Thanks Gary for your response. I am going to follow your advice, it seems a good solution.
Regards, Ben On 8/8/05, GARY GENDEL <[EMAIL PROTECTED]> wrote: > You can do what I did for Solaris. > > Start by a tagging all relevant directories for analysis. /, /etc, > /dev, /usr, /var, etc. You can put obvious work file directories in an > exclusion rule. > > Then you get one huge report the next day's run. Analyze the report and > add rules to exclude files and directories that are "working" files > (change frequently). > > Over the next few months, you'll get the occational alarms. Make sure > they are not real problems, and then add them to your list. > > The problem of taking someone elses rules are that I know of no one that > has out-of-the-box set up. > > The only bad thing about this "blind" approach is that you're database > will contain lots of non-critical files, so the runs take a bit longer. > However, I'd rather have this than miss something. In addition, when > you install something new, you know exactly what it touched. > > Good Luck. > > Sonixxfx wrote: > > Hi, > > > > I would like to use Aide but I'm wondering which files I should > > monitor on my Linux system. I know there are important files that > > should be monitored like /etc/passwd for example, but I am wondering > > how I should handle the other files. There are so many of them and > > many are changed after each system update, so monitoring them would be > > difficult, and everyone of them could contain malicious code. > > > > So can someone explain to me how I should handle this? > > > > Thanks for your help. > > > > Regards, > > > > Ben > > _______________________________________________ > > Aide mailing list > > [email protected] > > https://mailman.cs.tut.fi/mailman/listinfo/aide > > > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide > _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
