[Aide] AIDE configuration taking too long

Mason Nakadomari nakadoma at hawaii.edu
Fri Aug 30 01:25:28 EEST 2013 

Thanks our group has some experience but we are relatively new to Red Hat
and we have some solaris experience. Its just that we are trying to be very
rigorous to meet security requirements. We have found we need something
tighter than the default settings. Is there a recommended tighter
configuration for Red Hat. I just want to compare to what we are trying to
accomplish. My boss knows that from a theoretical standpoint its useless to
look there but he wants evidence and reasons before excluding. Sorry if
some of this seems foolish, I'm aware that certain one of those files in
/dev or /proc would be problematic to scan. We just wanted to scan as much
as we can with the bare minimum of what is needed to make sure that those
files haven't been compromised. Any advice is appreciated and you've helped
me by leaps and bounds. Thanks.


On Thu, Aug 29, 2013 at 8:49 AM, Marc Haber <mh+aide at zugschlus.de> wrote:

> On Thu, Aug 29, 2013 at 08:09:34AM -1000, Mason Nakadomari wrote:
> > Meaning I will see if my scans go faster without those directories but
> I'd
> > still like to scan those directories in a way to make it faster. It
> > shouldn't be impossible to scan those directories should it?
>
> /proc and /sys - on Linux - are virtual file systems that the kernel
> fills with information about the system and that are used to configure
> certains aspects of the system. An attacker is very unlikely to place
> data in there.
>
> /dev/ should be scanned with certain exceptions. Any moderately
> experienced Unix admin should know which files should be excluded
> (disks, random, zero come to mind).
>
> Greetings
> Marc
>
> --
>
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130829/a8352e97/attachment-0001.html

More information about the Aide mailing list