[Aide] added file in the summary, not in the detailed information section
Vijay
vavarachen at gmail.com
Wed Jun 22 17:57:58 EEST 2011
Michael,
This is not related to your AIDE question, but I too experienced a
similar situation not too long ago. A client's box was compromised
using an outdated php CMS system running custom php add-on. We did
not have the option to wait for a fix and needed to bring the server
back online quickly.
I suspected the compromise took place via some file which was either
uploaded to the tmp directory or upload directory and then executed
via some flaw in php code (possibly sql injection). In addition to
hardening the new LAMP stack, I mapped the tmp and upload directories
to a filesystem mapped with nodev,nosuid,noexec options.
We are still waiting for a complete fix for the php code, but none in
sight :-) In the mean time, AIDE continues to provide some peace of
mind :-)
Good luck,
Vijay
2011/6/21 Michael Chesterton <chesty at chesterton.id.au>:
> Hey,
> I took over admin of a box that has been compromised via php web apps. I'm
> working towards a reinstall, but for now I've installed aide (amongst other
> things), and it has picked up some files being added to a php upload
> directory. These files appear at the top of the report in the summary added
> files section, but not at the bottom of the report in the detailed
> information about changes section. Any ideas why that might be?
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
More information about the Aide
mailing list