[Aide] My personal guide to AIDE

Russell Gadd russ.mail.lists at googlemail.com
Mon Mar 24 00:08:51 EET 2008 

Marc Haber wrote:
> Hi Russell,
> 
> <snip>
> 
> I am not a big fan of HOWTO type documentation as they lead people to
> do things that they don't understand.
> 
I understand your point if the document encourages people to just follow 
blindly. However as you say this is a system targeted at experienced 
sysadmins, and they are reading this because they haven't used aide or 
haven't used in in Debian. I was suggesting it really as just a summary 
outline of the steps involved. Otherwise you've got to probably write 
down your own summary of the operations involved to see the picture, 
taking parts from all the various documents. Maybe you are right and it 
would be best to make people get it into their heads by working it out 
for themselves.

> 
> <snip>
> 
> I am not a big fan of duplicating information, ...

Yes, you're a programmer and realise the potential for inconsistency :)

> 
> <snip>
>

> You can see the new README.Debian file in svn via
> http://svn.debian.org/wsvn/pkg-aide/trunk/debian/aide-common.README.Debian?op=file&rev=0&sc=0
> - I'd appreciate your comments
> 

OK I attach these below, since you asked.

Regards
Russell

=====================================================================

It looks like you have modified the README more than once since the Etch
copy which I am using. I should say improved, generally I think the
document is clearer than before. I don't think I can add much, however
there are just a few areas where I would venture a comment, (some of
them a bit pernickety):

1. "Configuring AIDE the Debian way" 4th para:

After changing aide configuration, you might want to re-build your
database either by using the aideinit script, aide --init or aide
--update.

Either/or sounds to me like there are only 2 alternatives, you have to
read this a couple of times to realise that there are 3. I suggest

After changing your aide configuration, you might want to re-build your
database either by using the aideinit script, or aide itself via aide
--init or aide --update.

2. "Common configuration issues" 2nd para
   (a) typo: s/encourages/encouraged/
   (b) "Aide rules can both be ... or .."? - either/or or both?
   (c) A few points here, just so it reads better: suggest change

 From a security point of view, it is
desir[e]able to have the aide rules come with the respective package,
since this makes sure that only files are excluded from the aide check
that are actually in use on the system. This approach minimizes the

to

 From a security point of view, it is desirable to have the aide rules
come with the respective package, since this makes sure that the only
files excluded from the aide check are those that are actually in use on
the system. This approach also minimizes the

   (d) Generally the last sentence of this paragraph sounds like you are
   talking to your fellow maintainers. I presume a maintainer can arrange
   for the new rules to be automatically inserted into
   /etc/aide/aide.conf.d/. However I'm not sure why your suggested naming
   convention would really minimise the potential for conflict. Even if
   the names don't clash presumably the original rules need to be
   removed. I'm out of my depth here, as I don't know how the maintainers
   cooperate on such things. Ultimately the user will want there to be no
   clash of rules so maybe you could add "In such a case, if there are
   existing rules for this package already in the aide configuration they
   will be in /etc/aide/aide.conf.d/nn_aide_foo and will need to be
   removed." This doesn't tell the maintainer or the user to do it, but
   the warning is there.

More information about the Aide mailing list