All versions of aide in the portage tree fail when trying to create a proper database when running "aide --init" to create a database "aide.db" to check the systems with. Since aide is the only intrusion detector i am aware in the portage tree i feel it is a high priority. thanks, -aaron
In testing aide-0.9, it seems that this is fixed. aide-0.9 is currently marked ~sparc in portage. Aaron, let me know if this works for you and if so, I will change the keyword to sparc.
Marked aide-0.8 as -sparc as aide --init is broken and changed aide-0.9's keyword from ~sparc to sparc as it works here.
Apparently, it's not fixed in all cases. A config that works on x86 does not work on sparc. Looking into it further.
Works for me but i am not working with the default gentoo aide.conf i think perhaps that should be changed to the one that is on the aide site. config as follows --------------------------------------snip------------------------------ #AIDE conf # Here are all the things we can check - these are the default rules # #p: permissions #i: inode #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S # You can alse create custom rules - my home made rule definition goes like this # MyRule = p+i+n+u+g+s+b+m+c+md5+sha1 # Next decide what directories/files you want in the database / MyRule #check only permissions, inode, user and group for etc # /bin MyRule # apply the custom rule to the files in bin # /sbin MyRule # apply the same custom rule to the files in sbin # /var MyRule # /home/MyRule !/var/log/.* # ignore the log dir it changes too often !/var/spool/.* # ignore spool dirs as they change too often !/var/log/wtmp$ # ignore the file /var/adm/utmp ---------------------snip---------------------------------------
Closing
