[Aide] Once more, questions about ANF/ARF
Richard van den Berg
richard at vdberg.org
Mon Feb 20 13:43:00 EET 2006
Marc Haber wrote:
> How would you handle this in a daily cron job? I am thinking about
> using --update always, and copying the new database to the old
> database if aide output parses
> ### All files match AIDE database. Looks okay!
>
> What do you think about that idea?
I think that is a bad idea. Updating aide.db without manual intervention
is dangerous. If a backdoor was added to your system, it will only be
reported once, after which the changes to your file system are updated
in aide.db automatically.
I think the ANF/ARF directives have their uses, but it might not be to
track rotating log files by inode number.
Sincerely,
Richard van den Berg
More information about the Aide
mailing list