You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please add support for signed database and config files. The public key used for signature verification should either be configurable exclusively at compile-time or at run-time via a config option.
The text was updated successfully, but these errors were encountered:
I think this is, indeed, a really relevant feature to prevent an attacker from simply editing the hashes in the database to evade detection. Here is where I got a little confused: You seem to have removed the code implementing this feature with commit f93408c but I couldn't figure out why. Could you please explain? Will this feature return to AIDE in the future?
@l-e-e-o The code was unmaintained and incompatible with other changes in the 0.17 release. The feature is planned for a future release (estimated >= 0.20).
Having said that, one can detect a tampered database by comparing the checksums of the used databases in the reports (provided the aide binary is unchanged).
I'm curious about your use case for signed databases/config files. How do you ensure that an attacker has not tampered with the AIDE binary?
Please add support for signed database and config files. The public key used for signature verification should either be configurable exclusively at compile-time or at run-time via a config option.
The text was updated successfully, but these errors were encountered: