[Aide] Reporting log files
Pablo Virolainen
pablo at vapaa.fi
Thu Mar 29 10:42:54 EEST 2007
On Wed, 28 Mar 2007, Marc Haber wrote:
> On Wed, Mar 28, 2007 at 10:15:03AM +0300, Pablo Virolainen wrote:
> > On Sun, 18 Mar 2007, Marc Haber wrote:
> > > > Would it not be possible for Aide, since it records the previous
> > > > log file size, to verify checksums over the initial part of the
> > > > file comprising of the old size? So the options for a growing
> > > > logfile could include S+md5+sha1 and the hashes would know, as a
> > > > result of the S option, that the old size is to be used to record
> > > > the previous bits.
> > >
> > > Nice idea. wishlist request 1683255 in the aide feature request
> > > tracker. Again, if I omitted something, please add there.
> >
> > This is not so easy. Actually this can't be implemented without knowing
> > the original size (read from the database). So running init and then
> > compare would be different than running update.
>
> Please explain, I don't seem to understand what you mean here.
When running init, AIDE don't known about 'original' size of the files
which can grow, so AIDE can't calculate the hash value of the files (with
old file sizes). But when running in update mode, AIDE knowns the old size
and can calculate hash value with the old file size. It makes running
init and then compare to be different that running update. Of cource we
could make AIDE to save hash values of each piece (eg 16kb), and thereby
make 'incremental' checks. One possibility is to include original size
in configuration file.
Pablo Virolainen
More information about the Aide
mailing list