[CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?

Karanbir Singh mail-lists at karan.org
Mon Nov 30 08:14:49 UTC 2009


Hi Ian,

On 11/30/2009 01:07 AM, Ian Forde wrote:
>> I still want to see the changes, but it would be nice to see the
>> ones I
>> authorized through the update service to be partitioned off from the
>> ones that seem to have no reasonable explanation.
>
> Seems to be that a yum plugin could be written that would accomplish
> this. Consider - it would only allow signed rpm updates, and ask for
> permission (or use a key) to update to LIDS database...

You are mostly on the right track, however, that wont work across the 
whole machine.

imho, the magic potion is to offload the machine state elese where and 
use the compare-with-pre-state on a different 'central' machine. Where 
knowledge like pacakge-ver and package-payload can also be tracked.

- KB



More information about the CentOS mailing list