I am very new to AIDE and old to Debian linux world. i hope you guyz do not mind any newbie question. actually i am trying to understand the working of AIDE but failed. because every tutorial i found so far is related to different destro then Debian. all other destros has one conf file.
/etc/aide/aide.conf and Debian generated a file somewhere in /var/path/to/aide/aide.conf.autogerenate. it is written in autogenerated conf that any change that is made to this file will be overwrite. now the problem is i do not want whole system check. rather a folder which is /var/www and another folder /home/anyuser. so how can i manage to achive this result. i added "!" at the beginning of every folder except /var like below in file /etc/aide/aide.conf !/bin !/boot !/dev !/etc !/home !/lib !/lib64 !/media !/mnt !/opt !/proc !/root !/run !/sbin !/scripts !/srv !/sys !/tmp !/usr /var/www InodeData !/var now i follow steps like this Step1 #aideinit now i edit a file in /var/www Step2 # aide -c /etc/aide/aide.conf --check above command give me this output. AIDE 0.16a2-19-g16ed855 found NO differences between database and filesystem. Looks okay!! blah blah blah............ this means no change of file or update has been found. but this is not true.because i have manually change the file by my self. I know i am doing mistake somewhere can you please guide me what i am doing wrong. any help will be highly appreciated. Thanks, yousuf
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
