[Aide] Daily email check results

Jean-Yves Michaud jy.michaud+aide at nomagic.fr
Thu Mar 13 19:52:57 EET 2014 

Thank you Richard, I've been digging further about the Debian
implementation, and indeed it makes its own adjustments to AIDE's
configuration management.

The main conf file is still aide.conf, but the one used by the system
through daily cron script is /var/lib/aide/aide.conf.autogenerated,
which is better as it includes all the definitions made in
/etc/aide/aide.conf.d

So on Debian I should use aide.wrapper, and*if* (not needed, as it is
the default) precising conf file to use, it should be
*aide.conf.autogenerated**. *Like for example :
# aide.wrapper -c aide.conf.autogenerated --check


I found a previous thread on Debian implementation confirming this:
"The script update-aide.confis used to concatenate /etc/aide/aide.conf
and/etc/aide/aide.conf.d to /var/lib/aide/config.autogenerated, which is
the input configuration file for the actual aide binary."
https://mailman.cs.tut.fi/pipermail/aide/2008-February/000903.html


I didn't find it at first when I looking for answers, so I put the link
here in case it helps others.

Now I can focus on customizing my rules  =)

  Best regards

Jean-Yves

le 13/03/2014 00:20, Richard van den Berg a écrit :
> Jean-Yves Michaud wrote On 12-03-14 23:53:
>> Considering I have hex-encoded attributes differences for plenty of
>> elements, does that mean that the daily cron script does not apply
>> attributes rules as defined in aide.cron?
>
> I'm not sure. Aide does not ship with a daily script or cron job. This
> is most likely added by your Linux distribution.
>
>> I can't seem to find out how come these differences appear, as it
>> should all follow the same rules, shouldn't it?
>
> Yes, I would think so. If you are using Debian (or derived) try
> running  aide.wrapper instead of aide. This will use the correct
> configuration from /etc/aide/aide.conf.d/ The aide.conf.d is not
> natively support by aide, so this is simulated by a shell script.
>
> Kind regards,
>
> Richard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.tut.fi/pipermail/aide/attachments/20140313/9e027ea1/attachment-0001.html>

More information about the Aide mailing list