On 22 Oct 2012, at 7:12 PM, ncalsmitty1369 <[email protected]> wrote:
> Hi, > > I am having a problem initializing my aide installation on a xen Debian > squeeze domU. I have installed and configured aide many times across debian > etch/lenny/squeeze and have not had the problem detailed below. However, this > is my first aide install on a xen vm. I found one reference to a similar > situation in the aide user list archives, found here: > https://mailman.cs.tut.fi/pipermail/aide/2011-October/001245.html . I read > through the Debian documentation but ultimately didn't find anything to help > me. I have looked for help on a Debian specific mailing list, but found no > takers. I am hoping that someone here can point me in the right direction to > get this problem resolved. > > Thanks. > > Details of the problem: > > KERNEL AND PACKAGES INSTALLED: > > Linux turing 2.6.32-5-xen-amd64 #1 SMP Sun May 6 08:57:29 UTC 2012 x86_64 > GNU/Linux > aide-xen/squeeze uptodate 0.15.1-2+squeeze1, aide-common/squeeze uptodate > 0.15.1-2+squeeze1 > > AIDE.CONF: > > database=file:/var/lib/aide/aide.db > database_out=file:/var/lib/aide/aide.db.out > database_new=file:/var/lib/aide/aide.db.new > gzip_dbout=yes > report_url=file:/work/logs/aide/report.txt > summarize_changes=no > grouped=yes > Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger > OwnerMode = p+u+g+ftype > Size = s+b > InodeData = OwnerMode+n+i+Size+l+acl+xattrs+e2fsattrs+selinux > StaticFile = m+c+Checksums > RamdiskData = InodeData-i > Full = InodeData+StaticFile > VarTime = InodeData+Checksums > VarInode = VarTime-i > VarFile = OwnerMode+n+l+acl+xattrs+e2fsattrs+selinux > VarDir = OwnerMode+n+i+acl+xattrs+e2fsattrs+selinux > VarDirInode = OwnerMode+n+acl+xattrs+e2fsattrs+selinux > VarDirTime = InodeData > Log = OwnerMode+n+S+acl+xattrs+e2fsattrs+selinux > FreqRotLog = Log-S > LowLog = Log-S > SerMemberLog = Full+I > LoSerMemberLog = SerMemberLog+ANF > HiSerMemberLog = SerMemberLog+ARF > LowDELog = SerMemberLog+ANF+ARF > SerMemberDELog = Full+ANF > LinkedLog = Log-n > > INIT: > > root@turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --init > Setting verbosity to 255 > commandconf():@@include /etc/aide/aide.conf > > 1:@@include > 9:database = > do_dbdef (1) called with (file:/var/lib/aide/aide.db) > 10:database_out = > do_dbdef (2) called with (file:/var/lib/aide/aide.db.out) > Output database set to "file:/var/lib/aide/aide.db.out" > "/var/lib/aide/aide.db.out" > 11:database_new = > do_dbdef (4) called with (file:/var/lib/aide/aide.db.new) > 12:gzip_dbout = > 13:report_url = > WARNING: Debug output enabled > Opening file "/work/logs/aide/report.txt" for w+ > Opened file "/work/logs/aide/report.txt" with fd=4 > 17:summarize_changes = > 20:grouped = > 25:Equrule > 28:Equrule > 31:Equrule > 34:Equrule > 35:Equrule > 39:Equrule > 42:Equrule > 45:Equrule > 48:Equrule > 51:Equrule > 54:Equrule > 57:Equrule > 60:Equrule > 150:Equrule > 153:Equrule > 157:Equrule > 160:Equrule > 164:Equrule > 168:Equrule > 173:Equrule > 177:Equrule > 181:Equrule > tree: "/" > > AIDE, version 0.15.1 > > ### AIDE database at /var/lib/aide/aide.db.out initialized. > > report out: > > db_init 2 > Opening file "/var/lib/aide/aide.db.out" for w+ > Opened file "/var/lib/aide/aide.db.out" with fd=3 > db_out is nonnull /var/lib/aide/aide.db.out > decode base64 > db_init 256 > / match=0, tree=0x1aaa5c0, attr=0 > /usr match=0, tree=0x1aaa5c0, attr=0 > /opt match=0, tree=0x1aaa5c0, attr=0 > /var match=0, tree=0x1aaa5c0, attr=0 > /lost+found match=0, tree=0x1aaa5c0, attr=0 > /initrd.img match=0, tree=0x1aaa5c0, attr=0 > /lib64 match=0, tree=0x1aaa5c0, attr=0 > /work match=0, tree=0x1aaa5c0, attr=0 > /proc match=0, tree=0x1aaa5c0, attr=0 > /smbmnt match=0, tree=0x1aaa5c0, attr=0 > /tmp match=0, tree=0x1aaa5c0, attr=0 > /root match=0, tree=0x1aaa5c0, attr=0 > /export match=0, tree=0x1aaa5c0, attr=0 > /dev match=0, tree=0x1aaa5c0, attr=0 > /home match=0, tree=0x1aaa5c0, attr=0 > /bin match=0, tree=0x1aaa5c0, attr=0 > /sbin match=0, tree=0x1aaa5c0, attr=0 > > CREATE AIDE.DB: > > root@turing:/var/lib/aide# cp aide.db.out aide.db > > UPDATE: > > root@turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --update > Setting verbosity to 255 > commandconf():@@include /etc/aide/aide.conf > > 1:@@include > 9:database = > do_dbdef (1) called with (file:/var/lib/aide/aide.db) > 10:database_out = > do_dbdef (2) called with (file:/var/lib/aide/aide.db.out) > Output database set to "file:/var/lib/aide/aide.db.out" > "/var/lib/aide/aide.db.out" > 11:database_new = > do_dbdef (4) called with (file:/var/lib/aide/aide.db.new) > 12:gzip_dbout = > 13:report_url = > WARNING: Debug output enabled > Opening file "/work/logs/aide/report.txt" for w+ > Opened file "/work/logs/aide/report.txt" with fd=4 > 17:summarize_changes = > 20:grouped = > 25:Equrule > 28:Equrule > 31:Equrule > 34:Equrule > 35:Equrule > 39:Equrule > 42:Equrule > 45:Equrule > 48:Equrule > 51:Equrule > 54:Equrule > 57:Equrule > 60:Equrule > 150:Equrule > 153:Equrule > 157:Equrule > 160:Equrule > 164:Equrule > 168:Equrule > 173:Equrule > 177:Equrule > 181:Equrule > tree: "/" > > report out: > > db_init 2 > Opening file "/var/lib/aide/aide.db.out" for w+ > Opened file "/var/lib/aide/aide.db.out" with fd=3 > db_out is nonnull /var/lib/aide/aide.db.out > decode base64 > db_init 256 > db_init 1 > Opening file "/var/lib/aide/aide.db" for r > Opened file "/var/lib/aide/aide.db" with fd=6 > db_in is nonnull > Got Gzip header. Handling.. > First character after gzip header is: @(0X40) > nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:6>: stream end > decode base64 > name > Database does not have attr field. > Comparation may be incorrect > Generating attr-field from dbspec > It might be a good Idea to regenerate databases. Sorry. > db_char2line():Error while reading database > > CHECK: > > root@turing:/etc/aide# aide -V255 --config=/etc/aide/aide.conf --check > Setting verbosity to 255 > commandconf():@@include /etc/aide/aide.conf > > 1:@@include > 9:database = > do_dbdef (1) called with (file:/var/lib/aide/aide.db) > 10:database_out = > do_dbdef (2) called with (file:/var/lib/aide/aide.db.out) > Output database set to "file:/var/lib/aide/aide.db.out" > "/var/lib/aide/aide.db.out" > 11:database_new = > do_dbdef (4) called with (file:/var/lib/aide/aide.db.new) > 12:gzip_dbout = > 13:report_url = > WARNING: Debug output enabled > Opening file "/work/logs/aide/report.txt" for w+ > Opened file "/work/logs/aide/report.txt" with fd=4 > 17:summarize_changes = > 20:grouped = > 25:Equrule > 28:Equrule > 31:Equrule > 34:Equrule > 35:Equrule > 39:Equrule > 42:Equrule > 45:Equrule > 48:Equrule > 51:Equrule > 54:Equrule > 57:Equrule > 60:Equrule > 150:Equrule > 153:Equrule > 157:Equrule > 160:Equrule > 164:Equrule > 168:Equrule > 173:Equrule > 177:Equrule > 181:Equrule > tree: "/" > > report out: > > db_init 256 > db_init 1 > Opening file "/var/lib/aide/aide.db" for r > Opened file "/var/lib/aide/aide.db" with fd=5 > db_in is nonnull > Got Gzip header. Handling.. > First character after gzip header is: @(0X40) > nread=120,strlen(buf)=120,errno=Success,gzerr=<fd:5>: stream end > decode base64 > name > Database does not have attr field. > Comparation may be incorrect > Generating attr-field from dbspec > It might be a good Idea to regenerate databases. Sorry. > db_char2line():Error while reading database > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide Smitty, Unless I'm misunderstanding something about aide or your intentions, your aide.conf is missing a match rule. Regards, Keith
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
