[Aide] Monitoring authorized

Discussion:

[Aide] Monitoring authorized_keys

shawn wilson

2016-03-17 19:04:40 UTC

How do I get AIDE to monitor the ssh authorized_keys file for all users
(and nothing else under /home)?

Basically:
/home/*/.ssh/authorized_keys

So I've tried (at the bottom so that nothing else can clobber it):
/home/.*/.ssh/authorized_keys NORMAL

And I zgrep the db for authorized_keys (or a username) and I don't see
anything.

Hannes von Haugwitz

2016-03-17 20:33:05 UTC

Permalink

Hi,

Post by shawn wilson
How do I get AIDE to monitor the ssh authorized_keys file for all users
(and nothing else under /home)?

Unfortunately this is not possible at the moment. But I'm currently
working on this issue. Just give me some more time. I let you know, when
the fix is available.

Best regards

Hannes

Hannes von Haugwitz

2016-05-30 13:32:29 UTC

Permalink

Hello,

Post by Hannes von Haugwitz

Post by shawn wilson
How do I get AIDE to monitor the ssh authorized_keys file for all users
(and nothing else under /home)?

Unfortunately this is not possible at the moment. But I'm currently
working on this issue. Just give me some more time. I let you know, when
the fix is available.

Your issue should has been fixed with the latest beta release of AIDE
(v0.16b1)[0].

Best regards

Hannes

[0] https://sourceforge.net/p/aide/mailman/message/35017320/

shawn wilson

2016-05-30 16:34:25 UTC

Permalink

Post by Hannes von Haugwitz
Hello,

Post by Hannes von Haugwitz

Post by shawn wilson
How do I get AIDE to monitor the ssh authorized_keys file for all users
(and nothing else under /home)?

Unfortunately this is not possible at the moment. But I'm currently
working on this issue. Just give me some more time. I let you know, when
the fix is available.

Your issue should has been fixed with the latest beta release of AIDE
(v0.16b1)[0].
Best regards
Hannes
[0] https://sourceforge.net/p/aide/mailman/message/35017320/

Guessing that's wrt this?
"The switch to Perl 5 Compatible Regular Expressions and the fix of
'.*'-rule matching may result in different rule matching behaviour."

If so, thanks for breaking compatibility for this. And thanks for letting
me know - I hope to try it tomorrow.

Also, about how long do you see this staying in beta (obviously asking for
a estimate)?

Hannes von Haugwitz

2016-05-30 18:46:23 UTC

Permalink

Hello,

Post by shawn wilson

Post by Hannes von Haugwitz
Your issue should has been fixed with the latest beta release of AIDE
(v0.16b1)[0].

Guessing that's wrt this?
"The switch to Perl 5 Compatible Regular Expressions and the fix of
'.*'-rule matching may result in different rule matching behaviour."

Yes, the "'.*'-rule matching" part.

Post by shawn wilson
If so, thanks for breaking compatibility for this. And thanks for letting
me know - I hope to try it tomorrow.

Please report back, if it works for you.

Post by shawn wilson
Also, about how long do you see this staying in beta (obviously asking for
a estimate)?

I plan to release AIDE 0.16 in June.

Best regards

Hannes

Hannes von Haugwitz

2016-07-11 22:18:22 UTC

Permalink

Post by shawn wilson
Also, about how long do you see this staying in beta (obviously asking for
a estimate)?

I just released the first release candidate AIDE 0.16rc1 (see the
announcement mail[0] on aide-announce[1] for details).

Best regards

Hannes

[0] https://sourceforge.net/p/aide/mailman/message/35214527/
[1] https://lists.sourceforge.net/lists/listinfo/aide-announce

Continue reading on narkive:

Search results for '[Aide] Monitoring authorized_keys' (Questions and Answers)

replies

Can any con explain how Bush did NOT violate FISA and break the law with his warrantless wiretapping?

started 2007-11-06 12:05:35 UTC

politics

replies

Fellow Mormons, a question about the apostasy?

started 2009-06-23 09:54:41 UTC

religion & spirituality

replies

Last Key Pressed?