Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#10 aide --check inaccurately reports file size changes

closed
None
5
2006-12-09
2006-04-21
Anonymous
No

Hello,

I recently downloaded and compiled Aide-0.11 and
mhash-0.9.6 onto my HP-UX 11i v2 PARISC server. I
used gcc 3.4.3 and accepted all of the default
configure/make options. Everything compiled error-
free, and initially seemed to be working fine.

Then I ran into an issue that I haven't been able to
resolve. It seems that the "s" (file size) checking
option in the aide.conf file doesn't work properly.
It flags a file's size as changed every time I run an
integrity check, even when the file is unchanged
(confirmed by the unchanged md5 checksum value).

In the screen dumps below, note that I have the
simplest possible aide.conf file, which only checks
s+md5 on a single file. The file size (24 bytes) is
recorded properly in the aide.db file, yet it fails
the integrity check every time. Seems to think the
size recorded in the database is "0", even though I
see "24" in aide.db. Removing the "s" from the
config file eliminates the problem.

Any idea what's going on here? Any help would be
very much appreciated.

Thanks,
Darren

--x--

root@rp24u188 [/usr/local/src/aide-0.11]
# ll /tmp/test
-rw-r--r-- 1 root sys 24 Apr 21
10:22 /tmp/test

root@rp24u188 [/usr/local/src/aide-0.11]
# aide --init --config=/usr/local/etc/aide.conf

AIDE, version 0.9.6

### AIDE database at /usr/local/etc/aide.db.new
initialized.

root@rp24u188 [/usr/local/src/aide-0.11]
# mv /usr/local/etc/aide.db.new /usr/local/etc/aide.db

root@rp24u188 [/usr/local/src/aide-0.11]
# cat /usr/local/etc/aide.db
@@begin_db
# This file was generated by Aide, version 0.9.6 #
Time of generation was 2006-04-21 10:29:14 @@db_spec
name lname attr size md5 /tmp/test 0 4129 24
ekn9hYSWUiw34c/tdjYrog== @@end_db

root@rp24u188 [/usr/local/src/aide-0.11]
# ll /tmp/test
-rw-r--r-- 1 root sys 24 Apr 21
10:22 /tmp/test

root@rp24u188 [/usr/local/src/aide-0.11]
# aide --check --config=/usr/local/etc/aide.conf AIDE
found differences between database and filesystem!!
Start timestamp: 2006-04-21 10:30:28

Summary:
Total number of files: 3
Added files: 0
Removed files: 0
Changed files: 1

---------------------------------------------------
Changed files:
---------------------------------------------------

changed:/tmp/test

--------------------------------------------------
Detailed information about changes:
---------------------------------------------------

File: /tmp/test
Size : 0 ,
24

Discussion

  • screen capture of configure and make output

     
    Attachments
    • assigned_to: nobody --> rvdb
    • status: open --> pending
     
  • Logged In: YES
    user_id=330646
    Originator: NO

    Please try the latest version to see if the problem persists.

     
  • Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
    • status: pending --> closed