147 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
		
		
			
		
	
	
			147 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
|  | # Example configuration file for AIDE. | ||
|  | # More information about configuration options available in the aide.conf manpage. | ||
|  | @@define DBDIR /var/lib/aide | ||
|  | @@define LOGDIR /var/log/aide | ||
|  | 
 | ||
|  | # The location of the database to be read. | ||
|  | database_in=file:@@{DBDIR}/aide.db.gz | ||
|  | 
 | ||
|  | # The location of the database to be written. | ||
|  | #database_out=sql:host:port:database:login_name:passwd:table | ||
|  | #database_out=file:aide.db.new | ||
|  | database_out=file:@@{DBDIR}/aide.db.new.gz | ||
|  | 
 | ||
|  | # Whether to gzip the output to database | ||
|  | gzip_dbout=yes | ||
|  | 
 | ||
|  | # Default. | ||
|  | log_level=warning | ||
|  | report_level=changed_attributes | ||
|  | 
 | ||
|  | report_url=file:@@{LOGDIR}/aide.log | ||
|  | report_url=stdout | ||
|  | #report_url=stderr | ||
|  | # | ||
|  | # Here are all the attributes we can check | ||
|  | #p:       permissions | ||
|  | #i:       inode | ||
|  | #n:       number of links | ||
|  | #l:       link name | ||
|  | #u:       user | ||
|  | #g:       group | ||
|  | #s:       size | ||
|  | ###b:        block count | ||
|  | #m:       mtime | ||
|  | #a:       atime | ||
|  | #c:       ctime | ||
|  | #S:       check for growing size | ||
|  | #I:       ignore changed filename | ||
|  | #ANF:     allow new files | ||
|  | #ARF:     allow removed files | ||
|  | # | ||
|  | 
 | ||
|  | # Here are all the digests we can use | ||
|  | #md5:           md5 checksum | ||
|  | #sha1:          sha1 checksum | ||
|  | #sha256:        sha256 checksum | ||
|  | #sha512:        sha512 checksum | ||
|  | #rmd160:        rmd160 checksum | ||
|  | #tiger:         tiger checksum | ||
|  | #haval:         haval checksum | ||
|  | #crc32:         crc32 checksum | ||
|  | #gost:          gost checksum | ||
|  | #whirlpool:     whirlpool checksum | ||
|  | 
 | ||
|  | # These are the default rules | ||
|  | #R:             p+i+l+n+u+g+s+m+c+md5 | ||
|  | #L:             p+i+l+n+u+g | ||
|  | #E:             Empty group | ||
|  | #>:             Growing logfile p+l+u+g+i+n+S | ||
|  | 
 | ||
|  | # You can create custom rules - my home made rule definition goes like this | ||
|  | ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 | ||
|  | ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger | ||
|  | # Everything but access time (Ie. all changes) | ||
|  | EVERYTHING = R+ALLXTRAHASHES | ||
|  | 
 | ||
|  | # Sane, with multiple hashes | ||
|  | # NORMAL = R+rmd160+sha256+whirlpool | ||
|  | NORMAL = R+rmd160+sha256 | ||
|  | 
 | ||
|  | # For directories, don't bother doing hashes | ||
|  | DIR = p+i+n+u+g+acl+xattrs | ||
|  | 
 | ||
|  | # Access control only | ||
|  | PERMS = p+i+u+g+acl | ||
|  | 
 | ||
|  | # Logfile are special, in that they often change | ||
|  | LOG = > | ||
|  | 
 | ||
|  | # Just do md5 and sha256 hashes | ||
|  | LSPP = R+sha256 | ||
|  | 
 | ||
|  | # Some files get updated automatically, so the inode/ctime/mtime change | ||
|  | # but we want to know when the data inside them changes | ||
|  | DATAONLY =  p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger | ||
|  | 
 | ||
|  | 
 | ||
|  | # Next decide what directories/files you want in the database. | ||
|  | 
 | ||
|  | /boot   NORMAL | ||
|  | /bin    NORMAL | ||
|  | /sbin   NORMAL | ||
|  | /lib    NORMAL | ||
|  | /lib64  NORMAL | ||
|  | /opt    NORMAL | ||
|  | /usr    NORMAL | ||
|  | /root   NORMAL | ||
|  | # These are too volatile | ||
|  | !/usr/src | ||
|  | !/usr/tmp | ||
|  | 
 | ||
|  | # Check only permissions, inode, user and group for /etc, but | ||
|  | # cover some important files closely. | ||
|  | /etc    PERMS | ||
|  | !/etc/mtab | ||
|  | # Ignore backup files | ||
|  | !/etc/.*~ | ||
|  | /etc/exports  NORMAL | ||
|  | /etc/fstab    NORMAL | ||
|  | /etc/passwd   NORMAL | ||
|  | /etc/group    NORMAL | ||
|  | /etc/gshadow  NORMAL | ||
|  | /etc/shadow   NORMAL | ||
|  | /etc/security/opasswd   NORMAL | ||
|  | 
 | ||
|  | /etc/hosts.allow   NORMAL | ||
|  | /etc/hosts.deny    NORMAL | ||
|  | 
 | ||
|  | /etc/sudoers NORMAL | ||
|  | /etc/skel NORMAL | ||
|  | 
 | ||
|  | /etc/logrotate.d NORMAL | ||
|  | 
 | ||
|  | /etc/resolv.conf DATAONLY | ||
|  | 
 | ||
|  | /etc/nscd.conf NORMAL | ||
|  | /etc/securetty NORMAL | ||
|  | 
 | ||
|  | # Shell/X starting files | ||
|  | /etc/profile NORMAL | ||
|  | /etc/bashrc NORMAL | ||
|  | /etc/bash_completion.d/ NORMAL | ||
|  | /etc/login.defs NORMAL | ||
|  | /etc/zprofile NORMAL | ||
|  | /etc/zshrc NORMAL | ||
|  | /etc/zlogin NORMAL | ||
|  | /etc/zlogout NORMAL | ||
|  | /etc/profile.d/ NORMAL | ||
|  | /etc/X11/ NORMAL | ||
|  | 
 | ||
|  | # Ignore logs | ||
|  | !/var/lib/pacman/.* | ||
|  | !/var/cache/.* | ||
|  | !/var/log/.* | ||
|  | !/var/run/.* | ||
|  | !/var/spool/.* |