On 28 Aug 2013, at 8:53 PM, Mason Nakadomari <nakad...@hawaii.edu> wrote:
> Hi my organization is not satisfied with the deafult aide configuration. We > want to look at all the files in the root file system without excluding > directories for security reasons. We know that certain directories will only > be checked for certain attributes for example log files would not have mtime > checked. However I have run a few configurations below scanning the whole > root to see what attributes we can whittle down to produce a more efficient > configuration and its taking an enormous amount of time. > I'm using the below configuration. > CUSTOMTEST1=p+i+u+g+m+acl+selinux+md5 > CUSTOMTEST2=p+i+u+g+s+n+m+acl+selinux > These are on rhel 6 servers this is scanning the whole root. > so for example > @@ifhost test77 > / CUSTOMTEST1 > @@ifhost test77 > [root@aid70 /]# df -h > Filesystem Size Used Avail Use% Mounted on > /dev/mapper/vg0-lvroot > 48G 3.1G 42G 7% / > tmpfs 937M 0 937M 0% /dev/shm > /dev/sda1 1007M 67M 890M 7% /boot > > The CUSTOMTEST1 config on aide.init continues to run after 3 days. > The CUSTOMTEST2 config has been running for more than 30 hours. > > We figured that the removal of a checksum would help performance but both are > taking extremely long. > Are we butting heads with something in the file system. Is it impossible to > scan the entire root file system of a Red Hat server with Aide without > running it for several days? > I've checke dthere are no problems with memory or CPU usage. > Any advice would be appreciated. > We really need to get these times down ideally without taking out or > excluding directories. > Thank you. Mason, Is this during --init or --check? Though, neither one should take anywhere near that long on such little data. If I were in your shoes, I would try running aide with the -V231 argument. It turns on just enough verbosity to show you what files it's working on without being overwhelming. You can go up to -V255 if you feel you need more info. Regards, Keith Constable
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
