[Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer
Cicone, Anthony
anthony_cicone at troweprice.com
Thu Oct 3 01:32:13 EEST 2019
I figured out what is happening. It’s scanning large sparse files like these, and taking forever.
/var/log/lastlog
/var/log/tallylog
/var/log/sudo-io/*/ttyout
I’m excluding them now.
Thanks.
From: Cicone, Anthony
Sent: Wednesday, October 2, 2019 1:01 PM
To: Aide user mailinglist <aide at ipi.fi>; Richard van den Berg <richard at vdberg.org>
Subject: RE: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer
I ran the init, which took almost an hour.
# /usr/local/bin/aide --init --verbose
Gzip-support not compiled in.
There are rules referring to non-existent directory /etc/grub
Start timestamp: 2019-10-02 14:56:48 +0000 (AIDE 0.16.2)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Verbose level: 20
Number of entries: 51926
End timestamp: 2019-10-02 15:49:15 +0000 (run time: 52m 27s)
I don’t see a noticeable improvement in the check time either.
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.gz
MD5 : z71Fu+gvfLEAHDSukvV+XA==
SHA1 : QBSFcIBkGtGTuZnqmCZxn3/EN9Y=
RMD160 : ABqSWqY1xvy88xZM/Dhvrx9iXTY=
TIGER : PD11t0GEp1QL8djN3cbZyymuApCecxhb
SHA256 : vZdwzNPRZHExqjgdaQYbL6vhcp+xJ6Dp
vFf+ERqYqCA=
SHA512 : Zb8H9Hwnx9020iXRzdRv7It74J11M6Tb
0azeMFwF4YMVAmg8O1V8RBEKeiheKn4O
wjA3pAXanaTdoVtHalQPnw==
End timestamp: 2019-10-02 16:45:30 +0000 (run time: 52m 16s)
From: Cicone, Anthony
Sent: Wednesday, October 2, 2019 10:46 AM
To: Aide user mailinglist <aide at ipi.fi<mailto:aide at ipi.fi>>; Richard van den Berg <richard at vdberg.org<mailto:richard at vdberg.org>>
Subject: RE: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer
I removed line 138 from the aide.conf, and I get past that error now.
From: Aide <aide-bounces at ipi.fi<mailto:aide-bounces at ipi.fi>> On Behalf Of Cicone, Anthony
Sent: Wednesday, October 2, 2019 10:37 AM
To: Richard van den Berg <richard at vdberg.org<mailto:richard at vdberg.org>>
Cc: Aide user mailinglist <aide at ipi.fi<mailto:aide at ipi.fi>>
Subject: Re: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer
Thanks, but the latest available is 0.14. I have tried compiling for source, but I’m getting errors.
./configure --without-zlib
….
checking for gpg_strerror in -lgpg-error... no
configure: error: You need to have libgpg-error.a installed to use libgcrypt.
It will compile with this
./configure --without-zlib --disable-static
# /usr/local/bin/aide --version
Aide 0.16.2
But, I get this error, using the aide.conf from doc/aide.conf
[root at ip-10-250-104-107 aide-0.16.2]# /usr/local/bin/aide --init --verbose
138:Error in restriction: L
Configuration error
From: Richard van den Berg <richard at vdberg.org<mailto:richard at vdberg.org>>
Sent: Wednesday, October 2, 2019 9:22 AM
To: Cicone, Anthony <anthony_cicone at troweprice.com<mailto:anthony_cicone at troweprice.com>>
Cc: Aide user mailinglist <aide at ipi.fi<mailto:aide at ipi.fi>>
Subject: [EXTERNAL] Re: [Aide] new Amazon Linux releases causing aide to run much longer
On 2 Oct 2019, at 15:13, Cicone, Anthony <anthony_cicone at troweprice.com<mailto:anthony_cicone at troweprice.com>> wrote:
# aide --version
Aide 0.14
The current version of aide is 0.16.2. Please try again with the latest release.
Cheers,
Richard
T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail.
The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail.
T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail.
The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20191002/0e8b471a/attachment-0001.html>
More information about the Aide
mailing list