On Thursday 10 April 2008 13:51:02 Steve Campbell wrote:
Michael Simpson wrote:
On 4/9/08, Steve Campbell campbell@cnpapers.com wrote:
Jim Perrin wrote:
On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski mwia@iglass.net wrote:
I think those errors are because selinux is off.
Hmm, I don't ever really turn selinux off, but I had always thought aide treated it as optional.
Could test by setting it to permissive and trying again. This would be interesting to test.
I'm not sure if a reboot is required or not. I set permissive in the config file and echoed 1 into /selinux/enforce and then tried firstly the --check, and then an --init. Both still show the faulty lines.
I will set it up properly and do a reboot tomorrow to see if it changes things, but for now, it doesn't.
steve
Hi there
It is probably worth doing "touch /.autorelabel" before the reboot as nothing will have really changed with the above actions
this will force relabelling of your fs after the reboot and may give you the context info that you require
mike
Thanks Mike,
I'm not sure I can do the reboot today as I have had to put the server into a temporary production status.
The thing that is sort of bothering me, though, is that so much trouble occurs because of selinux when trying to use aide RPMs. Might I not try and generate my own rpms without selinux support or just compile from source? Is there a way I can disable the selinux stuff when using the Centos rpms? I'm still not hearing a definitive answer that selinux is the culprit here and modifying filesystems for a test is a little extreme.
I appreciate the help so far, though, and don't mean to sound ungrateful.
steve
Like yourself I'm thinking of moving from tripwire to aide on our production servers this summer. So I have an interest in this working ;-)
First check your selinux setup with sestatus. That will tell you whether it is in enforcing or permissive mode or even disabled.
If it's permissive or disabled them selinux wouldn't appear to be your problem as then it shouldn't stop anything from working.
If it's in enforcing mode then maybe it is.
If it's in enforcing or permissive mode then it will put its error messages in /var/log/audit/audit.log
Check there for AVC messages from aide.
Regards,
Tony.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos