LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-14-2014, 09:21 AM   #1
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Rep: Reputation: 0
AIDE question


While running AIDE the program crashes or terminates after a few minites with the message shown below:

Code:
Caught SIGBUS/SEGV while mmapping. File was truncated while aide was running?
Caught SIGBUS/SEGV. Exiting
What is wrong here?

One website on the internet said to configure AIDE without mmaping - except it did not say how to do that or why one should do that?

What does this error mean and how do I fix it?

Thnaks.

R,

jyunker
 
Old 02-15-2014, 03:42 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Quote:
Originally Posted by jyunker View Post
What is wrong here?
It may be due to mmap (running 'aide -v'|grep MMAP;' should show) but it could also be a corrupt database. It's suggested elsewhere to rename your database, make 'aide -i' build a new one and then check that first.


Quote:
Originally Posted by jyunker View Post
One website on the internet said to configure AIDE without mmaping - except it did not say how to do that or why one should do that?
Set the configure flag on recompiling AIDE. May look something like "--without-mmap".
 
Old 02-18-2014, 08:09 AM   #3
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
Yes ,the corrupt database is a possibility. but it seems to happen everytime I run the system command:


aide --init.

everytime. The data base is created and is named aide.db.new.gz and I then move or rename it aide.db.gxz, but keep it in the same folder -var/lib/aide.

Is this what they are referrring to as the corrupt database - aide.db.new.gx or aide.db.new.gz?

I do rename it. If it is corrupt then what do with it?

This problem is addressed in other version of Linux, such as Ubuntu. I am using Centos 6.5, 64 bit. It seems to not have been addressed in Centos - at least not yet. the recommendations to handle this issue in Ubuntu simply do not apply to Centos.

Any other ideas?

Do you know if there is an AIDe form?

Tanks.

R,

jyunker
 
Old 02-18-2014, 08:33 AM   #4
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
I am not sure what you mean by:

Code:
Set the configure flag on recompiling AIDE. May look something like "--without-mmap".
I installed AIDE by sudo yum install aide. I did not compile it.

R,

jyunker
 
Old 02-18-2014, 05:49 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Quote:
Originally Posted by jyunker View Post
Is this what they are referrring to as the corrupt database - aide.db.new.gx or aide.db.new.gz?
No.


Quote:
Originally Posted by jyunker View Post
I do rename it. If it is corrupt then what do with it?
Unless a process would be (unable to finish) writing to a "database" while you move it and you would kill the application in the process then yes, that could lead to corruption. (Not in the case of AIDE, IIRC it's just a compressed plain text file.) Moving, renaming itself does not and generally speaking should not be a cause for corruption.


Quote:
Originally Posted by jyunker View Post
This problem is addressed in other version of Linux, such as Ubuntu. (..) the recommendations to handle this issue in Ubuntu simply do not apply to Centos.
Where does it state this has been addressed?


Quote:
Originally Posted by jyunker View Post
Do you know if there is an AIDe form?
"Form"? what kind of "form" do you mean?


Quote:
Originally Posted by jyunker View Post
I installed AIDE by sudo yum install aide. I did not compile it.
OK, so you did not compile it but you might have to.
 
Old 02-19-2014, 08:06 AM   #6
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
zlib not installed properly

Sorry for my confusing writting. I of course do not need to know where an AIDE form is, but an AIDE Forum. Where is that?

I did try to compile AIDE using the *tar.gz version. When I tried to configure, it said that I did not have zlib installed properly.

I checked, I did have zlib installed, but I did uninstall and reinstall it, but still it did not like the way I had zlib installed when I typed ./configure again. .

I tried to configure without zlib and got other errors. The zlib install is fine for the *.rpm install, but not for the tar.gz install - interesting.

I would just like to install AIDE, whatever way works and then use it. What does it mean during ./configure when it says zlib not installed properly. It seems to pass zlib testing during the configure step, yet it still gives this error.

I looked on the internet and found no satisfying answer to this issue.


Thanks.

R,


jyunker
 
Old 02-20-2014, 01:51 PM   #7
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
addressed in other linux forums

When I say thaa this issue has been addressed in other linux forums, I mean that it
has, but that the recommendations to fix it require running some command particular to
that flavor of linux. This solution simply would not apply in Centos 6.5, 64 bit. This
command is not available in Centos.

So what else can I use.

thanks.

R,

jyunker
 
Old 02-21-2014, 10:23 AM   #8
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
So what is next? I just cannot get the aide program to run to
completion. The program aide --init crashes.

It is not clear why.

I have tried a few things, but none work.

In one post it was suggested that logs be checked. I think they must mean
Centos operational logs. The aide log just repeats the error.

Where are the Centos logs that I can check?

Thanks.

R,


jyunker
 
Old 02-21-2014, 12:43 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Quote:
Originally Posted by jyunker View Post
Sorry for my confusing writting. I of course do not need to know where an AIDE form is, but an AIDE Forum. Where is that?
None, there is a mamiling list though: see the documentation.


Quote:
Originally Posted by jyunker View Post
I did try to compile AIDE using the *tar.gz version. When I tried to configure, it said that I did not have zlib installed properly.
I checked, I did have zlib installed, but I did uninstall and reinstall it, but still it did not like the way I had zlib installed when I typed ./configure again. .
I tried to configure without zlib and got other errors. The zlib install is fine for the *.rpm install, but not for the tar.gz install - interesting. I would just like to install AIDE, whatever way works and then use it. What does it mean during ./configure when it says zlib not installed properly. It seems to pass zlib testing during the configure step, yet it still gives this error. I looked on the internet and found no satisfying answer to this issue.
Try
Code:
yum install zlib-devel
before compiling.


Quote:
Originally Posted by jyunker View Post
When I say thaa this issue has been addressed in other linux forums, I mean that it has, but that the recommendations to fix it require running some command particular to that flavor of linux. This solution simply would not apply in Centos 6.5, 64 bit. This command is not available in Centos.
Post that command in full, or better, where you've read about it?
 
Old 02-24-2014, 03:23 PM   #10
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
Okay, I reinstalled zlib-devel. It was already installed so I only reinstalled it. What do I do know. Try to recompile AIDE the traditional way?

I will.


R,


jyunker
 
Old 02-24-2014, 03:39 PM   #11
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
What does zlib not installed properly mean?

Okay it still said when I issued the command

./configure

that zlib was not installed properly. It was installed, so just to be safe I then reinstalled it.

It still said zlib not installed properly.

Code:
checking zlib.h usability... yes
checking zlib.h presence... yes
checking for zlib.h... yes
checking for deflate in -lz... no
configure: error: You don't have zlib properly installed. Install it or try --without-zlib.
Above is the output of the screen when I run the configure command with no options, just


./configure

I could try and configure without zlib, but it just gives another error. I am not sure what it means when it says zlib not installed properly.

It seems to have no problem with zlib when I run ./configure,

but hangs on


checking for deflate in -lz... no


what does that mean?


Thanks in advance.

R,


jyunker
 
Old 02-26-2014, 03:30 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Actually I tried this on a recent machine running Fedora, zlib and zlib-devel and I got the same error. I'd say get on the mailing list: https://mailman.cs.tut.fi/mailman/listinfo/aide
 
Old 03-14-2014, 02:56 PM   #13
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
AIDe solution maybe

I think that I have found what could be the answer to this problem. The link is:


https://bugzilla.redhat.com/show_bug.cgi?id=554490

It gives a Rehat patch that it claims will work. RedHat has not

made it a permanent part of the distribution. I am using Centos 6.5, 64 bit.

The patch seems to be a bunch of computer code. How do I use it?

Why did RedHat make it a part of their system. If you check out the link
you will see that they declined to do so.

Thanks in advance.

R,

jyunker
 
Old 03-17-2014, 11:08 AM   #14
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
This thread is at a dead end. The patch is for aide 0.13 and I am using aide 0.15.

There is nothing in the documentation to make me think that the patch applies to
anything other than aide 0.13.

So this thread is dead.

R,


jyunker
 
Old 03-17-2014, 05:34 PM   #15
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
// FWIW the OPs thread continues here: https://www.linuxquestions.org/quest...-a-4175498481/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Aide or Tripwire? dman777 Linux - Security 22 05-02-2011 09:28 PM
Question about AIDE or other file integrity checking software twk Linux - Security 5 05-13-2008 07:21 PM
Can someone post a sample aide.conf file here? For AIDE IDS abefroman Linux - Security 9 04-12-2008 08:18 AM
Question about aide v0.10 rjw1678 Linux - Security 3 12-10-2003 04:33 PM
aide cuckoopint Linux - Security 3 04-22-2003 02:50 PM


All times are GMT -5. The time now is 06:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration