On Wed, 2010-02-10 at 14:20 -0600, Vijay Avarachen wrote: > > Are there any security ramifications by not using inodes in the check? > Since I am checking for permissions, various checksums, ownership, > create time, mod time and size, I think I can still have a high degree > of confidence in the files integrity. Any thoughts? > For prelinked files you cannot check the creation and modification times as prelinking will changed these.
Given that the main thing I am looking for with Aide is to see if any file contents have changed, then I am happy using the prelink patch and not checking the inode and creation/modification date/time. I rely on the checksum checks to ensure the contents haven't changed. John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
