On Tue, September 16, 2014 9:40 pm, Always Learning wrote:
>
> On Tue, 2014-09-16 at 16:41 -0400, Bowie Bailey wrote:
>
>> Aide does not update it's database file. Whenever you run an init or
>> update, it will create a new file. You then have to manually rename
>> that file in order to start using the new database.
I used aide for some time after tripwire went commercial, stayed without
support, and finally a bug (in e-mail...) was discovered. I moved away
from aide soon after. You may think of some intrusion detection
tool/system that:
1. doesn't keep reference database on the same box (I know, I know, they
are signed, etc...)
2. does not rely on binaries living on this same box (think about checking
these binaries on another, much more trusted box before using them...)
But of course, there is no limit to paranoia when [computer] security is
concerned.
Sorry, not mentioning what I do ("security through obscurity" helps a bit
sysadmin's paranoia ;-)
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++