Teach tripwire or AIDE about renamed files

Asked May 20 '14 at 14:09

Active Dec 24 '14 at 22:15

Viewed 424 times

In my /etc directory there is something I do with files. Let us say that I am looking at /etc/passwd. What I do when it will be modified is to copy it over, in the following sense. I have a hierarchy of files: passwd, passwd_1, passwd_2, passwd_3, …, passwd_n.

Before passwd is modified, I “rotate” the files (similar to logrotate). passwd_n goes to passwd_n+1, passwd_n-1 goes to passwd_n, ... passwd_1 goes to passwd_2, passwd copies to passwd_1.

Then I modify passwd.

What I would like to do vis à vis a checksum program like tripwire or AIDE is to "let them know I've rotated and allow them to update the checksums but also check that the rotation has gone smoothly.

Do either of there programs provide a way for specifying something like this?

edited Dec 24 '14 at 22:15

Gilles 'SO- stop being evil'

807,993
194
1,674
2,175

asked May 20 '14 at 14:09

Mouse.The.Lucky.Dog

2,027
2
26
37

What about some revision control system? – Andreas Wiese May 20 '14 at 14:12
Do yourself a favor and use a real version control system like `etckeeper`. Don't worry about tripwire or AIDE, monitoring file checksums is useless against moderately competent attackers. – Gilles 'SO- stop being evil' Dec 24 '14 at 22:17

Teach tripwire or AIDE about renamed files

0 Answers0