Re: aide, apt-get and remote management...

[Adam ENDRODI <borso@vekoll.saturnus.vein.hu>]

On Thu, Dec 11, 2003 at 12:44:27PM +0100, DI Peter Burgstaller wrote:
> 
> I'm trying to use aide now as well .. but with the default debian 
> config .. it produces
> every day massive changes .. especially to the /var/log/* files due to 
> logrotate.
> 
> Any reasonable settings that account for that?

Peter Solobov has provided valuable suggestions.  What I would
like to add is that in my opinion you shouldn't try to eliminate
all occurances of reports about expected file changes.  Instead
let AIDE complain and utilize some mechanism to sort the report
entries according to their importance.  For example, you could
create a script which reorders the report so that changes made
to files under /usr/bin come first, then modifications detected
in /etc and finally any activity in the /var hierarchy.  If
you're smart enough the output could be colorized as well.

bit,
adam

-- 
Am I a cleric?     | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever?        | 82DD 54C2 843D 37B8 D989
Renegade?          | http://pgpkeys.mit.edu