Distributed Aide Runtime Controller 0.3.42
Darc is a multi-threaded Python application designed for managing AIDE installations in large heterogeneous networks.
AIDE is an open-source improvement upon the academic release of Tripwire. It can be used to detect filesystem changes in unix environments, which is useful for forensics on compromised systems and tracing illicit system configuration changes.
Darc provides a mechanism to run AIDE integrity checks across many unix systems from a single management station. It has the following features not available in a traditional AIDE installation:
· Maintaining read-only media databases on each system - not a trivial task! - is not required for day to day operations.
· Unified reporting - the admin doesn't have to read individual reports for each system.
· Integrated syslog support to notify admins when a system may have been compromised.
· Databases and configs are never written to the filesystems on the monitored hosts.
What's New in This Release:
· Better error handling and reporting
· HTML reports for easier navigation within the report
· Configurable timeout values for all relevant metrics - TCP connection timeouts, SFTP transfer time, AIDE run time
· Built-in support for aide database maintenance tasks (init, update) so the manual file manipulation required in 0.2 is completely eliminated.