[Aide] Implementation and configuration question.

Dave Shevett shevett at pobox.com
Tue May 21 23:21:47 EEST 2013


Hi folks, after working with tripwire for a while, I was hoping to use 
aide as a new system for trapping changes to hosts.

Our primary goal is less 'intrustion detection' but more 'change 
management'.  We want to know when one of our admins (or someone else) 
makes a change to a system.  The operations team will be notified that 
such and such file was changed or updated.

The problem is i'm having a hard time understanding the configuration 
mechanism in aide.  The documention is... lacking, unfortunately.

For instance:

1) Running the cron.daily script for aide is terrifying.  It's 705 lines 
of very dense shell script, and I'm not really sure how different it is 
than a single cron line that says aide --check

2) I want aide to rebuild and place the database after each check. One 
warning sent to root@ that such ans such files are changed, and then the 
database is reset.  I can't use the same filename in /etc/aide/aide.conf 
for database, database_out, and database_new (it throws a warning).  So 
how do I say "Run against the current db, when done, put the new db in 
place of the old one"?  --update doesn't seem to do anything.  
Consecutive runs of --update show the same information.

3) There's an option buried in the daily cron job called COPYNEWDB, but 
there's no indication where this option is set or how to set it.

aide comes close to being a very useful tool, but I'm finding the 
implementation very difficult to understand, and it strikes me as overly 
complex.  If I can get these basic operations going, I'll probably 
implement it.  Am i missing some basic concept?

     -d


More information about the Aide mailing list