Mailing List Archive

Re: AIDE question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Does the patch listed in
http://sourceforge.net/tracker/index.php?func=detail&aid=836250&group_id=86976&atid=581579
work?

Daniel Black
Forensics Herd
Current maitainer of aide.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBRr3WhhpKunZncJcRAo2uAKCpY1U5bh5kMzwK6UE68Q8zb4sx+ACgqQlu
I08FPml+6t2+cX9/QvN0CkM=
=EwYd
-----END PGP SIGNATURE-----

--
gentoo-security@gentoo.org mailing list
Re: AIDE question [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



aide-0.10_p20040917 has been commited to portage. This is based of the cvs
snapshot and includes a postgres patch (slightly modified from the patch
submitted by Joshua Schmidlkofer in bug #37007).

This should fix bugs 23764, 37007, and 62194.

On Thu, 29 Apr 2004 12:43 am, Jason R. Wallace wrote:
> I recently installed AIDE. 'aide -v' shows...
>
> Aide, version 0.10
> Compiled with the following options
> WITH_GCRYPT
> WITH_MHASH
> CONFIG_FILE = "/etc/aide/aide.conf"
>
>
> Here is my aide.conf...
>
> I find when I do an 'aide -C' that I have a lot of entries like...
>
> open_dir():Not a directory: /home/.keep
> open_dir():Not a directory: /home/wallacej/work/test.txt
> open_dir():Not a directory: /home/wallacej/work/script
> open_dir():Not a directory: /home/wallacej/make.conf
> open_dir():Not a directory: /home/wallacej/.bashrc
> open_dir():Not a directory: /home/wallacej/.config
>
> They are all related to the /home dir, so I believe Something is wrong
> with my '=@@{TOPDIR}home.* Norm' statement. Anyone see what is wrong?
> For /home all I want to do is check that the permissions/owner are good
> and that no new dir/files have been made in /home.

I hope you've solved this.

>
> Also what is the benefit of doing both md5 and sha1? Shouldn't just one
> of them be sufficient?

sha1 is a stronger, less forgeable hash. If they are diffent algorithms the
likelyhood of making a modification to a file that results in the same hash
for both is a lot less.

- --
Daniel Black <dragonheart@gentoo.org>
Gentoo Forensics Herd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBTNlDhhpKunZncJcRAg6OAJ4yLPQcULc/xBJPpe1os6PVpo26LgCgqc4u
+fjOEcKsw4jUeTwyb7Yi608=
=/2KL
-----END PGP SIGNATURE-----

--
gentoo-security@gentoo.org mailing list
Re: AIDE question [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



aide-0.10_p20040917 has been commited to portage. This is based of the cvs
snapshot and includes a postgres patch (slightly modified from the patch
submitted by Joshua Schmidlkofer in bug #37007).

This should fix bugs 23764, 37007, and 62194.

On Thu, 29 Apr 2004 12:43 am, Jason R. Wallace wrote:
> I recently installed AIDE. 'aide -v' shows...
>
> Aide, version 0.10
> Compiled with the following options
> WITH_GCRYPT
> WITH_MHASH
> CONFIG_FILE = "/etc/aide/aide.conf"
>
>
> Here is my aide.conf...
>
> I find when I do an 'aide -C' that I have a lot of entries like...
>
> open_dir():Not a directory: /home/.keep
> open_dir():Not a directory: /home/wallacej/work/test.txt
> open_dir():Not a directory: /home/wallacej/work/script
> open_dir():Not a directory: /home/wallacej/make.conf
> open_dir():Not a directory: /home/wallacej/.bashrc
> open_dir():Not a directory: /home/wallacej/.config
>
> They are all related to the /home dir, so I believe Something is wrong
> with my '=@@{TOPDIR}home.* Norm' statement. Anyone see what is wrong?
> For /home all I want to do is check that the permissions/owner are good
> and that no new dir/files have been made in /home.

I hope you've solved this.

>
> Also what is the benefit of doing both md5 and sha1? Shouldn't just one
> of them be sufficient?

sha1 is a stronger, less forgeable hash. If they are diffent algorithms the
likelyhood of making a modification to a file that results in the same hash
for both is a lot less.

- --
Daniel Black <dragonheart@gentoo.org>
Gentoo Forensics Herd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBTNlDhhpKunZncJcRAg6OAJ4yLPQcULc/xBJPpe1os6PVpo26LgCgqc4u
+fjOEcKsw4jUeTwyb7Yi608=
=/2KL
-----END PGP SIGNATURE-----

--
gentoo-security@gentoo.org mailing list