Calvin Davis
Sun, 08 Feb 2009 13:04:27 -0800
I have found two packages that cause significant interferences with AIDE (actually I believe these cause problems with most IDS and possibly backups too). FIrst off is prelink. This causes so many ctime changes the only solution I have found is to delete the script from /etc/cron.daily. I have not noticed any performance differences whatsoever having disabled the process from running. I am sure in some benchmark test it might make a difference, but I am not gaming on my server so who cares =) Second is SECTOOL. This is more managable since I can do a check before running the tool and an update afterwards. Again, it causes many ctime changes. It would seem this is a totally unrequired function of the application, but ...... I just do a check before and an update afterward. I know which files/folders should be changed and it's not as bad to deal with as prelink, besides who runs SECTOOL daily anyway?
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide