[Aide] aide 0.11 is generating a VERY large database.
Marc Haber
mh+aide at zugschlus.de
Fri Dec 1 08:52:18 EET 2006
On Thu, Nov 30, 2006 at 08:59:03PM +0000, Adam Funk wrote:
> On 2006-11-23, Marc Haber <mh+aide at zugschlus.de> wrote:
> >> On the machine still running 0.10-11, the database is 1.7MB
> >> compressed, with 37049 files. The daily run takes 2 minutes.
>
> I upgraded that one to Ubuntu edgy with aide 0.11 and now have a 64MB
> aide.db with 218731 entries and it takes 12 minutes.
And you still have not told us which directories make the bulk of the
database entries.
> I can live with that. Now that I've excluded /var/log my daily
> "difference report" is shorter than it used to be!
>
> Was there any good reason to include /var/log ?
Any directory might be used by an attacker tohide her binaries.
The package-specific rule sets include rules to exclude the logs that
are actually used.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list