[Aide] Best practice for aide.conf both for security and not much garbage logs
Hannes von Haugwitz
hannes at vonhaugwitz.com
Sun Feb 16 23:00:05 EET 2025
Hi,
On Sat, Feb 08, 2025 at 12:34:19PM +0100, Marc Haber wrote:
> On Thu, Feb 06, 2025 at 12:01:47PM +0200, Lex I wrote:
> > Thanks for creating such a great tool.
> >
> > Is it a way to get the best aide.conf (maybe from authors of the aide)
> > which will be good for home using. For now with default aide.conf even a
> > very small update provide me a tons of logs.
Currently there is no native support in AIDE to filter packages changes.
This might change in the future (see also [#30]).
> I am not an author of aide, but I coordinate closely with Hannes and
> have been maintaining the Debian aide packages for nearly two decades.
> maybe the Debian packages are a good starting point for you?
Additionally in the aide Debian package there is the FILTERUPDATES
setting in /etc/default/aide to filter package update changes based on
package file lists from the email:
# Set this to yes to suppress file changes by package and security
# updates from appearing in the e-mail report. Filtered file changes will
# still be listed in the log file. This option parses the /var/log/dpkg.log
# file and implies TRUNCATEDETAILS=yes
FILTERUPDATES=no
# Set this to yes to suppress file changes by package installations
# from appearing in the e-mail report. Filtered file changes will still
# be listed in the log file. This option parses the /var/log/dpkg.log file and
# implies TRUNCATEDETAILS=yes.
FILTERINSTALLATIONS=no
Best regards
Hannes
[#30] https://github.com/aide/aide/issues/30
More information about the Aide
mailing list