Comments (6)
As said above, if someone has root access to the server, they don't need to know the database or signing password; they can simply alter other parts of the OS (like your shell or the kernel) to hide their activities and replace the aide binary to generate forged reports.
from aide.
if the application gets full access to the server through the vulnerability, then this application will be able to update the AIDE database and write new files to the system as if they were always there.
I'm sorry, but I cannot follow. What application or vulnerability are you talking about?
Please add password protection when updating the database
If this issue is actually about adding password protection for the AIDE database please adjust the issue title accordingly.
from aide.
I'm sorry, but I cannot follow. What application or vulnerability are you talking about?
- the program checked the systems and wrote all the data to a file
- a virus entered the system through a vulnerability and gained full access to the system
- the virus has written itself into the system files: /usr/bin/virus
- the virus sees the aide program in the system
- there is no password in the system to write data to the aide database file, the virus runs a system check and data recording, while it does not block sending data to the mail and the user does not know anything
- the virus is in the system, but it will not be possible to find out about it, it has become legitimate and the data about it has already been recorded in the aide database file
a similar situation will be for the tripwire program, where if a password is required and its input is required to write data to a file, but the virus will not be able to go beyond the 5th point
If this issue is actually about adding password protection for the AIDE database please adjust the issue title accordingly.
this is the vulnerability it is equivalent to the fact that you have an account without a password. I don't understand how you haven't done protection yet as in a similar tripwire program
from aide.
- the program checked the systems and wrote all the data to a file
- a virus entered the system through a vulnerability and gained full access to the system
- the virus has written itself into the system files: /usr/bin/virus
- the virus sees the aide program in the system
- there is no password in the system to write data to the aide database file, the virus runs a system check and data recording, while it does not block sending data to the mail and the user does not know anything
- the virus is in the system, but it will not be possible to find out about it, it has become legitimate and the data about it has already been recorded in the aide database file
a similar situation will be for the tripwire program, where if a password is required and its input is required to write data to a file, but the virus will not be able to go beyond the 5th point
A password protection of the database simply gives you a false sense of security. If an experienced attacker has full (aka root) access to the machine, they can for example simply exchange the binary to generate a new database file and forged reports; or they exchange your $SHELL binary, the kernel or some libraries to rig the behaviour of the tool.
Apart from that, there is an open feature request for database and configuration signing (see #7); but this feature also won't help you entirely with this attack vector.
If this issue is actually about adding password protection for the AIDE database please adjust the issue title accordingly.
this is the vulnerability it is equivalent to the fact that you have an account without a password. I don't understand how you haven't done protection yet as in a similar tripwire program
Your title suggests that there is a vulnerability (within AIDE) that gives you full access to a machine. This is plain wrong and misleading. Hence I changed the issue title now.
Additionally I close this issue as wontfix
(in favour of #7).
from aide.
there is another attack vector. If two people have access to the server, then someone can install a malicious program and go unnoticed because the program can record data without knowing the password. I agree that you need to be able to sign the settings file and database as you said in this ticket #7
I ask you to provide an attack vector when the password protects not only from an attack from the outside, but also from an attack when several legitimate users have access to the server.
from aide.
but this is much more difficult to do if there is a password to protect. Unnecessary actions for a hacker, especially if he is poorly prepared, will help to become an obstacle
from aide.
Related Issues (20)
- handle interruptions
- AIDE rpm not located in RHEL UBI 8 AppStream repo HOT 1
- Remove old and obsolete algorithms in favor of modern HOT 8
- Connecting the application to the payment gateway
- Errors on database initialization with AIDE 0.18.1 on macOS HOT 2
- equals rule processing change with 0.18? HOT 4
- Use lgetxattr and not getxattr in do_md.c
- free(): double free detected in tcache 2 HOT 1
- Please update your gpg key HOT 1
- Unexpected character '@' error when rules start with a macro variable whose value begins with a slash HOT 1
- `/usr/bin/aide --config /var/lib/aide/aide.conf.autogenerated --update` cores under "some circumstance" HOT 3
- AIDE returned with exit code 17. Invalid configuration! HOT 1
- typo in aide.conf man page
- Proper directive for json output? HOT 2
- configure: error: AIDE requires mhash or libcrypt for hashsum calculation HOT 1
- Customising AIDE daily report title HOT 3
- Installing in Termux HOT 1
- Debian 11 Bullseye there more than 4 Virtual DRM-Devices. HOT 1
- Lowercase alpha string can't be group name beginning v0.18.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aide.