[Aide] AIDE with inotify
Florian Engelhardt
flo at dotbox.org
Wed Apr 30 12:26:40 EEST 2008
Hello,
i am about to install aide on a server on the web. I have found
everything i needed for installing the software, but i have on
question left, maybe someone could answer this question to me.
It looks like AIDE will check the files on the harddisk against the
database periodically, which would be every hour for example. What if
a intruder breaks into the system 1 minute after the scan? He has 59
Minutes to go befor the next scan, plenty of time to to stuff on my
system, and enough time to maybe deactivate aide, or just regenerate
the database.
My idea (and maybe someone else had this idea befor me) was, to catch
filesystem modifications via inotify on linux (and other tools on
other systems).
Flo
More information about the Aide
mailing list