From: Richard van den Berg <richard@vd...> - 2006-10-16 12:26:02
I'm quoting your whole E-mail below so it will be included in the
aide-devel archives. I'm pleased to see that aide has been selected for
possible inclusion in RHEL5. I'm always interested in patches that will
improve aide. Please send them to aide-devel@...
Also, you might want to check out a file locking patch I made (to
prevent aide.db corruption) in the latest CVS version.
Richard van den Berg
Steve Grubb wrote:
> I just wanted to let you know that we are looking at adding aide-0.12 to
> RHEL5. I am the Security Team Lead and was the one that had to decide what
> file integrity checker to use. This is needed for a RBAC self-test Security
> Requirement. We've been reviewing the code and have a bunch of patches and
> some new functionality to add to it. I was wondering if you would be
> interested in looking at the patches for inclusion in future updates of aide?
> We've done some things like teach it about extended attributes (needed for
> selinux label change detection), moved to SHA256 for all integrity checking
> (required by govt agencies - MD5 and SHA1 are no longer considered safe),
> hooked change detection with the Linux audit system so that security admins
> have records for IDS/IPS subsystems. And there is also some code cleanups and
> minor bugfixing, too. We also have some concerns about using mhash as that
> would add yet another cryptography library that we would have to possibly
> certify under FIPS-140-2. That's expensive and time consuming. So, we are
> working through issues with removal of that.
> In any event, I hope you find this as good news for your project.
> Best Regards,