Jim Perrin wrote: > On Thu, Apr 10, 2008 at 9:24 AM, Steve Campbell <campbell at cnpapers.com> wrote: > > >> Tony and Jim, >> >> sestatus reports disabled. Thanks for the help on the test, Jim. >> > > > Okay, so here's the deal. The default aide.conf checks the selinux > bits. If you need to have selinux off (not really recommended, but > it's your box) and you still want aide to watch over your files, you > need to remove the selinux requirements from /etc/aide.conf. I've > gone ahead and done up a config file which is identical to the default > with selinux bits removed. Grab the file from > http://www.bofh-hunter.com/downloads/aide.conf or use the diff below > against the default config: > > --- aide.conf.bak 2008-04-10 04:37:18.000000000 -0400 > +++ aide.conf 2008-04-10 05:16:09.000000000 -0400 > @@ -61,27 +61,27 @@ > # ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 > ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger > # Everything but access time (Ie. all changes) > -EVERYTHING = R+ALLXTRAHASHES > +EVERYTHING = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES > > # Sane, with multiple hashes > # NORMAL = R+rmd160+sha256+whirlpool > -NORMAL = R+rmd160+sha256 > +NORMAL = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256 > > # For directories, don't bother doing hashes > -DIR = p+i+n+u+g+acl+selinux+xattrs > +DIR = p+i+n+u+g+acl+xattrs > > # Access control only > -PERMS = p+i+u+g+acl+selinux > +PERMS = p+i+u+g+acl > > # Logfile are special, in that they often change > -LOG = > > +LOG = p+u+g+i+n+S+acl+xattrs > > # Just do md5 and sha256 hashes > -LSPP = R+sha256 > +LSPP = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256 > > # Some files get updated automatically, so the inode/ctime/mtime change > # but we want to know when the data inside them changes > -DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger > +DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger > > # Next decide what directories/files you want in the database. > > > Jim, I tried the new config file - the downloaded one - and it still gives me the errors. I then went through and removed the xattr options on all of them with no luck still. I have not ran the --check yet. OK, so what if I enable permissive mode just to get the extra attributes on all the files, and do all the stuff needed to relabel the files. Will I see any difference in what I have other than the extended attributes. Since this server will go full time production real soon, I don't want to cause any surprises for me or the users, and I don't have the time to learn selinux admin and configuration in a short time either. I know, that sounds lazy, but I just have a full plate at the moment, sorry. Thanks for all your time. I really do appreciated the fact you're educating me. steve