cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Ad_astra
Flight Engineer Flight Engineer
Flight Engineer
Tuesday
  • 130 Views

Guided Exercise: Configuring Change Tracking

Hello

I am working through the "Guided Exercise: Configuring Change Tracking" section of RH342 and have encounered problems with the aide_mon.sh script. 

The script runs via the cron job but does not email the student@servera.lab.example.com. Instead, the mail is sent to root on servera.lab.example.com. 

Running the script manually (as root) from the command line DOES send the email to the student@servera.lab.example.com

Is there a setting within the the cron environment that is overiding the email address in the script or is there a default value elsewhere that is causing this behaviour? 

Following the exercise through to the end, there also appears to be a 2nd issue. 

After the AIDE database has been updated and renamed, the cron job continues to generate email alerts (to root) even when the inspection of the log file shows that there are no changes. 

Running the aide_mon.sh script manually DOES NOT send any emails to the student@servera.lab.example.com.

I have run the lab twice without success in this task.

This is proving a good opportunity to try out the 'Scientific Method' of problem solving! 

Unless I am mistaken, all emails from cron tasks are sent to the owner of the cron job; here it is root. So the emails will always go to root and not the student user. It is not possible to run the aide command without elevated privileges which the student user does not have.

Any advice welcome.

Thank you 

Labels (1)
Labels
0 Kudos
Join the discussion
1 Reply
Ad_astra
Flight Engineer Flight Engineer
Flight Engineer
Wednesday
  • 65 Views

Well, it looks like I have answered my own question; always rewarding to work it out yourself!

The undesired behaviour with the cron job appears to have been caused by the use of 2 separate commands in /etc/cron.d/aide.

Runing the aide --check command in cron will always produce some output in the form of the AIDE log. This log output (both good or bad) will be emailed to the cron job owner, which is why root was always getting emails, regardless of the aide --check outcome.

My solution to the problem:

Move the aide --check command from the cron file into the /root/aide_mon.sh and redirect the output to /dev/null.

File contents for /etc/cron.d/aide:

# AIDE Checks and alert

*/2 * * * * root /root/aide_mon.sh

====================================

File contents for /root/aide_mon.sh:

/usr/sbin/aide --check &>/dev/null

if ! /usr/bin/grep "Looks okay" /var/log/aide/aide.log &>/dev/null

then

  /usr/bin/cat /var/log/aide/aide.log | /usr/bin/mail -s "AIDE Alert" student@servera.lab.example.com

fi

====================================

Note: I have fully qualified the path names to the files and binaries to avoid any potential path problems. 

I also could have used grep -q instead of redirecting the output to /dev/null.

I have tested this in the labs and all looks OK. I shall attempt to forward my findings to the RHLS team to see if there are any errors with the lab environment or exercise. 

I hope this may be helpful to anyone studying the RH342 course. 

 

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use