\0\0\0", 4}], 3) = 12
readv(3, [{"\0", 1}], 1) = 1
close(3) = 0
umask(0177) = 022
rt_sigaction(SIGBUS, {0x8059a00, [BUS], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x8059a00, [TERM], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUSR1, {0x8059a00, [USR1], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUSR2, {0x8059a00, [USR2], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x8059a00, [HUP], SA_RESTART}, {SIG_DFL}, 8) = 0
uname({sys="Linux", node="moslamp-cam1", ...}) = 0
time(NULL) = 1246380031
access("aide_web.conf", R_OK) = 0
open("aide_web.conf", O_RDONLY|O_LARGEFILE) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfa906d8) = -1 EINVAL (Invalid
argument)
fstat64(3, {st_mode=S_IFREG|0777, st_size=2495, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe6000
read(3, "# AIDE configuration file for ch"..., 8192) = 2495
read(3, "", 4096) = 0
open("/tmp/aide.log", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4
read(3, "", 8192) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfa906f8) = -1 EINVAL (Invalid
argument)
close(3) = 0
munmap(0xb7fe6000, 4096) = 0
open("/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
open("/tmp/aide.db", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or
directory)
fstat64(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe6000
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe5000
write(1, "Couldn\'t open file /tmp/aide.db "..., 44Couldn't open file
/tmp/aide.db for reading
) = 44
write(4, "Couldn\'t open file /tmp/aide.db "..., 44) = 44
exit_group(18) = ?
Process 10627 detached
Am I using the wrong commands? Is there something wrong with my
aide_web.conf file?
On Fri, Jun 12, 2009 at 5:15 PM, Marc Haber
<mh+aide at zugschlus.de<mh%2Baide at zugschlus.de>
> wrote:
> Hi,
>
> On Fri, Jun 12, 2009 at 02:17:03PM -0400, Jesse wrote:
> > Hi, I'm running Aide on RHEL5, and I'm trying to make my own config file.
> I
> > wipe out all the default directories and add my own three. I've added my
> > aide_web.conf file below, which I'm using in place of aide.conf.
> Everything
> > works fine, I can initialize my directory just fine, but when I try and
> > update my directory so that I can compare and see what has changed, I am
> > told that I do not have permission to open my database file.
>
> What does strace on the aide process say?
>
> > This happens when I run aide through sudo, when I run aide through
> > sudo -i, when I chmod 777 the database file, everything. Is there
> > something I'm not doing correctly?
>
> Never ever chmod 777 a file for debugging purposes.
>
> Greetings
> Marc
>
> --
>
> -----------------------------------------------------------------------------
> Marc Haber | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
> Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
--
Jesse Bikman
Website: http://webpages.uncc.edu/~jbikman/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20090630/becd7ded/attachment-0001.html
More information about the Aide
mailing list