[Aide] Need help with AIDE configuration

LIJE Creative info at lije-creative.com
Sat Apr 23 11:11:28 EEST 2016 

Hi,

I tweaked /etc/default/aide as requested. The db seems to be copied now.


AIDE returned with exit code 5. Added and changed entries detected!
AIDE post run information
output database /var/lib/aide/aide.db.new was copied to
/var/lib/aide/aide.db as requested by cron job configuration
End of AIDE post run information
AIDE produced no errors.

Output is 329870 lines, truncated to 1000.
AIDE 0.16a2-19-g16ed855 found differences between database and filesystem!!
New AIDE database written to /var/lib/aide/aide.db.new
Start timestamp: 2016-04-23 06:25:06 +0200
Verbose level: 6

Summary:
  Total number of entries:      331957
  Added entries:                329796
  Removed entries:              0
  Changed entries:              6


Also, AIDE does an update, not a check by default in the configuration
file. I had to put yes in the COPYNEWDB option.
I'll let you know in the following days how it's going on.

@Keith : I just used *apt-get install aide* to get AIDE on my debian jessie
8, nothing more. As Hannes said, the cron is part of this package but I
didn't know upstream AIDE doesn't contain a cron script.

Cordialement,


Jérôme LILLE | Responsable Agence
info at lije-creative.com | +33 7 70 87 02 03
Site internet : www.lije-creative.com

2016-04-22 20:11 GMT+02:00 Hannes von Haugwitz <hannes at vonhaugwitz.com>:

> On Fri, Apr 22, 2016 at 07:47:27AM -0400, Keith Constable wrote:
> > I mentioned protecting the AIDE database and binaries because any results
> > generated by AIDE are meaningless unless you can verify that an intruder
> > hasn't modified the binaries and database. That said, I understand
> certain
> > applications of AIDE may not warrant such paranoia. It's up to you how
> far
> > you want to take it.
>
> Just out of curiosity, what are your methods to ensure the integrity of
> the AIDE binary and the database?
>
> Best regards
>
> Hannes
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>

ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160423/052da53a/attachment.html>

More information about the Aide mailing list