Marc Haber wrote: > How would you handle this in a daily cron job? I am thinking about > using --update always, and copying the new database to the old > database if aide output parses > ### All files match AIDE database. Looks okay! > > What do you think about that idea?
I think that is a bad idea. Updating aide.db without manual intervention is dangerous. If a backdoor was added to your system, it will only be reported once, after which the changes to your file system are updated in aide.db automatically. I think the ANF/ARF directives have their uses, but it might not be to track rotating log files by inode number. Sincerely, Richard van den Berg _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
