[Pkg-aide-maintainers] Bug#442214: aide: Aide issues false alarms
Bill Wohler
wohler at newt.com
Sun Jul 27 15:21:31 UTC 2008
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> This might be necessary for the ANF/ARF feature to properly
> +handle logs that have been rotated multiple times. COPYNEWDB="no" is
> +the default because automatically copying the database unconditionally
> +(COPYNEWDB="yes") might be dangerous since detected changes are only
> +reported once. Additionally, if you do not manually increase the
> +verbosity level by setting (for example) AIDEARGE="-V5" in
> +/etc/default/aide, you lose the possibility of inspecting the changes
> +more closely.
Since COPYNEWDB="yes" was parenthetical, that last sentence seems more
associated with the subject of the previous subject, namely,
COPYNEWDB="no". What do you think of this?
COPYNEWDB="no" is the default because automatically copying the database
unconditionally (COPYNEWDB="yes") might be dangerous since detected
changes are only reported once. Because changes are only reported once
when using COPYNEWDB="yes" and you lose the possibility of inspecting
the changes more closely, increase the verbosity level by setting, for
example, AIDEARGE="-V5" in /etc/default/aide so that the report has
enough detail to diagnose problems.
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
More information about the Pkg-aide-maintainers
mailing list