[Aide] AIDE has output even when there are no changes
fuser9bb at hotpop.com
fuser9bb at hotpop.com
Fri Apr 22 15:48:25 EEST 2005
I would argue against that design decision. Given that most people will
run AIDE daily, and many on multiple machines, then daily reports become
noise. After a while sysadmins will simply ignore AIDE reports. This
goes for any tool that runs on a regular basis. As far as any benefit
from having AIDE report that it is "alive" with these messages, the
reports can be easily reproduced by an attacker regardless.
Just my thoughts on the subject.
Great software and thanks for the hard work!
Richard van den Berg wrote:
>fuser9bb at hotpop.com wrote:
>
>
>>I am using AIDE 0.10 on FreeBSD 4.9.
>>
>>Perhaps I'm missing something in the configuration, but AIDE appears to
>>print output even if there are no differences on the filesystem. I
>>assume this is something I have done wrong. Most UNIX tools won't output
>>anything unless there is something not right, e.g., a change in the
>>filesystem.
>>
>>Is this on purpose?
>>
>>
>
>Yes it is. At the time, we felt that aide checking the filesystem is a
>too important task to not output anything at all when it succeeds. If
>you use the CVS version --verbose=4 and lower will cause aide be silent
>as expected. (This is a bug in aide 0.10.)
>
>Sincerely,
>
>Richard van den Berg
>
>
More information about the Aide
mailing list