Hi Jeff, The conf file takes regex rather than globs, so I think you may need:
!/lib/modules/.*amzn2.x86_64 If that doesn't reduce the noise you may also need to reinitialise the database to ensure those files are not flagged as missing. cheers On Wed, 12 Oct 2022 at 10:47, Jeffrey Shepherd <[email protected]> wrote: > When I perform an *aide -- update* or an *aide -- check*, I get errors > such as the following: > > DBG: md_enable: algorithm 3 not available > DBG: md_enable: algorithm 6 not available > gcry_md_enable 1 failedgcry_md_enable 3 failedgcry_md_enable 6 > failedgcry_md_enable 1 failedgcry_md_enable 3 failedgcry_md_enable 6 > failedgetxattr failed for > /etc/systemd/system/multi-user.target.wants/ec2-instance-connect-harvest-hostkeys.service:No > such file or directory > Error on exit of prelink child process > getxattr failed for /lib/debug/usr/.dwz:No such file or directory > getxattr failed for > /lib/modules/4.14.268-205.500.amzn2.x86_64/mfe_aac/mfe_aac.ko:No such file > or directory > getxattr failed for > /lib/modules/4.14.268-205.500.amzn2.x86_64/mfe_aac/mfe_aac_100709137.ko:No > such file or directory > getxattr failed for /lib/modules/4.14.276-211.499.amzn2.x86_64/build:No > such file or directory > getxattr failed for /lib/modules/4.14.276-211.499.amzn2.x86_64/source:No > such file or directory > getxattr failed for > /lib/modules/4.14.276-211.499.amzn2.x86_64/mfe_aac/mfe_aac.ko:No such file > or directory > getxattr failed for > /lib/modules/4.14.276-211.499.amzn2.x86_64/mfe_aac/mfe_aac_100709137.ko:No > such file or directory > getxattr failed for /lib/modules/4.14.291-218.527.amzn2.x86_64/build:No > such file or directory > getxattr failed for /lib/modules/4.14.291-218.527.amzn2.x86_64/source:No > such file or directory > getxattr failed for /lib/modules/4.14.294-220.533.amzn2.x86_64/build:No > such file or directory > getxattr failed for /lib/modules/4.14.294-220.533.amzn2.x86_64/source:No > such file or directory > Error on exit of prelink child process > Error on exit of prelink child process > Error on exit of prelink child process > Error on exit of prelink child process > > I am running on Amazon Linux 2 (which performs like RHEL) and the > /usr/lib/modules/4.14.268-205.500.amzn2.x86_64/* failures have to do with > our McAfee ESS. > > I’ve tried updating */etc/aide.conf* with lines like > > !/lib/modules/*.amzn2.x86_64/* > !/usr/lib/modules/*.amzn2.x86_64/* > > Which don’t seem to have an effect and I have no idea what to do with the > *algorithm > not available* or *exit of prelink* messages. Once these messages have > passed I get a *Start timestamp* and AIDE seems to run as expected. > > Is there anything I can do to reduce these messages? > > v/r > *Jeff Shepherd* > [email protected] > > > > > _______________________________________________ > Aide mailing list > [email protected] > https://www.ipi.fi/mailman/listinfo/aide > -- "If your expectations don't match reality, disappointment is guaranteed." Morgan Weetman Services Content Architect M: +61 439 469 793 https://www.redhat.com/en/services/training-and-certification
_______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
