[Aide] aide 0.11 is generating a VERY large database.
Marc Haber
mh+aide at zugschlus.de
Fri Dec 1 16:07:27 EET 2006
On Fri, Dec 01, 2006 at 12:44:09PM +0000, Adam Funk wrote:
> On 2006-12-01, Marc Haber <mh+aide at zugschlus.de> wrote:
>
> >> Was there any good reason to include /var/log ?
> >
> > Any directory might be used by an attacker tohide her binaries.
> >
> > The package-specific rule sets include rules to exclude the logs that
> > are actually used.
>
> With 0.10 as well as 0.11 (before I excluded /var/log), my daily aide
> report always showed a lot of changes in /var/log, so I thought not
> enough log files that normally change every day were being excluded.
>
> Do you recommend leaving those in and reading the aide differences
> every day?
I begin to wonder whether you have actually read the documentation
that came with your Debian package, and have tried to understand the
default configuration.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list