I approach this a little differently. I start with a master system controling the activity, I assume I can't trust the remote servers.
I store a conf and database for each remote server. The master does an scp to get the aide conf, database file and also the aide binary to the remote. Then I use ssh to initiate aide on the remote. The master has an init script that stores the conf and database specific for a remote whenever a new init is needed for a remote. Alex Greg wrote: >I've been looking at AIDE over the past few days, with a view to >rolling it out on over 60 Linux servers. So far, it's looking much >better than Tripwire, from both an installation and performance point >of view. > >The only problem I have with AIDE is that the database is stored in >plain-text, which means if an attacker gains root access on one of the >boxes, they can simply change the database. I can't feasibly store the >database on read-only media such as floppies/CD's for obvious reasons >(60+ floppies/CD's in 60+ servers...?) > >I noticed that AIDE supports reading the database from a remote server >using PostgreSQL, which is useful. However, what would really be ideal >for us would be to store the database for each machine on an internal >HTTP server, and configure AIDE to validate against that. > >Is HTTP support for reading the database planned, or does anyone know >of a patch? Also, if there are any other suggestions, please let me >know! > > >Thanks, > > >-- Alex >_______________________________________________ >Aide mailing list >[email protected] >https://mailman.cs.tut.fi/mailman/listinfo/aide > > _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
