On Sun, Jul 27, 2008 at 08:42:14AM -0700, Bill Wohler wrote: > Marc Haber <[EMAIL PROTECTED]> wrote: > > On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote: > > > Marc Haber <[EMAIL PROTECTED]> wrote: > > > > This might be necessary for the ANF/ARF feature to properly > > > > +handle logs that have been rotated multiple times. COPYNEWDB="no" is > > > > +the default because automatically copying the database unconditionally > > > > +(COPYNEWDB="yes") might be dangerous since detected changes are only > > > > +reported once. Additionally, if you do not manually increase the > > > > +verbosity level by setting (for example) AIDEARGE="-V5" in > > > > +/etc/default/aide, you lose the possibility of inspecting the changes > > > > +more closely. > > > > > > Since COPYNEWDB="yes" was parenthetical, that last sentence seems more > > > associated with the subject of the previous subject, namely, > > > COPYNEWDB="no". What do you think of this? > > > > I do not understand clearly. COPYNEWDB="no" always allows you to > > inspect the changes more closely by re-running aide. > > It seems the warning (beginning with Additionally) applies if > COPYNEWDB="no".
Ah. now I understand. How about this: Index: debian/aide-common.README.Debian =================================================================== --- debian/aide-common.README.Debian (revision 758) +++ debian/aide-common.README.Debian (working copy) @@ -106,11 +106,14 @@ handle logs that have been rotated multiple times. COPYNEWDB="no" is the default because automatically copying the database unconditionally (COPYNEWDB="yes") might be dangerous since detected changes are only -reported once. Additionally, if you do not manually increase the -verbosity level by setting (for example) AIDEARGE="-V5" in +reported once. If you use COPYNEWDB="yes" and do not manually increase +the verbosity level by setting (for example) AIDEARGE="-V5" in /etc/default/aide, you lose the possibility of inspecting the changes more closely. A third option, COPYNEWDB="ifnochange" only copies the -new database over the old one if aide has not detected any changes. +new database over the old one if aide has not detected any changes. In +this case, you need to manually copy over the databases after the +first report showing changes, or your ANF+ARF rules (including rotated +log files etc) are going to stop working. The cron job then mails aide's output to the address configured as MAILTO if either Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
