Discussion:
[Aide] track PHP files changes
George
2017-03-29 07:39:10 UTC
Permalink
Hi,

I am trying to setup AIDE to track changes in /home only for .php files.
This is to know if any injections happened or new files were uploaded
without my consent.

What do I use in aide.conf to make it check recursively for *.php files in
/home?

Please help
Thanks
Hannes von Haugwitz
2017-04-02 07:22:39 UTC
Permalink
Hi,
Post by George
What do I use in aide.conf to make it check recursively for *.php files in
/home?
Simply use the following rule (with version AIDE 0.16):

/home/.*\.php$ R

Best regards

Hannes
George
2017-04-02 19:58:42 UTC
Permalink
Hi,

This will not include /home/somefolder/*.php. I tried this one already.

Is there any way to make it recursive?
Please let me know.

THanks
Post by Hannes von Haugwitz
Hi,
Post by George
What do I use in aide.conf to make it check recursively for *.php files
in
Post by George
/home?
/home/.*\.php$ R
Hannes von Haugwitz
2017-04-03 05:04:14 UTC
Permalink
Hi,
Post by George
This will not include /home/somefolder/*.php. I tried this one already.
Which version of AIDE did you use?

Can you please provide the output of 'aide --version'

Best regards

Hannes
George
2017-04-03 15:44:50 UTC
Permalink
Hi,

Thanks a lot. Finally this is solved. It appears I was running the 0.15.1
version. After updating it to 0.16 it worked.
Post by Hannes von Haugwitz
Hi,
Post by George
This will not include /home/somefolder/*.php. I tried this one already.
Which version of AIDE did you use?
Can you please provide the output of 'aide --version'
LIJE Creative
2017-04-04 13:12:42 UTC
Permalink
Hi,

That's weird. In my conf file, I had to set all files/folder that I want to
exclude, not those that I want to include:

# excludes
!/var/log/ispconfig/.*
!/var/lib/apache2/fcgid/sock/.*
!/var/lib/amavis/tmp/.*
!/var/lib/mysql/.*
!/var/.*
!/tmp/.*
!/home/www/apps/.*
!/home/lost+found/.*
!/etc/.*
!/lib/.*
!/root/.*
!/run/.*
!/usr/.*
...

Cordialement,


JérÎme LILLE | Responsable Agence
***@lije-creative.com | +33 7 70 87 02 03
Site internet : www.lije-creative.com
Post by George
Hi,
Thanks a lot. Finally this is solved. It appears I was running the 0.15.1
version. After updating it to 0.16 it worked.
Post by Hannes von Haugwitz
Hi,
Post by George
This will not include /home/somefolder/*.php. I tried this one already.
Which version of AIDE did you use?
Can you please provide the output of 'aide --version'
_______________________________________________
Aide mailing list
https://www.ipi.fi/mailman/listinfo/aide
ᐧ

Continue reading on narkive:
Loading...