aide - Boot Panic

SELinux: AIDE Trying to Access SSSD Socket

March 10, 2022 by admin

I’m getting SELinux denials indicating that /usr/sbin/aide is trying to access a socket used by SSSD: the socket path is /var/lib/sss/pipes/nss. Here is the relevant text from sealert: Additional Information: Source Context system_u:system_r:aide_t:s0-s0:c0.c1023 Target Context system_u:object_r:sssd_var_lib_t:s0 Target Objects (null) [ sock_file ] Source aide Source Path /usr/sbin/aide Raw Audit Messages type=AVC msg=audit(1560503762.699:28324): avc: denied { … Read more

Interpreting flags in AIDE daily report

March 10, 2022 by admin

My questions is about the flags displayed by AIDE for each file in daily email reports. For example for new files its shows as follows: f++++++++++++++++: /var/cache/apt/archives/squashfs-tools_1%3a4.4-1ubuntu0.1_amd64.deb I can deduce that f stands for file and I have seen d which stands for directory. But what other flags can possibly come here? What about the … Read more

Does AIDE support scanning memfd files?

March 8, 2022 by admin

Happy to be here with my first question! I am using AIDE for file integrity checking. Today I came across an article which details a technique to run malware droppers without touching file system, by using memfd. The article can be accessed here Now my question is does AIDE support scanning memfd? Searching google did … Read more

Analyse of logwatch and aide file

March 7, 2022 by admin

We have both logwatch and aide file. We would like to know how to know if there any intrusion have had taken place as this server was not active for some time. We quite a number of this entries in the aide files. Does this means some thing wrong have taken place? File /etc/networks in … Read more

What is the best hard drive type for a small file server?

March 6, 2022 by admin

I have a fairly speedy computer that I’d like to use as a file server. The motherboard has IDE and SCSI ports. What is the best hard drive type to use? (IDE/SATA/SCSI, etc) Would it be smart to get a SATA card to run drives? Usage: 15 users, frequent write (shared CAD files edited on … Read more

aide –init show lots of errors

March 5, 2022 by admin

I have a brand new centos 6.2 server. The first thing I did is yum -y install aide and then next I did aide –init. Below is a whole lot of errors I got.What does it means must I reinstall it? Or leave it ? /usr/sbin/prelink: /usr/sbin/lusermod: at least one of file’s dependencies has changed … Read more

How do I interpret aide.log change summary

March 5, 2022 by admin

In the Changed files section of /var/log/aide/aide.log there are prefixes on each line starting with f or d. These signify what aspects of the file has changed, but I can’t seem to track down what they mean. (Obviously I could look at the detailed data for the file further down the log file, but a … Read more

Temporary external mounting of 3.5″ SATA/IDE drives

March 5, 2022 by admin

What do you use for temporarily externally mounting 3.5″ SATA and IDE hard drives? When I’m in the field and just have a laptop with me, I’d like to be able to mount a client’s drive to my laptop for data recovery, etc. Is a separate USB enclosure for SATA and IDE the best option? … Read more

IDE compatability with SATA image

March 4, 2022 by admin

We had an old CNC machine’s hard-drive fail recently. The hard-drive is an old 1275MB IDE (Seagate) and there were defiantly bad sectors on it. I was able to image the contents of the drive onto a drive in my computer before it became completely unusable (I used DD, replacing all bad sectors w/ 0s). … Read more

Auditing in linux

March 4, 2022 by admin

I am trying to setup a robust auditing mechanism on my centos 6.x boxes. I tried and tested various auditing tools like auditd aide psacct But none is full filling my requirement. My requirement is quite simple and I know one auditing system will not serve all and i may have to use different audit … Read more