On Mon, Mar 13, 2006 at 09:13:01AM +0100, Richard van den Berg wrote:
> Last week I saw something similar on one of my systems. The problem was
> with my aide.db.gz being corrupted (bad block on fd0). I don't think the
> same issue applies here, but it might have to do with aide not reading
> in the old database completely. Running a --compare manually after the
> --update has triggered the problem would be interesting. Maybe this
> gives us a reproducible test case without the need for an image of the
> whole system.
It took me a while (the problem mysteriously disappeared for a while on
my machines that still use aide), but here's the output. The changes
(/var/cfengine, et cetara) are correct, but the additions are not.
Process:
$ sudo aide -u | less
[ lots of output]
$ sudo cp /var/lib/aide/aide.db{.new,}
$ sudo aide --compare --before='database_new=file:///var/lib/aide/aide.db.new'
Not enough parameters in db:143132
AIDE found differences between the two databases!!
Start timestamp: 2006-07-28 14:31:40
Summary:
Total number of files: 143529
Added files: 402
Removed files: 0
Changed files: 14
---------------------------------------------------
Added files:
---------------------------------------------------
added:/lib/security/pam_lastlog.so
added:/lib/security/pam_listfile.so
added:/lib/security/pam_mail.so
added:/lib/security/pam_permit.so
added:/lib/security/pam_rhosts_auth.so
added:/lib/security/pam_rootok.so
added:/lib/security/pam_stress.so
added:/lib/security/pam_time.so
added:/lib/security/pam_warn.so
added:/lib/security/pam_access.so
added:/lib/security/pam_deny.so
added:/lib/security/pam_filter.so
added:/lib/security/pam_group.so
added:/lib/security/pam_limits.so
added:/lib/security/pam_nologin.so
added:/lib/security/pam_securetty.so
added:/lib/security/pam_shells.so
added:/lib/security/pam_tally.so
added:/lib/security/pam_wheel.so
added:/lib/security/pam_unix.so
added:/lib/security/pam_userdb.so
added:/lib/security/pam_motd.so
added:/lib/security/pam_mkhomedir.so
added:/lib/security/pam_issue.so
added:/lib/security/pam_unix_acct.so
added:/lib/security/pam_unix_passwd.so
added:/lib/security/pam_unix_auth.so
added:/lib/security/pam_unix_session.so
added:/lib/security/pam_krb5.so
added:/lib/security/pam_ldap.so
added:/lib/security/pam_debug.so
added:/lib/iptables/libipt_standard.so
added:/lib/iptables/libipt_tcp.so
added:/lib/iptables/libipt_udp.so
added:/lib/iptables/libipt_icmp.so
added:/lib/iptables/libipt_mac.so
added:/lib/iptables/libipt_limit.so
added:/lib/iptables/libipt_MASQUERADE.so
added:/lib/iptables/libipt_REJECT.so
added:/lib/iptables/libipt_LOG.so
added:/lib/iptables/libipt_unclean.so
added:/lib/iptables/libipt_state.so
added:/lib/iptables/libipt_multiport.so
added:/lib/iptables/libipt_tos.so
added:/lib/iptables/libipt_TOS.so
added:/lib/iptables/libipt_mark.so
added:/lib/iptables/libipt_MARK.so
added:/lib/iptables/libipt_owner.so
added:/lib/iptables/libipt_SNAT.so
added:/lib/iptables/libipt_DNAT.so
added:/lib/iptables/libipt_IPV4OPTSSTRIP.so
added:/lib/iptables/libipt_REDIRECT.so
added:/lib/iptables/libipt_MIRROR.so
added:/lib/iptables/libipt_SAME.so
added:/lib/iptables/libipt_TCPMSS.so
added:/lib/iptables/libipt_TTL.so
added:/lib/iptables/libipt_ULOG.so
added:/lib/iptables/libipt_ah.so
added:/lib/iptables/libipt_esp.so
added:/lib/iptables/libipt_tcpmss.so
added:/lib/iptables/libipt_ttl.so
added:/lib/iptables/libipt_ipv4options.so
added:/lib/iptables/libipt_NETMAP.so
added:/lib/iptables/libip6t_ipv6header.so
added:/lib/iptables/libipt_length.so
added:/lib/iptables/libipt_mport.so
added:/lib/iptables/libipt_nth.so
added:/lib/iptables/libipt_pkttype.so
added:/lib/iptables/libipt_pool.so
added:/lib/iptables/libipt_POOL.so
added:/lib/iptables/libipt_psd.so
added:/lib/iptables/libipt_quota.so
added:/lib/iptables/libipt_random.so
added:/lib/iptables/libipt_realm.so
added:/lib/iptables/libipt_time.so
added:/lib/iptables/libip6t_tcp.so
added:/lib/iptables/libip6t_udp.so
added:/lib/iptables/libip6t_icmpv6.so
added:/lib/iptables/libip6t_standard.so
added:/lib/iptables/libip6t_MARK.so
added:/lib/iptables/libip6t_mark.so
added:/lib/iptables/libip6t_LOG.so
added:/lib/iptables/libip6t_REJECT.so
added:/lib/iptables/libip6t_multiport.so
added:/lib/iptables/libip6t_length.so
added:/lib/iptables/libip6t_owner.so
added:/lib/iptables/libip6t_limit.so
added:/lib/iptables/libip6t_mac.so
added:/lib/iptables/libipt_CONNMARK.so
added:/lib/iptables/libip6t_condition.so
added:/lib/iptables/libipt_dscp.so
added:/lib/iptables/libipt_connlimit.so
added:/lib/iptables/libipt_ecn.so
added:/lib/iptables/libipt_helper.so
added:/lib/iptables/libipt_iprange.so
added:/lib/iptables/libipt_physdev.so
added:/lib/iptables/libipt_DSCP.so
added:/lib/iptables/libipt_ECN.so
added:/lib/iptables/libipt_rpc.so
added:/lib/iptables/libipt_sctp.so
added:/lib/iptables/libipt_CLASSIFY.so
added:/lib/iptables/libipt_NOTRACK.so
added:/lib/iptables/libipt_connmark.so
added:/lib/iptables/libipt_conntrack.so
added:/lib/iptables/libipt_TARPIT.so
added:/lib/iptables/libipt_recent.so
added:/lib/iptables/libipt_string.so
added:/lib/iptables/libipt_TRACE.so
added:/lib/iptables/libipt_IPMARK.so
added:/lib/iptables/libipt_NETLINK.so
added:/lib/iptables/libipt_ROUTE.so
added:/lib/iptables/libipt_TCPLAG.so
added:/lib/iptables/libipt_XOR.so
added:/lib/iptables/libipt_addrtype.so
added:/lib/iptables/libipt_condition.so
added:/lib/iptables/libipt_dstlimit.so
added:/lib/iptables/libipt_fuzzy.so
added:/lib/iptables/libipt_osf.so
added:/lib/iptables/libipt_policy.so
added:/lib/iptables/libipt_set.so
added:/lib/iptables/libipt_SET.so
added:/lib/iptables/libipt_u32.so
added:/lib/iptables/libip6t_eui64.so
added:/lib/iptables/libip6t_hl.so
added:/lib/iptables/libip6t_HL.so
added:/lib/iptables/libip6t_TRACE.so
added:/lib/iptables/libip6t_ROUTE.so
added:/lib/iptables/libip6t_ah.so
added:/lib/iptables/libip6t_fuzzy.so
added:/lib/iptables/libip6t_esp.so
added:/lib/iptables/libip6t_frag.so
added:/lib/iptables/libip6t_nth.so
added:/lib/iptables/libip6t_hbh.so
added:/lib/iptables/libip6t_dst.so
added:/lib/iptables/libip6t_policy.so
added:/lib/iptables/libip6t_random.so
added:/lib/iptables/libip6t_rt.so
added:/lib/tls/libanl-2.3.2.so
added:/lib/tls/ld-2.3.2.so
added:/lib/tls/libBrokenLocale-2.3.2.so
added:/lib/tls/libc-2.3.2.so
added:/lib/tls/libcrypt-2.3.2.so
added:/lib/tls/libdl-2.3.2.so
added:/lib/tls/libm-2.3.2.so
added:/lib/tls/libmemusage.so
added:/lib/tls/libnsl-2.3.2.so
added:/lib/tls/libnss_compat-2.3.2.so
added:/lib/tls/libnss_dns-2.3.2.so
added:/lib/tls/libnss_files-2.3.2.so
added:/lib/tls/libnss_hesiod-2.3.2.so
added:/lib/tls/libnss_nis-2.3.2.so
added:/lib/tls/libnss_nisplus-2.3.2.so
added:/lib/tls/libpcprofile.so
added:/lib/tls/libpthread-0.60.so
added:/lib/tls/libresolv-2.3.2.so
added:/lib/tls/librt-2.3.2.so
added:/lib/tls/libSegFault.so
added:/lib/tls/libthread_db-1.0.so
added:/lib/tls/libutil-2.3.2.so
added:/lib/tls/ld-linux.so.2
added:/lib/tls/libanl.so.1
added:/lib/tls/libBrokenLocale.so.1
added:/lib/tls/libc.so.6
added:/lib/tls/libcrypt.so.1
added:/lib/tls/libdl.so.2
added:/lib/tls/libm.so.6
added:/lib/tls/libnsl.so.1
added:/lib/tls/libnss_compat.so.2
added:/lib/tls/libnss_dns.so.2
added:/lib/tls/libnss_files.so.2
added:/lib/tls/libnss_hesiod.so.2
added:/lib/tls/libnss_nis.so.2
added:/lib/tls/libnss_nisplus.so.2
added:/lib/tls/libpthread.so.0
added:/lib/tls/libresolv.so.2
added:/lib/tls/librt.so.1
added:/lib/tls/libthread_db.so.1
added:/lib/tls/libutil.so.1
added:/lib/devfsd/scsigenericperms.so
added:/sbin/update-modules
added:/sbin/rmt
added:/sbin/blockdev
added:/sbin/raw
added:/sbin/installkernel
added:/sbin/start-stop-daemon
added:/sbin/e2fsck
added:/sbin/fsck.ext2
added:/sbin/mke2fs
added:/sbin/badblocks
added:/sbin/tune2fs
added:/sbin/dumpe2fs
added:/sbin/fsck
added:/sbin/mkfs.ext2
added:/sbin/ipfwadm
added:/sbin/unix_chkpwd
added:/sbin/MAKEDEV
added:/sbin/insmod
added:/sbin/modinfo
added:/sbin/insmod_ksymoops_clean
added:/sbin/kernelversion
added:/sbin/rmmod
added:/sbin/modprobe
added:/sbin/lsmod
added:/sbin/ksyms
added:/sbin/kallsyms
added:/sbin/genksyms
added:/sbin/depmod
added:/sbin/bootlogd
added:/sbin/swapon
added:/sbin/losetup
added:/sbin/swapoff
added:/sbin/ifconfig
added:/sbin/rarp
added:/sbin/route
added:/sbin/slattach
added:/sbin/plipconfig
added:/sbin/ipmaddr
added:/sbin/iptunnel
added:/sbin/ifup
added:/sbin/ifdown
added:/sbin/lilo.real
added:/sbin/klogd
added:/sbin/dump
added:/sbin/ipchains
added:/sbin/ipchains-restore
added:/sbin/ipchains-save
added:/sbin/ipfwadm-wrapper
added:/sbin/logsave
added:/sbin/sysctl
added:/sbin/pump
added:/sbin/syslogd
added:/sbin/hdparm
added:/sbin/fsck.nfs
added:/sbin/halt
added:/sbin/init
added:/sbin/killall5
added:/sbin/sulogin
added:/sbin/runlevel
added:/sbin/shutdown
added:/sbin/reboot
added:/sbin/poweroff
added:/sbin/telinit
added:/sbin/update
added:/sbin/mkswap
added:/sbin/hwclock
added:/sbin/nameif
added:/sbin/fsck.minix
added:/sbin/mkfs
added:/sbin/mkfs.minix
added:/sbin/cfdisk
added:/sbin/fdisk
added:/sbin/sfdisk
added:/sbin/getty
added:/sbin/restore
added:/sbin/isapnp
added:/sbin/lilo
added:/sbin/activate
added:/sbin/install-mbr
added:/sbin/mii-tool
added:/sbin/rtmon
added:/sbin/ip
added:/sbin/fsck.ext3
added:/sbin/debugfs
added:/sbin/rdump
added:/sbin/pivot_root
added:/sbin/ldconfig
added:/sbin/rrestore
added:/sbin/termwrap
added:/sbin/iptables
added:/sbin/tc
added:/sbin/e2image
added:/sbin/iptables-save
added:/sbin/iptables-restore
added:/sbin/e2label
added:/sbin/resize2fs
added:/sbin/ip6tables
added:/sbin/ip6tables-save
added:/sbin/ip6tables-restore
added:/sbin/ippool
added:/sbin/mkfs.ext3
added:/sbin/rtacct
added:/sbin/shadowconfig
added:/sbin/mount.smbfs
added:/sbin/mount.smb
added:/sbin/parted
added:/sbin/devfsd
added:/sbin/portmap
added:/sbin/pmap_dump
added:/sbin/pmap_set
added:/sbin/rpc.lockd
added:/sbin/rpc.statd
added:/sbin/showmount
added:/sbin/mkdosfs
added:/sbin/dosfsck
added:/sbin/mkfs.msdos
added:/sbin/mkfs.vfat
added:/sbin/fsck.msdos
added:/sbin/fsck.vfat
added:/sbin/fsck.xfs
added:/sbin/mkfs.xfs
added:/sbin/xfs_repair
added:/sbin/xfsdq
added:/sbin/xfsdump
added:/sbin/xfsrestore
added:/sbin/fsck.cramfs
added:/sbin/blkid
added:/sbin/partprobe
added:/sbin/kbdrate
added:/sbin/mount.cifs
added:/sbin/lnstat
added:/sbin/devfsd_make_links
added:/sbin/netbug
added:/sbin/nstat
added:/sbin/ss
added:/sbin/findfs
added:/sbin/mkfs.cramfs
added:/bin/ae
added:/bin/bash
added:/bin/rbash
added:/bin/sh
added:/bin/readlink
added:/bin/run-parts
added:/bin/tempfile
added:/bin/mktemp
added:/bin/chgrp
added:/bin/chmod
added:/bin/chown
added:/bin/cp
added:/bin/dd
added:/bin/df
added:/bin/dir
added:/bin/ln
added:/bin/ls
added:/bin/mkdir
added:/bin/mknod
added:/bin/mv
added:/bin/rm
added:/bin/rmdir
added:/bin/vdir
added:/bin/sync
added:/bin/touch
added:/bin/grep
added:/bin/egrep
added:/bin/fgrep
added:/bin/gzip
added:/bin/gunzip
added:/bin/zcat
added:/bin/uncompress
added:/bin/dnsdomainname
added:/bin/hostname
added:/bin/vi
added:/bin/login
added:/bin/su
added:/bin/mount
added:/bin/umount
added:/bin/ping
added:/bin/netstat
added:/bin/mt
added:/bin/ps
added:/bin/kill
added:/bin/sed
added:/bin/date
added:/bin/echo
added:/bin/false
added:/bin/pwd
added:/bin/sleep
added:/bin/stty
added:/bin/true
added:/bin/uname
added:/bin/pidof
added:/bin/tar
added:/bin/cat
added:/bin/arch
added:/bin/dmesg
added:/bin/more
added:/bin/fdflush
added:/bin/fuser
added:/bin/setserial
added:/bin/elvis-tiny
added:/bin/cpio
added:/bin/znew
added:/bin/ed
added:/bin/loadkeys
added:/bin/lspci
added:/bin/mt-gnu
added:/bin/gzexe
added:/bin/zdiff
added:/bin/zgrep
added:/bin/zforce
added:/bin/zless
added:/bin/zmore
added:/bin/ip
added:/bin/ping6
added:/bin/fgconsole
added:/bin/zcmp
added:/bin/zegrep
added:/bin/zfgrep
added:/bin/netcat
added:/bin/nc
added:/bin/kernelversion
added:/bin/mountpoint
added:/bin/setpci
---------------------------------------------------
Changed files:
---------------------------------------------------
changed:/etc/cfengine
changed:/var/lib/aide/aide.conf.autogenerated
changed:/var/lib/sfs/random_seed
changed:/var/lib/cfengine2
changed:/var/lib/cfengine2/state
changed:/var/lib/cfengine2/state/cf_procs
changed:/var/lib/cfengine2/state/allclasses
changed:/var/lib/cfengine2/state/cf_state.db
changed:/var/lib/cfengine2/cfagent.pokey.log
changed:/var/lib/cfengine2/cf_lastseen.db
changed:/var/lib/cfengine2/outputs
changed:/var/lib/cfengine2/cfengine_lock_db
changed:/var/lib/cfengine2/cfengine.pokey.runlog
changed:/var/lib/cfengine2/cfengine..runlog
--------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /etc/cfengine
Ctime : 2006-07-28 11:45:03 , 2006-07-28 12:45:06
File: /var/lib/aide/aide.conf.autogenerated
Mtime : 2006-07-28 12:06:32 , 2006-07-28 12:56:42
Ctime : 2006-07-28 12:06:32 , 2006-07-28 12:56:42
Inode : 65131 , 65041
File: /var/lib/sfs/random_seed
MD5 : QvNRg5VFxOjYQn364mvygg== , 5H3ojp+i9QwK7GcG0WXFow==
SHA1 : MtyeCDHskJeez5CoOup0W0qi/qg= , uJAOqxcO9pQUk94Dg8m4kylp9t8=
File: /var/lib/cfengine2
Ctime : 2006-07-28 12:00:11 , 2006-07-28 12:45:10
File: /var/lib/cfengine2/state
Mtime : 2006-07-28 12:01:11 , 2006-07-28 13:02:22
Ctime : 2006-07-28 12:01:11 , 2006-07-28 13:02:22
File: /var/lib/cfengine2/state/cf_procs
Size : 14040 , 14508
Mtime : 2006-07-28 12:01:11 , 2006-07-28 13:02:22
Ctime : 2006-07-28 12:01:11 , 2006-07-28 13:02:22
MD5 : wNI97wwWFrbeixyY/gGkuw== , v/v2W0ve1bb9tDCSkFNYSg==
SHA1 : DaEBHE6f21PGESbjqpuQF8R8gp0= , 6+N3fqLp8DBqwMaP6hwViCbxC8Y=
File: /var/lib/cfengine2/state/allclasses
Mtime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
Ctime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
MD5 : 3Sk5G7vukikvoKZslr33TQ== , pIjgqlPN3vSkDLeW0AT0OQ==
SHA1 : 8VZF5532fVBimP2cC6pp4UJVhbc= , pV1IRB4tgM5bbTmLJ7v5KdwhgIc=
File: /var/lib/cfengine2/state/cf_state.db
Mtime : 2006-07-28 12:00:58 , 2006-07-28 13:01:09
Ctime : 2006-07-28 12:00:58 , 2006-07-28 13:01:09
File: /var/lib/cfengine2/cfagent.pokey.log
Mtime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
Ctime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
File: /var/lib/cfengine2/cf_lastseen.db
Mtime : 2006-07-28 12:00:49 , 2006-07-28 13:00:58
Ctime : 2006-07-28 12:00:49 , 2006-07-28 13:00:58
MD5 : 14OZ3NWyUUaj3X6cNvoNDA== , GzvqwnZmHnKiY/yUvd1Z4g==
SHA1 : R7fAujJz449dfDbpwm4sOQypgh0= , ptU+BG2PoKfMJM5KRNl2Au5NHgs=
File: /var/lib/cfengine2/outputs
Mtime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
Ctime : 2006-07-28 12:01:11 , 2006-07-28 13:02:23
File: /var/lib/cfengine2/cfengine_lock_db
Mtime : 2006-07-28 12:04:11 , 2006-07-28 13:03:21
Ctime : 2006-07-28 12:04:11 , 2006-07-28 13:03:21
MD5 : g6LXRoCtYVNMT8GWiIYWNQ== , 6e1+buaoIJOM9mjBp2GCxA==
SHA1 : e6nVSvMi3n1Fwqgblj9vrgAwCOw= , +DXFIHQNsqOeuBL23Y5qz6ZseKM=
File: /var/lib/cfengine2/cfengine.pokey.runlog
Size : 898147 , 935719
Bcount : 1768 , 1840
Mtime : 2006-07-28 12:01:09 , 2006-07-28 13:02:14
Ctime : 2006-07-28 12:01:09 , 2006-07-28 13:02:14
MD5 : rQ//CBjQpQkVLihpS89OjQ== , mEsfdKdnWezFptAYn5Zy7A==
SHA1 : 4SO7ebC264yqGuAu+kc6B5qGU1M= , 0cq8RhwwiepIqp0mOy3qA9buvF8=
File: /var/lib/cfengine2/cfengine..runlog
Size : 748770 , 748930
Mtime : 2006-07-28 12:00:11 , 2006-07-28 13:00:21
Ctime : 2006-07-28 12:00:11 , 2006-07-28 13:00:21
MD5 : fbTX4ycFI3o8yy7c0qyZoQ== , crk7g5akso+UambCtllvLw==
SHA1 : BbbGDJtutR2ALgQSV4EYju2sA+U= , pnHu7HBKzwXW3L55OIFpT1j0N6A=
$
--
William Aoki KD7YAF [EMAIL PROTECTED] 5-1924
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
