diff options
Diffstat (limited to 'app-forensics/aide/files/aide.conf-r1')
-rw-r--r-- | app-forensics/aide/files/aide.conf-r1 | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/app-forensics/aide/files/aide.conf-r1 b/app-forensics/aide/files/aide.conf-r1 new file mode 100644 index 000000000000..87df5e168c80 --- /dev/null +++ b/app-forensics/aide/files/aide.conf-r1 @@ -0,0 +1,133 @@ +# Example configuration file for AIDE +# See more: man 5 aide.conf + +database=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Default: 5 +#verbose=5 + +report_url=file:/var/log/aide/aide.log +report_url=stdout +#report_url=stderr + +# Here are all the things we can check - these are the default rules +# +# p: permissions +# ftype: file type +# i: inode +# l: link name +# n: number of links +# u: user +# g: group +# s: size +# b: block count +# m: mtime (modification time) +# a: atime (access time) +# c: ctime (change time) +# S: check for growing size +# I: ignore changed filename +# ANF: allow new files +# ARF: allow removed files +# md5: md5 checksum +# sha1: sha1 checksum +# sha256: sha256 checksum +# sha512: sha512 checksum +# rmd160: rmd160 checksum +# tiger: tiger checksum +# crc32: crc32 checksum +# R: p+ftype+i+l+n+u+g+s+m+c+md5+X +# L: p+ftype+i+l+n+u+g+X +# E: Empty group +# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled) +# >: Growing file p+ftype+l+u+g+i+n+S+X + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Configs +/etc ConfFiles +!/etc/mtab +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/libexec Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib(64)? Binlib +/usr/lib(64)? Binlib +/usr/local/lib(64)? Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L |