Integrating AIDE to RPM
Jon
jdisnard at gmail.com
Mon Mar 10 06:43:25 UTC 2014
On Mar 9, 2014 11:05 PM, "Philip Prindeville" <
philipp_subx at redfish-solutions.com> wrote:
>
> I notice that after having set up AIDE, and then doing an RPM or YUM
update of a package, I then get spew about the contents of files related to
that update having changed.
>
> How difficult would it be to have a plugin for YUM that allows you to
update the AIDE database with the new values (hashes, modes, owners, sizes,
etc.) for the touched files?
>
> Also, sometimes when you install a package that maintains a cache, logs,
or a spool area, it’s not sufficient to have AIDE do a snapshot (via
--update) right after installation, because the contents of those areas
grow or change over time.
>
> Immediately following installation, for instance, I might not have any
new contents in /var/log/foobar, but some minutes or hours (or days) later
a log file might have been created.
>
> It’s unfortunate that AIDE can’t leverage the RPM %files section to
figure out which directories (or patterns within directories, such as
/var/log/package-xxxxx.log) change over time but should be ignored as
non-anomalous.
>
Maybe a task for 'rpm -V ' to verify installed files, which should handle
config files but not sure logs or cache. I use both aide and rpm to track
file changes. For aide I've always thought change control includes
database init. Just saying.
> How feasible would this be?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140310/3f40073f/attachment.html>
More information about the devel
mailing list