- This topic has 3 replies, 2 voices, and was last updated Dec 21-9:15 pm by DaveW.
-
Posts
-
DaveW
What is your experience with AIDE (or similar security enhancements) to keep an eye out for malware, etc.?
(I’m currently using Antix17, and running Firefox and Thunderbird in Firejail with apparmor.)Anonymous
IMO, aide (and “tiger” and “snort”) provide little benefit (for any desktop system that is not configured to perform unattended upgrades) and they present a HUGE time sink (eternally chasing down false positives).
If any “files of interest” are changed underfoot, I want to be informed RIGHT NOW, immdeiately, via popup notification (or klaxon sound) ~~ not tomorrow, via email, after the cron-ned aide job has run.
Which exact set of files and / or directories should be “files of interest” on my (your) system?
https://sources.debian.org/src/aide/0.16.1-1/debian/aide.conf.d/
debian’s as-shipped default configuration:
https://sources.debian.org/src/aide/0.16.1-1/debian/default/aide/^— By skimming through these, a sysadmin can gauge which files and directories the aide author(s) and debian’s package maintainer(s) consider to be interesting. Also, inspecting their chosen default exclusion items can be enlightening… and, by golly, we should pity the well-intentioned fools managing public-facing servers who blindly accept (do not customize) the defaults.
immdeiately
i won’t dare to attempt an edit to fix0r that typo !Skidoo,
Your quick assessment is much appreciated. I think you saved me a lot of time.
I agree it would be best to have an instantaneous loud alarm when something goes amuck… your klaxon, for example.
On the other hand, due to the likelihood of many false alarms, it might be necessary to remove my hearing aids.
- You must be logged in to reply to this topic.
