location of checksum file when using Aide
I'm a bit confused about using AID and where the checksum file is
located -- and how it's actually used in Debian systems.
The debian installation of AIDE (Advanced intrusion detection
environment) places the checksum file in /var/lib/aide/. Is there any
use in running AIDE if the checksum file is writable? Seems like it
should be on a non-writable media.
Second, what media do people normally use? I have machines that only
have a CD ROM. Do I need to burn a CDR with the database and always
keep it mounted?
The docs say that the aide binary and config file should also be on
non-writable media. Is that common practice, too? And if so, then I
suppose the cron.daily/aide file would need to be updated to point to
the /cdrom for the config file.
Or do people use AIDE with the standard install (database in
/var/lib/aide/) and hope for the best?
--
Bill Moseley
moseley@hank.org
Reply to: