[Aide] Need help with AIDE configuration

LIJE Creative info at lije-creative.com
Mon Apr 25 09:29:22 EEST 2016 

Hi guys,

It's working better with the last tweaks I did on the cron conf file.
Thanks Keith and Hannes about that.

Also, I wanted to ask how to exclude folders with a wild card?
Currently, I got a lot of ispconfig websites and a lot of sessions files
generated in the /tmp/ folder of every websites.
I wanted to exclude these folders like that:

!/home/www/clients/client0/*/tmp/.*

But the wild card doesn't seem to work.

/home/www/clients/client0/web11/tmp/sess_8demipef935hpkklaop8ad0fr0
/home/www/clients/client0/web12/tmp/sess_878h8gq2gqnl9b4b424cqd35c3
/home/www/clients/client0/web12/tmp/sess_8aq7l3qbb22ff4n7nhjpvhg9v5
/home/www/clients/client0/web12/tmp/sess_8demipef935hpkklaop8ad0fr0
/home/www/clients/client0/web12/tmp/sess_8gnjb088jl6dskt1n9asakf9s3
/home/www/clients/client0/web12/tmp/sess_8l446hr5vhbmnk6lpj2nlke216
/home/www/clients/client0/web12/tmp/sess_8p51s15v8or8llh1cpb33760s6

are still beeing added to the database.
I want it to be dynamic if I add more websites.
I got 40+ wesites on this server. I don't want to add the 40 folders to
exclude.

Can you help?

Cordialement,


Jérôme LILLE | Responsable Agence
info at lije-creative.com | +33 7 70 87 02 03
Site internet : www.lije-creative.com

2016-04-23 10:11 GMT+02:00 LIJE Creative <info at lije-creative.com>:

> Hi,
>
> I tweaked /etc/default/aide as requested. The db seems to be copied now.
>
>
> AIDE returned with exit code 5. Added and changed entries detected!
> AIDE post run information
> output database /var/lib/aide/aide.db.new was copied to
> /var/lib/aide/aide.db as requested by cron job configuration
> End of AIDE post run information
> AIDE produced no errors.
>
> Output is 329870 lines, truncated to 1000.
> AIDE 0.16a2-19-g16ed855 found differences between database and filesystem!!
> New AIDE database written to /var/lib/aide/aide.db.new
> Start timestamp: 2016-04-23 06:25:06 +0200
> Verbose level: 6
>
> Summary:
>   Total number of entries:      331957
>   Added entries:                329796
>   Removed entries:              0
>   Changed entries:              6
>
>
> Also, AIDE does an update, not a check by default in the configuration
> file. I had to put yes in the COPYNEWDB option.
> I'll let you know in the following days how it's going on.
>
> @Keith : I just used *apt-get install aide* to get AIDE on my debian
> jessie 8, nothing more. As Hannes said, the cron is part of this package
> but I didn't know upstream AIDE doesn't contain a cron script.
>
> Cordialement,
>
>
> Jérôme LILLE | Responsable Agence
> info at lije-creative.com | +33 7 70 87 02 03
> Site internet : www.lije-creative.com
>
> 2016-04-22 20:11 GMT+02:00 Hannes von Haugwitz <hannes at vonhaugwitz.com>:
>
>> On Fri, Apr 22, 2016 at 07:47:27AM -0400, Keith Constable wrote:
>> > I mentioned protecting the AIDE database and binaries because any
>> results
>> > generated by AIDE are meaningless unless you can verify that an intruder
>> > hasn't modified the binaries and database. That said, I understand
>> certain
>> > applications of AIDE may not warrant such paranoia. It's up to you how
>> far
>> > you want to take it.
>>
>> Just out of curiosity, what are your methods to ensure the integrity of
>> the AIDE binary and the database?
>>
>> Best regards
>>
>> Hannes
>> _______________________________________________
>> Aide mailing list
>> Aide at cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>
>>

ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160425/51bdf314/attachment-0001.html>

More information about the Aide mailing list