[Aide] Questions
Brian Mathis
brian.mathis+aide at betteradmin.com
Tue Aug 16 01:15:29 EEST 2016
You might be able to accomplish some of your alerts using AIDE (not read
alert, maybe copy alert, yes modified alert), but AIDE will only alert you
after the damage is already done, which probably isn't what you want. You
should actively prevent anyone from accessing the file by using proper
permissions, user/group ownership, and possibly extended acls. Incron
might also help you get a level of immediate alerting whenever an action is
performed on the file. You won't be able to stop 'root' from reading the
file no matter what.
~ Brian Mathis
@orev
On Mon, Aug 15, 2016 at 4:15 PM, Manav Nagla <
manav.nagla at motorolasolutions.com> wrote:
> Hello,
>
> Can someone please help me to answer these questions.
>
> *Requirement:*
> I have a important file which should not be altered, modified, copied, or
> read by any user. It has to be read by only script (non-interactive) user.
>
> Will this tool be a perfect match to monitor only that particular file in
> Linux ?
>
> 1) Can I get alerts when the file is read by other user ?
> 2) Can I get alerts when the file is copied ?
> 3) Can I get alerts when the file is modified ?
> 4) How can I set monitoring capabilities around only 1 file ?
> 5) Will this tool help me to perform all such actions I'm thinking of ?
>
> Thanks in advance,
>
> Thanks,
> MN
> --
> Thanks,
> Manav Nagla,
> Information Security Solutions,
>
> *Motorola Solutions, Inc.,*
> P: 847-380-0009
> E: manav.nagla at motorolasolutions.com
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160815/2358b113/attachment.html>
More information about the Aide
mailing list