[Aide] Reading AIDE database from a URL?

[Christoph Ehret]

And what about the following solution :
DB and aide binary is copied via scp to the target server to check and
the check is started via ssh. To automate this, we need to generate keys
and put it in the target system(s). Ok, this sound far less secure,
because if the central point is compromised, this could potentially
compromise all the other servers. To minimise this, I created a chrooted
user which can actually only execute aide and nothing else. The reason
why I am thinking at this solution and not the one using http transfer
is how to transfer securely the new generated DB after a system update
was done to the central server that has all the DB ? With "transfer
securely" I do not mean using an encrypted/secure channel, but how can I
automate the transfer process, i.e transfering the new generated DB to
the central server and this for more than 100 servers to check ? Of
course, we could upload the DB using a php script, but how can I
automate this process and protect in the same time the upload folder,
because I do not want everybody being able to upload a modified DB to
the upload folder.

Sorry, it was perhaps a bit boring and long, but I would be interested
to have your opinion...

Thanks for your answers.

Chris


-- 

Christoph Ehret

Swisscom AG
Linux Engineering
Zentweg 46
CH-3050 Bern