1 |
neysx 05/11/23 18:02:07 |
2 |
|
3 |
Modified: xml/htdocs/doc/en/security shb-intrusion.xml |
4 |
Log: |
5 |
#108406 Reflect changes to aide ebuild |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 +12 -30 xml/htdocs/doc/en/security/shb-intrusion.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo |
13 |
|
14 |
Index: shb-intrusion.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- shb-intrusion.xml 1 Jun 2005 15:43:47 -0000 1.1 |
21 |
+++ shb-intrusion.xml 23 Nov 2005 18:02:07 -0000 1.2 |
22 |
@@ -1,14 +1,14 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.2 2005/11/23 18:02:07 neysx Exp $ --> |
26 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
27 |
|
28 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
29 |
-<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> |
30 |
+<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
31 |
|
32 |
<sections> |
33 |
|
34 |
-<version>1.0</version> |
35 |
-<date>2005-05-31</date> |
36 |
+<version>1.1</version> |
37 |
+<date>2005-11-23</date> |
38 |
|
39 |
<section> |
40 |
<title>AIDE (Advanced Intrusion Detection Environment)</title> |
41 |
@@ -283,10 +283,14 @@ |
42 |
</p> |
43 |
|
44 |
<p> |
45 |
-After editing the configuration you should create your db file by executing |
46 |
-<c>aide -i</c> and then copy the file <path>/etc/aide/aide.db.new</path> to |
47 |
-<path>/etc/aide/aide.db</path> and add the check to cron by executing |
48 |
-<c>crontab -e</c> as root. |
49 |
+The AIDE ebuild now comes with a working default configuration file, a helper |
50 |
+script and a crontab script. The helper script does a number of tasks for you |
51 |
+and provides an interface that is a little more script friendly. To see all |
52 |
+available options, try <c>aideinit --help</c>. To get started, all that needs |
53 |
+to be done is <c>aideinit -i</c> and the crontab script should detect the |
54 |
+database and send mails as appropriate every day. We recommend that you review |
55 |
+the <path>/etc/aide/aide.conf</path> file and ensure that the configuration |
56 |
+accurately reflects what is in place on the machine. |
57 |
</p> |
58 |
|
59 |
<note> |
60 |
@@ -294,25 +298,12 @@ |
61 |
this can take some time. |
62 |
</note> |
63 |
|
64 |
-<pre caption="Shedule aide as a cronjob"> |
65 |
-0 3 * * * /usr/bin/aide -u |
66 |
-</pre> |
67 |
- |
68 |
<note> |
69 |
Remember to set an alias so you get roots mail. Otherwise you will never know |
70 |
what AIDE reports. |
71 |
</note> |
72 |
|
73 |
<p> |
74 |
-In this case it runs once at 3am. This is done since I do not want to disturb |
75 |
-the users when they are working. Note I am using the <c>-u</c> (Update) option |
76 |
-instead of the <c>-C</c> (Check). Since <c>-u</c> also checks the files and does |
77 |
-not overwrite the original db file it saves some time since all you need to do |
78 |
-is to copy a file when it detects some changes. Just check the changes to see if |
79 |
-it was you who made the changes instead of some attacker before you copy it! |
80 |
-</p> |
81 |
- |
82 |
-<p> |
83 |
Now there is some risk inherent with storing the db files locally, since the |
84 |
attacker will (if they know that AIDE is installed) most certainly try to alter |
85 |
the db file, update the db file or modify <path>/usr/bin/aide</path>. So you |
86 |
@@ -336,11 +327,6 @@ |
87 |
it use the following examples. |
88 |
</p> |
89 |
|
90 |
-<pre caption="Add a user snort to the system"> |
91 |
-# useradd snort -d /var/log/snort -s /dev/null |
92 |
-# chown -R snort /var/log/snort |
93 |
-</pre> |
94 |
- |
95 |
<pre caption="/etc/conf.d/snort"> |
96 |
PIDFILE=/var/run/snort_eth0.pid |
97 |
MODE="full" |
98 |
@@ -453,10 +439,8 @@ |
99 |
|
100 |
</body> |
101 |
</section> |
102 |
- |
103 |
<section> |
104 |
<title>Detecting malware with chkrootkit</title> |
105 |
- |
106 |
<body> |
107 |
|
108 |
<p> |
109 |
@@ -483,6 +467,4 @@ |
110 |
|
111 |
</body> |
112 |
</section> |
113 |
- |
114 |
- |
115 |
</sections> |
116 |
|
117 |
|
118 |
|
119 |
-- |
120 |
gentoo-doc-cvs@g.o mailing list |