Thanks the goal is monitor everything but to tailor it to the files and system. So we fully intended to only monitor things like permissions for files that change a lot or things like /dev. But we didn't think that looking at them at all would cause such a hang up. We are even trying to scan using only a few basic parameters like u+p. That is good advice and we are trying to tailor it so everything is monitored but that it doesn't pick up on useless info. That is part of what I am trying to tweak with this. Thanks very much for the advice. Is it impossible to scan /dev /sys and /proc even with very basic parameters like u+p+i? On Aug 28, 2013 3:48 PM, "Keith Constable" <[email protected]> wrote:
> On 28 Aug 2013, at 9:37 PM, Mason Nakadomari <[email protected]> wrote: > > Thank you for the response. I am running aide.init. Yeah we thought it was > strange given its only 50 gigs in root. I'll try that. We feel that it must > be getting stuck somewhere. But even running on different machines doesn't > work. > > > Mason, > > It just occurred to me that since you did not tell it not to, aide may be > attempting to generate a hash for one of the never ending files in /dev > like /dev/zero or /dev/random. I'm not certain it will do that, as I've > never tried, but it seems likely. I doubt it treats "special" files any > differently than regular ones. Dhr. van den Berg could tell you more than I > about that. > > In addition, prepare for some unbidden advice. Whether you heed it or not > is not my concern, but I would be remiss not to try. Your plan to monitor > every change in the entire filesystem may not necessarily improve your > security. Be careful not to include so many frequently changing files that > it generates a report that's too long. You're more likely to miss that one > important change if you have to sift through a mountain of unimportant ones. > > Regards, > > Keith Constable > > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide > >
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
