[Aide] Once more, questions about ANF/ARF

Richard van den Berg richard at vdberg.org
Mon Feb 20 13:43:00 EET 2006


Marc Haber wrote:
> How would you handle this in a daily cron job? I am thinking about
> using --update always, and copying the new database to the old
> database if aide output parses
> ### All files match AIDE database. Looks okay!
> 
> What do you think about that idea?

I think that is a bad idea. Updating aide.db without manual intervention 
is dangerous. If a backdoor was added to your system, it will only be 
reported once, after which the changes to your file system are updated 
in aide.db automatically.

I think the ANF/ARF directives have their uses, but it might not be to 
track rotating log files by inode number.

Sincerely,

Richard van den Berg


More information about the Aide mailing list