Date: Sat, 10 Aug 2002 18:16:40 -0400 (EDT) From: Dru <dlavigne6@cogeco.ca> To: sroberts@dsl.pipex.com Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <20020810180914.Y9801-100000@x1-6-00-80-c8-3a-b8-46> In-Reply-To: <1029016162.38776.111.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 Aug 2002, Stacey Roberts wrote: > Hello, > I'm trying to find a simple-to-use / simple-to-manage intrusion > detection system. > > I came across aide-0.7_1 in the ports collection, and thought I'd like > to find out more about this. However attempts at accessing more > information via the link to "Main website" only takes me to > http://www.cs.tut.fi/~rammer/ where Mr. Rammer has almost everything > under the Sun, *except* information on aide. > > Is anyone out there actually using aide? Could you point me to where I > might find the docs that come with it, please? "man aide" and "man aide.conf" appear to be it. However, I've found that compared to tripwire or integrit, aide was the easiest to configure and even ran "out of the box" with no changes to the sample config. I simply cronned it and made changes to the config file as I received output I didn't want to receive. Here's my usage notes: cd /usr/ports/security/aide /* tripwire replacement */ make install clean man aide.conf /var/adm/aide/databases/ /* databases will be stored here */ cp /usr/local/etc/aide.conf.sample /var/adm/aide/aide.conf and configure to your needs (works out of the box but has additional tweaks) aide -i /* initialize aide.db.new */ mv /var/adm/aide/databases/aide.db.new /var/adm/aide/databases/aide.db aide --check /* checks database */ aide --update /* updates database */ -update creates aide.db.new (ascii text) so move it to aide.db as it is now your new baseline -will need to gzip if want to store on floppy; you should store database on read-only media -cron /usr/local/bin/aide --check HTH, Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020810180914.Y9801-100000>