[Aide] Reading AIDE database from a URL?
Pablo Virolainen
pablo at vapaa.fi
Wed Mar 22 14:49:49 EET 2006
On Wed, 22 Mar 2006, Christoph Ehret wrote:
> I am not quite sure I understood well what this command do : you have
> all the different DB and conf files for every server to watch on a
> central server. From this central server, you first put the aide DB and
> conf for a host to watch to stdout, then pipe this to ssh which will
> pass this as input to aide on ${host} . So what I am not sure : aide is
> installed on ${host} and is not on the central server, isnt'it ? And
> what about aide -c - -u : -c ok, -u ok, but what is the meaning of -
> between -c and -u ?
>
> Thanks to put some light on what I cannot see :) .
-c - tells aide to read configuration file from stdin.
Each host has aide binary (no configuration nor database). I can ssh to
the host without passwd.
Central server can also have aide installed.
In the central server (the trusted one) I keep aide configuration and
database files. In most cases, all the configuration files actually are
symlinks to aide_default.conf. I have different DB for each machine,
because of different cpu arch (One x86, one sparc, one 68k, one CRIS which
is currently broken).
The whole script goes
date=`date +%F`
for host in ${hosts_to_check}
do
cat aide_${host}.conf aide_${host}.db |ssh user@${host} aide -c - -u > ${host}_${date}.db 2> ${host}_${date}.raport &
done
ps. You might want to use gzip to reduce size of the output database and
set limit to the database and raport files size.
Pablo Virolainen
More information about the Aide
mailing list