[CentOS] aide questions, please
Steve Campbell
campbell at cnpapers.com
Wed Apr 9 16:31:48 UTC 2008
Jim Perrin wrote:
> On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <campbell at cnpapers.com> wrote:
>
>> Thanks Jim,
>>
>> Believe it or not, that's what I started out with.
>>
>> After running the entire --init/--check scenario again, I see in the log
>> files and the output, that all files get this message, and a normal output
>> of what should be there showing changed and unchanged files appear at the
>> bottom of the log. So what is this "lgetfilecon_raw failed for" showing up
>> for each file saying to me? Is it a verbosity setting, or something like
>> that?
>>
>
> Mostly it's telling you that it can't get all the information about
> the files it's checking. Are you doing this as root? Are you certain
> that selinux is off? Have you modified any of the mount parameters
> with noexec or anything else?
>
>
>
Jim,
Here's my mount list:
/dev/sda8 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda7 on /home type ext3 (rw)
/dev/sda9 on /opt type ext3 (rw)
/dev/sda5 on /tmp type ext3 (rw)
/dev/sda3 on /usr type ext3 (rw)
/dev/sdb1 on /usr/local type ext3 (rw)
/dev/sda2 on /var type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
I have one smb mounted for full system backups. This box is pretty
vanilla, as we run Thunderstone search engine on it. I believe that is
the only mods to the box after install, and I don't think it changed
anything else.
The aide --v looks like:
Aide 0.13.1
Compiled with the following options:
WITH_MMAP
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_LSTAT64
WITH_READDIR64
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"
I ran the --init/--check with the default config originally, get the
same output. I then tried "-selinux" on the options that included
"+selinux" just for the hell of it. I don't know if that's ok or not.
--check-config doesn't burp on it though.
My /etc/selinux/config file has SELINUX=disabled in it and always has.
At a loss, but thanks loads for the help and time.
steve
More information about the CentOS
mailing list