Hello, i am about to install aide on a server on the web. I have found everything i needed for installing the software, but i have on question left, maybe someone could answer this question to me. It looks like AIDE will check the files on the harddisk against the database periodically, which would be every hour for example. What if a intruder breaks into the system 1 minute after the scan? He has 59 Minutes to go befor the next scan, plenty of time to to stuff on my system, and enough time to maybe deactivate aide, or just regenerate the database. My idea (and maybe someone else had this idea befor me) was, to catch filesystem modifications via inotify on linux (and other tools on other systems).
Flo _______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
