[Aide] Config file on aide check

Discussion:

Mason Nakadomari

2013-09-08 08:10:41 UTC

Hi I wanted to clear up my confusion about how aide works. Does the aide
--check command work if there is no aide.conf. when a check is run then it
won't run right?

Also I just wanted to check that the aide check doesn't update the conf
every time a check happens. I believe that it only updates the conf file on
the database after an aide --init. I just wanted to check. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130907/c0abcc00/attachment.html

Richard van den Berg

2013-09-08 09:38:33 UTC

Permalink

On 08-09-13 10:10, Mason Nakadomari wrote:
>
> Hi I wanted to clear up my confusion about how aide works. Does the
> aide --check command work if there is no aide.conf. when a check is
> run then it won't run right?
>

If there is no config file, aide does not know which files to scan with
which rules. Also, a database is needed to check against. Aide --init
creates the initial database from a given config file.

> Also I just wanted to check that the aide check doesn't update the
> conf every time a check happens. I believe that it only updates the
> conf file on the database after an aide --init. I just wanted to
> check. Thanks.
>

When aide is run in update mode (--update) the database is updated, and
the changes with the old database reported. The config file is never
automatically updates.

Kind regards,

Richard

Mason Nakadomari

2013-09-08 12:22:55 UTC

Permalink

Okay thanks. When you run --update it doesn't reflect changes to the conf
file right just the differences in database? So for example if i use init
mode, run a check and then change the conf file and run a check again will
it be conparing the new conf file or the old one. Thanks.

On Sat, Sep 7, 2013 at 11:38 PM, Richard van den Berg <richard at vdberg.org>wrote:

> On 08-09-13 10:10, Mason Nakadomari wrote:
> >
> > Hi I wanted to clear up my confusion about how aide works. Does the
> > aide --check command work if there is no aide.conf. when a check is
> > run then it won't run right?
> >
>
> If there is no config file, aide does not know which files to scan with
> which rules. Also, a database is needed to check against. Aide --init
> creates the initial database from a given config file.
>
> > Also I just wanted to check that the aide check doesn't update the
> > conf every time a check happens. I believe that it only updates the
> > conf file on the database after an aide --init. I just wanted to
> > check. Thanks.
> >
>
> When aide is run in update mode (--update) the database is updated, and
> the changes with the old database reported. The config file is never
> automatically updates.
>
> Kind regards,
>
> Richard
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130908/88a48c4c/attachment.html

Richard van den Berg

2013-09-08 13:44:24 UTC

Permalink

On 8-9-13 14:22 , Mason Nakadomari wrote:
> Okay thanks. When you run --update it doesn't reflect changes to the
> conf file right just the differences in database? So for example if i
> use init mode, run a check and then change the conf file and run a
> check again will it be conparing the new conf file or the old one.
> Thanks.

Aide does not compare config files, but databases. It always uses the
latest config file. Also, aide --init does not update the database but
writes a new one. You manually need to make the new database the current
database after you have verified the changes that aide detected.

Kind regards,

Richard

Mason Nakadomari

2013-09-11 01:02:28 UTC

Permalink

Thanks Richard do you reommend always running AIDE in init mode to update
changes to the conf file or is AIDE in update mode sufficient thanks.

On Sun, Sep 8, 2013 at 3:44 AM, Richard van den Berg <richard at vdberg.org>wrote:

> On 8-9-13 14:22 , Mason Nakadomari wrote:
> > Okay thanks. When you run --update it doesn't reflect changes to the
> > conf file right just the differences in database? So for example if i
> > use init mode, run a check and then change the conf file and run a
> > check again will it be conparing the new conf file or the old one.
> > Thanks.
>
> Aide does not compare config files, but databases. It always uses the
> latest config file. Also, aide --init does not update the database but
> writes a new one. You manually need to make the new database the current
> database after you have verified the changes that aide detected.
>
> Kind regards,
>
> Richard
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130910/c6c6ce67/attachment-0001.html

Richard van den Berg

2013-09-11 05:59:55 UTC

Permalink

On 11 sep. 2013, at 03:02, Mason Nakadomari <nakadoma at hawaii.edu> wrote:

> Thanks Richard do you reommend always running AIDE in init mode to update changes to the conf file or is AIDE in update mode sufficient thanks.

Update mode is suffici?nt. Init is only required when there is no initial database yet.

Kind regards,

Richard

Mason Nakadomari

2013-09-12 02:29:23 UTC

Permalink

Hi Richard thanks for the info. I was able to complete my project. I feel I
have a better understanding and I'm now gonna be in charge of AIDE scanning
for our shop. Thank you very much for your help. I have a lot to learn but
if I can help anyone asking questions on the list or contribute i will do
so. I'll let you know if I see any bugs. Thanks.

On Tue, Sep 10, 2013 at 7:59 PM, Richard van den Berg <richard at vdberg.org>wrote:

> On 11 sep. 2013, at 03:02, Mason Nakadomari <nakadoma at hawaii.edu> wrote:
>
> > Thanks Richard do you reommend always running AIDE in init mode to
> update changes to the conf file or is AIDE in update mode sufficient thanks.
>
> Update mode is suffici?nt. Init is only required when there is no initial
> database yet.
>
> Kind regards,
>
> Richard
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130911/541324f6/attachment.html