[Aide] Aide Digest, Vol 27, Issue 1

Nutan Vishwakarma nutan.vishwakarma at gmail.com
Sun Jan 19 20:07:28 EET 2020 

Thanks, your response did help; hence, As closure of this thread, I've
decided to share how I got all this to work on CentOS7, but should (could)
also work on RHEL, Fedora and Oracle Linux.

Admin Notes:-

I did get acl attribute to work but still could NOT get xattr attribute to
be accepted in aide.conf; (work around towards success - removed xattr from
aide.conf).
I also checked config.log and I can see that support check for xattr
resulted as "yes".

Step1: Install all dependencies - (beign way over greedy here; but
depending on your system's current state, you might already have some of
these installed, in that case yum will anyway ignore that package from the
list. Just in case you still see errors, review config.log and resolve it)

sudo yum install -y bison flex pcre pcre-devel.x86_64 zlib
zlib-devel.x86_64 libgcrypt-devel.x86_64 libgcrypt.x86_64
mhash-devel.x86_64 libcryptui-devel.x86_64 gettext-0.19.8.1-2.el7.x86_64 glibc
glibc-devel glibc-static libacl libacl-devel libselinux libselinux-devel
Step2: ran configure script with these options -

./configure --with-zlib --with-posix-acl --with-xattr --without-mhash
--with-selinux --disable-static --with-gcrypt

Step3: make (if make throws fatal or ld errors, It'd be good to resolve and
rerun make, before "make install").
Step4: "sudo make install"

Validations:-
Step5: aide --version
Step6: "sudo aide --init" (assumption : you already have a valid aide.conf
present at the path listed for CONFIG in above command"
Step7: Rename aide.db.new file to aide.db
Step8: Make a change in a directory which is monitored under aide.conf
Step9: "sudo aide --check"

Review results - job done.

Thanks again Richard.

Regards,
Nutan


On Sun, 19 Jan 2020 at 15:30, <aide-request at ipi.fi> wrote:

> Send Aide mailing list submissions to
>         aide at ipi.fi
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.ipi.fi/mailman/listinfo/aide
> or, via email, send a message with subject or body 'help' to
>         aide-request at ipi.fi
>
> You can reach the person managing the list at
>         aide-owner at ipi.fi
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Aide digest..."
>
>
> Today's Topics:
>
>    1. Re: AIDE init error for acl and gzip support (Nutan Vishwakarma)
>    2. Re: AIDE init error for acl and gzip support
>       (Richard van den Berg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 19 Jan 2020 01:34:40 +0530
> From: Nutan Vishwakarma <nutan.vishwakarma at gmail.com>
> To: aide at ipi.fi
> Subject: Re: [Aide] AIDE init error for acl and gzip support
> Message-ID:
>         <CACC=oqEetoFzVpUZFH9z4-Kqvbo9gG=
> W9Qy4QUsjAofY6WZYrg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Sorry, this took way too long to get back. Here is what I was trying to do
> and get an error with attribute "acl" when I use it against a directory.
>
> I am trying to test latest available version of aide, on CentOS 7 and not
> all dependencies are available via yum, so I installed a few manually in
> non standard paths.
>
>
> *sudo yum install -y bison flex pcre-devel.x86_64 zlib-devel.x86_64
> libgcrypt-devel.x86_64 libgcrypt.x86_64 mhash-devel.x86_64
> libcryptui-devel.x86_64 gettext-0.19.8.1-2.el7.x86_64./configure
> --with-zlib=/home/nutan/aide/zlib-1.2.11/ --disable-static*
>
>
> Configure script succeeded when ran with zlib (resolve libz requirement)
> and disabled static.
> aide is now running -
>
>
>
>
>
>
>
>
>
>
> *[nutan at aide aide-0.16.2]$ aide --versionAide 0.16.2Compiled with the
> following
> options:WITH_MMAPWITH_PCREWITH_LSTAT64WITH_READDIR64WITH_MHASHCONFIG_FILE =
> "/usr/local/etc/aide.conf"[nutan at aide aide-0.16.2]$ *
>
>
> NOW, the problem area -
>
> I created a aide.conf file and add following to it -
>
> *[nutan at aide rtest]$ sudo more /usr/local/etc/aide.conf*
>
> *database=file:/var/lib/aide/aide.db*
>
> *database_out=file:/var/lib/aide/aide.db.new*
>
> *database_new=file:/var/lib/aide/aide.db.new*
>
> *gzip_dbout=yes*
>
>
> *summarize_changes=no*
>
>
> *grouped=yes*
>
>
> *verbose = 10*
>
>
> *report_base16 = no*
>
>
> *Checksums = sha512+tiger*
>
>
> *# The checksums of the databases to be printed in the report*
>
> *# Set to 'E' to disable.*
>
> *database_attrs = Checksums*
>
>
> *# check test direcotry *
>
> */home/nutan/aide/rtest p+n+u+g+s+acl+selinux+xattrs+md5+sha256+sha512*
>
> *[nutan at aide rtest]$ *
>
>
> when "aide --init" is run, then I see error of expression.
>
> [nutan at aide rtest]$ aide --init
> Gzip-support not compiled in.
> 21:Error in expression:acl
> Configuration error
> [nutan at aide rtest]$
>
>
> If I remove "acl" from attributes list, then I see same error for xattrs.
> When I remove xattrs too, I get aide to initialize for the first time as
> expected.
>
> Is this because of build steps?? I'll atleast need acl to be part of the
> attributes list.
>
> Help Please...!!
>
>
> Thanks,
> Nutan
>
> On Tue, 12 Nov 2019 at 10:59, Nutan Vishwakarma <
> nutan.vishwakarma at gmail.com>
> wrote:
> >
> >
> >> Hi,
> >>
> >> I compiled aide-0.16.2 which these options -
> >>
> >> ./configure --with-zlib=/home/nutan/zlib-1.2.11/ --disable-static
> >>
> >>
> >> and it compiled well, but at the time of aide --init or --check, I get
> error for using gzip_dbout=yes and AUDIT = p+u+g+sha512+acl
> >> in my aide.conf file.
> >>
> >> When I check version, it does not show WITH_ZLIB -
> >>
> >> Aide 0.16.2
> >>
> >>
> >> Compiled with the following options:
> >>
> >>
> >> WITH_MMAP
> >>
> >> WITH_PCRE
> >>
> >> WITH_LSTAT64
> >>
> >> WITH_READDIR64
> >>
> >> WITH_MHASH
> >>
> >> CONFIG_FILE = "/usr/local/etc/aide.conf"
> >>
> >>
> >>
> >> Any idea what could be going wrong ? I also need to get "acl" working.
> >>
> >> thanks,
> >> Nutan
> >>
>
>
> --
> Er Nutan Vishwakarma
> Mob: 07893212071
> P
>  Please consider your environmental responsibility:
> Before printing this e-mail, ask yourself whether you need a hard copy.
> GO GREEN.....I am Doing my BIT.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ipi.fi/pipermail/aide/attachments/20200119/d34c6d2b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 18 Jan 2020 21:57:19 +0100
> From: Richard van den Berg <richard at vdberg.org>
> To: Aide user mailinglist <aide at ipi.fi>
> Subject: Re: [Aide] AIDE init error for acl and gzip support
> Message-ID: <cc39f5eb-0ccb-e018-d381-ff260d6d9afb at vdberg.org>
> Content-Type: text/plain; charset="utf-8"
>
> On 18/01/2020 21:04, Nutan Vishwakarma wrote:
> > I am trying to test latest available version of aide, on CentOS 7 and
> > not all dependencies are available via yum, so I installed a few
> > manually in non standard paths.
> >
> > /sudo yum install -y bison flex pcre-devel.x86_64 zlib-devel.x86_64
> > libgcrypt-devel.x86_64 libgcrypt.x86_64 mhash-devel.x86_64
> > libcryptui-devel.x86_64 gettext-0.19.8.1-2.el7.x86_64
> > ./configure --with-zlib=/home/nutan/aide/zlib-1.2.11/ --disable-static/
>
>
> Why use --with-zlib in a local directory when you have zlib-devel
> installed? Use --with-zlib without an argument should be enough.
>
>
> > when "aide --init" is run, then I see error of expression.
> >
> >     [nutan at aide rtest]$ aide --init
> >     Gzip-support not compiled in.
> >     21:Error in expression:acl
> >     Configuration error
> >     [nutan at aide rtest]$
> >
>
> Aide is complaing that gzip (zlib) and acl support are not available.
> ACL support should be available by running configure --with-posix-acl
> and xattr using --with-xattr
>
> Check your config.log to see why configure cannot find your zlib-devel
> files.
>
> Kind regards,
>
> Richard
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ipi.fi/pipermail/aide/attachments/20200118/6d9b6571/attachment-0001.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Aide mailing list
> Aide at ipi.fi
> https://www.ipi.fi/mailman/listinfo/aide
>
>
> ------------------------------
>
> End of Aide Digest, Vol 27, Issue 1
> ***********************************
>


-- 
* Er Nutan Vishwakarma Mob: 07893212071 P* Please consider your
environmental responsibility:
Before printing this e-mail, ask yourself whether you need a hard copy.
GO GREEN.....I am Doing my BIT.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ipi.fi/pipermail/aide/attachments/20200119/fc4c2417/attachment.html>

More information about the Aide mailing list