[Aide] "Levels" of change?
Keith Constable
kccricket at gmail.com
Sat Jul 6 00:12:04 EEST 2013
Dave,
One option would be to run aide twice with two different databases.
One database for critical "page me" files, and the other for "warn me"
files.
Alternatively, you could write a script that parses aide's stdout and
then does different things based on what files changed, but I'd just
go with option 1.
Regards,
Keith Constable
On Jul 5, 2013, at 2:27 PM, Dave Shevett <shevett at pobox.com> wrote:
> Hey folks, we have aide up and running across our envrionment. We're
> using it as a 'change notification system' as well as an IDS, so we get
> mail notices whenver someone changes a configuration file on a
> production host, etc etc.
>
> What we'd like to do is say "See these files? Tell us when they change,
> but don't raise an alert. ANything else? Page us." - I have a script
> doing most of the work now, so I can do things like check exit values, etc.
>
> Is there any way to tell aide 'changes other than changes to these
> files? throw an error or set an exit code of X'
>
> Thanks!
>
> -d
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2760 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20130705/91e45bb0/attachment.bin
More information about the Aide
mailing list