12828 2002-12-28 01:45 0000 Aide fails to initialize databases making it useless on this platform 2003-08-17 07:28:24 0000 1 1 1 Unclassified Gentoo Linux Applications 1.4_rc1 Sparc Linux CLOSED WORKSFORME P3 major --- 1 a-wall@qwest.net sparc@gentoo.org a-wall@qwest.net 2002-12-28 01:45:08 0000 All versions of aide in the portage tree fail when trying to create a proper database when running "aide --init" to create a database "aide.db" to check the systems with. Since aide is the only intrusion detector i am aware in the portage tree i feel it is a high priority. thanks, -aaron weeve@gentoo.org 2003-01-05 09:46:13 0000 In testing aide-0.9, it seems that this is fixed. aide-0.9 is currently marked ~sparc in portage. Aaron, let me know if this works for you and if so, I will change the keyword to sparc. weeve@gentoo.org 2003-01-15 14:00:07 0000 Marked aide-0.8 as -sparc as aide --init is broken and changed aide-0.9's keyword from ~sparc to sparc as it works here. weeve@gentoo.org 2003-01-15 20:50:09 0000 Apparently, it's not fixed in all cases. A config that works on x86 does not work on sparc. Looking into it further. a-wall@qwest.net 2003-01-28 15:44:35 0000 Works for me but i am not working with the default gentoo aide.conf i think perhaps that should be changed to the one that is on the aide site. config as follows --------------------------------------snip------------------------------ #AIDE conf # Here are all the things we can check - these are the default rules # #p: permissions #i: inode #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S # You can alse create custom rules - my home made rule definition goes like this # MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 # Next decide what directories/files you want in the database / MyRule #check only permissions, inode, user and group for etc # /bin MyRule # apply the custom rule to the files in bin # /sbin MyRule # apply the same custom rule to the files in sbin # /var MyRule # /home/MyRule !/var/log/.* # ignore the log dir it changes too often !/var/spool/.* # ignore spool dirs as they change too often !/var/log/wtmp$ # ignore the file /var/adm/utmp ---------------------snip--------------------------------------- weeve@gentoo.org 2003-08-17 07:28:24 0000 Closing