search cancel

AIDE report(unknown) alert generated for file gatekeeper.ini


Article ID: 254303


Updated On:


CA Privileged Access Manager (PAM)


In version 4.0.1, after setting webservices in debug, the following error is reported by AIDE

Subject: AIDE report for <machine_name>


This is an automated report generated by the Advanced Intrusion Detection Environment on <machine_name> started at 2022-11-12 06:25:01.


AIDE returned with exit code 4. Changed entries detected!

AIDE post run information

output database /var/lib/aide/ was copied to /var/lib/aide/aide.db as requested by cron job configuration End of AIDE post run information


AIDE produced no errors.


Output of the daily AIDE run (61 lines):

Start timestamp: 2022-11-12 06:25:01 +0000 (AIDE 0.16) AIDE found differences between database and filesystem!!

New AIDE database written to /var/lib/aide/ Verbose level: 6



  Total number of entries:       2893

  Added entries:                      0

  Removed entries:                  0

  Changed entries:                   1


Changed entries:


f >....   ..C.. .: /var/www/htdocs/uag/gatekeeper.ini


Detailed information about changes:


File: /var/www/htdocs/uag/gatekeeper.ini

  Size     : 1516                             | 1517

  SHA256   : SHolVQHKf9pRJPW/Skk6biIJrJoO9Nih | DVMGDwidQLHPYiTxdjKCqQbfiGyRhI+e

             m9uJrq2Mp7M=                     | tvOjyF9gSKY=


This article clarifies this message and whether it should be a case for concern


CA PAM 4.0 and 4.0.1


There is a know issue resolved in defect DE521644 for AIDE reporting changes to gatekeeper.ini whenever the webservices log is set to debug. This error message, when received in versions 4.0 or 4.0.1 is thus harmless.


No action is necessary unless the error message is received for a release which should already include the fix in DE521644. If this is the case, further investigation is required and it will be a good idea to open a support ticket for further investigation.