Re: etchs aide messing logs
Hi,
please report issues with aide via the BTS. I have accidentally read
your message here.
On Mon, Jun 18, 2007 at 09:57:54AM +0200, Maik Holtkamp wrote:
> I have some problems with aide setup on etch. I have some boxes that I
> upgraded from sarge but also one fresh installed and all show the same
> problem, so I am afraid that the problem is that _hard_linked in my
> brain that I am lost :(.
>
> Everyday I receive annoying reports like:
>
> - ---cut---
> open_dir():Not a directory: /var/log/aide/aide.log.3.gz
> ...
> open_dir():Not a directory: /var/log/apache2/error.log
> ...
> open_dir():Not a directory: /var/log/exim4/mainlog
> ...
I have not yet found a way to get rid of these messages without
greatly compliating aide configuration. I remember filing an upstream
bug about this or asking on the upstream mailing list, but I don't
seem to find the thread. You might want to ask upstream for advice here.
> ***and even worse***
> open_dir():No such file or directory: \
> /var/lib/amavis/virusmails/spam-Bu6uBbfQHDyU.gz
> - ---cut---
aide in etch does not have a rule for amavis. One has been added in
lenny and sid, so you might want to try the rule from there. Please
report any improvements.
> so some rule is trying to check files in /var (especially log and spam
> quarantine) as they were dirs :(.
Aide does not make any difference between directories and files.
> This mess is making aide worthless.
I disagree here. These are only warnings, and checksums are still
built for these files. Also, aide output should be meaningful. You
might want to use the cronjob's noice filter to get rid of the
messages in daily output.
> - ----cut---
> www:/etc/aide/aide.conf.d# cat 11_aide_personal_first
> !/var/spool/
> !/var/log/
> !/var/lib/amavis/
> !/home/
> - ---cut---
>
> To exclude mentioned dirs in total. After this wasn't working
"Doesn't work" is a bad error report. What exactly happens?
> I tried to link it to a higher number:
>
> www:/etc/aide/aide.conf.d# ls -l 99_aide_personal_first
> lrwxrwxrwx 1 root root 22 Jun 18 09:19 99_aide_personal_first ->
> 11_aide_personal_first
>
> without success, too.
Do your new rules end up in the generated aide config file?
>
> I have 77 files in aides main config dir, which I checked, but I can't
> find an entry that (obviously to me) should cause such problem :(.
>
> BTW: You can find the whole aide.conf.autogenerated at
> http://home.teleos-web.de/mholtkamp/aide.txt
>
> How can I detect which entry is causing aide to check those files as
> they are dirs and/or which file should be used/created to successfully
> override debian aide defaults?
This is a problem. aide's debugging facilities are somewhat
sub-standard, and its algorithm to find out which rule will be used to
check a file is complex. I tried documenting it in the aide man page,
and upstream accepted my patch, but I have yet not fully grasped how
things work. The upstream mailing list might be of more help here.
You can beef up aide's verbosity level and maybe find out what's going
on. Since verbose aide output is going to generate _LOTS_ of output,
I'd like to advise you to reduce your aide config's complexity to the
most simple setup that still shows your issues before debugging here.
Let me know about your results, preferably using the BTS.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
Reply to: