I notice that after having set up AIDE, and then doing an RPM or YUM update of a package, I then get spew about the contents of files related to that update having changed.
How difficult would it be to have a plugin for YUM that allows you to update the AIDE database with the new values (hashes, modes, owners, sizes, etc.) for the touched files? Also, sometimes when you install a package that maintains a cache, logs, or a spool area, it’s not sufficient to have AIDE do a snapshot (via --update) right after installation, because the contents of those areas grow or change over time. Immediately following installation, for instance, I might not have any new contents in /var/log/foobar, but some minutes or hours (or days) later a log file might have been created. It’s unfortunate that AIDE can’t leverage the RPM %files section to figure out which directories (or patterns within directories, such as /var/log/package-xxxxx.log) change over time but should be ignored as non-anomalous. How feasible would this be? Thanks, -Philip -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
