And what about the following solution : DB and aide binary is copied via scp to the target server to check and the check is started via ssh. To automate this, we need to generate keys and put it in the target system(s). Ok, this sound far less secure, because if the central point is compromised, this could potentially compromise all the other servers. To minimise this, I created a chrooted user which can actually only execute aide and nothing else. The reason why I am thinking at this solution and not the one using http transfer is how to transfer securely the new generated DB after a system update was done to the central server that has all the DB ? With "transfer securely" I do not mean using an encrypted/secure channel, but how can I automate the transfer process, i.e transfering the new generated DB to the central server and this for more than 100 servers to check ? Of course, we could upload the DB using a php script, but how can I automate this process and protect in the same time the upload folder, because I do not want everybody being able to upload a modified DB to the upload folder.
Sorry, it was perhaps a bit boring and long, but I would be interested to have your opinion... Thanks for your answers. Chris -- Christoph Ehret Swisscom AG Linux Engineering Zentweg 46 CH-3050 Bern _______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
