I've got aide aide-0.13.1-4.el5 running on a server, and aide
aide-0.13.1-2.0.4.el5 running on a similar server. There appears to have
been a change in the way base directories are being monitored in the two
versions. Both servers are running logical volumes, but it seems to not
matter as I'm running aide on a server without logical volumes and the
problem still shows up. Now the problem....
On the server with the newer aide, it reports MTime and CTime changes in
some of the base directories such as:
Directory: /root
Mtime : 2009-12-18 09:14:02 , 2009-12-24 12:20:53
Ctime : 2009-12-18 09:14:02 , 2009-12-24 12:20:53
Directory: /usr/bin
Mtime : 2009-12-18 00:04:20 , 2009-12-31 00:05:08
Ctime : 2009-12-18 00:04:20 , 2009-12-31 00:05:08
The older version of aide doesn't do this. Both aide.conf files are identical. I've tried entries in the conf file like the following to avoid this, but it seems I shouldn't have to do this:
/usr/bin$ DIR
where I've redefined DIR to not include "m" and "c". I still get reports of files below /usr/bin, but this avoids the changes to the directory itself everyday.
Does anyone have a clue how to avoid this any other way, and maybe if aide is doing this differently now (and why)? It's not a big deal, but I'm kinda believing I'm not doing it the right way.
Thanks
steve campbell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
