[Aide] Reading AIDE database from a URL?

Pablo Virolainen pablo at vapaa.fi
Wed Mar 22 13:17:58 EET 2006


On Wed, 22 Mar 2006, Christoph Ehret wrote:

> And what about the following solution :
> DB and aide binary is copied via scp to the target server to check and
> the check is started via ssh. To automate this, we need to generate keys
> and put it in the target system(s). Ok, this sound far less secure,
> because if the central point is compromised, this could potentially
> compromise all the other servers. To minimise this, I created a chrooted
> user which can actually only execute aide and nothing else. The reason
> why I am thinking at this solution and not the one using http transfer
> is how to transfer securely the new generated DB after a system update
> was done to the central server that has all the DB ? With "transfer
> securely" I do not mean using an encrypted/secure channel, but how can I
> automate the transfer process, i.e transfering the new generated DB to
> the central server and this for more than 100 servers to check ? Of
> course, we could upload the DB using a php script, but how can I
> automate this process and protect in the same time the upload folder,
> because I do not want everybody being able to upload a modified DB to
> the upload folder.

Why not just set aide database to stdout and let ssh to deal with the
files. (If I remember correctly it should be possible to first feed
aide.conf and then old database from stdin. If not possible, I have to
sync my version with sourceforge cvs) So one should be able to do (at
least I can:)

cat aide_${host}.conf aide_${host}.db |ssh user@${host} aide -c - -u > ${host}_${date}.db 2> ${host}_${date}.raport

Pablo Virolainen


More information about the Aide mailing list