[CentOS] aide questions, please

Steve Campbell campbell at cnpapers.com
Thu Apr 10 15:26:44 UTC 2008 


Jim Perrin wrote:
> On Thu, Apr 10, 2008 at 9:24 AM, Steve Campbell <campbell at cnpapers.com> wrote:
>
>   
>>  Tony and Jim,
>>
>>  sestatus reports disabled. Thanks for the help on the test, Jim.
>>     
>
>
> Okay, so here's the deal. The default aide.conf checks the selinux
> bits. If you need to have selinux off (not really recommended, but
> it's your box) and you still want aide to watch over your files, you
> need to remove the selinux requirements from /etc/aide.conf.   I've
> gone ahead and done up a config file which is identical to the default
> with selinux bits removed. Grab the file from
> http://www.bofh-hunter.com/downloads/aide.conf   or use the diff below
> against the default config:
>
> --- aide.conf.bak       2008-04-10 04:37:18.000000000 -0400
> +++ aide.conf   2008-04-10 05:16:09.000000000 -0400
> @@ -61,27 +61,27 @@
>  # ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
>  ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
>  # Everything but access time (Ie. all changes)
> -EVERYTHING = R+ALLXTRAHASHES
> +EVERYTHING = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES
>
>  # Sane, with multiple hashes
>  # NORMAL = R+rmd160+sha256+whirlpool
> -NORMAL = R+rmd160+sha256
> +NORMAL = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256
>
>  # For directories, don't bother doing hashes
> -DIR = p+i+n+u+g+acl+selinux+xattrs
> +DIR = p+i+n+u+g+acl+xattrs
>
>  # Access control only
> -PERMS = p+i+u+g+acl+selinux
> +PERMS = p+i+u+g+acl
>
>  # Logfile are special, in that they often change
> -LOG = >
> +LOG = p+u+g+i+n+S+acl+xattrs
>
>  # Just do md5 and sha256 hashes
> -LSPP = R+sha256
> +LSPP = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256
>
>  # Some files get updated automatically, so the inode/ctime/mtime change
>  # but we want to know when the data inside them changes
> -DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
> +DATAONLY =  p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
>
>  # Next decide what directories/files you want in the database.
>
>
>   
Jim,

I tried the new config file - the downloaded one - and it still gives me 
the errors. I then went through and removed the xattr options on all of 
them with no luck still. I have not ran the --check yet.

OK, so what if I enable permissive mode just to get the extra attributes 
on all the files, and do all the stuff needed to relabel the files. Will 
I see any difference in what I have other than the extended attributes. 
Since this server will go full time production real soon, I don't want 
to cause any surprises for me or the users, and I don't have the time to 
learn selinux admin and configuration in a short time either. I know, 
that sounds lazy, but I just have a full plate at the moment, sorry.

Thanks for all your time. I really do appreciated the fact you're 
educating me.

steve

More information about the CentOS mailing list