[Aide] aide 0.11 is generating a VERY large database.
Marc Haber
mh+aide at zugschlus.de
Fri Nov 10 15:43:24 EET 2006
On Fri, Nov 10, 2006 at 11:56:13AM +0000, Adam Funk wrote:
> On 2006-11-09, Marc Haber <mh+aide at zugschlus.de> wrote:
> > Please note that this might significantly increase aide's
> > execution times as we now check the whole file system by default.
> > On systems with big, changing file systems (like shell servers or
> > big ftp or web servers), you might want to exclude parts of the
> > file system to bring execution times down to an acceptable level.
> > This is not done in the default configuration since AIDE aims for
> > maximum security by default, and big data directories are a
> > preferred target for crackers to place their root kit binaries. An
> > example rule file to exclude home directories of users with uid >=
> > 1000 is included in the package and might be put into use at the
> > local admin's discretion.
>
> Thanks for pointing that out. Since I also have a /home/scratch/ that
> isn't listed in /etc/passwd, I've added a 31_exclude-homes-custom file
> that just says
>
> !/home
>
> and I'll see if that does it.
That should do it.
> Is there any easy way to get a text listing of the files catalogued in
> aide.db so I can grep or otherwise examine it to see what else I need
> to manually exclude?
aide.db _is_ a text listing. If you cannot see it immediately, try
piping its contents throgh gunzip.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list