Comment 6 for bug 1920649
Revision history for this message
| Konstantin Kalmykov (kkblkkbl) wrote Re: ubuntu 20.04 LTS - aide crashes on initialization | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
I was wrong in my previous solutions.
Crashing AIDE is a result of default AIDE config when auditd runnig . When many audit rules are configured, AIDE crashes because audit is running too fast. And AIDE simply can not calculate sums, in case of file changes when calculating. Keep in mind, that auditd reading messages from kernel audit generation mechanisms via syscalls (LSM hooks). Kernel is running really a loooooot of sycalls in every second. The right solutions are:
1. Exclude your audit logs dirs (such as /var/log and/or /var/log/audit) from AIDE rules. Maybe exclude every fast-changing directory from AIDE rules also.
2. Or install and configure AIDE before you configure auditd and (r)syslog rules. But in this case you could take a lot of AIDE messages every check runs.