How to use AIDE?
How to use AIDE?
There's a requirement that AIDE be installed on our machines. So every morning I get a ~16MB+ file listing tens of thousands of files. I think it's just showing me the same state over and over and over again. How do I zero it out, so that the only notifications I'll get are things that have actually changed since the last run? I've Googled this, but everything I've found is either too basic or dives deeply into the config... nothing is telling me how to get something that resembles useful results
Re: How to use AIDE?
Is this what you're looking for:
/usr/sbin/aide -c /etc/aide.conf --update; chcon system_u:object_r:aide_db_t:s0 /var/lib/aide/aide.db.new.gz; mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz; /usr/sbin/aide -c /etc/aide.conf --check > /var/log/aide/check.log
/usr/sbin/aide -c /etc/aide.conf --update : updates the database (to /var/lib/aide/aide.db.new.gz)
chcon system_u:object_r:aide_db_t:s0 /var/lib/aide/aide.db.new.gz : changes the selinux context
mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz : replace existing database with new one.
/usr/sbin/aide -c /etc/aide.conf --check > /var/log/aide/check.log : run another check to ensure all is okay.
/usr/sbin/aide -c /etc/aide.conf --update; chcon system_u:object_r:aide_db_t:s0 /var/lib/aide/aide.db.new.gz; mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz; /usr/sbin/aide -c /etc/aide.conf --check > /var/log/aide/check.log
/usr/sbin/aide -c /etc/aide.conf --update : updates the database (to /var/lib/aide/aide.db.new.gz)
chcon system_u:object_r:aide_db_t:s0 /var/lib/aide/aide.db.new.gz : changes the selinux context
mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz : replace existing database with new one.
/usr/sbin/aide -c /etc/aide.conf --check > /var/log/aide/check.log : run another check to ensure all is okay.