[Aide] best practice to initialization of the database and protection against manipulation
Hannes von Haugwitz
hannes at vonhaugwitz.com
Sun Dec 1 17:29:46 EET 2024
Hi,
On Mon, Nov 25, 2024 at 02:06:21PM +0000, Django BOfH wrote:
> In my search for alternatives, I stumbled across AIDE. As far as I
> could see so far, AIDE does not offer the option of signing the
> database created when determining the actual status of a host in order
> to ensure, for example, that the reference data with which the actual
> status is later compared has been manipulated. Or have I not
> understood something? Or, alternatively, how can you ensure that the
> database used as a reference during the check has not been
> manipulated?
Support for signed databases is tracked in GitHub issue #7 [github] and
planned for a future release (≥ 0.20).
For now you can detect a tampered database by comparing the checksums of
the databases that are displayed in the report (as long as the AIDE
binary and linked libraries have not changed).
Best regards
Hannes
[github] https://github.com/aide/aide/issues/7
More information about the Aide
mailing list