[Aide] aide --init versus aide --update
Bastard Operator from Hell aka Django
django at nausch.org
Wed Feb 26 23:26:41 EET 2025
HI Hannes, Hi folks!
I have been working with AIDE for the last few days. And I have to say,
purely in terms of reliability, robustness and cost-benefit, I have
almost become a bit of a fan, especially when I look back at the
adversities and problems of the previous HIDS Samhain. Anyway, that's a
different topic.
What I have been using in our integration environment so far:
Initially, a database is created for each host using aide --init. Every
day, a check of the file system against the database is carried out
using the systemd timer.
After changes have been made to the systems via Ansible, the database is
automatically created again using aide --init.
The evaluation then takes place exclusively via the central graylog log
monitoring incl. alerting.
What confuses me a little is the aide --update. What is the purpose of
the update option? If I understand it correctly, the option performs a
check and then recreates the database. But why should you, or more
precisely I, use this option? Is it “only” intended for the interactive
check for an admin? Or what is the exact idea behind it or for using
this option?
Best regards
--
Django (Bastard Operator from Hell [BOfH])
aka Michael Nausch
Gänsbrunnenweg 6
85652 Pliening
Tel.: 08121 883176
Fax.: 08121 883179
Mail: <mailto:django at nausch.org>
https://wetterstation-pliening.info
https://ebersberger-liedersammlung.de
https://dokuwiki.nausch.org
More information about the Aide
mailing list