Marc Haber <[EMAIL PROTECTED]> wrote: > On Wed, Jul 23, 2008 at 01:45:05PM -0700, Bill Wohler wrote: > > Marc Haber <[EMAIL PROTECTED]> wrote: > > I also found that because this setting trashes the old database, you > > don't have a chance to later run aide --compare to see how a particular > > file changed. I therefore added AIDEARGS="-V5" to /etc/default/aide. > > The default, -V4, gives at least a list about which files changed, and > if one wants more verbose reports, he is free to refer to the manpage > to change the verbosity level.
Yes, but... > > I think it would be good to mention that issue in the COMMAND="update" > > and COPYNEWDB="yes" item. > > I do not think that it is a good idea to re-iterate every possible > outcome of every configuration option in every possible place. Of course not, but this is important. If you used the defaults, and you set COPYNEWDB to yes and the first message you get had some files which might have indicated a break-in, you'd want to see the specific changes. Or, more likely, you might not realize the unintended consequences of the setting until later. I was truly shocked when I realized it. It's your call, of course, but I like it when documentation discusses more than just the options and the settings and goes into the justifications, ramifications, and best practices. Just because you can do something doesn't mean you should. I think this is an important aspect to point out. Somewhere. Thanks! -- Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]