tags 895927 + unreproducible
thanks
Hi Marc,
On Tue, Apr 17, 2018 at 04:13:33PM +0200, Marc Haber wrote:
> I would like to verify the database mentioned in aide output before
> copying it over to the input database name. That does not seem to work:
>
> [19/5003]mh@ivanova:~ $ ls -al /var/lib/aide/aide.db.new output.aide
> -rw-rw-r-- 1 mh mh 2,1M Apr 17 11:36 output.aide
> -rw------- 1 root root 71M Apr 17 11:36 /var/lib/aide/aide.db.new
> [20/5004]mh@ivanova:~ $ grep SHA512 output.aide | tail -n 1
> SHA512 : LhaYUYpxlUaOFnLffOnCyxm8gq6rwxQW
> [21/5005]mh@ivanova:~ $ sudo openssl sha256 -binary /var/lib/aide/aide.db.new
> | openssl base64
> rN/Af3eq+dKO6DKmpN1XOs+vpH6IQ3qFrELjhslp1Qs=
> [22/5006]mh@ivanova:~ $ sudo zcat /var/lib/aide/aide.db.new | openssl sha256
> -binary | openssl base64
> 5uIy2b4L4ckKlzZ6o5UMlePKyKdRR8u/YhgciUQlFWg=
> [23/5007]mh@ivanova:~ $
>
> What am I supposed to do with aide.db.new if I want the sha256 (or other)
> checksums to match aide's own output?
First please note that the checksums in the report are wrapped to
multiple lines. Apart from that you seem to grep for sha512 checksum in
the output of AIDE but compute the sha256 checksum of the database file.
I got the following output for my last AIDE run:
# grep -A2 SHA512 /var/log/aide/aide.log | tail -n 3
SHA512 : xCCa+gNpk4/A70vpUDcj07ghhg2v5W5x
7oV+U7qaM1db1CaMdt0G8ew3WSgoHWc5
W3C2FVzT4V95mGXpL0Rfig==
# zcat /var/lib/aide/aide.db | openssl sha512 -binary | openssl base64
xCCa+gNpk4/A70vpUDcj07ghhg2v5W5x7oV+U7qaM1db1CaMdt0G8ew3WSgoHWc5
W3C2FVzT4V95mGXpL0Rfig==
If that solves your issue please close this bug report.
Best regards
Hannes
