Hi Francois,
On Wed, Mar 05, 2008 at 05:30:52PM +0100, Francois Gouget wrote:
> On Wed, 5 Mar 2008, Marc Haber wrote:
> > Which is why the AIDE documentation asks people to submit their rules
> > either to aide or to the maintainers of the other packages for
> > inclusion in either package. The su
On Sun, Jul 27, 2008 at 01:40:13PM -0700, Bill Wohler wrote:
> Sehr gut! Die einzige Dinge ist s/AIDEARGE/AIDEARGS/ :-).
Fixed in svn, thanks.
Greetings
Marc
--
-
Marc Haber | "I don't trust Computers. They | Ma
Marc Haber <[EMAIL PROTECTED]> wrote:
> Ah. now I understand. How about this:
>
> Index: debian/aide-common.README.Debian
> ===
> --- debian/aide-common.README.Debian(revision 758)
> +++ debian/aide-common.README.Debian(worki
On Sun, Jul 27, 2008 at 08:42:14AM -0700, Bill Wohler wrote:
> Marc Haber <[EMAIL PROTECTED]> wrote:
> > On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
> > > Marc Haber <[EMAIL PROTECTED]> wrote:
> > > >This might be necessary for the ANF/ARF feature to properly
> > > > +h
Marc Haber <[EMAIL PROTECTED]> wrote:
> On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
> > Marc Haber <[EMAIL PROTECTED]> wrote:
> > >This might be necessary for the ANF/ARF feature to properly
> > > +handle logs that have been rotated multiple times. COPYNEWDB="no" is
>
On Sun, Jul 27, 2008 at 08:21:31AM -0700, Bill Wohler wrote:
> Marc Haber <[EMAIL PROTECTED]> wrote:
> >This might be necessary for the ANF/ARF feature to properly
> > +handle logs that have been rotated multiple times. COPYNEWDB="no" is
> > +the default because automatically copying th
Marc Haber <[EMAIL PROTECTED]> wrote:
>This might be necessary for the ANF/ARF feature to properly
> +handle logs that have been rotated multiple times. COPYNEWDB="no" is
> +the default because automatically copying the database unconditionally
> +(COPYNEWDB="yes") might be dangerous s
Marc Haber <[EMAIL PROTECTED]> wrote:
> On Wed, Jul 23, 2008 at 01:45:05PM -0700, Bill Wohler wrote:
> > Marc Haber <[EMAIL PROTECTED]> wrote:
> > I also found that because this setting trashes the old database, you
> > don't have a chance to later run aide --compare to see how a particular
> > fi
On Wed, Jul 23, 2008 at 01:45:05PM -0700, Bill Wohler wrote:
> Marc Haber <[EMAIL PROTECTED]> wrote:
> I also found that because this setting trashes the old database, you
> don't have a chance to later run aide --compare to see how a particular
> file changed. I therefore added AIDEARGS="-V5" to /
Marc Haber <[EMAIL PROTECTED]> wrote:
> I have instead committed the following patch to the README file which
> will hopefully make things a lot more clearer than they were explained
> in the previous README file. I'd appreciate your comments.
Excellent!
> + - set COMMAND="update" and COPYNEWD
On Sat, Jul 19, 2008 at 11:48:37AM -0700, Bill Wohler wrote:
> Marc Haber <[EMAIL PROTECTED]> wrote:
> > On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
> > > Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
> > > rule isn't working as advertised.
> > >
> > > F
Marc Haber <[EMAIL PROTECTED]> wrote:
> On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
> > Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
> > rule isn't working as advertised.
> >
> > For example, the following line appeared in the report:
> >
> > remove
Hi Francois,
On Wed, Mar 05, 2008 at 05:30:52PM +0100, Francois Gouget wrote:
> On Wed, 5 Mar 2008, Marc Haber wrote:
> > Which is why the AIDE documentation asks people to submit their rules
> > either to aide or to the maintainers of the other packages for
> > inclusion in either package. The su
On Wed, 5 Mar 2008, Marc Haber wrote:
[...]
> Which is why the AIDE documentation asks people to submit their rules
> either to aide or to the maintainers of the other packages for
> inclusion in either package. The support scheme supports either.
I have been trying to add the missing rules but th
On Mon, Mar 03, 2008 at 11:37:49PM +0100, Francois Gouget wrote:
> Marc Haber wrote:
> > In a previous run, aide detected changes (most probably the zope log
> > file), and thus the newly generated database was not copied over the
> > old one. After the next log rotation, the log-related rules didn
Marc Haber wrote:
> In a previous run, aide detected changes (most probably the zope log
> file), and thus the newly generated database was not copied over the
> old one. After the next log rotation, the log-related rules didn't
> apply any more and you got the report quoted above.
So it's necess
tags #442214 moreinfo
thanks
On Mon, Dec 03, 2007 at 11:29:24PM +0100, Marc Haber wrote:
> To hopefully make things clearer, grab
> https://ivanova.notwork.de/~mh/stuff/aidetest.tar.gz, untar and run
> ./runtests. This will "rotate" a log five times, with aide runs in
> between (which will also co
On Sat, Feb 09, 2008 at 10:31:55PM -0800, Bill Wohler wrote:
> I see the pattern here. I applied these in my files, but I still get
> false alarms after a fashion. I'm still looking into it (albeit slowly).
> I haven't made a small test case yet in hopes that I'll get the rules
> right and because
Marc Haber <[EMAIL PROTECTED]> wrote:
> On Sat, Nov 24, 2007 at 08:04:54PM -0800, Bill Wohler wrote:
> > Marc Haber <[EMAIL PROTECTED]> wrote:
> > > Care to submit your rules for inclusion in the aide packages?
> >
> > I will be glad to do so once I stop editing them :-).
>
> Great! Looking forw
Hi,
On Sat, Nov 24, 2007 at 07:56:29PM -0800, Bill Wohler wrote:
> Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
> rule isn't working as advertised.
>
> For example, the following line appeared in the report:
>
> removed: /var/log/aide/aide.log.6.gz
>
> However, in
Package: aide
Severity: normal
Version: 0.13.1-8
Hi Marc, I think I'm seeing the same thing here. It appears that the ARF
rule isn't working as advertised.
For example, the following line appeared in the report:
removed: /var/log/aide/aide.log.6.gz
However, in /etc/aide/aide.conf.local.d/31_a
On Sat, Oct 06, 2007 at 11:30:03PM +0200, Andreas Tille wrote:
> On Sat, 6 Oct 2007, Marc Haber wrote:
> >If so, I suspect that you got the zope log file in Saturday's or
> >Sunday's report, which prevented the new database from being copied
> >over the old one, and which caused the "normal" log fi
On Sat, 6 Oct 2007, Marc Haber wrote:
If so, I suspect that you got the zope log file in Saturday's or
Sunday's report, which prevented the new database from being copied
over the old one, and which caused the "normal" log file rules not to
apply any more for Monday's report.
Well, this was by
On Mon, Sep 24, 2007 at 07:27:20AM +0200, Andreas Tille wrote:
> This is what I've got after aideinit on last Friday ...
>
>
> ---
> Added files:
> ---
>
> added: /var/log/exim4/mainlog.2.gz
>
>
On Fri, Sep 21, 2007 at 02:58:30PM +0200, Andreas Tille wrote:
> On Fri, 21 Sep 2007, Marc Haber wrote:
>> As a rule, if you once get a report that shows changes, you'll get all
>> log reported as changed the next day if you don't interfere manually.
>
> Well, is the following procedure:
>
> --
On Fri, 21 Sep 2007, Marc Haber wrote:
---
Added files:
---
added: /var/log/exim4/mainlog.2.gz
---
Removed files:
On Fri, 21 Sep 2007, Marc Haber wrote:
As a rule, if you once get a report that shows changes, you'll get all
log reported as changed the next day if you don't interfere manually.
Well, is the following procedure:
---
# /usr/sbin/aideini
On Fri, Sep 21, 2007 at 07:01:33AM +0200, Andreas Tille wrote:
> On Sun, 16 Sep 2007, Marc Haber wrote:
> > By default, this only works through one rotation of the logs, and
> > starting with the second rotation, the changes are going to be
> > reported _until_ you copy the newly generated database
On Sun, 16 Sep 2007, Marc Haber wrote:
By default, this only works through one rotation of the logs, and
starting with the second rotation, the changes are going to be
reported _until_ you copy the newly generated databases to the old
ones if no changes were found.
Appropriate settings in /etc/d
On Fri, Sep 14, 2007 at 08:33:28AM +0200, Andreas Tille wrote:
> I havn't changed the files in /etc/aide/aide.conf.d (just added a view
> ones for my own application) but Aide reports things like
>
> ---
> Added files:
> -
Package: aide
Version: 0.13.1-2
Severity: normal
Hi,
I havn't changed the files in /etc/aide/aide.conf.d (just added a view
ones for my own application) but Aide reports things like
---
Added files:
31 matches
Mail list logo
