similar to: C6 : AIDE experience

CentOS Errata and Bugfix Advisory 2012:0512 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0512.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5304c71177d876ec276f4f021e15f4b1b10e3bcafb709469a2a7f891f2dbab6a aide-0.14-3.el6_2.2.i686.rpm x86_64:

I'm trying out aide since tripwire doesn't seem to be in the 5. releases anymore. I do not have Selinux on the server (no at installation), and I just yum installed the aide rpms, so I should have the latest. When I run my aide --init, I get all of these lines for all the files: lgetfilecon_raw failed for /usr/share/X11/app-defaults/XLogo:No data available I then copy the

Hi. On one of my servers aide just reported inode changes to a large bunch of files in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits behind a couple of firewalls and it would be hard to get to. The day before I updated "clam*" and updated the aide database right after that: -rw------- 1 root root 7407412 Sep 26 10:58 aide.db.gz The problem was that the

I've checked my system by aide and i've received information: changed: /bin changed: /bin/tar changed: /bin/mv changed: /bin/cp changed: /bin/ls changed: /bin/vi i don't remember that I changed those commands, what does it mean? Somebody broken in? or those commands are changed normally? -- This message has been scanned for viruses and dangerous content by MailScanner, and is

Hello All, My username is MikeThompson The link to configure Aide at the bottom of this page: https://wiki.centos.org/HowTos/OS_Protection Is dead, and says its dead, however, the old link to http://www.bofh-hunter.com/2008/04/10/centos-5-and-aide/ now redirects to a malicious website. One of my less than savvy users got his windows machine infected there last night. I'm wondering if it

One of my servers has recently started giving an error every time I run "aide --check". I ran it manually twice today with the same results. The second time, I added the -V flag, but that didn't give me anything useful. The system is currently running CentOS 5.3. Nothing on the system has changed recently (that I am aware of). The Aide database hasn't been updated in a few

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Starting with a fresh load and after I finish hardening the load following the Center for Internet Security (CIS) guidance, I'm wondering whether AIDE or OSSEC would be a better intrusion detection system. I installed AIDE and did a quick test of AIDE and after initializing the db and applying the recent cups update, I found that 1700+ files had changed. Those are a lot of changes to wade

CentOS Errata and Bugfix Advisory 2014:0948 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0948.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d4286ed601702ca38db7688ff6c509e0ecd491c173e149546e20f9252e3012f2 aide-0.14-7.el6.i686.rpm x86_64:

Hi, does anyone know if aide should have access to this socket? SELinux is preventing /usr/sbin/aide from write access on the sock_file /var/run/winbindd/pipe. Thanks Patrick (on CentOS6 if that matters)

I am trying to get my kickstart "repo" line to function correctly. repo --name=Updates --baseurl=http://192.168.1.14/centos/6.2/updates/x86_64/ When I comment the above line my install works, When I uncomment it the install fails with a message about dbus package error. This is my nightly script that runs: =============== PLACE="mirror.team-cymru.org/CentOS" mkdir -p

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

My daily AIDE report suggests Grub''s stage2 file has changed. Could I trouble you for your opinion about how concerned I should be and what to do if your concern is moderate or higher? File: /boot/grub/stage2 MD5 : Mlkt9ZVo59SSjvodt+956Q== , yIQIMP6TUHG5BegtoOk0ug== SHA1 : ZxehaXSXcnH/WlcInHpFnyT1vcg= , dReBGlO3DIAB+mjsxUWioB8NlbE=

Hello all, I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). Thank you, Dan Burkland ?

I've got aide aide-0.13.1-4.el5 running on a server, and aide aide-0.13.1-2.0.4.el5 running on a similar server. There appears to have been a change in the way base directories are being monitored in the two versions. Both servers are running logical volumes, but it seems to not matter as I'm running aide on a server without logical volumes and the problem still shows up. Now the

I upgraded my box from 5.3 to 5.4. When running "aide --update", I'm getting this warning message on /var/log/messages "aide: Libgcrypt warning: missing initialization - please fix the application" Below is the aide version installed: aide -v Aide 0.13.1 Compiled with the following options: WITH_MMAP WITH_POSIX_ACL WITH_SELINUX WITH_XATTR WITH_LSTAT64 WITH_READDIR64

Any news on the latest aide package? Current version of aide on CentOS 5 is aide-0.13.1-4.el5. This version of aide produces the following message on /var/log/messages "aide: Libgcrypt warning: missing initialization - please fix the application" when executed. Upstream already has released aide-0.13.1-6.el5 last January. I only see this version on the CentOS5 testing repo

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

hello, i''m just playing around with the really great puppet to learn the syntax and see what it can do. i''m using puppet 0.22.1 on debian etch. i created a aide class to distribute a modified aide.conf.d directory and if not already done initialize the database (yes this should probably be better organized and databas initialization should be performed as the last step):

On 02/02/2016 04:27 PM, Mike Thompson wrote: > Hello All, > > My username is MikeThompson > > The link to configure Aide at the bottom of this page: > https://wiki.centos.org/HowTos/OS_Protection > > Is dead, and says its dead, however, the old link to > http://www.bofh-hunter.com/2008/04/10/centos-5-and-aide/ now redirects > to a malicious website. > > One of