LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-29-2003, 03:01 PM   #1
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Rep: Reputation: 15
Question aide conf


Im running just the default config with suse, which is "/ R".

I am getting way to much needless output when i check the database screens full. I want to know what would be the minimum reference points to keep a eye on that shouldn't change daily?
 
Old 07-29-2003, 07:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I want to know what would be the minimum reference points to keep a eye on that shouldn't change daily?
Part of the answer depends on the box purpose. The "base" should be the dirs in your root $PATH that contain the system binaries, configuration files in /etc (and your distro's package management files shouldn't change w/o your approval).

I like to configure Aide to have separate config sets: one for system binaries, one for configs, one for jailed services etc etc. This allows you to check the various parts of the system independantly.
You should also recursively "chattr +iu" (immutable+undeletable) all dirs in your root $PATH that contain the system binaries, and chattr the configuration files that are not supposed to change, and "chattr +a" the logfiles (append-only: unset and reset for logrotation).

Also take care to save a copy of the databases (and preferably a statically linked Aide binary) on readonly media for verification purposes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire vs. aide ddaas Linux - Security 12 06-03-2005 11:43 AM
AIDE + Solaris 10 blancs Solaris / OpenSolaris 3 04-27-2005 04:08 PM
AIDE Probs in HP-Ux opensrc_eng Linux - Security 1 02-12-2004 01:09 PM
Aide Database roorings Linux - Security 2 11-02-2003 03:23 PM
aide cuckoopint Linux - Security 3 04-22-2003 02:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration