[Aide] confusion in configuring AIDE on Debian 8x

[Muhammad Yousuf Khan]

Thanks you i think i found the way to get the correct information by using
AIDE manual


On Wed, May 11, 2016 at 3:35 PM, Muhammad Yousuf Khan <sirtcp at gmail.com>
wrote:

> I am very new to AIDE and old to Debian linux world. i hope you guyz do
> not mind any newbie question.
> actually i am trying to understand the working of AIDE but failed. because
> every tutorial i found so far is related to different destro then Debian.
> all other destros has one conf file.
>
> /etc/aide/aide.conf
>
> and Debian generated a file somewhere in
> /var/path/to/aide/aide.conf.autogerenate.
>
>
> it is written in autogenerated conf that any change that is made to this
> file will be overwrite.
> now the problem is i do not want whole system check. rather a folder which
> is /var/www  and another folder /home/anyuser.
>
> so how can i manage to achive this result.
> i added "!" at the beginning of every folder except /var like below in
> file /etc/aide/aide.conf
>
>
> !/bin
> !/boot
> !/dev
> !/etc
> !/home
> !/lib
> !/lib64
> !/media
> !/mnt
> !/opt
> !/proc
> !/root
> !/run
> !/sbin
> !/scripts
> !/srv
> !/sys
> !/tmp
> !/usr
> /var/www InodeData
> !/var
>
>
> now i follow steps like this
>
> Step1
> #aideinit
> now i edit a file in /var/www
>
> Step2
> # aide -c /etc/aide/aide.conf --check
> above command give me this output.
> AIDE 0.16a2-19-g16ed855 found NO differences between database and
> filesystem. Looks okay!!
> blah blah blah............
>
>
> this means no change of file or update has been found. but this is not
> true.because i have manually change the file by my self.
>
> I know i am doing mistake somewhere can you please guide me what i am
> doing wrong.
>
> any help will be highly appreciated.
>
> Thanks,
> yousuf
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160511/9fc004df/attachment.html>