[Aide] AIDE has output even when there are no changes
Thistle, Scott
Scott.Thistle at xwave.com
Fri Apr 22 15:56:55 EEST 2005
I am all for the daily emails. At least you know it is working. We have
the report sent to our reporting server which analyses the email and
updates a webpage that is monitored 24/7. Simple enough. We can easily
see the red flags on the web page for servers that have not checked in,
late checking in or those that did check in with issues. We also run
AIDE twice daily on all our servers (we host a data center and get 100+
reports). Keep up the awesome work :)
-----Original Message-----
From: aide-bounces at cs.tut.fi [mailto:aide-bounces at cs.tut.fi] On Behalf
Of fuser9bb at hotpop.com
Sent: Friday, April 22, 2005 10:18 AM
To: aide at cs.tut.fi
Subject: Re: [Aide] AIDE has output even when there are no changes
I would argue against that design decision. Given that most people will
run AIDE daily, and many on multiple machines, then daily reports become
noise. After a while sysadmins will simply ignore AIDE reports. This
goes for any tool that runs on a regular basis. As far as any benefit
from having AIDE report that it is "alive" with these messages, the
reports can be easily reproduced by an attacker regardless.
Just my thoughts on the subject.
Great software and thanks for the hard work!
Richard van den Berg wrote:
>fuser9bb at hotpop.com wrote:
>
>
>>I am using AIDE 0.10 on FreeBSD 4.9.
>>
>>Perhaps I'm missing something in the configuration, but AIDE appears
to
>>print output even if there are no differences on the filesystem. I
>>assume this is something I have done wrong. Most UNIX tools won't
output
>>anything unless there is something not right, e.g., a change in the
>>filesystem.
>>
>>Is this on purpose?
>>
>>
>
>Yes it is. At the time, we felt that aide checking the filesystem is a
>too important task to not output anything at all when it succeeds. If
>you use the CVS version --verbose=4 and lower will cause aide be silent
>as expected. (This is a bug in aide 0.10.)
>
>Sincerely,
>
>Richard van den Berg
>
>
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
More information about the Aide
mailing list