On Thu, Apr 13, 2006 at 03:33:19PM +0200, maximilian attems wrote:
> please exclude /home from the default aide check pathes.
I have chosen not to do this for security reasons.
> i don't expect system binaries to be placed under /home.
Yes. The cracker probably expect you to not expect this and might
place his root kit right there.
> nor do i want to waste cycles for the user data.
That's your local decision which you are free to make and to configure
locally. Thanks to the split config, you don't even need to change any
conffile of aide. Just place your rule in the appropriate config
directory.
The next aide release will include an example saying how to do this.
Basically, it's a one-liner shell script saying
getent passwd | awk '{ if( $3 >= 1000) { print "!" $6 }}' FS=":"
which will exclude the home directories of all local accounts with
uid > 1000 from the aide check.
Greetings
Marc
--
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
