[Aide] /var/lib/aide changed
Mauricio Tavares
raubvogel at gmail.com
Thu Nov 4 22:52:20 EET 2010
So my daily aide report told me the following files/folders were changed
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /var/lib/aide
changed: /var/lib/ntp
changed: /root
changed:/root/.viminfo
changed:/dev/.udev/queue.bin
Some a pretty obvious why (I was doing stuff as root and machine will be updating its time every so often) and I can figure out how to handle (whitelist the ntp dir but not /root) so to limit reported changes only to suspicious stuff. But then we have /var/lib/aide. Yeah I know it is just trying to tell me that it created a new aide.db.new file, but how should I handle it? whitelist aide.db.new itself?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20101104/9b9dd20d/attachment-0001.html
More information about the Aide
mailing list