Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Daniel <dragonheart@g.o>
To: gentoo-security@l.g.o, jwallace@×××××××.edu
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] AIDE question
Date: Sun, 19 Sep 2004 00:57:48
Message-Id: 200409191026.38782.dragonheart@gentoo.org
In Reply to: [gentoo-security] AIDE question by "Jason R. Wallace"
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5
6 aide-0.10_p20040917 has been commited to portage. This is based of the cvs
7 snapshot and includes a postgres patch (slightly modified from the patch
8 submitted by Joshua Schmidlkofer in bug #37007).
9
10 This should fix bugs 23764, 37007, and 62194.
11
12 On Thu, 29 Apr 2004 12:43 am, Jason R. Wallace wrote:
13 > I recently installed AIDE. 'aide -v' shows...
14 >
15 > Aide, version 0.10
16 > Compiled with the following options
17 > WITH_GCRYPT
18 > WITH_MHASH
19 > CONFIG_FILE = "/etc/aide/aide.conf"
20 >
21 >
22 > Here is my aide.conf...
23 >
24 > I find when I do an 'aide -C' that I have a lot of entries like...
25 >
26 > open_dir():Not a directory: /home/.keep
27 > open_dir():Not a directory: /home/wallacej/work/test.txt
28 > open_dir():Not a directory: /home/wallacej/work/script
29 > open_dir():Not a directory: /home/wallacej/make.conf
30 > open_dir():Not a directory: /home/wallacej/.bashrc
31 > open_dir():Not a directory: /home/wallacej/.config
32 >
33 > They are all related to the /home dir, so I believe Something is wrong
34 > with my '=@@{TOPDIR}home.* Norm' statement. Anyone see what is wrong?
35 > For /home all I want to do is check that the permissions/owner are good
36 > and that no new dir/files have been made in /home.
37
38 I hope you've solved this.
39
40 >
41 > Also what is the benefit of doing both md5 and sha1? Shouldn't just one
42 > of them be sufficient?
43
44 sha1 is a stronger, less forgeable hash. If they are diffent algorithms the
45 likelyhood of making a modification to a file that results in the same hash
46 for both is a lot less.
47
48 - --
49 Daniel Black <dragonheart@g.o>
50 Gentoo Forensics Herd
51 -----BEGIN PGP SIGNATURE-----
52 Version: GnuPG v1.2.4 (GNU/Linux)
53
54 iD8DBQFBTNlDhhpKunZncJcRAg6OAJ4yLPQcULc/xBJPpe1os6PVpo26LgCgqc4u
55 +fjOEcKsw4jUeTwyb7Yi608=
56 =/2KL
57 -----END PGP SIGNATURE-----
58
59 --
60 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups