[Aide] Best Practices on storing aide databases

Tue Jan 25 17:28:23 EET 2011

I'm using Xymon also, so this is very good to hear.  Thanks!

2011/1/25 Erik Damsgaard <edamsgaa at csc.com>

> I am doing a similar thing like 'sshaide.sh' through monitoring jobs run
> from Xymon. The jobs are scheduled to run every 15,30,45,60 minutes or
> whatever you think is feasible through Xymon. I keep all db's, binaries and
> conf files on the xymon server and 1) copy it out 2)run the job 3)copy
> result back and alarm through Xymon.
> In this way I get alarms out through Xymon and to the right place for
> actions. Please see http://www.xymon.com/
>
> I have additional scripts for updates(which will clear the alarm and
> generate a new db) and init's which is run manually.
>
> Regards
> ---------------------------
> ERIK DAMSGAARD
> Security Analyst
> CSC
> GSS Nordic | Tell (+45 36146217) | Cell (+45 29236217) | edamsgaa at csc.com|
> www.csc.com/dk
>
> CSC • This is a PRIVATE message. If you are not the intended recipient,
> please delete without copying and kindly advise us by e-mail of the mistake
> in delivery.  NOTE: Regardless of content, this e-mail shall not operate to
> bind CSC to any order or other contract unless pursuant to explicit written
> agreement or government initiative expressly permitting the use of e-mail
> for such purpose • CSC Danmark A/S • Registered Office: Retortvej 8, DK -
> 2500 Valby, Denmark • Registered in Denmark No: 15231599
>
>
>
>  From: Vijay <vavarachen at gmail.com> To: Aide user mailinglist <
> aide at cs.tut.fi> Date: 24-01-2011 22:57 Subject: Re: [Aide] Best Practices
> on storing aide databases
> ------------------------------
>
>
>
> Bobby,
>   Take a look at 'sshaide.sh' script in the contrib folder of the aide
> release.
>
> # DESCRIPTION
> #       sshaide.sh uses AIDE and SSH to remotely run integrity checks
> #       on ALL configured client systems or those specifically listed on
> #       the command line from a centralized manager station.  sshaide.sh
> #       stores all binaries, databases and reports on a secure, centralized
> #       manager station.  Database initialization or periodic checks are
> #       run on demand or via cron jobs from the manager stations based on
> #       local policy requirements.
>
> Thanks,
> Vijay
>
> 2011/1/24 J. Bobby Lopez <*jbl at jbldata.com* <jbl at jbldata.com>>
> Would there be any online docs which discuss this?
>
>
> On Fri, Jan 14, 2011 at 10:47 AM, J. Bobby Lopez <*jbl at jbldata.com*<jbl at jbldata.com>>
> wrote:
> Hi,
>
> Just started using AIDE, and so far I'm liking it.
>
> I'm curious though what some of the best practices are on storing the AIDE
> databases.
>
> When aide.db.new is created, it's in the same directory as aide.db.  When I
> copy aide.db.new to aide.db, should I be deleting aide.db.new?
>
> What is to prevent someone who happens to gain root from running AIDE
> again, generating a new aide.db.new, and copying over aide.db before the
> next cron job, therefore making their trespass undetectable?
>
> Thanks,
> Bobby
>
>
> _______________________________________________
> Aide mailing list*
> **Aide at cs.tut.fi* <Aide at cs.tut.fi>*
> **https://mailman.cs.tut.fi/mailman/listinfo/aide*<https://mailman.cs.tut.fi/mailman/listinfo/aide>
>
>
>
>
> --
> "Knowledge is the only wealth that grows as you spend it, and diminishes as
> you save it."
> -- ancient Sanskrit saying_______________________________________________
>
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20110125/1af26ddb/attachment-0001.html 