So my daily aide report told me the following files/folders were changed
--------------------------------------------------- Changed files: --------------------------------------------------- changed: /var/lib/aide changed: /var/lib/ntp changed: /root changed:/root/.viminfo changed:/dev/.udev/queue.bin Some a pretty obvious why (I was doing stuff as root and machine will be updating its time every so often) and I can figure out how to handle (whitelist the ntp dir but not /root) so to limit reported changes only to suspicious stuff. But then we have /var/lib/aide. Yeah I know it is just trying to tell me that it created a new aide.db.new file, but how should I handle it? whitelist aide.db.new itself?
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
