[Aide] "May not be a directory"
Marc Haber
mh+aide at zugschlus.de
Fri Dec 9 09:31:16 EET 2005
Hi,
the aide documentation says in many places that if somebody excludes a
file mask (such as /var/log/syslog.[0-9]+), a bad guy might create a
directory /var/log/syslog.999 to hide his rootkit without being
detected by aide.
_This_ could easily be remedied by having a directive that says
"ignore any files that match this regexp, but list any directories
that match this regexp".
How about implementing this in aide?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list