[Aide] Best Practices on storing aide databases
Erik Damsgaard
edamsgaa at csc.com
Tue Jan 25 08:23:51 EET 2011
I am doing a similar thing like 'sshaide.sh' through monitoring jobs run
from Xymon. The jobs are scheduled to run every 15,30,45,60 minutes or
whatever you think is feasible through Xymon. I keep all db's, binaries
and conf files on the xymon server and 1) copy it out 2)run the job 3)copy
result back and alarm through Xymon.
In this way I get alarms out through Xymon and to the right place for
actions. Please see http://www.xymon.com/
I have additional scripts for updates(which will clear the alarm and
generate a new db) and init's which is run manually.
Regards
---------------------------
ERIK DAMSGAARD
Security Analyst
CSC
GSS Nordic | Tell (+45 36146217) | Cell (+45 29236217) | edamsgaa at csc.com
| www.csc.com/dk
CSC ? This is a PRIVATE message. If you are not the intended recipient,
please delete without copying and kindly advise us by e-mail of the
mistake in delivery. NOTE: Regardless of content, this e-mail shall not
operate to bind CSC to any order or other contract unless pursuant to
explicit written agreement or government initiative expressly permitting
the use of e-mail for such purpose ? CSC Danmark A/S ? Registered Office:
Retortvej 8, DK - 2500 Valby, Denmark ? Registered in Denmark No: 15231599
From:
Vijay <vavarachen at gmail.com>
To:
Aide user mailinglist <aide at cs.tut.fi>
Date:
24-01-2011 22:57
Subject:
Re: [Aide] Best Practices on storing aide databases
Bobby,
Take a look at 'sshaide.sh' script in the contrib folder of the aide
release.
# DESCRIPTION
# sshaide.sh uses AIDE and SSH to remotely run integrity checks
# on ALL configured client systems or those specifically listed on
# the command line from a centralized manager station. sshaide.sh
# stores all binaries, databases and reports on a secure,
centralized
# manager station. Database initialization or periodic checks are
# run on demand or via cron jobs from the manager stations based on
# local policy requirements.
Thanks,
Vijay
2011/1/24 J. Bobby Lopez <jbl at jbldata.com>
Would there be any online docs which discuss this?
On Fri, Jan 14, 2011 at 10:47 AM, J. Bobby Lopez <jbl at jbldata.com> wrote:
Hi,
Just started using AIDE, and so far I'm liking it.
I'm curious though what some of the best practices are on storing the AIDE
databases.
When aide.db.new is created, it's in the same directory as aide.db. When
I copy aide.db.new to aide.db, should I be deleting aide.db.new?
What is to prevent someone who happens to gain root from running AIDE
again, generating a new aide.db.new, and copying over aide.db before the
next cron job, therefore making their trespass undetectable?
Thanks,
Bobby
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
--
"Knowledge is the only wealth that grows as you spend it, and diminishes
as you save it."
-- ancient Sanskrit saying_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20110125/d625007e/attachment.html
More information about the Aide
mailing list