[Aide] Aide init

Tue Oct 23 02:26:55 EEST 2012

On 22 Oct 2012, at 7:12 PM, ncalsmitty1369 <ncalsmitty1369 at gmail.com> wrote:

> Hi,
> 
> I am having a problem initializing my aide installation on a xen Debian squeeze domU. I have installed and configured aide many times across debian etch/lenny/squeeze and have not had the problem detailed below. However, this is my first aide install on a xen vm. I found one reference to a similar situation in the aide user list archives, found here: https://mailman.cs.tut.fi/pipermail/aide/2011-October/001245.html . I read through the Debian documentation but ultimately didn't find anything to help me. I have looked for help on a Debian specific mailing list, but found no takers. I am hoping that someone here can point me in the right direction to get this problem resolved.
> 
> Thanks.
> 
> Details of the problem:
> 
> KERNEL AND PACKAGES INSTALLED:
> 
> Linux turing 2.6.32-5-xen-amd64 #1 SMP Sun May 6 08:57:29 UTC 2012 x86_64 GNU/Linux
> aide-xen/squeeze uptodate 0.15.1-2+squeeze1, aide-common/squeeze uptodate 0.15.1-2+squeeze1
> 
> AIDE.CONF:
> 
> database=file:/var/lib/aide/aide.db
> database_out=file:/var/lib/aide/aide.db.out
> database_new=file:/var/lib/aide/aide.db.new
> gzip_dbout=yes
> report_url=file:/work/logs/aide/report.txt
> summarize_changes=no
> grouped=yes
> Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
> OwnerMode = p+u+g+ftype
> Size = s+b
> InodeData = OwnerMode+n+i+Size+l+acl+xattrs+e2fsattrs+selinux
> StaticFile = m+c+Checksums
> RamdiskData = InodeData-i
> Full = InodeData+StaticFile
> VarTime = InodeData+Checksums
> VarInode = VarTime-i
> VarFile = OwnerMode+n+l+acl+xattrs+e2fsattrs+selinux
> VarDir = OwnerMode+n+i+acl+xattrs+e2fsattrs+selinux
> VarDirInode = OwnerMode+n+acl+xattrs+e2fsattrs+selinux
> VarDirTime = InodeData
> Log = OwnerMode+n+S+acl+xattrs+e2fsattrs+selinux
> FreqRotLog = Log-S
> LowLog = Log-S
> SerMemberLog  = Full+I
> LoSerMemberLog = SerMemberLog+ANF
> HiSerMemberLog = SerMemberLog+ARF
> LowDELog = SerMemberLog+ANF+ARF
> SerMemberDELog = Full+ANF
> LinkedLog = Log-n
> 
> INIT:
> 
> root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --init
> Setting verbosity to 255
> commandconf():@@include /etc/aide/aide.conf
> 
> 1:@@include
> 9:database =
> do_dbdef (1) called with (file:/var/lib/aide/aide.db)
> 10:database_out =
> do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
> Output database set to "file:/var/lib/aide/aide.db.out" "/var/lib/aide/aide.db.out"
> 11:database_new =
> do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
> 12:gzip_dbout =
> 13:report_url =
> WARNING: Debug output enabled
> Opening file "/work/logs/aide/report.txt" for w+
> Opened file "/work/logs/aide/report.txt" with fd=4
> 17:summarize_changes =
> 20:grouped =
> 25:Equrule
> 28:Equrule
> 31:Equrule
> 34:Equrule
> 35:Equrule
> 39:Equrule
> 42:Equrule
> 45:Equrule
> 48:Equrule
> 51:Equrule
> 54:Equrule
> 57:Equrule
> 60:Equrule
> 150:Equrule
> 153:Equrule
> 157:Equrule
> 160:Equrule
> 164:Equrule
> 168:Equrule
> 173:Equrule
> 177:Equrule
> 181:Equrule
> tree: "/"
> 
> AIDE, version 0.15.1
> 
> ### AIDE database at /var/lib/aide/aide.db.out initialized.
> 
> report out:
> 
> db_init 2
> Opening file "/var/lib/aide/aide.db.out" for w+
> Opened file "/var/lib/aide/aide.db.out" with fd=3
> db_out is nonnull /var/lib/aide/aide.db.out
> decode base64
> db_init 256
> / match=0, tree=0x1aaa5c0, attr=0
> /usr match=0, tree=0x1aaa5c0, attr=0
> /opt match=0, tree=0x1aaa5c0, attr=0
> /var match=0, tree=0x1aaa5c0, attr=0
> /lost+found match=0, tree=0x1aaa5c0, attr=0
> /initrd.img match=0, tree=0x1aaa5c0, attr=0
> /lib64 match=0, tree=0x1aaa5c0, attr=0
> /work match=0, tree=0x1aaa5c0, attr=0
> /proc match=0, tree=0x1aaa5c0, attr=0
> /smbmnt match=0, tree=0x1aaa5c0, attr=0
> /tmp match=0, tree=0x1aaa5c0, attr=0
> /root match=0, tree=0x1aaa5c0, attr=0
> /export match=0, tree=0x1aaa5c0, attr=0
> /dev match=0, tree=0x1aaa5c0, attr=0
> /home match=0, tree=0x1aaa5c0, attr=0
> /bin match=0, tree=0x1aaa5c0, attr=0
> /sbin match=0, tree=0x1aaa5c0, attr=0
> 
> CREATE AIDE.DB:
> 
> root at turing:/var/lib/aide# cp aide.db.out aide.db
> 
> UPDATE:
> 
> root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --update
> Setting verbosity to 255
> commandconf():@@include /etc/aide/aide.conf
> 
> 1:@@include
> 9:database =
> do_dbdef (1) called with (file:/var/lib/aide/aide.db)
> 10:database_out =
> do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
> Output database set to "file:/var/lib/aide/aide.db.out" "/var/lib/aide/aide.db.out"
> 11:database_new =
> do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
> 12:gzip_dbout =
> 13:report_url =
> WARNING: Debug output enabled
> Opening file "/work/logs/aide/report.txt" for w+
> Opened file "/work/logs/aide/report.txt" with fd=4
> 17:summarize_changes =
> 20:grouped =
> 25:Equrule
> 28:Equrule
> 31:Equrule
> 34:Equrule
> 35:Equrule
> 39:Equrule
> 42:Equrule
> 45:Equrule
> 48:Equrule
> 51:Equrule
> 54:Equrule
> 57:Equrule
> 60:Equrule
> 150:Equrule
> 153:Equrule
> 157:Equrule
> 160:Equrule
> 164:Equrule
> 168:Equrule
> 173:Equrule
> 177:Equrule
> 181:Equrule
> tree: "/"
> 
> report out:
> 
> db_init 2
> Opening file "/var/lib/aide/aide.db.out" for w+
> Opened file "/var/lib/aide/aide.db.out" with fd=3
> db_out is nonnull /var/lib/aide/aide.db.out
> decode base64
> db_init 256
> db_init 1
> Opening file "/var/lib/aide/aide.db" for r
> Opened file "/var/lib/aide/aide.db" with fd=6
> db_in is nonnull
> Got Gzip header. Handling..
> First character after gzip header is: @(0X40)
> nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:6>: stream end
> decode base64
>  name
> Database does not have attr field.
> Comparation may be incorrect
> Generating attr-field from dbspec
> It might be a good Idea to regenerate databases. Sorry.
> db_char2line():Error while reading database
> 
> CHECK:
> 
> root at turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --check
> Setting verbosity to 255
> commandconf():@@include /etc/aide/aide.conf
> 
> 1:@@include
> 9:database =
> do_dbdef (1) called with (file:/var/lib/aide/aide.db)
> 10:database_out =
> do_dbdef (2) called with (file:/var/lib/aide/aide.db.out)
> Output database set to "file:/var/lib/aide/aide.db.out" "/var/lib/aide/aide.db.out"
> 11:database_new =
> do_dbdef (4) called with (file:/var/lib/aide/aide.db.new)
> 12:gzip_dbout =
> 13:report_url =
> WARNING: Debug output enabled
> Opening file "/work/logs/aide/report.txt" for w+
> Opened file "/work/logs/aide/report.txt" with fd=4
> 17:summarize_changes =
> 20:grouped =
> 25:Equrule
> 28:Equrule
> 31:Equrule
> 34:Equrule
> 35:Equrule
> 39:Equrule
> 42:Equrule
> 45:Equrule
> 48:Equrule
> 51:Equrule
> 54:Equrule
> 57:Equrule
> 60:Equrule
> 150:Equrule
> 153:Equrule
> 157:Equrule
> 160:Equrule
> 164:Equrule
> 168:Equrule
> 173:Equrule
> 177:Equrule
> 181:Equrule
> tree: "/"
> 
> report out:
> 
> db_init 256
> db_init 1
> Opening file "/var/lib/aide/aide.db" for r
> Opened file "/var/lib/aide/aide.db" with fd=5
> db_in is nonnull
> Got Gzip header. Handling..
> First character after gzip header is: @(0X40)
> nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:5>: stream end
> decode base64
>  name
> Database does not have attr field.
> Comparation may be incorrect
> Generating attr-field from dbspec
> It might be a good Idea to regenerate databases. Sorry.
> db_char2line():Error while reading database
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide

Smitty,

Unless I'm misunderstanding something about aide or your intentions, your aide.conf is missing a match rule.

Regards,

Keith

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20121022/8a4b8c31/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4352 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20121022/8a4b8c31/attachment.bin 