Well that would be a nice entry point for an attacker really. They could add/do what they want within the folder and your IDS wouldn't show. I try to avoid monitoring whenever possible. Make some really fancy regexps for the files within it and reduce monitoring of those files to a minimum, such as Permissions and Groups for example. This way you still get to pick up new and deleted files within the directory. It might take awhile to get them all depending on the contents of the directory, but you could also add a rule to ignore/minimally monitor ever file in it. Hope this helps.
Eric Webster Enterprise Services 2CheckOut.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sonixxfx Sent: Tuesday, January 02, 2007 1:10 PM To: Aide user mailinglist Subject: [Aide] Directories and files that often change Hi, I wonder what I should do with files and directories that often change. I know some people ignore these entirely, but can someone tell me what the risk of doing that would be? Thanks Ben
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
