LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-28-2014, 05:10 PM   #1
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Rep: Reputation: 0
aide.conf creation and debugging


I am trying things to build my aide.conf file. I am using a 64 bit Centos 6.5 system with 4 cores.

I ran the command and the output is as shown now.

Code:
 aide --config=/home/james/Desktop/aide-0.15.1/doc/aide.conf  -V255 --config-check
Setting verbosity to 255
commandconf():@@include /home/james/Desktop/aide-0.15.1/doc/aide.conf

1:@@include
22:@@define TOPDIR /home/james/Desktop/aide-0.15.1
24:@@ifndef TOPDIR

Eating until @@endif
25:@@define TOPDIR /
26:@@endif

Eating done
25:@@endif
Endif stmt matched
Ifndef statement ended
28:@@ifdef DEBUG

Eating until @@endif
29:@@define DEBUG ison
30:@@undef NOT_DEBUG
31:@@else
32:@@define NOT_DEBUG true
33:@@undef DEBUG
34:@@endif
Endif stmt matched
36:@@ifhost korppi

Eating until @@endif
37:@@define KORPPI yes
38:@@endif

Eating done
37:@@endif
Endif stmt matched
40:@@ifnhost ftp
41:@@define BUMMER true
42:@@endif
Endif stmt matched
46:Variable substitution
46:database =
do_dbdef (1) called with (file:/home/james/Desktop/aide-0.15.1/doc/aide.db)
51:database_out =
do_dbdef (2) called with (file:aide.db.new)
Output database set to "file:aide.db.new" "aide.db.new"
57:verbose =
Verbosity already defined to 255
65:report_url =
WARNING: Debug output enabled
114:Equrule
114:Error in expression:�

Configuration error

Now I am using the aide-0.15.tar.gz. It is configured :


Code:
 aide -v
Aide 0.15.1

Compiled with the following options:

WITH_POSIX_ACL
WITH_SELINUX
WITH_PRELINK
WITH_XATTR
WITH_LSTAT64
WITH_READDIR64
CONFIG_FILE = "/usr/local/etc/aide.conf"
Now one can see what the optional configuration files are.

So why did it complain about line 114 when the aide --config-check command was run?

Here is the aide.conf file, line 114 is the last line.

Code:
# AIDE 0.15.1
#
# example configuration file
#
# IMPORTANT NOTE!! PLEASE READ
#
# This configuration file checks the integrity of the
# AIDE package.
#
# This file is not intended to be used as the primary aide.conf file for
# your system. This file is intended to be a showcase for different
# features for aide.conf file. 
#
# WRITE YOUR OWN CONFIGURATION FILE AND UNDERSTAND WHAT YOU ARE WRITING
#  
#
# Default values for the parameters are in comments before the 
# corresponding line.
#

@@define TOPDIR /home/james/Desktop/aide-0.15.1

@@ifndef TOPDIR 
@@define TOPDIR /
@@endif

@@ifdef DEBUG
@@define DEBUG ison
@@undef NOT_DEBUG
@@else
@@define NOT_DEBUG true
@@undef DEBUG
@@endif

@@ifhost korppi
@@define KORPPI yes
@@endif

@@ifnhost ftp
@@define BUMMER true
@@endif

# The location of the database to be read.
#database=file:aide.db
database=file:@@{TOPDIR}/doc/aide.db

# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:aide.db.new

# Whether to gzip the output to database
# gzip_dbout=no

#verbose=5
verbose=250

#report_url=stdout
#other possibilities
#report_url=stderr
#NOT IMPLEMENTED report_url=mailto:root@foo.com
#report_url=file:/tmp/some_file.txt
#report_url=syslog:LOG_AUTH
report_url=stdout

# @@{TOPDIR} is replaced with /home/james/Desktop/aide-0.15.1 when
# read by aide. 
#p:		permissions
#ftype:	file type
#i:		inode
#n:		number of links
#l:		link name
#u:		user
#g:		group
#s:		size
#b:		block count
#m:		mtime
#a:		atime
#c:		ctime
#S:		check for growing size
#I:		ignore changed filename
#md5:		md5 checksum
#sha1:		sha1 checksum
#sha256:	sha256 checksum
#sha512:	sha512 checksum
#rmd160:	rmd160 checksum
#tiger:		tiger checksum
#haval:		haval checksum
#crc32:		crc32 checksum
#R:		p+ftype+i+l+n+u+g+s+m+c+md5
#L:		p+ftype+i+l+n+u+g
#E:		Empty group
#>:		Growing logfile p+ftype+l+u+g+i+n+S
#The following are available if you have mhash support enabled:
#gost:		gost checksum
#whirlpool:	whirlpool checksum
#The following are available and added to the default groups R, L and >
#only when explicitly enabled using configure:
#acl:		access control list
#selinux	SELinux security context
#xattrs:	extended file attributes
#e2fsattrs:	file attributes on a second extended file system

# Rule definition
#All=R+a+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha256+sha512+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha256+tiger+acl+selinux+xattr
#All=R+a+sha1+rmd160+sha512+tiger+acl+selinux+xattr
#All=R+a+sha1+sha256+sha512+tiger+acl+selinux+xattr
#All=R+a+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=R+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
#All=a+sha1+rmd160+sha256+sha512+tiger+acl+selinux+xattr
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S+haval
It did not complain about anything until I put in "haval". The line

Code:
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S
generated no errors, but the line

Code:
All=a+acl+selinux+p+i+n+l+u+g+s+b+m+c+S+haval
did complain as I have shown above. But why select this one: havel. The others p+i+n+l+u+g+s+b+m+c+S

all came from the same list and generated no complaints.

I am using the aide.conf file thta came with the distribution only as a template. I am hoping by deleting and adding values I can see what is going on.

Substitue md5 for havel and the same error occurs.

I am very new to configuring aide.conf. So excuse the elementary question.

Thanks in advance.

R,


jyunker
 
Old 03-28-2014, 06:15 PM   #2
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,898

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Now I am using the aide-0.15.tar.gz. It is configured :
Why? When it's much easier to install aide from the Centos repository: yum install aide.

Here are instructions from the Centos help files for installing and configuring Aide.
 
Old 03-31-2014, 08:30 AM   #3
jyunker
Member
 
Registered: Aug 2009
Posts: 167

Original Poster
Rep: Reputation: 0
Here is why I use aide -0.015.tar.gz

I agree that it is much easier to install the rpm version of aide, but there is a problem. In order for aide to work on my system I
must configure aide without mmap, the rpm version of aide is already configured with mmap. I know of no way around it, and I must configure
without mmap, else, this is the error I will get after aide --init runs for a few minutes:


Code:
Caught SIGBUS/SEGV while mmapping. File was truncated while aide was running?
Caught SIGBUS/SEGV. Exiting

and stops. I have searched the internet and emailed the aide tech supprot people - no good. I would love to use the binary version of aide
and immediately begin running aide for its intended purpose. I cannot. As I said, when I do that I get the error:


Code:
Caught SIGBUS/SEGV while mmapping. File was truncated while aide was running?
Caught SIGBUS/SEGV. Exiting
I have never got a definitve answer about how to get rid of the error. It does create a database file at
/var/lib/aide/ and a log file in /var/log/aide/, but it stops abruptly with the error I have shown above twice now. The only way that
I know how to deal with that error (and this answer came from the aide mailing list) is to use the command during configurarion

./configure --without-mmap.

There is no other.

The only way to configure is to start with the *.tar.gz file. If there is another way please tell me.
I appreciate your help, but this is the sticking point.


How do I get rid of tht error when using the aide rpm version. A simple command of aide -v wil show this version of
aide is configured with-mmap?

Thanks in advance.


R,

jyunker
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with aide.conf file syntax abefroman Linux - Software 4 09-20-2009 09:22 PM
Can someone post a sample aide.conf file here? For AIDE IDS abefroman Linux - Security 9 04-12-2008 09:18 AM
creation of dhcpd.conf file gannurajput Linux - Networking 2 01-03-2008 03:45 PM
aide.conf example? linuxhippy Linux - Security 12 11-02-2006 05:45 AM
aide conf f1uke Linux - Security 1 07-29-2003 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration