[Aide] AIDE configuration taking too long

[Keith Constable]

On 28 Aug 2013, at 9:37 PM, Mason Nakadomari <nakadoma at hawaii.edu> wrote:

> Thank you for the response. I am running aide.init. Yeah we thought it was strange given its only 50 gigs in root. I'll try that. We feel that it must be getting stuck somewhere. But even running on different machines doesn't work.

Mason,

It just occurred to me that since you did not tell it not to, aide may be attempting to generate a hash for one of the never ending files in /dev like /dev/zero or /dev/random. I'm not certain it will do that, as I've never tried, but it seems likely. I doubt it treats "special" files any differently than regular ones. Dhr. van den Berg could tell you more than I about that.

In addition, prepare for some unbidden advice. Whether you heed it or not is not my concern, but I would be remiss not to try. Your plan to monitor every change in the entire filesystem may not necessarily improve your security. Be careful not to include so many frequently changing files that it generates a report that's too long. You're more likely to miss that one important change if you have to sift through a mountain of unimportant ones.

Regards,

Keith Constable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130828/524f622d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2849 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20130828/524f622d/attachment.bin