AIDE will not work!

[computer_freak_8]

I am trying to run the "aide" program, but I have a very aggravating situation that is preventing it.

Whenever I try to run it, (trying to "check",) whether as root or another user, I am presented with:

Code:

Couldn't open file /var/lib/aide/please-dont-call-aide-without-parameters/aide.db for reading

or

Code:

Extra parameters given

I have tried many commands, including:

Code:

aide -C
aide --check
aide -V
aide -V 20
aide --verbose
aide -C -V
aide -C -V 20
aide --check --verbose
aide --check --verbose=20
aide -C -r stdout
aide --check -r stdout
aide -V -r stdout
aide -V 20 -r stdout
aide --verbose -r stdout
aide -C -V -r stdout
aide -C -V 20 -r stdout
aide --check --verbose -r stdout
aide --check --verbose=20 -r stdout
aide -C --report=stdout
aide --check --report=stdout
aide -V --report=stdout
aide -V 20 --report=stdout
aide --verbose --report=stdout
aide -C -V --report=stdout
aide -C -V 20 --report=stdout
aide --check --verbose --report=stdout
aide --check --verbose=20 --report=stdout

The commands in bold give the second error; all the rest of the commands give the first error.


This is really irritating; I'm questioning if I will be able to finish my project in time.

Any help would definitely be appreciated!

[bodhi.zazen]

I have not used AIDE. See if these links help :

http://www.linux.com/feature/113919

http://www.securityfocus.com/infocus/1424

[shad0w_crash]

I once got that problem on FreeBSD, The problem was that the database file was initialized but not filled.

I replaced it with an other version and it worked perfectly. What are the permissions of the .db file? Maby the installer, updater is still locking it because it's updating?

[MattBlack]

Get the same think here when run the commands manually.
sudo /etc/cron.daily/aide does work ok.

will do more investigation later.

[crazybrain]

I had the same issue, and about lost my mind trying to find the answer.

These two links helped a ton:

http://fixunix.com/debian/121980-aide.html

http://svn.debian.org/wsvn/pkg-aide/...ile&rev=0&sc=0

I'm still working with this so I haven't gotten it completely figured out yet. Good luck.

[StefanX]

Try "aide.wrapper" instead of "aide", so "aide.wrapper -i" or even "aideinit".

[pocake]

Hi,
I have got the same error when run aide first time before init database. The command /etc/cron.daily/aide takes a long time but fix the problem. AIDE built the database.

Link http://www.debuntu.org/intrusion-detection-with-aide

[computer_freak_8]

Finally I got a chance to try this again!

I have tried everything listed in this thread, except for the cron job. I don't want it to completely automate the whole process; I want to learn how to do it manually.
Here are some attempts:

Code:

root@Team-3:~# aide --init
Couldn't open file /var/lib/aide/please-dont-call-aide-without-parameters/aide.db.new for writing
root@Team-3:~# aide -i
Couldn't open file /var/lib/aide/please-dont-call-aide-without-parameters/aide.db.new for writing
root@Team-3:~# aideinit 
Running aide --init...
34:syntax error:(
34:Error while reading configuration:(
Configuration error
AIDE --init return code 17; see /var/lib/aide/aide.db.new for details
root@Team-3:~# aide.wrapper 
34:syntax error:(
34:Error while reading configuration:(
Configuration error
root@Team-3:~# aide.wrapper -i
34:syntax error:(
34:Error while reading configuration:(
Configuration error
root@Team-3:~# aide.wrapper --init
34:syntax error:(
34:Error while reading configuration:(
Configuration error

And also:

Code:

root@Team-3:~# cat /var/lib/aide/aide.db.new
cat: /var/lib/aide/aide.db.new: No such file or directory

Any other ideas?

[Pev]

After following the links on this page I managed to get it working for me.
After installing aide

Code:

#sudo apt-get install aide

I ran

Code:

sudo touch /var/lib/aide/aide.db
sudo chmod 755 /var/lib/aide/aide.db

and finally

Code:

sudo aide --config=/usr/share/aide/config/aide/aide.conf --check

Thanks,
Pev

[rarb]

Regarding the post from Pev
"I ran
Code:
sudo touch /var/lib/aide/aide.db
sudo chmod 755 /var/lib/aide/aide.db"

making the file executable and readable by world and group is not advisable from a security point of view

I recommend leaving it as
sudo chmod 600 /var/lib/aide/aide.db
to keep defence in depth

see the NIST guidelines on hardening redhat enterprise - it discusses setting up aide securely that also works with ubuntu

R