HI Hannes, Hi folks!
I have been working with AIDE for the last few days. And I have to say,
purely in terms of reliability, robustness and cost-benefit, I have
almost become a bit of a fan, especially when I look back at the
adversities and problems of the previous HIDS Samhain. Anyway, that's a
different topic.
What I have been using in our integration environment so far:
Initially, a database is created for each host using aide --init. Every
day, a check of the file system against the database is carried out
using the systemd timer.
After changes have been made to the systems via Ansible, the database is
automatically created again using aide --init.
The evaluation then takes place exclusively via the central graylog log
monitoring incl. alerting.
What confuses me a little is the aide --update. What is the purpose of
the update option? If I understand it correctly, the option performs a
check and then recreates the database. But why should you, or more
precisely I, use this option? Is it “only” intended for the interactive
check for an admin? Or what is the exact idea behind it or for using
this option?
Best regards
--
Django (Bastard Operator from Hell [BOfH])
aka Michael Nausch
Gänsbrunnenweg 6
85652 Pliening
Tel.: 08121 883176
Fax.: 08121 883179
Mail: <mailto:[email protected]>
https://wetterstation-pliening.info
https://ebersberger-liedersammlung.de
https://dokuwiki.nausch.org
_______________________________________________
Aide mailing list
[email protected]
https://www.ipi.fi/mailman/listinfo/aide
