On 4/10/08, Steve Campbell <campbell at cnpapers.com> wrote: > > > Thanks Mike, > > I'm not sure I can do the reboot today as I have had to put the server into > a temporary production status. > > The thing that is sort of bothering me, though, is that so much trouble > occurs because of selinux when trying to use aide RPMs. Might I not try and > generate my own rpms without selinux support or just compile from source? Is > there a way I can disable the selinux stuff when using the Centos rpms? I'm > still not hearing a definitive answer that selinux is the culprit here and > modifying filesystems for a test is a little extreme. > > I appreciate the help so far, though, and don't mean to sound ungrateful. > > > steve Hi Steve i see what you mean <http://bugs.centos.org/view.php?id=1973> This was meant to be sorted by aide 0.13.1. I suppose that aide is just going that wee bit further with regards to security by checking for changes in selinux file contexts If a file (or process / object) has its context changed then it could signify an attack especially if you are running the box in enforcing mode. I had thought that aide had been patched to allow for null contexts if compiled to look for them. I just changed from running selinux in disabled mode on my production systems to running with selinux enabled (initially in permissive mode to check for problems then moving to enforcing once the wrinkles were ironed out). My main reason for doing so is that we are developing a electronic patient record for the nhs. I think selinux is fantastic <http://www.coker.com.au/selinux/play.html> > still not hearing a definitive answer that selinux is the culprit here and > modifying filesystems for a test is a little extreme. it's more about adding extended attributes to the existing filesystem mike