[Aide] Aide init
ncalsmitty1369
ncalsmitty1369 at gmail.com
Tue Oct 23 02:12:29 EEST 2012
Hi,
I am having a problem initializing my aide installation on a xen Debian
squeeze domU. I have installed and configured aide many times across debian
etch/lenny/squeeze and have not had the problem detailed below. However,
this is my first aide install on a xen vm. I found one reference to a
similar situation in the aide user list archives, found here:
https://mailman.cs.tut.fi/pipermail/aide/2011-October/001245.html . I read
through the Debian documentation but ultimately didn't find anything to
help me. I have looked for help on a Debian specific mailing list, but
found no takers. I am hoping that someone here can point me in the right
direction to get this problem resolved.
Thanks.
Details of the problem:
KERNEL AND PACKAGES INSTALLED:
Linux turing 2.6.32-5-xen-amd64 #1 SMP Sun May 6 08:57:29 UTC 2012 x86_64
GNU/Linux
aide-xen/squeeze uptodate 0.15.1-2+squeeze1, aide-common/squeeze uptodate
0.15.1-2+squeeze1
AIDE.CONF:
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.out
database_new=file:/var/lib/aide/aide.db.new
gzip_dbout=yes
report_url=file:/work/logs/aide/report.txt
summarize_changes=no
grouped=yes
Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
OwnerMode = p+u+g+ftype
Size = s+b
InodeData = OwnerMode+n+i+Size+l+acl+xattrs+e2fsattrs+selinux
StaticFile = m+c+Checksums
RamdiskData = InodeData-i
Full = InodeData+StaticFile
VarTime = InodeData+Checksums
VarInode = VarTime-i
VarFile = OwnerMode+n+l+acl+xattrs+e2fsattrs+selinux
VarDir = OwnerMode+n+i+acl+xattrs+e2fsattrs+selinux
VarDirInode = OwnerMode+n+acl+xattrs+e2fsattrs+selinux
VarDirTime = InodeData
Log = OwnerMode+n+S+acl+xattrs+e2fsattrs+selinux
FreqRotLog = Log-S
LowLog = Log-S
SerMemberLog = Full+I
LoSerMemberLog = SerMemberLog+ANF
HiSerMemberLog = SerMemberLog+ARF
LowDELog = SerMemberLog+ANF+ARF
SerMemberDELog = Full+ANF
LinkedLog = Log-n
INIT:
root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --init
Setting verbosity to 255
commandconf():@@include /etc/aide/aide.conf
1:@@include
9:database =
do_dbdef (1) called with (file:/var/lib/aide/aide.db)
10:database_out =
do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
Output database set to "file:/var/lib/aide/aide.db.out"
"/var/lib/aide/aide.db.out"
11:database_new =
do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
12:gzip_dbout =
13:report_url =
WARNING: Debug output enabled
Opening file "/work/logs/aide/report.txt" for w+
Opened file "/work/logs/aide/report.txt" with fd=4
17:summarize_changes =
20:grouped =
25:Equrule
28:Equrule
31:Equrule
34:Equrule
35:Equrule
39:Equrule
42:Equrule
45:Equrule
48:Equrule
51:Equrule
54:Equrule
57:Equrule
60:Equrule
150:Equrule
153:Equrule
157:Equrule
160:Equrule
164:Equrule
168:Equrule
173:Equrule
177:Equrule
181:Equrule
tree: "/"
AIDE, version 0.15.1
### AIDE database at /var/lib/aide/aide.db.out initialized.
report out:
db_init 2
Opening file "/var/lib/aide/aide.db.out" for w+
Opened file "/var/lib/aide/aide.db.out" with fd=3
db_out is nonnull /var/lib/aide/aide.db.out
decode base64
db_init 256
/ match=0, tree=0x1aaa5c0, attr=0
/usr match=0, tree=0x1aaa5c0, attr=0
/opt match=0, tree=0x1aaa5c0, attr=0
/var match=0, tree=0x1aaa5c0, attr=0
/lost+found match=0, tree=0x1aaa5c0, attr=0
/initrd.img match=0, tree=0x1aaa5c0, attr=0
/lib64 match=0, tree=0x1aaa5c0, attr=0
/work match=0, tree=0x1aaa5c0, attr=0
/proc match=0, tree=0x1aaa5c0, attr=0
/smbmnt match=0, tree=0x1aaa5c0, attr=0
/tmp match=0, tree=0x1aaa5c0, attr=0
/root match=0, tree=0x1aaa5c0, attr=0
/export match=0, tree=0x1aaa5c0, attr=0
/dev match=0, tree=0x1aaa5c0, attr=0
/home match=0, tree=0x1aaa5c0, attr=0
/bin match=0, tree=0x1aaa5c0, attr=0
/sbin match=0, tree=0x1aaa5c0, attr=0
CREATE AIDE.DB:
root at turing:/var/lib/aide# cp aide.db.out aide.db
UPDATE:
root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --update
Setting verbosity to 255
commandconf():@@include /etc/aide/aide.conf
1:@@include
9:database =
do_dbdef (1) called with (file:/var/lib/aide/aide.db)
10:database_out =
do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
Output database set to "file:/var/lib/aide/aide.db.out"
"/var/lib/aide/aide.db.out"
11:database_new =
do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
12:gzip_dbout =
13:report_url =
WARNING: Debug output enabled
Opening file "/work/logs/aide/report.txt" for w+
Opened file "/work/logs/aide/report.txt" with fd=4
17:summarize_changes =
20:grouped =
25:Equrule
28:Equrule
31:Equrule
34:Equrule
35:Equrule
39:Equrule
42:Equrule
45:Equrule
48:Equrule
51:Equrule
54:Equrule
57:Equrule
60:Equrule
150:Equrule
153:Equrule
157:Equrule
160:Equrule
164:Equrule
168:Equrule
173:Equrule
177:Equrule
181:Equrule
tree: "/"
report out:
db_init 2
Opening file "/var/lib/aide/aide.db.out" for w+
Opened file "/var/lib/aide/aide.db.out" with fd=3
db_out is nonnull /var/lib/aide/aide.db.out
decode base64
db_init 256
db_init 1
Opening file "/var/lib/aide/aide.db" for r
Opened file "/var/lib/aide/aide.db" with fd=6
db_in is nonnull
Got Gzip header. Handling..
First character after gzip header is: @(0X40)
nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:6>: stream end
decode base64
name
Database does not have attr field.
Comparation may be incorrect
Generating attr-field from dbspec
It might be a good Idea to regenerate databases. Sorry.
db_char2line():Error while reading database
CHECK:
root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --check
Setting verbosity to 255
commandconf():@@include /etc/aide/aide.conf
1:@@include
9:database =
do_dbdef (1) called with (file:/var/lib/aide/aide.db)
10:database_out =
do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
Output database set to "file:/var/lib/aide/aide.db.out"
"/var/lib/aide/aide.db.out"
11:database_new =
do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
12:gzip_dbout =
13:report_url =
WARNING: Debug output enabled
Opening file "/work/logs/aide/report.txt" for w+
Opened file "/work/logs/aide/report.txt" with fd=4
17:summarize_changes =
20:grouped =
25:Equrule
28:Equrule
31:Equrule
34:Equrule
35:Equrule
39:Equrule
42:Equrule
45:Equrule
48:Equrule
51:Equrule
54:Equrule
57:Equrule
60:Equrule
150:Equrule
153:Equrule
157:Equrule
160:Equrule
164:Equrule
168:Equrule
173:Equrule
177:Equrule
181:Equrule
tree: "/"
report out:
db_init 256
db_init 1
Opening file "/var/lib/aide/aide.db" for r
Opened file "/var/lib/aide/aide.db" with fd=5
db_in is nonnull
Got Gzip header. Handling..
First character after gzip header is: @(0X40)
nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:5>: stream end
decode base64
name
Database does not have attr field.
Comparation may be incorrect
Generating attr-field from dbspec
It might be a good Idea to regenerate databases. Sorry.
db_char2line():Error while reading database
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20121022/44931ea2/attachment-0001.html
More information about the Aide
mailing list