LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   aide.conf creation and debugging (https://www.linuxquestions.org/questions/linux-newbie-8/aide-conf-creation-and-debugging-4175499824/)

jyunker 03-28-2014 04:10 PM
aide.conf creation and debugging
 
I am trying things to build my aide.conf file. I am using a 64 bit Centos 6.5 system with 4 cores.

I ran the command and the output is as shown now.

Code:
aide --config=/home/james/Desktop/aide-0.15.1/doc/aide.conf  -V255 --config-check
Setting verbosity to 255
commandconf():@@include /home/james/Desktop/aide-0.15.1/doc/aide.conf

1:@@include
22:@@define TOPDIR /home/james/Desktop/aide-0.15.1
24:@@ifndef TOPDIR

Eating until @@endif
25:@@define TOPDIR /
26:@@endif

Eating done
25:@@endif
Endif stmt matched
Ifndef statement ended
28:@@ifdef DEBUG

Eating until @@endif
29:@@define DEBUG ison
30:@@undef NOT_DEBUG
31:@@else
32:@@define NOT_DEBUG true
33:@@undef DEBUG
34:@@endif
Endif stmt matched
36:@@ifhost korppi

Eating until @@endif
37:@@define KORPPI yes
38:@@endif

Eating done
37:@@endif
Endif stmt matched
40:@@ifnhost ftp
41:@@define BUMMER true
42:@@endif
Endif stmt matched
46:Variable substitution
46:database =
do_dbdef (1) called with (file:/home/james/Desktop/aide-0.15.1/doc/aide.db)
51:database_out =
do_dbdef (2) called with (file:aide.db.new)
Output database set to "file:aide.db.new" "aide.db.new"
57:verbose =
Verbosity already defined to 255
65:report_url =
WARNING: Debug output enabled
114:Equrule
114:Error in expression:�

Configuration error

Now I am using the aide-0.15.tar.gz. It is configured :


Code:
aide -v
Aide 0.15.1

Compiled with the following options:

WITH_POSIX_ACL
WITH_SELINUX
WITH_PRELINK
WITH_XATTR
WITH_LSTAT64
WITH_READDIR64
CONFIG_FILE = "/usr/local/etc/aide.conf"
Now one can see what the optional configuration files are.

So why did it complain about line 114 when the aide --config-check command was run?

Here is the aide.conf file, line 114 is the last line.

Code:

# AIDE 0.15.1
#
# example configuration file
#
# IMPORTANT NOTE!! PLEASE READ
#
# This configuration file checks the integrity of the
# AIDE package.
#
# This file is not intended to be used as the primary aide.conf file for
# your system. This file is intended to be a showcase for different
# features for aide.conf file.
#
# WRITE YOUR OWN CONFIGURATION FILE AND UNDERSTAND WHAT YOU ARE WRITING

#
# Default values for the parameters are in comments before the
# corresponding line.
#

@@define TOPDIR /home/james/Desktop/aide-0.15.1

@@ifndef TOPDIR
@@define TOPDIR /
@@endif

@@ifdef DEBUG
@@define DEBUG ison
@@undef NOT_DEBUG
@@else
@@define NOT_DEBUG true
@@undef DEBUG
@@endif

@@ifhost korppi
@@define KORPPI yes
@@endif

@@ifnhost ftp
@@define BUMMER true
@@endif

# The location of the database to be read.
#database=file:aide.db
database=file:@@{TOPDIR}/doc/aide.db

# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:aide.db.new

# Whether to gzip the output to database
# gzip_dbout=no

#verbose=5
verbose=250

#report_url=stdout
#other possibilities
#report_url=stderr
#NOT IMPLEMENTED report_url=mailto:root@foo.com
#report_url=file:/tmp/some_file.txt
#report_url=syslog:LOG_AUTH
report_url=stdout

# @@{TOPDIR} is replaced with /home/james/Desktop/aide-0.15.1 when
# read by aide.
#p:                permissions
#ftype:        file type
#i:                inode
#n:                number of links
#l:                link name
#u:                user
#g:                group
#s:                size
#b:                block count
#m:                mtime
#a:                atime
#c:                ctime
#S:                check for growing size
#I:                ignore changed filename
#md5:                md5 checksum
#sha1:                sha1 checksum
#sha256:        sha256 checksum
#sha512:        sha512 checksum
#rmd160:        rmd160 checksum
#tiger:                tiger checksum
#haval:                haval checksum
#crc32:                crc32 checksum
#R:                p+ftype+i+l+n+u+g+s+m+c+md5
#L:                p+ftype+i+l+n+u+g
#E:                Empty group
#>:                Growing logfile p+ftype+l+u+g+i+n+S
#The following are available if you have mhash support enabled:
#gost:                gost checksum
#whirlpool:        whirlpool checksum
#The following are available and added to the default groups R, L and >
#only when explicitly enabled using configure:
#acl:                access control list
#selinux        SELinux security context
#xattrs:        extended file attributes
#e2fsattrs:        file attributes on a second extended file system

# Rule definition
#All=R+a+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha256+sha512+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha256+tiger+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha512+tiger+acl+selinux+xattr
#All=R+a+sha1+sha256+sha512+tiger+acl+selinux+xattr
#All=R+a+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=R+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=a+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S+haval
It did not complain about anything until I put in "haval". The line

Code:
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S
generated no errors, but the line

Code:
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S+haval
did complain as I have shown above. But why select this one: havel. The others p+i+n+l+u+g+s+b+m+c+S

all came from the same list and generated no complaints.

I am using the aide.conf file thta came with the distribution only as a template. I am hoping by deleting and adding values I can see what is going on.

Substitue md5 for havel and the same error occurs.

I am very new to configuring aide.conf. So excuse the elementary question.

Thanks in advance.

R,


jyunker

bigrigdriver 03-28-2014 05:15 PM
Quote:
Now I am using the aide-0.15.tar.gz. It is configured :
Why? When it's much easier to install aide from the Centos repository: yum install aide.

Here are instructions from the Centos help files for installing and configuring Aide.

jyunker 03-31-2014 07:30 AM
Here is why I use aide -0.015.tar.gz
 
I agree that it is much easier to install the rpm version of aide, but there is a problem. In order for aide to work on my system I
must configure aide without mmap, the rpm version of aide is already configured with mmap. I know of no way around it, and I must configure
without mmap, else, this is the error I will get after aide --init runs for a few minutes:


Code:
Caught SIGBUS/SEGV while mmapping. File was truncated while aide was running?
Caught SIGBUS/SEGV. Exiting

and stops. I have searched the internet and emailed the aide tech supprot people - no good. I would love to use the binary version of aide
and immediately begin running aide for its intended purpose. I cannot. As I said, when I do that I get the error:


Code:
Caught SIGBUS/SEGV while mmapping. File was truncated while aide was running?
Caught SIGBUS/SEGV. Exiting
I have never got a definitve answer about how to get rid of the error. It does create a database file at
/var/lib/aide/ and a log file in /var/log/aide/, but it stops abruptly with the error I have shown above twice now. The only way that
I know how to deal with that error (and this answer came from the aide mailing list) is to use the command during configurarion

./configure --without-mmap.

There is no other.

The only way to configure is to start with the *.tar.gz file. If there is another way please tell me.
I appreciate your help, but this is the sticking point.


How do I get rid of tht error when using the aide rpm version. A simple command of aide -v wil show this version of
aide is configured with-mmap?

Thanks in advance.


R,

jyunker


All times are GMT -5. The time now is 06:28 AM.