On Mon, Feb 20, 2006 at 12:43:00PM +0100, Richard van den Berg wrote: > Marc Haber wrote: > > How would you handle this in a daily cron job? I am thinking about > > using --update always, and copying the new database to the old > > database if aide output parses > > ### All files match AIDE database. Looks okay! > > > > What do you think about that idea? > > I think that is a bad idea. Updating aide.db without manual intervention > is dangerous. If a backdoor was added to your system, it will only be > reported once, after which the changes to your file system are updated > in aide.db automatically.
I do not understand. If a backdoor was added to the system, aide would complain about the changed file, and the database would not be updated. If aide didn't detect the backdoor once, the database would be updated, but aide wouldn't detect that change the next run anyway. > I think the ANF/ARF directives have their uses, but it might not be to > track rotating log files by inode number. So you instead recommend excluding all possible log file names from the aide database completely? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
