[Aide] prelink patch
John Horne
john.horne at plymouth.ac.uk
Mon Feb 15 18:54:01 EET 2010
On Wed, 2010-02-10 at 14:20 -0600, Vijay Avarachen wrote:
>
> Are there any security ramifications by not using inodes in the check?
> Since I am checking for permissions, various checksums, ownership,
> create time, mod time and size, I think I can still have a high degree
> of confidence in the files integrity. Any thoughts?
>
For prelinked files you cannot check the creation and modification times
as prelinking will changed these.
Given that the main thing I am looking for with Aide is to see if any
file contents have changed, then I am happy using the prelink patch and
not checking the inode and creation/modification date/time. I rely on
the checksum checks to ensure the contents haven't changed.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
More information about the Aide
mailing list