Comments (5)
+1
The current way that aide is implemented, is a major obstacle for using it in my systems. While I want to be notified about any "unofficial" changes to my systems, I don't want aide to report signed RPM changes.
On RHEL and CentOS, the changes are not daily, but they happen frequently enough within the month, to make aide completely unusable for monitoring system paths.
As @Zugschlus mentioned above, we end up updating aide's database over and over again, which results in an unnecessary update of the whole database.
The end result, is that aide is unusable for scanning an entire system, unless the admin isn't bothered by the constant notifications for changes.
For aide to actually be usable at a large scale, it needs to integrate with the RPM database (and/or with yum/dnf). When signed packages are updated, their changes should be merged with aide's own database.
I understand that this would require significant work, but its the only way to move forward.
Thank you.
from aide.
@robo2bobo Thanks for your input.
I plan to resolve this issue by using GnuPG-signed reference databases (to be signed and provided by the distributions, e.g. Debian). On database updates AIDE would hide file changes matching the reference database(s).
from aide.
I implemented a simple approach to reduce aide reports via package information and have been happily using this on some servers for some months. Unfortunately, it is for Ubuntu/Debian, but it might be easily adapted to other package systems.
https://github.com/svenha/aide-filter
from aide.
@svenha on Ubuntu/Debian you can set FILTERUPDATES or FILTERINSTALLATIONS in /etc/default/aide
to filter changes from package upgrades or installations.
from aide.
@hvhaugwitz Thanks for sharing this alternative solution. Two solutions are always better than one :-)
from aide.
Related Issues (20)
- Feature Request: Worker ratio
- Escape sequences in JSON output
- please consider relaxing file owner restrictions HOT 1
- Documented configuration parameter "syslog_format = true" not working. HOT 3
- Aide on Mobian Pinephone pro HOT 8
- Aide processes did not terminate in Redhat Entreprise 7.9 HOT 1
- Suggestion: Make a specific file comparison from a previous database HOT 2
- debian 10 - runtime error HOT 1
- undefined macro AC_MSG_ERROR & AC_DEFINE HOT 1
- handle interruptions
- AIDE rpm not located in RHEL UBI 8 AppStream repo HOT 1
- Remove old and obsolete algorithms in favor of modern HOT 8
- Connecting the application to the payment gateway
- Errors on database initialization with AIDE 0.18.1 on macOS HOT 2
- equals rule processing change with 0.18? HOT 4
- Please add password protection when updating the database HOT 6
- Use lgetxattr and not getxattr in do_md.c
- free(): double free detected in tcache 2 HOT 1
- Please update your gpg key HOT 1
- Unexpected character '@' error when rules start with a macro variable whose value begins with a slash HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aide.