Re: aide, apt-get and remote management...
On Friday, 2003-12-12 at 12:39:49 +0100, Adam ENDRODI wrote:
> On Fri, Dec 12, 2003 at 07:46:38AM +0100, Lupe Christoph wrote:
> > We don't use AIDE exclusively at a client site, but in combination
> > with Tripwire. We think tripwire is a little more secure becuse it
> > uses signed databases.
> Perhaps the following ./configure options will prove themselves
> useful:
> --with-confighmactype=TYPE Hash type to use for checking config.
> Valid values are md5 and sha1.
> --with-confighmackey=KEY HMAC hash key to use for checking config.
> Must be a base64 encoded byte stream.
> Maximum string length is 31 chars.
> --with-dbhmactype=TYPE Hash type to use for checking db.
> Valid values are md5 and sha1.
> --with-dbhmackey=KEY HMAC hash key to use for checking db.
> Must be a base64 encoded byte stream.
> Maximum string lentgth is 31 chars.
> --enable-forced_configmd Forces the config to have checksum.
> Also disables --config-check
> --enable-forced_dbmd Forces the file/pipe database's to have checksum.
> This will be the default in the next release.
Well, I went by what is said on the website http://www.cs.tut.fi/~rammer/aide.html
> Future plans
> ...
> o Encrypted and signed database
Before I start investigating this and spend a lot of time I don't have,
can you explain what Aide does when I use those configure options? BTW,
the Debian package does not use them. There is no bug filed about this.
Should we?
> bit,
That's a miss on my acronym cache. Please expand ;-)
Thanks,
Lupe Christoph
--
| lupe@lupe-christoph.de | http://www.lupe-christoph.de/ |
| "Violence is the resort of the violent" Lu Tze |
| "Thief of Time", Terry Pratchett |
Reply to: