You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
2.6 KiB
116 lines
2.6 KiB
13 years ago
|
# AIDE conf
|
||
|
|
||
|
database=file:/var/lib/aide/aide.db
|
||
|
database_out=file:/var/lib/aide/aide.db.new
|
||
|
|
||
|
# Change this to "no" or remove it to not gzip output
|
||
|
# (only useful on systems with few CPU cycles to spare)
|
||
|
gzip_dbout=yes
|
||
|
|
||
|
# Here are all the things we can check - these are the default rules
|
||
|
#
|
||
|
#p: permissions
|
||
|
#i: inode
|
||
|
#n: number of links
|
||
|
#u: user
|
||
|
#g: group
|
||
|
#s: size
|
||
|
#b: block count
|
||
|
#m: mtime
|
||
|
#a: atime
|
||
|
#c: ctime
|
||
|
#S: check for growing size
|
||
|
#md5: md5 checksum
|
||
|
#sha1: sha1 checksum
|
||
|
#rmd160: rmd160 checksum
|
||
|
#tiger: tiger checksum
|
||
|
#R: p+i+n+u+g+s+m+c+md5
|
||
|
#L: p+i+n+u+g
|
||
|
#E: Empty group
|
||
|
#>: Growing logfile p+u+g+i+n+S
|
||
|
#haval: haval checksum
|
||
|
#gost: gost checksum
|
||
|
#crc32: crc32 checksum
|
||
|
|
||
|
# Defines formerly set here have been moved to /etc/default/aide.
|
||
|
|
||
|
# Custom rules
|
||
|
Binlib = p+i+n+u+g+s+b+m+c+md5+sha1
|
||
|
ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1
|
||
|
Logs = p+i+n+u+g+S
|
||
|
Devices = p+i+n+u+g+s+b+c+md5+sha1
|
||
|
Databases = p+n+u+g
|
||
|
StaticDir = p+i+n+u+g
|
||
|
ManPages = p+i+n+u+g+s+b+m+c+md5+sha1
|
||
|
|
||
|
# Next decide what directories/files you want in the database
|
||
|
|
||
|
# Kernel, system map, etc.
|
||
|
=/boot$ Binlib
|
||
|
# Binaries
|
||
|
/bin Binlib
|
||
|
/sbin Binlib
|
||
|
/usr/bin Binlib
|
||
|
/usr/sbin Binlib
|
||
|
/usr/local/bin Binlib
|
||
|
/usr/local/sbin Binlib
|
||
|
#/usr/games Binlib
|
||
|
# Libraries
|
||
|
/lib Binlib
|
||
|
/usr/lib Binlib
|
||
|
/usr/local/lib Binlib
|
||
|
# Log files
|
||
|
=/var/log$ StaticDir
|
||
|
#!/var/log/ksymoops
|
||
|
/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
|
||
|
/var/log/aide/error.log(.[0-9])?(.gz)? Databases
|
||
|
#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
|
||
|
!/var/log/aide
|
||
|
/var/log Logs
|
||
|
# Devices
|
||
|
!/dev/pts
|
||
|
# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr,
|
||
|
# you may uncomment this to get rid of them. They're harmless but sometimes
|
||
|
# annoying.
|
||
|
#!/dev/cpu/mtrr
|
||
|
#!/dev/xconsole
|
||
|
/dev Devices
|
||
|
# Other miscellaneous files
|
||
|
/var/run$ StaticDir
|
||
|
!/var/run
|
||
|
# Test only the directory when dealing with /proc
|
||
|
/proc$ StaticDir
|
||
|
!/proc
|
||
|
|
||
|
# You can look through these examples to get further ideas
|
||
|
|
||
|
# MD5 sum files - especially useful with debsums -g
|
||
|
#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1
|
||
|
|
||
|
# Check crontabs
|
||
|
#/var/spool/anacron/cron.daily Databases
|
||
|
#/var/spool/anacron/cron.monthly Databases
|
||
|
#/var/spool/anacron/cron.weekly Databases
|
||
|
#/var/spool/cron Databases
|
||
|
#/var/spool/cron/crontabs Databases
|
||
|
|
||
|
# manpages can be trojaned, especially depending on *roff implementation
|
||
|
#/usr/man ManPages
|
||
|
#/usr/share/man ManPages
|
||
|
#/usr/local/man ManPages
|
||
|
|
||
|
# docs
|
||
|
#/usr/doc ManPages
|
||
|
#/usr/share/doc ManPages
|
||
|
|
||
|
# check users' home directories
|
||
|
#/home Binlib
|
||
|
|
||
|
# check sources for modifications
|
||
|
#/usr/src L
|
||
|
#/usr/local/src L
|
||
|
|
||
|
# Check headers for same
|
||
|
#/usr/include L
|
||
|
#/usr/local/include L
|