Its not actually scanning /proc, I do have it excluded in my conf
file, and grep'ing the truss output shows me that this is the only file in
/proc that it accesses.. I believe aide is using the info in /proc about
itself for some reason, specifically the process usage information.
Looking at the data structure in /usr/include/sys/procfs.h, I can't figure
out why aide might need any of the information. Perhaps its a red herring?
I should mention that I had a lot of trouble compiling libgcrypt,
and I'm not super confident of the installation on my machine. Is this
library first used when aide starts to write out the db? Perhaps libgcrypt
is the problem.
Thanks,
-Jason
>
> You should exclude /proc from the check
> /proc contains info about processes that currently running.
> They will most certainly change from one run to the next.
>
> !/proc/.*
> or
> !/proc will do the trick
>
> The address alignment error that you get is the result of aide mmap():ing
> the /proc file and then trying to do a hash function on it.
>
>
> Rami
> --
> AIDE - Advanced Intrusion Detection Environment
> Check http://www.cs.tut.fi/~rammer/aide.html
>
