[Aide] aide 0.11 is generating a VERY large database.
Adam Funk
a24061 at yahoo.com
Mon Feb 5 12:48:02 EET 2007
On 2006-12-14, Marc Haber wrote:
>> Having tried to study the aide 0.11 Debian/Ubuntu config in more
>> detail, and thought about some of your comments, I wonder if I have a
>> wrong notion of what aide should and should not cover.
>>
>> My expectation has been that a "sensible" config would exclude things
>> that routinely change every day, such as most log files; in other
>> words, the daily aide report should be almost empty in normal use,
>> except when I've installed, removed or upgraded software (and in that
>> case the report should be big but should reflect the packages
>> changed).
>>
>> Is that wrong?
>
> I feel that these questions are answered in
> /usr/share/doc/aide/NEWS.Debian.gz. If they are not answered there,
> please re-phrase them so that I can improve my answers.
OK, I'll try again. I think you said on your production systems you
use an aide configuration fairly similar to the Debian default, but
you were surprised at the database sizes and execution times I
reported.
Would you also be surprised if I said that my daily report (without
some of the more radical exclusions such as "!/var/log") *always*
contained several dozen changed files? Would you consider that normal
on your systems?
More information about the Aide
mailing list