file-integrity monitoring
Shawn Badger
shawn at badger.pro
Tue Mar 10 06:44:54 MST 2015
I'm unaware of needing to change the SELinux settings and on a production
server especially one that deals with PCI it should always be set to
Enforcing.
As for the Aide databse it is a good practice to store it off of the server
or at least on a partition that is only mounted when you run the check.
This helps to keep it away from being modified or replaced easily by other
scripts. I kept the ones for my systems on a share that was only mounted on
the system while Aide was running.
On Mon, Mar 9, 2015 at 9:35 PM, George Toft <george at georgetoft.com> wrote:
> AIDE works well, and comes on the CentOS distribution.
>
> caveats: Must have SELinux in Permissive/Enforcing, and they recommend
> having the database stored on removable media.
>
> I have AIDE on all my servers and run "aide --check" every day with an
> alert if the result is not ok.
>
> Regards,
>
> George Toft
>
> On 3/5/2015 4:17 PM, Keith Smith wrote:
>
>>
>>
>> Hi,
>>
>> I am in the final steps of an annual Payment Card Industry compliance
>> process. I have two CentOS servers that require file-integrity monitoring
>> or change-detection. I was looking at Tripwire and it is not open source
>> which is what I expected it to be and there are some complaints of it being
>> difficult to configure, employee turnover, etc.
>>
>> Thank you in advance for any suggestions.
>>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20150310/0f5a1898/attachment.html>
More information about the PLUG-discuss
mailing list