On Thursday 10 April 2008 13:51:02 Steve Campbell wrote: > Michael Simpson wrote: > > On 4/9/08, Steve Campbell <campbell at cnpapers.com> wrote: > >> Jim Perrin wrote: > >>> On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <mwia at iglass.net> wrote: > >>>> I think those errors are because selinux is off. > >>> > >>> Hmm, I don't ever really turn selinux off, but I had always thought > >>> aide treated it as optional. > >>> > >>> Could test by setting it to permissive and trying again. This would be > >>> interesting to test. > >> > >> I'm not sure if a reboot is required or not. I set permissive in the > >> config file and echoed 1 into /selinux/enforce and then tried firstly > >> the --check, and then an --init. Both still show the faulty lines. > >> > >> I will set it up properly and do a reboot tomorrow to see if it changes > >> things, but for now, it doesn't. > >> > >> steve > > > > Hi there > > > > It is probably worth doing "touch /.autorelabel" before the reboot as > > nothing will have really changed with the above actions > > > > this will force relabelling of your fs after the reboot and may give > > you the context info that you require > > > > mike > > Thanks Mike, > > I'm not sure I can do the reboot today as I have had to put the server > into a temporary production status. > > The thing that is sort of bothering me, though, is that so much trouble > occurs because of selinux when trying to use aide RPMs. Might I not try > and generate my own rpms without selinux support or just compile from > source? Is there a way I can disable the selinux stuff when using the > Centos rpms? I'm still not hearing a definitive answer that selinux is > the culprit here and modifying filesystems for a test is a little extreme. > > I appreciate the help so far, though, and don't mean to sound ungrateful. > > steve Like yourself I'm thinking of moving from tripwire to aide on our production servers this summer. So I have an interest in this working ;-) First check your selinux setup with sestatus. That will tell you whether it is in enforcing or permissive mode or even disabled. If it's permissive or disabled them selinux wouldn't appear to be your problem as then it shouldn't stop anything from working. If it's in enforcing mode then maybe it is. If it's in enforcing or permissive mode then it will put its error messages in /var/log/audit/audit.log Check there for AVC messages from aide. Regards, Tony. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos