[Aide] Reading AIDE database from a URL?
David Theilen
dtheilen at kcp.com
Wed Mar 22 14:55:15 EET 2006
I approach this a little differently. I start with a master system
controling the activity, I assume I can't trust the remote servers.
I store a conf and database for each remote server.
The master does an scp to get the aide conf, database file
and also the aide binary to the remote.
Then I use ssh to initiate aide on the remote.
The master has an init script that stores the conf and database
specific for a remote whenever a new init is needed for a remote.
Alex Greg wrote:
>I've been looking at AIDE over the past few days, with a view to
>rolling it out on over 60 Linux servers. So far, it's looking much
>better than Tripwire, from both an installation and performance point
>of view.
>
>The only problem I have with AIDE is that the database is stored in
>plain-text, which means if an attacker gains root access on one of the
>boxes, they can simply change the database. I can't feasibly store the
>database on read-only media such as floppies/CD's for obvious reasons
>(60+ floppies/CD's in 60+ servers...?)
>
>I noticed that AIDE supports reading the database from a remote server
>using PostgreSQL, which is useful. However, what would really be ideal
>for us would be to store the database for each machine on an internal
>HTTP server, and configure AIDE to validate against that.
>
>Is HTTP support for reading the database planned, or does anyone know
>of a patch? Also, if there are any other suggestions, please let me
>know!
>
>
>Thanks,
>
>
>-- Alex
>_______________________________________________
>Aide mailing list
>Aide at cs.tut.fi
>https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
More information about the Aide
mailing list