On 22 Oct 2012, at 8:26 PM, ncalsmitty1369 <[email protected]> wrote: > Hi Keith, > > On Debian boxes there is a directory called /etc/aide/aide.conf.d. That > directory contains files that have > match rules based on many different services. On Squeeze boxes, I have > created the aide.db via "aide -c > > > aide.con -i". Copied the aide.db.new file to aide.db and then run the Debian > /etc/cron.daily/aide script. > The script reads in the /etc/aide.conf file and incorporates the rule files > found in aide.conf.d. It then > > > creates a file named aide.conf.autogenerated and places it in the directory > /var/lib/aide. Which is where > the aide.db file is kept. This is the same process that I used on another > Debian Squeeze box, non xen domU, > > which worked without issues. > > > Did I understand your suggestion correctly? I am definitely open to more if > it helps resolve the problem!
Smitty, There are a few things to note in this process. In the logs that you pasted, you see that it looks through your filesystem and gives you information like: /bin match=0, tree=0x1aaa5c0, attr=0 Note that "match=0". This means that aide took a look at the /bin directory, decided it didn't match any of the config rules, and did not add it to the database. You would normally expect a lot of noise from the -V255 argument, including some lines that contain "match=1". In your procedure, you say that you start the process by generating the DB by running: aide -c aide.con -i I'll assume that's a typo, and that you meant "aide.conf". Since you haven't run the cron script yet, I'll also assume you are referring to /etc/aide/aide.conf. Unless you've modified /etc/aide/aide.conf, the database you just initialized is now empty, since the default config doesn't contain any rules to match on. You may be getting those errors because the database is empty. Now, I am not familiar with Debian's system for aide, so all of this is educated speculation. However, it seems to me that you should be generating aide.conf.autogenerated first, then initializing the database with that new autogenerated config file. Also, it's worth noting that squeeze provides an aide-xen package. However, I have never used Xen, so I don't know how that package fits into the process, if at all. I apologize if I'm completely off the mark. Regards, Keith Constable
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
