[Aide] Directories and files that often change

[Sonixxfx]

Yes, this has helped!

Thank you Eric. I am already setting up aide to monitor as much as possible,
but I still was wondering about ignoring all these files and directories
because it is mentioned a lot.
So I am already on the right track, it only takes a bit of effort to create
some of the rules, but I am getting there.

Regards,

Ben


2007/1/2, Eric Webster <ewebster at 2co.com>:
>
>  Well that would be a nice entry point for an attacker really. They could
> add/do what they want within the folder and your IDS wouldn't show. I try to
> avoid monitoring whenever possible. Make some really fancy regexps for the
> files within it and reduce monitoring of those files to a minimum, such as
> Permissions and Groups for example. This way you still get to pick up new
> and deleted files within the directory. It might take awhile to get them all
> depending on the contents of the directory, but you could also add a rule to
> ignore/minimally monitor ever file in it. Hope this helps.
>
>
> Eric Webster
> Enterprise Services
> 2CheckOut.com
>
>
>  ------------------------------
> *From:* aide-bounces at cs.tut.fi [mailto:aide-bounces at cs.tut.fi] *On Behalf
> Of *Sonixxfx
> *Sent:* Tuesday, January 02, 2007 1:10 PM
> *To:* Aide user mailinglist
> *Subject:* [Aide] Directories and files that often change
>
> Hi,
>
> I wonder what I should do with files and directories that often change. I
> know some people ignore these entirely, but can someone tell me what the
> risk of doing that would be?
>
> Thanks
>
> Ben
>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.tut.fi/pipermail/aide/attachments/20070102/f3268870/attachment.html