I'm using Xymon also, so this is very good to hear. Thanks! 2011/1/25 Erik Damsgaard <[email protected]>
> I am doing a similar thing like 'sshaide.sh' through monitoring jobs run > from Xymon. The jobs are scheduled to run every 15,30,45,60 minutes or > whatever you think is feasible through Xymon. I keep all db's, binaries and > conf files on the xymon server and 1) copy it out 2)run the job 3)copy > result back and alarm through Xymon. > In this way I get alarms out through Xymon and to the right place for > actions. Please see http://www.xymon.com/ > > I have additional scripts for updates(which will clear the alarm and > generate a new db) and init's which is run manually. > > Regards > --------------------------- > ERIK DAMSGAARD > Security Analyst > CSC > GSS Nordic | Tell (+45 36146217) | Cell (+45 29236217) | [email protected]| > www.csc.com/dk > > CSC • This is a PRIVATE message. If you are not the intended recipient, > please delete without copying and kindly advise us by e-mail of the mistake > in delivery. NOTE: Regardless of content, this e-mail shall not operate to > bind CSC to any order or other contract unless pursuant to explicit written > agreement or government initiative expressly permitting the use of e-mail > for such purpose • CSC Danmark A/S • Registered Office: Retortvej 8, DK - > 2500 Valby, Denmark • Registered in Denmark No: 15231599 > > > > From: Vijay <[email protected]> To: Aide user mailinglist < > [email protected]> Date: 24-01-2011 22:57 Subject: Re: [Aide] Best Practices > on storing aide databases > ------------------------------ > > > > Bobby, > Take a look at 'sshaide.sh' script in the contrib folder of the aide > release. > > # DESCRIPTION > # sshaide.sh uses AIDE and SSH to remotely run integrity checks > # on ALL configured client systems or those specifically listed on > # the command line from a centralized manager station. sshaide.sh > # stores all binaries, databases and reports on a secure, centralized > # manager station. Database initialization or periodic checks are > # run on demand or via cron jobs from the manager stations based on > # local policy requirements. > > Thanks, > Vijay > > 2011/1/24 J. Bobby Lopez <*[email protected]* <[email protected]>> > Would there be any online docs which discuss this? > > > On Fri, Jan 14, 2011 at 10:47 AM, J. Bobby Lopez > <*[email protected]*<[email protected]>> > wrote: > Hi, > > Just started using AIDE, and so far I'm liking it. > > I'm curious though what some of the best practices are on storing the AIDE > databases. > > When aide.db.new is created, it's in the same directory as aide.db. When I > copy aide.db.new to aide.db, should I be deleting aide.db.new? > > What is to prevent someone who happens to gain root from running AIDE > again, generating a new aide.db.new, and copying over aide.db before the > next cron job, therefore making their trespass undetectable? > > Thanks, > Bobby > > > _______________________________________________ > Aide mailing list* > **[email protected]* <[email protected]>* > **https://mailman.cs.tut.fi/mailman/listinfo/aide*<https://mailman.cs.tut.fi/mailman/listinfo/aide> > > > > > -- > "Knowledge is the only wealth that grows as you spend it, and diminishes as > you save it." > -- ancient Sanskrit saying_______________________________________________ > > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide > > > > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide > >
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
