Hi Olivier, Scenario 5
aide executable, database, config and history scan results is on a protected management host behind a firewall. A script transfers (by cert authenticated ssh) executable, db and config to the target host(s), runs aide there, collects the results and the new db and deletes everything on the target. Such a script does the job here fine since 2016 (in the current Python 3 version, earlier as Perl script). Axel > Am 13.05.2020 um 08:09 schrieb Olivier Alabeatrix <oalabeat...@gmail.com>: > > Hello! I'm a newcommer to AIDE, and having difficulties evaluating the > configuration/database signing real-life benefits. I came up with these > scenarios : > > Scenario 1: > > The AIDE binary, configuration and database are on the local machine. They > can be tampered with. An attacker possible vector of attack is to change the > locally launched AIDE binary, allowing him to bypass any signing protection. > Signing benefits = prevents database/configuration file hack but only if the > AIDE binary isn't hacked itself > > > Scenario 2: > > The AIDE binary, configuration and database are on a read-only NFS share. > They can't be tampered with. An attacker only vector of attack is to change > the locally launched AIDE binary, allowing him to bypass any signing > protection. > Signing benefits = none > > > Scenario 3: > > Manual scanning using a read-only medium (AIDE binary, configuration and > database on a CD-ROM or read-only NFS share). They can't be tampered with. An > attacker possible vector of attack is subtle rooting of the kernel. > Signing benefits = none > > Scenario 4: > > Offline scanning (live-DVD reboot or VM HDD clone and scan). AIDE binary, > configuration and database can't be tampered with. No attacker vector of > attack. > Signing benefits = none > > > Any input/advice would be welcomed ! Thanks ! > > > > > _______________________________________________ > Aide mailing list > Aide@ipi.fi <mailto:Aide@ipi.fi> > https://www.ipi.fi/mailman/listinfo/aide > <https://www.ipi.fi/mailman/listinfo/aide> --- PGP-Key: CDE74120 ☀ computing @ chaos claudius
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Aide mailing list Aide@ipi.fi https://www.ipi.fi/mailman/listinfo/aide
