[Aide] Dev: support for external hash whitelist/blacklist?
Julien T
julien.t43 at gmail.com
Thu Apr 24 20:03:43 EEST 2014
2014-04-24 4:05 GMT-04:00 Richard van den Berg <richard at vdberg.org>:
> On 24 apr. 2014, at 05:06, Julien T <julien.t43 at gmail.com> wrote:
> > Most probably a local interface in python and local db cache would be
> needed but first if there were some appropriate hook, it would be cool!
>
> This is pretty easy to script right now. The aide.db is just a flat text
> file (perhaps gzipped). All you would need to do is enable the hashes used
> by the repositories in aide.conf, and convert them from the representation
> in the aide.db to the one used by the repositories. There is some sample
> code for that in the aide tgz IIRC.
>
I think I was more looking it the other way around: use other hash database
to improve aide output classifying or removing.
Something like
http://blog.rootshell.be/2013/05/13/improving-file-integrity-monitoring-with-ossec/(which
is not feasible with current out-of-the-box ossec)
in 0.15.1 and 0.16a2, I have the contrib dir:
aide-attributes.sh bzip2.sh gpg2_check.sh
gpg2_update.sh gpg_check.sh gpg_update.sh sshaide.sh
Don't seem there is a conversion script to me.
Cheers,
Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.tut.fi/pipermail/aide/attachments/20140424/32f92ba1/attachment.html>
More information about the Aide
mailing list