[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: aide, apt-get and remote management...

On 11 Dec 2003, DI Peter Burgstaller wrote:
> Hi there,
>
> I'm trying to use aide now as well .. but with the default debian
> config .. it produces every day massive changes .. especially to the
> /var/log/* files due to logrotate.
>
> Any reasonable settings that account for that?

Modify AIDE's config to suit your needs.  Here's what works for me:

  # check user, group and permissions
  /var/log u+g+p
  # expect files to grow
  /var/log/.* >
  # permissions, user, group, number of links, and growing size for
  # syslog logs
  /var/log/syslog/.* p+u+g+n+S
  # don't check any of the following log directories
  =/var/log/(sysstat|setuid|apache|exim|ksymoops) R

And I don't use Debian package, I've compiled AIDE myself.  The config
files I'm using probably have very little in common with what Debian
supplies.

        - Peter

-- 
Peter Solodov                    | Concordia University 
http://alcor.concordia.ca/~peter | Montreal, QC, Canada
Reply to: