| # AIDE conf |
| |
| database=file:/var/lib/aide/aide.db |
| database_out=file:/var/lib/aide/aide.db.new |
| |
| # Change this to "no" or remove it to not gzip output |
| # (only useful on systems with few CPU cycles to spare) |
| gzip_dbout=yes |
| |
| # Here are all the things we can check - these are the default rules |
| # |
| #p: permissions |
| #i: inode |
| #n: number of links |
| #u: user |
| #g: group |
| #s: size |
| #b: block count |
| #m: mtime |
| #a: atime |
| #c: ctime |
| #S: check for growing size |
| #md5: md5 checksum |
| #sha1: sha1 checksum |
| #rmd160: rmd160 checksum |
| #tiger: tiger checksum |
| #R: p+i+n+u+g+s+m+c+md5 |
| #L: p+i+n+u+g |
| #E: Empty group |
| #>: Growing logfile p+u+g+i+n+S |
| #haval: haval checksum |
| #gost: gost checksum |
| #crc32: crc32 checksum |
| |
| # Defines formerly set here have been moved to /etc/default/aide. |
| |
| # Custom rules |
| Binlib = p+i+n+u+g+s+b+m+c+md5+sha1 |
| ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 |
| Logs = p+i+n+u+g+S |
| Devices = p+i+n+u+g+s+b+c+md5+sha1 |
| Databases = p+n+u+g |
| StaticDir = p+i+n+u+g |
| ManPages = p+i+n+u+g+s+b+m+c+md5+sha1 |
| |
| # Next decide what directories/files you want in the database |
| |
| # Kernel, system map, etc. |
| =/boot$ Binlib |
| # Binaries |
| /bin Binlib |
| /sbin Binlib |
| /usr/bin Binlib |
| /usr/sbin Binlib |
| /usr/local/bin Binlib |
| /usr/local/sbin Binlib |
| #/usr/games Binlib |
| # Libraries |
| /lib Binlib |
| /usr/lib Binlib |
| /usr/local/lib Binlib |
| # Log files |
| =/var/log$ StaticDir |
| #!/var/log/ksymoops |
| /var/log/aide/aide.log(.[0-9])?(.gz)? Databases |
| /var/log/aide/error.log(.[0-9])?(.gz)? Databases |
| #/var/log/setuid.changes(.[0-9])?(.gz)? Databases |
| !/var/log/aide |
| /var/log Logs |
| # Devices |
| !/dev/pts |
| # If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, |
| # you may uncomment this to get rid of them. They're harmless but sometimes |
| # annoying. |
| #!/dev/cpu/mtrr |
| #!/dev/xconsole |
| /dev Devices |
| # Other miscellaneous files |
| /var/run$ StaticDir |
| !/var/run |
| # Test only the directory when dealing with /proc |
| /proc$ StaticDir |
| !/proc |
| |
| # You can look through these examples to get further ideas |
| |
| # MD5 sum files - especially useful with debsums -g |
| #/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 |
| |
| # Check crontabs |
| #/var/spool/anacron/cron.daily Databases |
| #/var/spool/anacron/cron.monthly Databases |
| #/var/spool/anacron/cron.weekly Databases |
| #/var/spool/cron Databases |
| #/var/spool/cron/crontabs Databases |
| |
| # manpages can be trojaned, especially depending on *roff implementation |
| #/usr/man ManPages |
| #/usr/share/man ManPages |
| #/usr/local/man ManPages |
| |
| # docs |
| #/usr/doc ManPages |
| #/usr/share/doc ManPages |
| |
| # check users' home directories |
| #/home Binlib |
| |
| # check sources for modifications |
| #/usr/src L |
| #/usr/local/src L |
| |
| # Check headers for same |
| #/usr/include L |
| #/usr/local/include L |