[Aide] Newbie Questions
Pablo Virolainen
pablo at vapaa.fi
Tue Apr 11 10:55:47 EEST 2006
On Mon, 10 Apr 2006, Gary Gendel wrote:
> You can take the paranoid approach (which is what I took). I included
> everything except what I knew didn't matter (user's home directories,
> etc.). Then I'd look at the reports generated by aide each day and
> selectively modify the attributes of those things that changed
> regularly. It will take a few month to prune it down so it's quiet, but
> then you've got a pretty inclusive system. The drawback is that your
> database size is significant, but I sleep better at night. I don't want
> to end up with a situation similar to what you discovered.
>
> BTW, though I don't use Linux regularly, you might see if there is
> something like BSD Jails or Solaris Containers available to run your web
> server in. Then, if they do get in, the worst they can do is compromise
> your web server, not your system (not even root can modify the system
> files from within a Solaris Container). I have each service running in
> it's own Container, so any successful attack is limited to one service.
About BSD Jail for linux has been implemented with LSM framework
http://kerneltrap.org/node/3823
BSD Jail functionality for Linux gives
http://sourceforge.net/projects/linuxjail/
So you trust that Solaris Container has no (exploitable) bugs?
Pablo Virolainen
More information about the Aide
mailing list