1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
Hi, |
6 |
|
7 |
I recently installed AIDE. 'aide -v' shows... |
8 |
|
9 |
Aide, version 0.10 |
10 |
Compiled with the following options |
11 |
WITH_GCRYPT |
12 |
WITH_MHASH |
13 |
CONFIG_FILE = "/etc/aide/aide.conf" |
14 |
|
15 |
|
16 |
Here is my aide.conf... |
17 |
|
18 |
@@ifndef TOPDIR |
19 |
@@define TOPDIR / |
20 |
@@endif |
21 |
|
22 |
@@ifndef AIDEDIR |
23 |
@@define AIDEDIR /etc/aide |
24 |
@@endif |
25 |
|
26 |
database=file:@@{AIDEDIR}/aide.db |
27 |
database_out=file:aide.db.new |
28 |
verbose=20 |
29 |
report_url=stdout |
30 |
|
31 |
All=p+i+n+u+g+s+m+c+md5+sha1 |
32 |
Norm=L+md5 |
33 |
|
34 |
@@{TOPDIR}.* All |
35 |
=@@{TOPDIR}home.* Norm |
36 |
!@@{TOPDIR}var/tmp/portage.* |
37 |
!@@{TOPDIR}var/tmp/ccache.* |
38 |
!@@{TOPDIR}etc/ntp\.drift |
39 |
!@@{TOPDIR}etc/aide.* |
40 |
!@@{TOPDIR}sys.* |
41 |
!@@{TOPDIR}dev.* |
42 |
!@@{TOPDIR}proc.* |
43 |
!@@{TOPDIR}root.* |
44 |
!@@{TOPDIR}tmp.* |
45 |
!@@{TOPDIR}var/cache.* |
46 |
!@@{TOPDIR}var/db.* |
47 |
!@@{TOPDIR}var/spool.* |
48 |
!@@{TOPDIR}var/log.* |
49 |
!@@{TOPDIR}var/run.* |
50 |
!@@{TOPDIR}usr/portage.* |
51 |
|
52 |
|
53 |
I find when I do an 'aide -C' that I have a lot of entries like... |
54 |
|
55 |
open_dir():Not a directory: /home/.keep |
56 |
open_dir():Not a directory: /home/wallacej/work/test.txt |
57 |
open_dir():Not a directory: /home/wallacej/work/script |
58 |
open_dir():Not a directory: /home/wallacej/make.conf |
59 |
open_dir():Not a directory: /home/wallacej/.bashrc |
60 |
open_dir():Not a directory: /home/wallacej/.config |
61 |
|
62 |
They are all related to the /home dir, so I believe Something is wrong |
63 |
with my '=@@{TOPDIR}home.* Norm' statement. Anyone see what is wrong? |
64 |
For /home all I want to do is check that the permissions/owner are good |
65 |
and that no new dir/files have been made in /home. |
66 |
|
67 |
Also what is the benefit of doing both md5 and sha1? Shouldn't just one |
68 |
of them be sufficient? |
69 |
|
70 |
thx, |
71 |
Jason |
72 |
|
73 |
|
74 |
|
75 |
|
76 |
- -- |
77 |
|
78 |
@XXXXXX{========================> |
79 |
Jason Wallace |
80 |
Norwich University |
81 |
Information Warfare Lab Administrator |
82 |
Computer Forensics Lab Administrator |
83 |
|
84 |
802.485.2198 |
85 |
jwallace@×××××××.edu |
86 |
http://www.norwich.edu |
87 |
-----BEGIN PGP SIGNATURE----- |
88 |
Version: GnuPG v1.2.4 (MingW32) |
89 |
|
90 |
iD8DBQFAj8oxtT5ho2i2eO8RAnipAKC5XPnun0TB822fGOjDTA0b67XX4QCfc9Nt |
91 |
FHHOGM5/4UdlCB29VNl3dVE= |
92 |
=901G |
93 |
-----END PGP SIGNATURE----- |
94 |
|
95 |
|
96 |
-- |
97 |
gentoo-security@g.o mailing list |