was found that there was a trojaned version of aide floating there.
However, our checksum checking would have found the difference, but
I prefer to play it safe and remove that obviously unsecure host from
the Aide's MASTER_SITES (they should use OpenBSD :)).
Thanks to Heikki Korpela <heko@iki.fi> for bringing this to me.
--
AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
What does it do?
It creates a database from the regular expression rules that it
finds from the config file. Once this database is initialized it
can be used to verify the integrity of the files. It has several
message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that
are used to check the integrity of the file. More algorithms can
be added with relative ease. All of the usual file attributes can
also be checked for inconsistencies. It can read databases from
older or newer versions. See the manual pages within the distribution
for further info. There is also a beginning of a manual.
WWW: http://www.cs.tut.fi/~rammer/aide.html
