Jim Perrin wrote: > On Wed, Apr 9, 2008 at 12:03 PM, Steve Campbell <campbell at cnpapers.com> wrote: > >> Thanks Jim, >> >> Believe it or not, that's what I started out with. >> >> After running the entire --init/--check scenario again, I see in the log >> files and the output, that all files get this message, and a normal output >> of what should be there showing changed and unchanged files appear at the >> bottom of the log. So what is this "lgetfilecon_raw failed for" showing up >> for each file saying to me? Is it a verbosity setting, or something like >> that? >> > > Mostly it's telling you that it can't get all the information about > the files it's checking. Are you doing this as root? Are you certain > that selinux is off? Have you modified any of the mount parameters > with noexec or anything else? > > > Jim, Here's my mount list: /dev/sda8 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) /dev/sda7 on /home type ext3 (rw) /dev/sda9 on /opt type ext3 (rw) /dev/sda5 on /tmp type ext3 (rw) /dev/sda3 on /usr type ext3 (rw) /dev/sdb1 on /usr/local type ext3 (rw) /dev/sda2 on /var type ext3 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) I have one smb mounted for full system backups. This box is pretty vanilla, as we run Thunderstone search engine on it. I believe that is the only mods to the box after install, and I don't think it changed anything else. The aide --v looks like: Aide 0.13.1 Compiled with the following options: WITH_MMAP WITH_POSIX_ACL WITH_SELINUX WITH_XATTR WITH_LSTAT64 WITH_READDIR64 WITH_GCRYPT WITH_AUDIT CONFIG_FILE = "/etc/aide.conf" I ran the --init/--check with the default config originally, get the same output. I then tried "-selinux" on the options that included "+selinux" just for the hell of it. I don't know if that's ok or not. --check-config doesn't burp on it though. My /etc/selinux/config file has SELINUX=disabled in it and always has. At a loss, but thanks loads for the help and time. steve