* [gentoo-doc-cvs] cvs commit: shb-intrusion.xml
@ 2005-11-23 18:02 Xavier Neys
0 siblings, 0 replies; 3+ messages in thread
From: Xavier Neys @ 2005-11-23 18:02 UTC (permalink / raw
To: gentoo-doc-cvs
neysx 05/11/23 18:02:07
Modified: xml/htdocs/doc/en/security shb-intrusion.xml
Log:
#108406 Reflect changes to aide ebuild
Revision Changes Path
1.2 +12 -30 xml/htdocs/doc/en/security/shb-intrusion.xml
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-intrusion.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo
Index: shb-intrusion.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- shb-intrusion.xml 1 Jun 2005 15:43:47 -0000 1.1
+++ shb-intrusion.xml 23 Nov 2005 18:02:07 -0000 1.2
@@ -1,14 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.2 2005/11/23 18:02:07 neysx Exp $ -->
<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
<!-- The content of this document is licensed under the CC-BY-SA license -->
-<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
+<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<sections>
-<version>1.0</version>
-<date>2005-05-31</date>
+<version>1.1</version>
+<date>2005-11-23</date>
<section>
<title>AIDE (Advanced Intrusion Detection Environment)</title>
@@ -283,10 +283,14 @@
</p>
<p>
-After editing the configuration you should create your db file by executing
-<c>aide -i</c> and then copy the file <path>/etc/aide/aide.db.new</path> to
-<path>/etc/aide/aide.db</path> and add the check to cron by executing
-<c>crontab -e</c> as root.
+The AIDE ebuild now comes with a working default configuration file, a helper
+script and a crontab script. The helper script does a number of tasks for you
+and provides an interface that is a little more script friendly. To see all
+available options, try <c>aideinit --help</c>. To get started, all that needs
+to be done is <c>aideinit -i</c> and the crontab script should detect the
+database and send mails as appropriate every day. We recommend that you review
+the <path>/etc/aide/aide.conf</path> file and ensure that the configuration
+accurately reflects what is in place on the machine.
</p>
<note>
@@ -294,25 +298,12 @@
this can take some time.
</note>
-<pre caption="Shedule aide as a cronjob">
-0 3 * * * /usr/bin/aide -u
-</pre>
-
<note>
Remember to set an alias so you get roots mail. Otherwise you will never know
what AIDE reports.
</note>
<p>
-In this case it runs once at 3am. This is done since I do not want to disturb
-the users when they are working. Note I am using the <c>-u</c> (Update) option
-instead of the <c>-C</c> (Check). Since <c>-u</c> also checks the files and does
-not overwrite the original db file it saves some time since all you need to do
-is to copy a file when it detects some changes. Just check the changes to see if
-it was you who made the changes instead of some attacker before you copy it!
-</p>
-
-<p>
Now there is some risk inherent with storing the db files locally, since the
attacker will (if they know that AIDE is installed) most certainly try to alter
the db file, update the db file or modify <path>/usr/bin/aide</path>. So you
@@ -336,11 +327,6 @@
it use the following examples.
</p>
-<pre caption="Add a user snort to the system">
-# useradd snort -d /var/log/snort -s /dev/null
-# chown -R snort /var/log/snort
-</pre>
-
<pre caption="/etc/conf.d/snort">
PIDFILE=/var/run/snort_eth0.pid
MODE="full"
@@ -453,10 +439,8 @@
</body>
</section>
-
<section>
<title>Detecting malware with chkrootkit</title>
-
<body>
<p>
@@ -483,6 +467,4 @@
</body>
</section>
-
-
</sections>
--
gentoo-doc-cvs@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-doc-cvs] cvs commit: shb-intrusion.xml
@ 2006-11-01 7:58 Josh Saddler
0 siblings, 0 replies; 3+ messages in thread
From: Josh Saddler @ 2006-11-01 7:58 UTC (permalink / raw
To: gentoo-doc-cvs
nightmorph 06/11/01 07:58:42
Modified: shb-intrusion.xml
Log:
updated aide command, bug 138998
Revision Changes Path
1.4 xml/htdocs/doc/en/security/shb-intrusion.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?r1=1.3&r2=1.4
Index: shb-intrusion.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- shb-intrusion.xml 18 Sep 2006 09:22:48 -0000 1.3
+++ shb-intrusion.xml 1 Nov 2006 07:58:41 -0000 1.4
@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.3 2006/09/18 09:22:48 neysx Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.4 2006/11/01 07:58:41 nightmorph Exp $ -->
<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
<!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
<sections>
-<version>1.1</version>
-<date>2005-11-23</date>
+<version>1.2</version>
+<date>2006-11-01</date>
<section>
<title>AIDE (Advanced Intrusion Detection Environment)</title>
@@ -286,10 +286,10 @@
The AIDE ebuild now comes with a working default configuration file, a helper
script and a crontab script. The helper script does a number of tasks for you
and provides an interface that is a little more script friendly. To see all
-available options, try <c>aideinit --help</c>. To get started, all that needs
-to be done is <c>aideinit -i</c> and the crontab script should detect the
-database and send mails as appropriate every day. We recommend that you review
-the <path>/etc/aide/aide.conf</path> file and ensure that the configuration
+available options, try <c>aide --help</c>. To get started, all that needs to be
+done is <c>aide -i</c> and the crontab script should detect the database and
+send mails as appropriate every day. We recommend that you review the
+<path>/etc/aide/aide.conf</path> file and ensure that the configuration
accurately reflects what is in place on the machine.
</p>
--
gentoo-doc-cvs@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-doc-cvs] cvs commit: shb-intrusion.xml
@ 2006-11-01 8:13 Josh Saddler
0 siblings, 0 replies; 3+ messages in thread
From: Josh Saddler @ 2006-11-01 8:13 UTC (permalink / raw
To: gentoo-doc-cvs
nightmorph 06/11/01 08:13:37
Modified: shb-intrusion.xml
Log:
more aide sample config updates for bug 138998, thanks to Daniel Black (dragonheart) for reviewing
Revision Changes Path
1.5 xml/htdocs/doc/en/security/shb-intrusion.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml?r1=1.4&r2=1.5
Index: shb-intrusion.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- shb-intrusion.xml 1 Nov 2006 07:58:41 -0000 1.4
+++ shb-intrusion.xml 1 Nov 2006 08:13:37 -0000 1.5
@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.4 2006/11/01 07:58:41 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-intrusion.xml,v 1.5 2006/11/01 08:13:37 nightmorph Exp $ -->
<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
<!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,7 +7,7 @@
<sections>
-<version>1.2</version>
+<version>1.3</version>
<date>2006-11-01</date>
<section>
@@ -260,8 +260,11 @@
@@{TOPDIR} Norm
!@@{TOPDIR}etc/aide
!@@{TOPDIR}dev
+!@@{TOPDIR}media
+!@@{TOPDIR}mnt
!@@{TOPDIR}proc
!@@{TOPDIR}root
+!@@{TOPDIR}sys
!@@{TOPDIR}tmp
!@@{TOPDIR}var/log
!@@{TOPDIR}var/run
--
gentoo-doc-cvs@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-11-01 8:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-01 7:58 [gentoo-doc-cvs] cvs commit: shb-intrusion.xml Josh Saddler
-- strict thread matches above, loose matches on Subject: below --
2006-11-01 8:13 Josh Saddler
2005-11-23 18:02 Xavier Neys
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox