Arthur de Jong <[EMAIL PROTECTED]> writes: > On Tue, 22 Oct 2002, Kjetil Kjernsmo wrote: > >> I'd like to ask what people do with their AIDE output at times when a >> lot of things change on their system? >> >> I've gone through the AIDE configuration, and I feel like having >> configured it well, to catch the things that might be trojaned while >> leaving out things that I would certainly change often. > > I use aide on several machines but it is not really usefull on for > example a Debian/unstable machine or a machine that has a lot of changing > files where aide is used to inspect development files.
I use it here on a basically Testing box - I've just automated the daily upgrade process so that it re-runs aide immediately after the dist-upgrade. That way I get all changes to important bits of the filesystem since the last package upgrade every day in the mail. (It's partly a matter of policy to use this script rather than wedging things by hand.) #!/bin/sh PATH=/sbin:/usr/sbin:/bin:/usr/bin ; export PATH apt-get update chmod -R og=rX /var/lib/apt/lists /var/cache/apt/archives nice apt-get -u dist-upgrade echo "" echo "All done. Now running AIDE" echo "" cd /var/lib/aide && nice nice aide -i && mv aide.db.new aide.db && echo "Cool" echo "" ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
