Hi,
On Wed, Mar 23, 2016 at 03:31:19PM +0200, nmn@gmail.com wrote:
> /var/www All - check all subfolders and files
> !/var/www/onesite/
> /var/www/onesite/*.\.php$
Please try AIDE 0.16 with the following rules:
/var/www/onesite/.*\.php$ All
/var/www(?!/onesite) All
Best regards
Hannes
On Wed, Jun 06, 2018 at 04:00:46PM +, Ben Brewer (IT - IT_CORE) wrote:
> I tried increasing the verbosity to the default (20) and the hashes do not
> show up.
Please provide more information about your setup:
Which OS are you running?
Which AIDE version are you using ($ aide --version)?
AIDE version 0.16.1 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between 0.16 and 0.16.1 are:
* Move to GitHub
* Update
AIDE version 0.16.2 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between 0.16.1 and 0.16.2 are:
* Bug fixes
- Fix
Hi,
On Mon, Nov 18, 2019 at 02:53:17PM +, MAUPERTUIS, PHILIPPE wrote:
> [root@otvmi613s aide]# aide -C -Breport_quiet=no -Bsyslog_format=yes
There is no 'syslog_format' option in upstream AIDE (or at least I'm not
aware of such an option). Are you using a patched AIDE binary?
Best regards
Hi,
On Mon, Feb 24, 2020 at 08:32:28PM -0500, vi...@vheuser.com wrote:
> I've search several times and read dozens of posts
> from people asking newbies to post their config.
>
> What I have not found is the means of troubleshooting this problem.
> How does one find the "entry that shouldn't be
Hi,
On Sat, May 02, 2020 at 09:06:33AM -0400, vi...@vheuser.com wrote:
> On 2020/02/25 15:23 PM, Hannes von Haugwitz wrote:
> > On Mon, Feb 24, 2020 at 08:32:28PM -0500, vi...@vheuser.com wrote:
> > > I've search several times and read dozens of posts
> > > from pe
Hi,
On Wed, Sep 09, 2020 at 09:07:52AM -0400, Paul Carlisle wrote:
> Is there a way to configure aide to change the ownership and permissions of
> the log directory and files?
No, the permissions of the report url depend on the umask and on the
user/group of the running AIDE process.
Best
On Tue, Oct 27, 2020 at 01:58:35PM -0500, vi...@vheuser.com wrote:
> How do I find the offending rule?
> There is nothing in the log.
>
> Is there a cookbook recipe for adding a patch to AIDE version 1.6
> to enable finding the offending rule?
The current git HEAD should at least tell you which
Hello,
On Wed, Dec 16, 2020 at 04:28:09PM -0300, Andreas Hasenack wrote:
> Why did the exclusion regexp "!/check/ignore$" ignore the new file
> /check/ignore/andreas-was-here? Shouldn't it match just
> "/check/ignore" exactly? What am I missing?
This is expected behaviour, as children of
Hello,
On Wed, Dec 16, 2020 at 03:33:03PM -0300, Andreas Hasenack wrote:
> the aide.conf(5) manpage says:
>
>
> !/dev
>
>This ignores the /dev directory structure.
>
>
> Won't that also ignore things like /devandreas-was-here/, /devel and
> anything that starts with the
Hi,
On Mon, Jan 18, 2021 at 05:34:36PM +, Fisher, Philip wrote:
> My query is that I am using in aide.conf:
>
> report_url=file:
> report_url=syslog:LOCAL6
The `report_url=syslog:` syntax is currently not supported in
AIDE upstream. Please check if the binary you are using is patched.
> Now
AIDE version 0.17 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between 0.16.2 and 0.17 are:
* BACKWARDS INCOMPATIBLE
AIDE version 0.17.3 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy change between v0.17.2 and v0.17.3 is:
* Fix group usage in
Hello,
On Wed, Mar 24, 2021 at 11:00:38AM -0700, M wrote:
> Is there any advantage to upgrading to the latest AIDE version (I am
> on 0.15.1)?
AIDE 0.15.1 has been released over 10 years ago. Please check the NEWS
file[0] for the changes since then.
> > On Wed, 24 Mar 2021 at 11:44, M wrote:
>
Hi,
On Fri, Jul 23, 2021 at 04:43:10PM -0300, Andreas Hasenack wrote:
> is there a way to list the files and directories that are in the aide
> database? I wanted to be sure that an explicit inclusion or removal I added
> to the config was indeed respected.
To test your rules you can use
On Thu, Jul 29, 2021 at 08:13:01PM -0400, Jason Pyeron wrote:
> Would there be any thoughts about providing this as part of Cygwin? I would
> be willing maintain the Cygwin build.
Please see the Cygwin project website for how to contribute new packages[0].
If AIDE has beed added, feel free to
Hi,
On Fri, Jul 30, 2021 at 06:56:46AM -0400, Vince Heuser wrote:
> Is there any script that can check the AIDE rules for syntax, i.e.,
> "aide-lint"?
You can use `--config-check` to check your config (and rules) for
errors.
To test your rules you can use `--dry-init` and `--path-check`
(see
Hi,
On Sat, Dec 18, 2021 at 03:15:21PM +, Jobet Infosec wrote:
> I'm new to Aide. I was wondering about the meaning of the parameters used to
> check file integrity: InodeData, StaticFile, RamdiskData, etc...
>
> Where may I find a detailed description for each one of them?
The groups you
Hello,
On Thu, Nov 18, 2021 at 01:44:28AM +, Hg Mi wrote:
> We installed AIDE and nullmailer on our system, now we want to
> disable the mail notification. Because our system can not send out
> the messages, the queued and failed messages consume a lot of disk
> space. Could you please
Hi,
On Sat, Sep 11, 2021 at 04:17:33PM +0200, Marc Haber wrote:
> aide is traditionally linked statically to protect itself against
> trojaned / doctored libraries that might affect the authenticity of the
> database and the check results. On Linux, this has not been fully
> effective for years
AIDE version 0.17.4 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.17.3 and v0.17.4 are:
* SECURITY FIX
-
Summary
===
David Bouman discovered a heap-based buffer overflow vulnerability in base64
functions of AIDE, an advanced intrusion detection system. An attacker could
crash the program and possibly execute arbitrary code through large (<16k)
extended file attributes or ACL. A local user might
On Tue, Apr 19, 2022 at 11:55:38AM +0200, mg4gh wrote:
> I would appreciate if the installation section would contain a list of
> other packages that are necessary for the manual installation.
> This might help others ...
What do you mean by `packages that are necessary for the manual
On Sun, Apr 17, 2022 at 10:50:12PM +, John Horne wrote:
> Looking at the Aide 0.16 RPM on Rocky, the SPEC file shows that it uses '--
> disable-static'.
FWIW the next release (AIDE v0.18) disables static build by default.
Best regards
Hannes
___
Hi,
On Mon, Apr 18, 2022 at 06:58:57PM +0200, mg4gh wrote:
> Remark: When trying to work with the master/latest version, then there
> were references to pcre2 and even with installing
> "pcre2-devel" the .configure was fine but the compile fails (but ok,
> it's no stable version)
The latest git
Hello,
On Fri, Dec 16, 2022 at 10:12:47AM +, gouki.i...@yokogawa.com wrote:
> * How to make check time faster?
> In my device, AIDE takes about 3 times longer than Tripwire to check the same
> set of files.
> Checking contents are R+sha256.
> I would like to make check time faster as
On Wed, Nov 02, 2022 at 10:48:37AM -0400, Stephen John Smoogen wrote:
> On Wed, 2 Nov 2022 at 10:25, John Horne wrote:
> > My understanding though was that prelinking was now basically
> > deprecated. We used to use it on CentOS 6 and partly with 7, but,
> > as far as I remember, the general
Hello,
the upcoming AIDE 0.18 release introduces extensive changes
of the hash calculation code (also affecting prelink code).
As I'm not familiar with prelink I'm looking for users of the AIDE
prelink feature to test the latest version in the development
branch[GIT], particularly the new
Hi,
On Tue, Feb 28, 2023 at 07:13:04PM +0100, Marc Haber wrote:
> Here is my suggestion to handle this kind of log rotation:
>
> Full = p+u+g+ftype+n+i+s+b+l+X+m+c+H
> /var/log/apache$ d p+u+g+ftype+n+i+X
> /var/log/apache/access\\.log$ f Full+growing+ANF+I
> /var/log/apache/access\\.log\\.1$ f
AIDE version 0.18.1 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18 and v0.18.1 are:
* Fix handling of empty
Hi Rick,
On Mon, Apr 17, 2023 at 10:21:27AM +, Rick van Rein wrote:
> > Look at aide 0.18's --limit option, it might be what you want.
> > Otherwise, please be more verbose in your wishes and give some simple
> > exmples.
>
> Yes, that is almost exactly what I had in mind. Lovely!
> (The
Hello Rick,
On Wed, Apr 19, 2023 at 04:54:15PM +, Rick van Rein wrote:
> > As this is a common usecase in containerized environments, do we already
> > have a "how to handle containers" chapter in our docs? If not, then we
> > could invite Rick to contribute to the docs. I am available for
>
Hello John,
On Sat, Apr 08, 2023 at 11:36:59PM -0400, John Jamerson wrote:
> If AIDE, by design, traverses Linux symlinks, perhaps there's an
> /etc/aide.conf option I've missed or misconfigured?
No, AIDE does not follow symlinks.
Would it be an option to not only scan /data/app/ but also
AIDE version 0.18.2 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18.1 and v0.18.2 are:
* Add warning if rules
AIDE version 0.18 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.17.4 and v0.18 are:
* BACKWARDS INCOMPATIBLE
AIDE version 0.18.4 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18.3 and v0.18.4 are:
* Fix handling of
AIDE version 0.18.6 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18.5 and v0.18.6 are:
* Update GPG key in
AIDE version 0.18.5 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18.4 and v0.18.5 are:
* Fix child directory
Hi,
On Mon, Jun 26, 2023 at 01:55:06PM -0700, Paul B. Henson wrote:
> However, with 18, this only includes /etc in the db and everything else
> is skipped:
This issue was also reported on Github some weeks ago[ISSUE] and now I
was able to reproduce it, I fixed this issue in [cf5026b]. The fix
AIDE version 0.18.3 has just been released.
You can download it from https://github.com/aide/aide/releases
Please ALWAYS verify the signature of a release file before using it (see
README[0] for details).
The most noteworthy changes between v0.18.2 and v0.18.3 are:
* Handle readlink()
Hello,
On Fri, Feb 09, 2024 at 03:50:34PM +, Michael Arguello wrote:
> This is for Aide version 0.18.6.
>
> I'm trying to run the instructions in the README file:
> $ ./configure
> $ make
> $ make install
>
> This is on a fresh CentOS7 minimal system. I installed the requirements
> listed
Hi,
On Mon, Feb 12, 2024 at 10:49:53PM +, Michael Arguello wrote:
> checking for libgcrypt... no
> configure: error: libgcrypt not found by pkg-config - Try to add directory
> containing libgcrypt.pc to PKG_CONFIG_PATH environment variable
>
> So, it seems like it can't find libgcrypt, but I
On Tue, Nov 07, 2023 at 09:34:14AM +, s4il0r wrote:
> AIDE seems to be very great for this, except that it haven't find how
> to run a check when a file is copied to an usb key.
>
> Does someone have a clue ?
>
> Or perhaps there is a better tool for my needs ?
AIDE is designed to run on a
On Tue, Oct 24, 2023 at 10:27:11AM -0700, Jeffrey Shepherd wrote:
> Are these recommendations valid? What are the implications of omitting
> /opt, /run, and /var? I know (for example) with !/opt an attacker
> could come in and place a rootkit in /opt.
It depends...
If you want to monitor a
Hello,
On Wed, Feb 28, 2024 at 09:39:14PM +, Sloane, Brandon wrote:
> Ideally, I would be able to do something along the
> lines of:
>
> aide --check --config /path/to/aide.conf --root /mnt/sysroot
>
> and have it behave as if aide was called after doing 'chroot /mnt/sysroot'.
> However, I
46 matches
Mail list logo
