[Aide] Best Practices on storing aide databases
Vijay
vavarachen at gmail.com
Mon Jan 24 23:40:27 EET 2011
Bobby,
Take a look at 'sshaide.sh' script in the contrib folder of the aide
release.
# DESCRIPTION
# sshaide.sh uses AIDE and SSH to remotely run integrity checks
# on ALL configured client systems or those specifically listed on
# the command line from a centralized manager station. sshaide.sh
# stores all binaries, databases and reports on a secure, centralized
# manager station. Database initialization or periodic checks are
# run on demand or via cron jobs from the manager stations based on
# local policy requirements.
Thanks,
Vijay
2011/1/24 J. Bobby Lopez <jbl at jbldata.com>
> Would there be any online docs which discuss this?
>
>
> On Fri, Jan 14, 2011 at 10:47 AM, J. Bobby Lopez <jbl at jbldata.com> wrote:
>
>> Hi,
>>
>> Just started using AIDE, and so far I'm liking it.
>>
>> I'm curious though what some of the best practices are on storing the AIDE
>> databases.
>>
>> When aide.db.new is created, it's in the same directory as aide.db. When
>> I copy aide.db.new to aide.db, should I be deleting aide.db.new?
>>
>> What is to prevent someone who happens to gain root from running AIDE
>> again, generating a new aide.db.new, and copying over aide.db before the
>> next cron job, therefore making their trespass undetectable?
>>
>> Thanks,
>> Bobby
>>
>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
--
"Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it."
-- ancient Sanskrit saying
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20110124/9c9d2f87/attachment.html
More information about the Aide
mailing list