I figured out what is happening. It’s scanning large sparse files like these, and taking forever.
/var/log/lastlog /var/log/tallylog /var/log/sudo-io/*/ttyout I’m excluding them now. Thanks. From: Cicone, Anthony Sent: Wednesday, October 2, 2019 1:01 PM To: Aide user mailinglist <[email protected]>; Richard van den Berg <[email protected]> Subject: RE: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer I ran the init, which took almost an hour. # /usr/local/bin/aide --init --verbose Gzip-support not compiled in. There are rules referring to non-existent directory /etc/grub Start timestamp: 2019-10-02 14:56:48 +0000 (AIDE 0.16.2) AIDE initialized database at /var/lib/aide/aide.db.new.gz Verbose level: 20 Number of entries: 51926 End timestamp: 2019-10-02 15:49:15 +0000 (run time: 52m 27s) I don’t see a noticeable improvement in the check time either. --------------------------------------------------- The attributes of the (uncompressed) database(s): --------------------------------------------------- /var/lib/aide/aide.db.gz MD5 : z71Fu+gvfLEAHDSukvV+XA== SHA1 : QBSFcIBkGtGTuZnqmCZxn3/EN9Y= RMD160 : ABqSWqY1xvy88xZM/Dhvrx9iXTY= TIGER : PD11t0GEp1QL8djN3cbZyymuApCecxhb SHA256 : vZdwzNPRZHExqjgdaQYbL6vhcp+xJ6Dp vFf+ERqYqCA= SHA512 : Zb8H9Hwnx9020iXRzdRv7It74J11M6Tb 0azeMFwF4YMVAmg8O1V8RBEKeiheKn4O wjA3pAXanaTdoVtHalQPnw== End timestamp: 2019-10-02 16:45:30 +0000 (run time: 52m 16s) From: Cicone, Anthony Sent: Wednesday, October 2, 2019 10:46 AM To: Aide user mailinglist <[email protected]<mailto:[email protected]>>; Richard van den Berg <[email protected]<mailto:[email protected]>> Subject: RE: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer I removed line 138 from the aide.conf, and I get past that error now. From: Aide <[email protected]<mailto:[email protected]>> On Behalf Of Cicone, Anthony Sent: Wednesday, October 2, 2019 10:37 AM To: Richard van den Berg <[email protected]<mailto:[email protected]>> Cc: Aide user mailinglist <[email protected]<mailto:[email protected]>> Subject: Re: [Aide] [EXTERNAL] Re: new Amazon Linux releases causing aide to run much longer Thanks, but the latest available is 0.14. I have tried compiling for source, but I’m getting errors. ./configure --without-zlib …. checking for gpg_strerror in -lgpg-error... no configure: error: You need to have libgpg-error.a installed to use libgcrypt. It will compile with this ./configure --without-zlib --disable-static # /usr/local/bin/aide --version Aide 0.16.2 But, I get this error, using the aide.conf from doc/aide.conf [root@ip-10-250-104-107 aide-0.16.2]# /usr/local/bin/aide --init --verbose 138:Error in restriction: L Configuration error From: Richard van den Berg <[email protected]<mailto:[email protected]>> Sent: Wednesday, October 2, 2019 9:22 AM To: Cicone, Anthony <[email protected]<mailto:[email protected]>> Cc: Aide user mailinglist <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] Re: [Aide] new Amazon Linux releases causing aide to run much longer On 2 Oct 2019, at 15:13, Cicone, Anthony <[email protected]<mailto:[email protected]>> wrote: # aide --version Aide 0.14 The current version of aide is 0.16.2. Please try again with the latest release. Cheers, Richard T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail.
_______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
