[Aide] Need help with AIDE configuration

LIJE Creative info at lije-creative.com
Fri Apr 22 09:50:26 EEST 2016 

No, AIDE ouf of the box offers daily report.
Once installed, it added me the file: */etc/cron.daily/aide* which sends me
a daily report.
There is a MAILTO parameter which must be filled to work.

CRON_DAILY_RUN="${CRON_DAILY_RUN:-yes}"
*MAILTO="xxx at xxx.fr <xxx at xxx.fr>"*
eval MAILTO="$MAILTO"
DATABASE="${DATABASE:-/var/lib/aide/aide.db}"
LINES="${LINES:-1000}"
COMMAND="${COMMAND:-check}"
COPYNEWDB="${COPYNEWDB:-no}"
QUIETREPORTS="${QUIETREPORTS:-no}"
SILENTREPORTS="${SILENTREPORTS:-no}"
TRUNCATEDETAILS="${TRUNCATEDETAILS:-no}"
FILTERUPDATES="${FILTERUPDATES:-no}"
FILTERINSTALLATIONS="${FILTERINSTALLATIONS:-no}"
CRONEXITHOOK="${CRONEXITHOOK:-}"
ONEXIT=""

You can also see that the command is check, indeed.
This is not AIDE binaries and database that matters to me but the files of
my web server.
If a hacker get a chance to inject some file in a website, I want to see
it. But he won't probably modify the AIDE database from himself.

Cordialement,


Jérôme LILLE | Responsable Agence
info at lije-creative.com | +33 7 70 87 02 03
Site internet : www.lije-creative.com

2016-04-22 5:05 GMT+02:00 Keith Constable <kccricket at gmail.com>:

> "aide --check " compares the file system to the aide database and gives
> you a report of changed and added and deleted files.
>
> Are you using an OS packaged version of AIDE? AIDE itself produces no
> daily report.
>
> You should only --init a new database once you've validated all changes
> reported by the --check run.
>
> What protections do you have in place to ensure that the AIDE binaries and
> database aren't compromised by an intruder?
>
> Regards,
> Keith
>
>
> On Thursday, April 21, 2016, LIJE Creative <info at lije-creative.com> wrote:
>
>> Hi guys,
>>
>> Like you, I'm a user of AIDE but I need a hand about the configuration.
>>
>> I'm getting the daily aide report. It contains the 1000 first lines of
>> the log file.
>>
>> [image: Images intégrées 1]
>>
>> Do you know if there is a way to get only the list of newly added entries
>> (difference between the new and old database) and the changed entries?
>> Everyday, I'm getting these 330k new added entries so I can't check if
>> anything is messed up.
>>
>> I'm running AIDE on my /var/www folder to check newly added files from my
>> clients or hackers.
>>
>> Thanks
>>
>>
>> Jérôme LILLE | Responsable Agence
>> info at lije-creative.com | +33 7 70 87 02 03
>> Site internet : www.lije-creative.com
>>>>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160422/ed110372/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 20706 bytes
Desc: not available
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160422/ed110372/attachment-0001.png>

More information about the Aide mailing list