[gentoo-doc-cvs] cvs commit: shb-intrusion.xml - gentoo-doc-cvs

From:	Xavier Neys <neysx@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: shb-intrusion.xml
Date:	Wed, 23 Nov 2005 18:03:01
Message-Id:	`200511231802.jANI2f3g022388@robin.gentoo.org`

1

neysx       05/11/23 18:02:07

2

3

  Modified:    xml/htdocs/doc/en/security shb-intrusion.xml

4

  Log:

5

  #108406 Reflect changes to aide ebuild

6

7

Revision  Changes    Path

8

1.2       +12 -30    xml/htdocs/doc/en/security/shb-intrusion.xml

9

10

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo

11

plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo

12

diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo

13

14

Index: shb-intrusion.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v

17

retrieving revision 1.1

18

retrieving revision 1.2

19

diff -u -r1.1 -r1.2

20

--- shb-intrusion.xml	1 Jun 2005 15:43:47 -0000	1.1

21

+++ shb-intrusion.xml	23 Nov 2005 18:02:07 -0000	1.2

22

@@ -1,14 +1,14 @@

23

 <?xml version='1.0' encoding='UTF-8'?>

24

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ -->

25

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.2 2005/11/23 18:02:07 neysx Exp $ -->

26

 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">

27

28

 <!-- The content of this document is licensed under the CC-BY-SA license -->

29

-<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->

30

+<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

31

32

 <sections>

33

34

-<version>1.0</version>

35

-<date>2005-05-31</date>

36

+<version>1.1</version>

37

+<date>2005-11-23</date>

38

39

 <section>

40

 <title>AIDE (Advanced Intrusion Detection Environment)</title>

41

@@ -283,10 +283,14 @@

42

 </p>

43

44

<p>

45

-After editing the configuration you should create your db file by executing

46

-<c>aide -i</c> and then copy the file <path>/etc/aide/aide.db.new</path> to 

47

-<path>/etc/aide/aide.db</path> and add the check to cron by executing 

48

-<c>crontab -e</c> as root.

49

+The AIDE ebuild now comes with a working default configuration file, a helper

50

+script and a crontab script. The helper script does a number of tasks for you

51

+and provides an interface that is a little more script friendly. To see all

52

+available options, try <c>aideinit --help</c>. To get started, all that needs

53

+to be done is <c>aideinit -i</c> and the crontab script should detect the

54

+database and send mails as appropriate every day. We recommend that you review

55

+the <path>/etc/aide/aide.conf</path> file and ensure that the configuration

56

+accurately reflects what is in place on the machine.

57

 </p>

58

59

 <note>

60

@@ -294,25 +298,12 @@

61

 this can take some time.

62

 </note>

63

64

-<pre caption="Shedule aide as a cronjob">

65

-0 3 * * * /usr/bin/aide -u

66

-</pre>

67

-

68

 <note>

69

 Remember to set an alias so you get roots mail. Otherwise you will never know

70

 what AIDE reports.

71

 </note>

72

73

<p>

74

-In this case it runs once at 3am. This is done since I do not want to disturb

75

-the users when they are working. Note I am using the <c>-u</c> (Update) option

76

-instead of the <c>-C</c> (Check). Since <c>-u</c> also checks the files and does

77

-not overwrite the original db file it saves some time since all you need to do

78

-is to copy a file when it detects some changes. Just check the changes to see if

79

-it was you who made the changes instead of some attacker before you copy it!

80

-</p>

81

-

82

-<p>

83

 Now there is some risk inherent with storing the db files locally, since the

84

 attacker will (if they know that AIDE is installed) most certainly try to alter

85

 the db file, update the db file or modify <path>/usr/bin/aide</path>. So you

86

@@ -336,11 +327,6 @@

87

 it use the following examples.

88

 </p>

89

90

-<pre caption="Add a user snort to the system">

91

-# useradd snort -d /var/log/snort -s /dev/null

92

-# chown -R snort /var/log/snort

93

-</pre>

94

-

95

 <pre caption="/etc/conf.d/snort">

96

 PIDFILE=/var/run/snort_eth0.pid

97

 MODE="full"

98

@@ -453,10 +439,8 @@

99

100

 </body>

101

 </section>

102

-

103

 <section>

104

 <title>Detecting malware with chkrootkit</title>

105

-

106

 <body>

107

108

<p>

109

@@ -483,6 +467,4 @@

110

111

 </body>

112

 </section>

113

-

114

-

115

 </sections>

--

120

gentoo-doc-cvs@g.o mailing list

1	neysx 05/11/23 18:02:07
2
3	Modified: xml/htdocs/doc/en/security shb-intrusion.xml
4	Log:
5	#108406 Reflect changes to aide ebuild
6
7	Revision Changes Path
8	1.2 +12 -30 xml/htdocs/doc/en/security/shb-intrusion.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
12	diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo
13
14	Index: shb-intrusion.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v
17	retrieving revision 1.1
18	retrieving revision 1.2
19	diff -u -r1.1 -r1.2
20	--- shb-intrusion.xml 1 Jun 2005 15:43:47 -0000 1.1
21	+++ shb-intrusion.xml 23 Nov 2005 18:02:07 -0000 1.2
22	@@ -1,14 +1,14 @@
23	<?xml version='1.0' encoding='UTF-8'?>
24	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ -->
25	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.2 2005/11/23 18:02:07 neysx Exp $ -->
26	<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
27
28	<!-- The content of this document is licensed under the CC-BY-SA license -->
29	-<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
30	+<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
31
32	<sections>
33
34	-<version>1.0</version>
35	-<date>2005-05-31</date>
36	+<version>1.1</version>
37	+<date>2005-11-23</date>
38
39	<section>
40	<title>AIDE (Advanced Intrusion Detection Environment)</title>
41	@@ -283,10 +283,14 @@
42	</p>
43
44	<p>
45	-After editing the configuration you should create your db file by executing
46	-<c>aide -i</c> and then copy the file <path>/etc/aide/aide.db.new</path> to
47	-<path>/etc/aide/aide.db</path> and add the check to cron by executing
48	-<c>crontab -e</c> as root.
49	+The AIDE ebuild now comes with a working default configuration file, a helper
50	+script and a crontab script. The helper script does a number of tasks for you
51	+and provides an interface that is a little more script friendly. To see all
52	+available options, try <c>aideinit --help</c>. To get started, all that needs
53	+to be done is <c>aideinit -i</c> and the crontab script should detect the
54	+database and send mails as appropriate every day. We recommend that you review
55	+the <path>/etc/aide/aide.conf</path> file and ensure that the configuration
56	+accurately reflects what is in place on the machine.
57	</p>
58
59	<note>
60	@@ -294,25 +298,12 @@
61	this can take some time.
62	</note>
63
64	-<pre caption="Shedule aide as a cronjob">
65	-0 3 * * * /usr/bin/aide -u
66	-</pre>
67	-
68	<note>
69	Remember to set an alias so you get roots mail. Otherwise you will never know
70	what AIDE reports.
71	</note>
72
73	<p>
74	-In this case it runs once at 3am. This is done since I do not want to disturb
75	-the users when they are working. Note I am using the <c>-u</c> (Update) option
76	-instead of the <c>-C</c> (Check). Since <c>-u</c> also checks the files and does
77	-not overwrite the original db file it saves some time since all you need to do
78	-is to copy a file when it detects some changes. Just check the changes to see if
79	-it was you who made the changes instead of some attacker before you copy it!
80	-</p>
81	-
82	-<p>
83	Now there is some risk inherent with storing the db files locally, since the
84	attacker will (if they know that AIDE is installed) most certainly try to alter
85	the db file, update the db file or modify <path>/usr/bin/aide</path>. So you
86	@@ -336,11 +327,6 @@
87	it use the following examples.
88	</p>
89
90	-<pre caption="Add a user snort to the system">
91	-# useradd snort -d /var/log/snort -s /dev/null
92	-# chown -R snort /var/log/snort
93	-</pre>
94	-
95	<pre caption="/etc/conf.d/snort">
96	PIDFILE=/var/run/snort_eth0.pid
97	MODE="full"
98	@@ -453,10 +439,8 @@
99
100	</body>
101	</section>
102	-
103	<section>
104	<title>Detecting malware with chkrootkit</title>
105	-
106	<body>
107
108	<p>
109	@@ -483,6 +467,4 @@
110
111	</body>
112	</section>
113	-
114	-
115	</sections>
116
117
118
119	--
120	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs