?
Solved

using aide for file integrity

Posted on 2003-10-26
1
Medium Priority
?
438 Views
Last Modified: 2006-11-17
Hello
if there is a better place to ask this question, please let me know.
after reading all the doc I can find on aide.


#aide --check
does it write a new aide.db.new or append to the existing one?


#aide --update
if this writes the changes from the aide.db.new to the aide.db inorder to set a new standards if you please, then why aide --check when it is executed after aide --update still shows a report of differences in the databases and why the date of the aide.db.new in the ls command does not reflect the time of the writing of the --update?


is there more effective file arrangement to inspect than what I have here in this aide.conf
please consider the advice from
Aide Manual version 0_1.htm
********************************
But keep in mind that you should not ignore too much as that leaves you open for an attack. An intruder might place his/her/its/their root kit in a directory that you have ignored completely. One good example is /var/spool/lp or something similar. This is the place that lp daemon stores its temporary files. You should not ignore it completely however. You should only ignore the format of files that you lp daemon keeps creating. And remember to use the $-sign at the end of your regexps. This stops someone from creating a directory that is ignored along with its contents.
********************************
I am not sure how to put the above comment into a line of code in the config file.
here is part of my AIDE conf

# Custom rules
Binlib = p+i+n+u+g+s+b+m+c+md5+sha1
ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1
Logs = p+i+n+u+g+S
Devices = p+i+n+u+g+s+b+c+md5+sha1
Databases = p+n+u+g
StaticDir = p+i+n+u+g
ManPages = p+i+n+u+g+s+b+m+c+md5+sha1

# Kernel, system map, etc.
=/boot$ Binlib

# Binaries
/bin Binlib
/sbin Binlib
/usr/bin Binlib
/usr/sbin Binlib
/usr/local/bin Binlib
/usr/local/sbin Binlib


# Libraries
/lib Binlib
/usr/lib Binlib
/usr/local/lib Binlib

#system configuration files
/etc Binlib





thanks
0
Comment
Question by:samj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
lazykoder earned 285 total points
ID: 10160946
hi samj,

in your aide.con there should be setttings for the database file. Always it is advised that you initialize and maintain a database file which contains the information of all the file that you want to be checked and create a new database file when you do an update after making changes to the aide.conf file.

the configuration options in aide.conf are:

database=file:/var/aide/db/aide.db
database_out=file:/var/aide/db/aide.db.new

so by this u r indicating that your output database is always gonna be aide.db.new, so if u do :

#./aide --config=./aide.conf --init

then you need to do the following without fail:

# mv aide.db.new aide.db

coz u'r new db is aide.db.new but in u'r conf file u have mentioned the db file to be aide.db. So the next time u invoke

#aide --check

it will look for aide.db

So when you do an #aide --update it will write to the new file aide.db.new which you need to move to aide.db. The reason #aide --check is giving you those errors is because of not moving the freshly generated db to the actual db file which aide is looking at for the check.

Hope the above answers u'r question.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question