Re: aide questions, please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





Jim Perrin wrote:
On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <campbell@xxxxxxxxxxxx> wrote:
 Thanks Jim,

 Believe it or not, that's what I started out with.

 After running the entire --init/--check scenario again, I see in the log
files and the output, that all files get this message, and a normal output
of what should be there showing changed and unchanged files appear at the
bottom of the log. So what is this "lgetfilecon_raw failed for" showing up
for each file saying to me? Is it a verbosity setting, or something like
that?

Mostly it's telling you that it can't get all the information about
the files it's checking. Are you doing this as root? Are you certain
that selinux is off? Have you modified any of the mount parameters
with noexec or anything else?


Jim,

Here's my mount list:

/dev/sda8 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda7 on /home type ext3 (rw)
/dev/sda9 on /opt type ext3 (rw)
/dev/sda5 on /tmp type ext3 (rw)
/dev/sda3 on /usr type ext3 (rw)
/dev/sdb1 on /usr/local type ext3 (rw)
/dev/sda2 on /var type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

I have one smb mounted for full system backups. This box is pretty vanilla, as we run Thunderstone search engine on it. I believe that is the only mods to the box after install, and I don't think it changed anything else.

The aide --v looks like:

Aide 0.13.1

Compiled with the following options:

WITH_MMAP
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_LSTAT64
WITH_READDIR64
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"

I ran the --init/--check with the default config originally, get the same output. I then tried "-selinux" on the options that included "+selinux" just for the hell of it. I don't know if that's ok or not. --check-config doesn't burp on it though.

My /etc/selinux/config file has SELINUX=disabled in it and always has.

At a loss, but thanks loads for the help and time.

steve



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux