On Wed, Jan 17, 2007 at 12:12:39PM +0100, Tim Stoop wrote: > Default syslog installation includes /var/log/mail.err and > /var/log/mail.warn, both are rotated. So I added them to 31_aide_syslog.
Done in svn, new line is now @@define LOGFILES (messages|syslog|(auth|daemon|user)\.log|mail\.(log|err|warn|info)) > Since cron-apt downloads new indexes each night and I don't need a > confirmation of that each day, I use: > !/var/cache/apt/lists There are actually rules for this, see 31_aide_apt_stable and 31_aide_apt_unstable. But, alas, these rules have my local mirror hardcoded and are thus useless to external users. I'll fix this asap by introducing a macro. > Also, my cron-apt config tells the program to download updated packages. > Since it already mails me about that, I disable checking of that > directory too, since it only duplicates a message cron-apt already sends > me (and I'd like to keep warnings to an absolute minimum, to be sure I > don't tire of them), I use: > !/var/cache/apt/archives > It would probably be better to at least check the settings of the > directory (user, etc.) instead of completely ignoring it. I consider this a bad idea, since this would make /var/cache/apt/archives a good place for an attacker to hide local persistent files. That won't happen in the package. There is already a rule file 31_aide_apt_frqchg which should cater for frequently changing apt files. 31_aide_apt_unstable also excludes package files by means of !/var/cache/apt/archives/[-a-zA-Z0-9%\._+]+_(i386|all)\.deb$ Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
