Hi everyone while the time is gotten down its still taking very long about 3 to 4 days to complete. I've been looking at the verbose reports but most of it just shows the files being digested without really wha tmight be the problem I can post but I'm not sure how useful it would be. My boss really wants to scan as much files as possible and I need a reason not to scan certain directories. I already filtered out the directories suggested just /sys and /proc. However the scans still take 3 to 4 days to complete and generate reports 143000 lines long. Is there anyway I can speed this up or is cutting down on files the only way. Even on single thread should it really take this long to complete a scan even with a million files it shouldn't take this long should it? Is there anything I'm missing I should cut out. I narrorwed out the always changing files of /var/log and /var/spool only targeting certain files. But I'm not sure what else to cut out. My boss is paranoid and wants as much of files checked as possible but question the wisdom of checking in thousands of binaries of firmware files. I know that a trojan could happen anywhere but I doubt even this would find it easily. Any tips would be appreciated I'm sorry I just have no idea why its taking so long. The file system is about 50 GB but at best we are scanning 20 GB. Thanks any advice is appreciate. I'm sorry for the trouble.
On Wed, Sep 4, 2013 at 3:36 PM, Mason Nakadomari <[email protected]>wrote: > Thank you very much I excluded the appropriate directories and I have > gottent he time down considerably and actually completed a scan. Thanks > very much for the help. > > > On Mon, Sep 2, 2013 at 10:14 AM, Mason Nakadomari <[email protected]>wrote: > >> Thanks. I am running a verbose scan. I'm gonna check it out. I just >> expected faster scans when I omitted certain directories. I'll go ahead and >> display the output I encountered. >> On Sep 2, 2013 12:24 AM, "Christoph Wilke" < >> [email protected]> wrote: >> >>> >>> Hi, >>> >>> On Sun, 1 Sep 2013 23:47:02 -1000 >>> Mason Nakadomari <[email protected]> wrote: >>> >>> > I've removed /proc /dev /sys from my scans and even cutdown on >>> /var/spool >>> > and /var/log. However my scans are still taking more than 24 hours to >>> > complete. Any other recommended configs. The aide manual gave hints but >>> > nothing definite. Still having trouble completing an init. Sorry but >>> I'm >>> > getting frustrated. I suspect I'm doing this wrong somehow. All the >>> checks >>> > are done via a centralized server and it sshs into the desired host. >>> Please >>> > advise. I'm sorry if it seems like I don't know beans. I don't know >>> aide >>> > very well. Thanks. >>> >>> please run with -V231 or even -V255 as recommended by Keith Constable >>> earlier >>> in this thread. >>> For example: >>> aide -V231 --init >>> or similar. >>> >>> This will help you to find the timeconsuming files. >>> >>> Best Regards >>> Christoph Wilke >>> >>> > On Aug 29, 2013 12:27 PM, "Mason Nakadomari" <[email protected]> >>> wrote: >>> > >>> > > I'm enacting some of your advice immediately thank you very much to >>> the >>> > > both of you. I'll let you know my progress. I know I'm a rookie at >>> this but >>> > > I appreciate the help. >>> >>> [...] >>> _______________________________________________ >>> Aide mailing list >>> [email protected] >>> https://mailman.cs.tut.fi/mailman/listinfo/aide >>> >> >
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
