[Aide] Reading AIDE database from a URL?
Miner, Jonathan W (CSC) (US SSA)
jonathan.w.miner at baesystems.com
Tue Mar 21 18:08:05 EET 2006
How about simply using "wget" to fetch the database from the web, and then running AIDE?
-----Original Message-----
From: aide-bounces at cs.tut.fi on behalf of Alex Greg
Sent: Tue 03/21/2006 10:42 AM
To: aide at cs.tut.fi
Cc:
Subject: [Aide] Reading AIDE database from a URL?
I've been looking at AIDE over the past few days, with a view to
rolling it out on over 60 Linux servers. So far, it's looking much
better than Tripwire, from both an installation and performance point
of view.
The only problem I have with AIDE is that the database is stored in
plain-text, which means if an attacker gains root access on one of the
boxes, they can simply change the database. I can't feasibly store the
database on read-only media such as floppies/CD's for obvious reasons
(60+ floppies/CD's in 60+ servers...?)
I noticed that AIDE supports reading the database from a remote server
using PostgreSQL, which is useful. However, what would really be ideal
for us would be to store the database for each machine on an internal
HTTP server, and configure AIDE to validate against that.
Is HTTP support for reading the database planned, or does anyone know
of a patch? Also, if there are any other suggestions, please let me
know!
Thanks,
-- Alex
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3265 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20060321/29c1f977/attachment-0001.bin
More information about the Aide
mailing list