-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Oct 2002, Kjetil Kjernsmo wrote:
> I'd like to ask what people do with their AIDE output at times when a > lot of things change on their system? > > I've gone through the AIDE configuration, and I feel like having > configured it well, to catch the things that might be trojaned while > leaving out things that I would certainly change often. > ... I use aide on several machines but it is not really usefull on for example a Debian/unstable machine or a machine that has a lot of changing files where aide is used to inspect development files. The approach I take is that when aide reports some changes I check that the changes are "normal", optionally change aide.conf if the changes are regular and appropriate. After that I regenerate the database and save it as aide.db.yyyymmdd and provide a symlink to aide.db. Apart from that I also use tools like debsums to keep me informed of integrity (although a lot of packages don't provide all or correct md5sums) (maybe I should file some bugreports for wrong md5sums) - -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9tWUfVYan35+NCKcRAvTEAJ0SUrVSNwRgo2bgGmK5ea12Yb6OdQCfXfq5 JiY7Y3OOzlClgLBqwb8bAcg= =zYNE -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
