I have found two packages that cause significant interferences with AIDE
(actually I believe these cause problems with most IDS and possibly backups
too).
FIrst off is prelink. This causes so many ctime changes the only solution I
have found is to delete the script from /etc/cron.daily. I have not noticed any
performance differences whatsoever having disabled the process from running. I
am sure in some benchmark test it might make a difference, but I am not gaming
on my server so who cares =)
Second is SECTOOL. This is more managable since I can do a check before running
the tool and an update afterwards. Again, it causes many ctime changes. It
would seem this is a totally unrequired function of the application, but ......
I just do a check before and an update afterward. I know which files/folders
should be changed and it's not as bad to deal with as prelink, besides who runs
SECTOOL daily anyway?
_______________________________________________
Aide mailing list
[email protected]
https://mailman.cs.tut.fi/mailman/listinfo/aide
