was there an advertised ETA for the next beta?
Michael Schwendt
ms-nospam-0306 at arcor.de
Mon Aug 18 12:47:52 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 11 Aug 2003 17:40:07 -0500, Kyle Maxwell wrote:
> Now *there's* a question sure to generate traffic...
>
> I'd really like to see Tripwire (or AIDE) back in. I think a host-based
> IDS like this with a reasonable default would be a nice addition. I
> understand that it was yanked due to developer resource constraints, but
> maybe this is where the community involvement comes in.
Yesterday I tested AIDE a bit more. I used the 0.9 version, later
tried fixes from CVS and also had a look at enhancements done by the
Debian folks.
Well, does anybody *really* use AIDE?
It fails for me for simple config lines such as
=/home p+u+g
which tells it to check permissions and ownership of the /home
directory but not process child directories. Creating and installing
the database works. But as soon as I run aide --check, it recurses
into /home and prints "open_dir():Not a directory:" for every file
name it finds.
Same for the example
=/ p+u+g
which processes the entire file-system contrary to what is written
in the manual.
I also saw that there is a package for Mandrake Linux. Those folks
have a line
=/lost+found DIR
with "DIR" being a macro for p+u+g plus inode check and number of
links check. However, the path names in aide.conf are regular
expressions. Hence for directory /lost+found to match, the config
line would need to be
=/lost\+found DIR
And they also include a "=/home DIR" rule. Might be that AIDE
doesn't build correctly on Red Hat Linux only. But with issues like
these, I don't think AIDE is ready to be deployed.
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/QMr40iMVcrivHFQRApp1AJ4wGxki38/DVlBVUy5rLAdQWmDjoACeM8gu
1Ca2JaLL87LtQDs3K8hVXr4=
=VSU9
-----END PGP SIGNATURE-----
More information about the test
mailing list