Marc Haber <[EMAIL PROTECTED]> wrote: > On Sat, Sep 15, 2007 at 09:01:26AM -0700, Bill Wohler wrote: > > I have "version=3" in my configuration file, which for years > > suppressed output when there weren't any changes. > > I am not aware of any "version=" option. Please explain. > > > However, after upgrading to etch, I'm getting email (appended below). > > In /etc/default/aide, the relevant options are: > > > > QUIETREPORTS=yes > > NOISE="" > > AIDEARGS="--config=/etc/aide/aide.conf" > > > > Here is the email. Any thoughts? > > > > Errors produced (1 lines): > > not updating aide configuration since manual config option was given > > This is considered an error, and thus a report will be generated.
Hi Marc, I reinstalled aide and used the Debian configuration per your suggestion. MAILSUBJ="Daily AIDE report for $FQDN" MAILTO=root QUIETREPORTS=yes COMMAND=update COPYNEWDB=ifnochange LINES=1000 NOISE="" AIDEARGS="-V3" UPAC_CONFDIR="/etc/aide" UPAC_CONFD="$UPAC_CONFDIR/aide.conf.local.d" After spending many hours suppressing output of transient postfix and mailman files and other nominal activities, I finally got aide not to report any changes in a 5 minute period. However, I still got an email, appended below, so it appears that QUIETREPORTS=yes is not working as advertised. In addition, I would have expected the COPYNEWDB=ifnochange to update my database in this case, but as you can see, it didn't: [EMAIL PROTECTED]:505]# l -tr total 10296 -rw------- 1 root root 5250884 Sep 17 07:46 aide.db -rw------- 1 root root 15823 Sep 17 07:51 aide.conf.autogenerated -rw------- 1 root root 5250869 Sep 17 07:57 aide.db.new To: [EMAIL PROTECTED] Subject: Daily AIDE report for tassie.newt.com Date: Mon, 17 Sep 2007 07:57:51 -0700 (PDT) From: [EMAIL PROTECTED] (root) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 This is an automated report generated by the Advanced Intrusion Detection Environment on tassie.newt.com started at 2007-09-17 07:51:34. AIDE produced no errors. AIDE detected no changes. The check was done against /var/lib/aide/aide.db with the following characteristics: Size : 5250884 Bcount : 10280 Mtime : 2007-09-17 07:46:46 Ctime : 2007-09-17 07:51:23 Inode : 14140452 MD5 : wAiXQ2uLLj7Cv2r7a+IvkQ== SHA1 : /rfZK272N09brFCg/jwrj8AjvVs= RMD160 : eW2O8KQANsc1JUyP6iWarITfx7Q= TIGER : CJaA1zvgkmhp8xqdTBxdR1BYKevwB47c CRC32 : TXzLhw== HAVAL : 9lsvet3jME+Fz4HrJCMZlmGchD+pG69Q GOST : JwKH4YCD+97lhpWoNbAJMU6Y+bbnZV5X The AIDE run created a new database /var/lib/aide/aide.db.new with the following characteristics: Size : 5250869 Bcount : 10280 Inode : 14140429 MD5 : gIIoksJM8tkcKR1tViJ7vw== SHA1 : cxQXkkJQkQ36gE5Q0B3BEe+SsXY= RMD160 : xgLoc3qIE5f+mlNzAKQjOnu9LEY= TIGER : JYhbEzwwkQjDFKY7Ck7jJs0a6QTsClyf CRC32 : po45rQ== HAVAL : J0nrNFrQ/zCyR6XO7qn1ISv3/HqUc4FR GOST : H2dS0gvQLvg3e+BcGE1cgIqUYqKi5ist End of AIDE daily cron job at at 2007-09-17 07:57, run time 377 seconds -- Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
