LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-20-2015, 11:02 AM   #1
jnojr
Member
 
Registered: Sep 2007
Location: San Diego, CA
Posts: 202

Rep: Reputation: 18
How to use AIDE?


There's a requirement that AIDE be installed on our machines. So every morning I get a ~16MB+ file listing tens of thousands of files. I think it's just showing me the same state over and over and over again. How do I zero it out, so that the only notifications I'll get are things that have actually changed since the last run? I've Googled this, but everything I've found is either too basic or dives deeply into the config... nothing is telling me how to get something that resembles useful results :-)
 
Old 05-20-2015, 06:12 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by jnojr View Post
There's a requirement that AIDE be installed on our machines.
AIDE specifically? If not do try Samhain for reasons ranging from inotify support to client / server setup to database signing, etc, etc.


Quote:
Originally Posted by jnojr View Post
How do I zero it out, so that the only notifications I'll get are things that have actually changed since the last run?
Problem is you don't tell us what you monitor and how. Back in the days when I ran AIDE I used to use separate databases for system files under control of root that often change little (/bin, /sbin, /etc, etc, etc) and ran separate AIDE cron jobs at different intervals.
 
Old 05-20-2015, 07:20 PM   #3
jnojr
Member
 
Registered: Sep 2007
Location: San Diego, CA
Posts: 202

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by unSpawn View Post
Problem is you don't tell us what you monitor and how. Back in the days when I ran AIDE I used to use separate databases for system files under control of root that often change little (/bin, /sbin, /etc, etc, etc) and ran separate AIDE cron jobs at different intervals.
I installed it, and it started sending me huge emails. That's the extent of my knowledge of AIDE. I assume it's monitoring "everything", and as to "how", however it works out of the box.

This is part of my problem... when it's sending me enormous emails listing tens of thousands of files, there isn't anything I can do with that. I want to tell it, "Forget about everything. Start at zero. Tomorrow, tell me what's changed from zero." How do I do that?
 
Old 05-20-2015, 08:16 PM   #4
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,170
Blog Entries: 10

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
See 1.0.6 A Note About System Changes section.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
aide and linux jyunker Linux - Newbie 1 03-27-2014 03:45 AM
AIDE question jyunker Linux - Newbie 14 03-17-2014 06:34 PM
Can someone post a sample aide.conf file here? For AIDE IDS abefroman Linux - Security 9 04-12-2008 09:18 AM
aide.conf example? linuxhippy Linux - Security 12 11-02-2006 05:45 AM
aide cuckoopint Linux - Security 3 04-22-2003 03:50 PM


All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration