[Aide] /usr/sbin/aide changes on x86_64???
James Antill
james-aide-38mkm at and.org
Tue Nov 7 00:05:45 EET 2006
Richard van den Berg <richard at vdberg.org> writes:
> James Antill wrote:
>> Given the timestamp, I'd guess it's prelink changing the binary.
>
> Prelink? Aide should not be compiled as a dynamic linked binary! Use the
> defaults, and let it link statically.
This isn't the case, both Fedora (which I don't control) and RHEL
(which I have some control over) link dynamically.
Atm. aide produces a lot of output whenever pre-link is run, if you
are monitoring /bin or /usr/bin etc.) so one more binary doesn't make
much difference.
I don't see a security advantage of linking aide statically, either
you reboot and run the entire thing from CDROM or you just have to
trust a few different things (starting with kernel, shell/cron). At
which point the addition of ld.so and a few libs seems minor, IMO.
Without a major requirement not to be dynamic I can't see either
distro. letting through -static compile flags.
--
James Antill - <james.antill at redhat.com>
More information about the Aide
mailing list