[Aide] My personal guide to AIDE
mh+aide at zugschlus.de
Sun Mar 23 14:33:57 EET 2008
On Sun, Mar 16, 2008 at 12:31:13PM +0000, Russell Gadd wrote:
> Marc Haber wrote:
> > On Sat, Mar 15, 2008 at 06:09:44PM +0000, Russell Gadd wrote:
> >> Marc Haber wrote:
> >>>> On installation, debconf is used to query the user whether to initialize the
> >>>> AIDE database and whether to automatically place the new database at a place
> >>>> where aide can pick it up as a reference. aideinit, the script used to
> >>>> initialize the database, has a man page. [NOTE - I HAVEN'T USED DEBCONF -
> >>>> DOESN'T SEEM A PROBLEM]
> >>> It isn't a problem at all, the scripts invoked by debconf are just
> >>> sophisticated versions of aide --init and cp /var/lib/aide/aide.db.new
> >>> /var/lib/aide/aide.db.
> >>> Do you want me to document that in the package?
> >> Would be worth a mention.
> > but where? In the README?
> First I'd just say that I don't remember answering questions on
> installation - maybe it did ask them, I really can't remember.
They are asked at "medium" priority so they might have been hidden
away from you depending on which debconf level you have chosen for
> But my point is when I read "debconf is used to ..." I wasn't sure
> whether this meant that I should somehow invoke debconf or whether it
> should have been done automatically on installation. (Probably my
> ignorance of package management).
This is probably lack of Debian knowledge, but I'll try improving the
On installation, debconf questions are asked at medium priority
to query the user whether to initialize the AIDE database and whether
to automatically place the new database at a place where aide can
pick it up as a reference. aideinit, the script used to initialize
the database, has a man page, and can be invoked at the users'
discretion at a later time.
> As regards documentation, I've now had another look at it. In the hope
> it helps, I will offer up some suggestions from a user perspective. I
> think the man pages are fine and don't need any improvement. But I think
> the README could be organised slightly differently. I would move the
> section on /usr/bin/aide.wrapper to below the section on the daily cron
> job. Then you start with the top 3 paragraphs of overview, which are fine.
> I would follow this by a sort of HOWTO section which covers set up and
I am not a big fan of HOWTO type documentation as they lead people to
do things that they don't understand.
I appreciate your input, but aide is a tool for experienced users, and
not for beginners who would need docs _that_ detailed. Beginners are
likely not able to interpret aide reports anyway.
> is extensively commented. Then consider and alter or add to
> /etc/aide/aide.conf and /etc/aide/aide.conf.d (may want to mention
> checking the man page of update-aide.conf which uses these files).
> Mention the executable point here.
I am not a big fan of duplicating information, and the executeable
point is in upadte-aide.conf's man page in the very first paragraph.
Almost impossible to miss if one takes a single look at the man page.
> Before doing any modifications you might want to back up ...
> (configs and databases).
best practice of systems administration, I don't think it makes sense
to clutter up the docs with that.
> After doing any modifications you need to rerun aideinit and update
> the reference database otherwise on the next run you will get a
> spurious comparison between a newly generated database and the old
> reference database. You can test your new config by explicitly
> running /etc/aide/aide.conf.d (which will abort if a run is already
> in progress). However this will of course not show any changes unless
> some other processing has taken place in the system meanwhile, so you
> may want to wait a while before doing another run - suggest wait for
> the next daily job, and compare this to the last one
> pre-modification. Once you are happy with the reports are what you
> need, you will only need to revisit the setup when the output grows
> to be unmanageable. For example, whenever the system is updated you
> should see a lot of output showing the changes. Once you are
> satisfied that nothing is amiss with the updates, you can make these
> a permanent part of the reference database by rerunning aideinit
> again. Of course you may need to tweak the configs again if you
> install new packages
I generally use aideinit only for new installations and proceed, once
aide is in place with aide --update. This will generate a new database
_and_ report any changes found, ensuring continous monitoring of the
You can see the new README.Debian file in svn via
- I'd appreciate your comments
> No, the man page is fine. I needed to re-read it. Please remember that
> my document is just a personal attempt to put in one place the things I
> need to be reminded of.
No problem, your document is valueable input, even if I do not take
all of your suggestions.
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Aide