On 5/22/13 5:46 AM, Richard van den Berg wrote:
Aide does not ship with a cron.daily script. Most likely this is provided by your Linux distribution. You should request support for this script there. Did you read their documentation for example in /usr/share/doc ?

That really has very little information in it....
dshevett@inf-3:/usr/share/doc/aide$ ls -l
total 12
-rw-r--r-- 1 root root 3366 Jan  9  2012 changelog.Debian.gz
-rw-r--r-- 1 root root 3364 Jan  9  2012 copyright
-rw-r--r-- 1 root root 3669 Jan  9  2012 NEWS.Debian.gz

I'm still having a hard time finding out information about this cron script though. :(

For the record, I'm using Ubuntu Precise, the package details are here;
http://packages.ubuntu.com/precise/aide-common
(this appears to be where the cron.daily script came from. I'm going to contact the maintainers there as well, but I don't have a lot of hope).


2) I want aide to rebuild and place the database after each check. One
warning sent to root@ that such ans such files are changed, and then the
database is reset.  I can't use the same filename in /etc/aide/aide.conf
for database, database_out, and database_new (it throws a warning).  So
how do I say "Run against the current db, when done, put the new db in
place of the old one"?  --update doesn't seem to do anything.
Consecutive runs of --update show the same information.

See http://www.cs.tut.fi/~rammer/aide/manual.html#usage <http://www.cs.tut.fi/%7Erammer/aide/manual.html#usage>
The documentation there (which I've read, btw), I believe is pushing aide into a usage model that is different from what I want to do. For example:

"There is usually some drift in the databases. What I mean by drift is that new files are created, config files of applications are edited, tons of small changes pile up until the report becomes unreadable. This can be avoided by updating the database once in a while. I myself run the update every night. But, I don't replace the input database nearly as often. The replacement of the input datbase should always be a manual operation. This should not be automated."

If there is drift, how can this be an effective tripwire? I want to know immediately if a file has changed on a target system. Once that report is sent to me, I want the database reset. If implemented this way, if the change that has happened is innocuous (someone goes into a host and makes a config change), then there's no further work to be done. Delete the email and move on. As I understand the docs, there is no way to do this without manually moving the files around each time. Am I understanding this correctly?

If I can get these basic operations going, I'll probably
implement it.  Am i missing some basic concept?

Which parts of http://www.cs.tut.fi/~rammer/aide/manual.html <http://www.cs.tut.fi/%7Erammer/aide/manual.html> specifically do you have questions about?
See my answer to #2 :)

    -d
_______________________________________________
Aide mailing list
Aide@cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide

Reply via email to