Yes, this has helped! Thank you Eric. I am already setting up aide to monitor as much as possible, but I still was wondering about ignoring all these files and directories because it is mentioned a lot. So I am already on the right track, it only takes a bit of effort to create some of the rules, but I am getting there.
Regards, Ben 2007/1/2, Eric Webster <[EMAIL PROTECTED]>:
Well that would be a nice entry point for an attacker really. They could add/do what they want within the folder and your IDS wouldn't show. I try to avoid monitoring whenever possible. Make some really fancy regexps for the files within it and reduce monitoring of those files to a minimum, such as Permissions and Groups for example. This way you still get to pick up new and deleted files within the directory. It might take awhile to get them all depending on the contents of the directory, but you could also add a rule to ignore/minimally monitor ever file in it. Hope this helps. Eric Webster Enterprise Services 2CheckOut.com ------------------------------ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Sonixxfx *Sent:* Tuesday, January 02, 2007 1:10 PM *To:* Aide user mailinglist *Subject:* [Aide] Directories and files that often change Hi, I wonder what I should do with files and directories that often change. I know some people ignore these entirely, but can someone tell me what the risk of doing that would be? Thanks Ben _______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
