I'm unaware of needing to change the SELinux settings and on a production server especially one that deals with PCI it should always be set to Enforcing.

As for the Aide databse it is a good practice to store it off of the server or at least on a partition that is only mounted when you run the check. This helps to keep it away from being modified or replaced easily by other scripts. I kept the ones for my systems on a share that was only mounted on the system while Aide was running.

On Mon, Mar 9, 2015 at 9:35 PM, George Toft <george@georgetoft.com> wrote:

AIDE works well, and comes on the CentOS distribution.

caveats: Must have SELinux in Permissive/Enforcing, and they recommend having the database stored on removable media.

I have AIDE on all my servers and run "aide --check" every day with an alert if the result is not ok.

Regards,

George Toft

On 3/5/2015 4:17 PM, Keith Smith wrote:

Hi,

I am in the final steps of an annual Payment Card Industry compliance process. I have two CentOS servers that require file-integrity monitoring or change-detection. I was looking at Tripwire and it is not open source which is what I expected it to be and there are some complaints of it being difficult to configure, employee turnover, etc.

Thank you in advance for any suggestions.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss