[Aide] AIDE + Apache 2.2 reload Problem

Keith Constable kccricket at gmail.com
Thu Aug 30 18:07:34 EEST 2012


On Thu, Aug 30, 2012 at 4:23 AM, Daniel Gerne
<daniel.gerne at googlemail.com> wrote:
> Dear Keith,
>
> thank you for support. We are running SLES 11 SP1. AIDE is installed
> from its package manager. Httpd is also installed from its package
> manager. So far we know that AIDE recognizes a change in both
> modification and change times. Therefore one solution could be to
> remove those checks from AIDE configuration and rely on the hash
> checks by changing
> ConfFiles       = p+i+n+u+g+s+b+m+c+md5+sha1
> to
> ConfFiles       = p+i+n+u+g+s+b+md5+sha1
>
> But we want to make sure that there is no better solution, first.
>
> regards
> Daniel

Daniel,

What I'm seeing with SLES 11 SP1 is that /usr/sbin/httpd2 is a symlink
to the chosen MPM binary. This symlink is touched every time the init
script is run, even if it is called with no command, a bogus command,
or just with "status." I'm not sure why it does that, but it does.
Since it's just a symlink, removing the mtime and ctime rules for
/usr/sbin/httpd2 is the best option I can think of.

Best of luck,

Keith


More information about the Aide mailing list