[Aide] aide 0.11 is generating a VERY large database.

Marc Haber mh+aide at zugschlus.de
Fri Dec 1 08:52:18 EET 2006


On Thu, Nov 30, 2006 at 08:59:03PM +0000, Adam Funk wrote:
> On 2006-11-23, Marc Haber <mh+aide at zugschlus.de> wrote:
> >> On the machine still running 0.10-11, the database is 1.7MB
> >> compressed, with 37049 files.  The daily run takes 2 minutes.
> 
> I upgraded that one to Ubuntu edgy with aide 0.11 and now have a 64MB
> aide.db with 218731 entries and it takes 12 minutes.

And you still have not told us which directories make the bulk of the
database entries.

>   I can live with that.  Now that I've excluded /var/log my daily
>   "difference report" is shorter than it used to be!
> 
> Was there any good reason to include /var/log ?

Any directory might be used by an attacker tohide her binaries.

The package-specific rule sets include rules to exclude the logs that
are actually used.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


More information about the Aide mailing list