Thread: [Aide-devel] Aide feature requests
Brought to you by:
hvhaugwitz,
rvdb
From: Navara <no...@sh...> - 2004-05-03 17:33:37
|
Hi, when trying aide as replacement for tripwire, I come on two ideas for improvements : * mysql ( http://www.mysql.com/ ) PostgreSQL is big robust database, but for smaller things, MySQL is often used, as it's faster and simplier - it's support will be nice (imo) * libfam ( http://oss.sgi.com/projects/fam/ ) When somebody changes file, administrator will be aware during next control - if intruder doesn't hijack aide. But, if aide will be connected to famd, she will instantly know, that one of it's files are being to be modified (including her's own binary) and can scream it at administrator. please, consider and criticize them Sincerly, Thomas Navara |
From: Richard v. d. B. <ri...@vd...> - 2004-05-06 08:56:18
|
Navara wrote: > * mysql ( http://www.mysql.com/ ) Sure, I don't see why not. If anyone has time to build in MySQL support into aide, they have my support. > * libfam ( http://oss.sgi.com/projects/fam/ ) I see a few problems with this: 1) libfam currently only supports IRIX and Linux 2) Aide in it's current form is run periodically to check if things have changed. With FAM support, it would have to run as a daemon, continiously watching the files. 3) FAM was designed to monitor only one level deep. I see how FAM can help in monitoring system critical files (like aide does), but I think that should be a different application, not build into aide. Please note that when FAM is running in polling mode, such a daemon will cause quite some overhead. Sincerely, Richard van den Berg |