[Aide] aide 0.11 is generating a VERY large database.
Adam Funk
a24061 at yahoo.com
Fri Nov 10 13:56:13 EET 2006
On 2006-11-09, Marc Haber <mh+aide at zugschlus.de> wrote:
> Please note that this might significantly increase aide's
> execution times as we now check the whole file system by default.
> On systems with big, changing file systems (like shell servers or
> big ftp or web servers), you might want to exclude parts of the
> file system to bring execution times down to an acceptable level.
> This is not done in the default configuration since AIDE aims for
> maximum security by default, and big data directories are a
> preferred target for crackers to place their root kit binaries. An
> example rule file to exclude home directories of users with uid >=
> 1000 is included in the package and might be put into use at the
> local admin's discretion.
Thanks for pointing that out. Since I also have a /home/scratch/ that
isn't listed in /etc/passwd, I've added a 31_exclude-homes-custom file
that just says
!/home
and I'll see if that does it.
Is there any easy way to get a text listing of the files catalogued in
aide.db so I can grep or otherwise examine it to see what else I need
to manually exclude?
Thanks.
More information about the Aide
mailing list