I was wrong in my previous solutions. Crashing AIDE is a result of default AIDE config only. When many audit rules are configured, AIDE crashes because audit is running too fast. And AIDE simply can not calculate sums, in case of file changes when calculating. Keep in mind, that auditd reading messages from kernel audit generation mechanisms via syscalls (LSM hooks). Kernel is running really a loooooot of sycalls in every second. The right solutions are:
1. Exclude your audit logs dirs (such as /var/log and/or /var/log/audit) from AIDE rules. Maybe exclude every fast-changing directory from AIDE rules also. 2. Or install and configure AIDE before you configure auditd and (r)syslog rules. But in this case you could take a lot of AIDE messages every check runs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1920649 Title: ubuntu 20.04 LTS - aide crashes on initialization To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1920649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
