Hello.
I am having a hard time figuring out how to set AIDE up. As I understand
it, on Debian systems, it ships with these:
- `/etc/aide/aide.conf`
- `/etc/aide/aide.conf.d/*`
And, `aide` uses `/etc/aide/aide.conf` as the default file for
configuration details. In order to apply the settings in
`/etc/aide/aide.conf` and `/etc/aide/aide.conf.d/*` you have to run
`update-aide.conf` and copy `/var/lib/aide/aide.conf.autogenerated` to
`/etc/aide/aide.conf`.
But this means, next time you make changes to `/etc/aide/aide.conf.d/*` and
run `update-aide.conf`, it'll take the old settings from
`/etc/aide/aide.conf` and **add** to it.
Wouldn't this give undesired results? For example, if
`/etc/aide/aide.conf.d/99_aide_root` has `/ Full`, then the first time you
`update-aide.conf` it will add `/@@{ROOTPREFIX} Full` to
`/etc/aide/aide.conf`. But, if you comment that line out from
`/etc/aide/aide.conf.d/99_aide_root` and run `update-aide.conf` it will add
`/@@{ROOTPREFIX}@@{ROOTPREFIX} Full` to `/etc/aide/aide.conf`.
And you can't just delete `/etc/aide/aide.conf` before running
`update-aide.conf` because it has some important settings like
`database=file:/var/lib/aide/aide.db`.
What is the right way to manage/maintain AIDE settings? My current thought
is to move the stock `/etc/aide/aide.conf` to
`/etc/aide/aide.conf.d/00_aide_stock` and delete `/etc/aide/aide.conf`
before doing `update-aide.conf`. I suppose this would work but it seems
rather hacky and unobvious. I wanted to check in case maybe I am thinking
about this all wrong.
Thank you!
*_Nacho*
_______________________________________________
Aide mailing list
[email protected]
https://www.ipi.fi/mailman/listinfo/aide
