Hey All,

I need to implement AIDE on my client machines. The builds on these machine are different, so each workstation will have its own specific db generated through running AIDE initially. It is not good practice to just leave the db on the machine, since an "attacker" would be able to view this information. However, at the same time I do not want to pull back over 100 different aide db's to the ftp server and have an update pull each specifically every time I need to run the check.

The plan is to leave the db on the client machine, but encrypt it (using public/private keys). I need to be able to encrypt the file on the client machine. I will use a cron on the client to pull an update (from my ftp server) that runs AIDE. This update needs to be able to decrypt the file, use it running AIDE, then re-encrypt the file on the client. Hopefully I am explaining this in a way that makes sense. Any ideas on how to approach this?