[Aide] Scanning of hidden directories fails
Hannes von Haugwitz
hannes at vonhaugwitz.com
Wed May 19 09:46:29 EEST 2010
Pedro Sanchez wrote:
> Hello,
>
> recentily we have a problem with one of our machines, that has aide installled.
> He have this version Aide 0.13.1
> A trojan was installed using a software vulnerability in a domain.
> This software was inside a directory named ... ( three following points)
> This name makes the directory invisible for aide, so we have no
> knowing of this filesystem modification.
> Is there any way to path aide to sove this or it is solved in a newer release ?
>
> Thank you very much.
Hi,
I can't reproduce that with debian testing and aide version 0.14.
A new file evil in the directory /tmp/... is reported as expected:
---------------------------------------------------
Added files:
---------------------------------------------------
f+++++++++++++++: /tmp/.../evil
---------------------------------------------------
Changed files:
---------------------------------------------------
d >.... mc.. .. : /tmp/...
Greetings,
Hannes
More information about the Aide
mailing list