Florian Engelhardt wrote: > It looks like AIDE will check the files on the harddisk against the > database periodically, which would be every hour for example.
Aide will not do that automatically, but you can use cron to run it periodically. > What if > a intruder breaks into the system 1 minute after the scan? He has 59 > Minutes to go befor the next scan, plenty of time to to stuff on my > system, and enough time to maybe deactivate aide, or just regenerate > the database. > That's why the recommended setup is to store the aide database on a read-only medium. > My idea (and maybe someone else had this idea befor me) was, to catch > filesystem modifications via inotify on linux (and other tools on > other systems). > Aide currently is not a daemon that can monitor inotify messages. Such a daemon would be the first that is shut down when a skilled hacker breaks into your system. Sincerely, Richard van den Berg _______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
