An update basically is an --init with a --compare to the old database.
When aide does a compare, it builds a tree for the new db, and removes
all files from the old db from that tree (and checks if they should be
reported as changed). When that process has finished, all files still in
the tree are reported as added. So for some reason, aide fails to remove
the /sbin files from the new tree.
Last week I saw something similar on one of my systems. The problem was
with my aide.db.gz being corrupted (bad block on fd0). I don't think the
same issue applies here, but it might have to do with aide not reading
in the old database completely. Running a --compare manually after the
--update has triggered the problem would be interesting. Maybe this
gives us a reproducible test case without the need for an image of the
whole system.
Sincerely,
Richard van den Berg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
