Adding AIDE to HIDS tools

2025-04-12 04:36:22 -05:00
parent b6692593a3
commit 9f131ca0a9
9 changed files with 466 additions and 0 deletions
--- a/roles/Sharingan/files/aide/yggdrasil.conf
+++ b/roles/Sharingan/files/aide/yggdrasil.conf
@@ -0,0 +1,89 @@
+# Example configuration file for AIDE.
+# More information about configuration options available in the aide.conf manpage.
+@@define DBDIR /home/yggdrasil/.aide
+@@define LOGDIR @@{DBDIR}
+
+# The location of the database to be read.
+database_in=file:@@{DBDIR}/aide.db.gz
+database_out=file:@@{DBDIR}/aide.new.db.gz
+
+# The location of the database to be written.
+#database_out=sql:host:port:database:login_name:passwd:table
+#database_out=file:aide.db.new
+# Whether to gzip the output to database
+gzip_dbout=yes
+
+# Default.
+log_level=warning
+report_level=changed_attributes
+
+report_url=file:@@{LOGDIR}/aide.log
+report_url=stdout
+#report_url=stderr
+#
+# Here are all the attributes we can check
+#p:       permissions
+#i:       inode
+#n:       number of links
+#l:       link name
+#u:       user
+#g:       group
+#s:       size
+###b:        block count
+#m:       mtime
+#a:       atime
+#c:       ctime
+#S:       check for growing size
+#I:       ignore changed filename
+#ANF:     allow new files
+#ARF:     allow removed files
+#
+
+# Here are all the digests we can use
+#md5:           md5 checksum
+#sha1:          sha1 checksum
+#sha256:        sha256 checksum
+#sha512:        sha512 checksum
+#rmd160:        rmd160 checksum
+#tiger:         tiger checksum
+#haval:         haval checksum
+#crc32:         crc32 checksum
+#gost:          gost checksum
+#whirlpool:     whirlpool checksum
+
+# These are the default rules
+#R:             p+i+l+n+u+g+s+m+c+md5
+#L:             p+i+l+n+u+g
+#E:             Empty group
+#>:             Growing logfile p+l+u+g+i+n+S
+
+# You can create custom rules - my home made rule definition goes like this
+ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
+ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
+# Everything but access time (Ie. all changes)
+EVERYTHING = R+ALLXTRAHASHES
+
+# Sane, with multiple hashes
+# NORMAL = R+rmd160+sha256+whirlpool
+NORMAL = R+rmd160+sha256
+
+# For directories, don't bother doing hashes
+DIR = p+i+n+u+g+acl+xattrs
+
+# Access control only
+PERMS = p+i+u+g+acl
+
+# Logfile are special, in that they often change
+LOG = >
+
+# Just do md5 and sha256 hashes
+LSPP = R+sha256
+
+# Some files get updated automatically, so the inode/ctime/mtime change
+# but we want to know when the data inside them changes
+DATAONLY =  p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
+
+
+# Next decide what directories/files you want in the database.
+/home/yggdrasil/ NORMAL
+!/home/yggdrasil/.aide$