Marc Haber <[EMAIL PROTECTED]> wrote: > This might be necessary for the ANF/ARF feature to properly > +handle logs that have been rotated multiple times. COPYNEWDB="no" is > +the default because automatically copying the database unconditionally > +(COPYNEWDB="yes") might be dangerous since detected changes are only > +reported once. Additionally, if you do not manually increase the > +verbosity level by setting (for example) AIDEARGE="-V5" in > +/etc/default/aide, you lose the possibility of inspecting the changes > +more closely.
Since COPYNEWDB="yes" was parenthetical, that last sentence seems more associated with the subject of the previous subject, namely, COPYNEWDB="no". What do you think of this? COPYNEWDB="no" is the default because automatically copying the database unconditionally (COPYNEWDB="yes") might be dangerous since detected changes are only reported once. Because changes are only reported once when using COPYNEWDB="yes" and you lose the possibility of inspecting the changes more closely, increase the verbosity level by setting, for example, AIDEARGE="-V5" in /etc/default/aide so that the report has enough detail to diagnose problems. -- Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
