[Aide] 0.11rc2 observations
Richard van den Berg
richard at vdberg.org
Sun Jan 22 14:19:26 EET 2006
Vincent Danen wrote:
> Another question I had, and this is more of a design question than
> anything. Why does aide make comparisons against the life filesystem?
> Or, rather, why does it update from the live filesystem. It looks to me
> like --init is functionally equivalent to --update except for the report
> of differences at the end.
Very true, and --check and --update are the same except that the update
also creates aide.db.new. The Debian aide package uses --update for all
checks. Since aide never overwrites the original databases (but rather
creates a new one), it is left to the administrator to see what output
--update produces (i.e. what has changed), and then manually replace the
aide.db with the aide.db.new. The next run of aide will then report any
changes made since the last run. You can adopt this strategy if you like it.
Sincerely,
Richard van den Berg
More information about the Aide
mailing list