Re: [Aide-devel] AIDE Questions
Brought to you by:
hvhaugwitz,
rvdb
From: Richard v. d. B. <ri...@vd...> - 2004-08-13 14:35:36
|
Curtis Hawthorne wrote: > Every so often, > files will show up as being added that have been there before. For > instance, in this last run, all the files one directory deep or more in > /lib (so not the files in the /lib directory it self, but all > directories under that ) and all the files in /bin and /sbin were shown > as being 'added'. So you are saying that sometimes aide reports these files as added, and sometimes it doesn't? At the very least, aide should be consistent with respect to this. Are you sure that your database or config file don't get changed over time? You can check (manually) that the files in /bin and /sbin are actually in the database (it is plain text) right after you see this happening. I can imagine that (because of some bug) aide would not "see" some entries in the database. What I cannot imagine is that when all you do is run "aide --check" a bunch of times, it sees them sometimes, and sometimes not. Also, when you change your config file, always run "aide --init" or "aide --update" before running "aide --check". > Also, I find the documentation a little confusing. What exactly does > putting an = at the first of the line change about a rule? It means that the filepath should match as a whole, not just the beginning of it. For example: /tmp in aide.conf will match directory /tmp and file /tmp/foo =/tmp in aide.conf will match directory /tmp but not file /tmp/foo Sincerely, Richard van den Berg |