[CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?
Karanbir Singh
mail-lists at karan.org
Mon Nov 30 08:14:49 UTC 2009
Hi Ian,
On 11/30/2009 01:07 AM, Ian Forde wrote:
>> I still want to see the changes, but it would be nice to see the
>> ones I
>> authorized through the update service to be partitioned off from the
>> ones that seem to have no reasonable explanation.
>
> Seems to be that a yum plugin could be written that would accomplish
> this. Consider - it would only allow signed rpm updates, and ask for
> permission (or use a key) to update to LIDS database...
You are mostly on the right track, however, that wont work across the
whole machine.
imho, the magic potion is to offload the machine state elese where and
use the compare-with-pre-state on a different 'central' machine. Where
knowledge like pacakge-ver and package-payload can also be tracked.
- KB
More information about the CentOS
mailing list