[Aide] confusion in configuring AIDE on Debian 8x
Muhammad Yousuf Khan
sirtcp at gmail.com
Wed May 11 13:35:22 EEST 2016
I am very new to AIDE and old to Debian linux world. i hope you guyz do not
mind any newbie question.
actually i am trying to understand the working of AIDE but failed. because
every tutorial i found so far is related to different destro then Debian.
all other destros has one conf file.
/etc/aide/aide.conf
and Debian generated a file somewhere in
/var/path/to/aide/aide.conf.autogerenate.
it is written in autogenerated conf that any change that is made to this
file will be overwrite.
now the problem is i do not want whole system check. rather a folder which
is /var/www and another folder /home/anyuser.
so how can i manage to achive this result.
i added "!" at the beginning of every folder except /var like below in file
/etc/aide/aide.conf
!/bin
!/boot
!/dev
!/etc
!/home
!/lib
!/lib64
!/media
!/mnt
!/opt
!/proc
!/root
!/run
!/sbin
!/scripts
!/srv
!/sys
!/tmp
!/usr
/var/www InodeData
!/var
now i follow steps like this
Step1
#aideinit
now i edit a file in /var/www
Step2
# aide -c /etc/aide/aide.conf --check
above command give me this output.
AIDE 0.16a2-19-g16ed855 found NO differences between database and
filesystem. Looks okay!!
blah blah blah............
this means no change of file or update has been found. but this is not
true.because i have manually change the file by my self.
I know i am doing mistake somewhere can you please guide me what i am doing
wrong.
any help will be highly appreciated.
Thanks,
yousuf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160511/83d82de7/attachment.html>
More information about the Aide
mailing list