|
cvsextras |
9fe78cd |
# Example configuration file for AIDE.
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
@@define DBDIR /var/lib/aide
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# The location of the database to be read.
|
|
cvsextras |
9fe78cd |
database=file:@@{DBDIR}/aide.db.gz
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# The location of the database to be written.
|
|
cvsextras |
9fe78cd |
#database_out=sql:host:port:database:login_name:passwd:table
|
|
cvsextras |
9fe78cd |
#database_out=file:aide.db.new
|
|
cvsextras |
9fe78cd |
database_out=file:@@{DBDIR}/aide.db.new.gz
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# Whether to gzip the output to database
|
|
cvsextras |
9fe78cd |
gzip_dbout=yes
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# Default.
|
|
cvsextras |
9fe78cd |
verbose=5
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
report_url=file:/var/log/aide.log
|
|
cvsextras |
9fe78cd |
report_url=stdout
|
|
cvsextras |
9fe78cd |
#report_url=stderr
|
|
cvsextras |
9fe78cd |
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
|
cvsextras |
9fe78cd |
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# These are the default rules.
|
|
cvsextras |
9fe78cd |
#
|
|
cvsextras |
9fe78cd |
#p: permissions
|
|
cvsextras |
9fe78cd |
#i: inode:
|
|
cvsextras |
9fe78cd |
#n: number of links
|
|
cvsextras |
9fe78cd |
#u: user
|
|
cvsextras |
9fe78cd |
#g: group
|
|
cvsextras |
9fe78cd |
#s: size
|
|
cvsextras |
9fe78cd |
#b: block count
|
|
cvsextras |
9fe78cd |
#m: mtime
|
|
cvsextras |
9fe78cd |
#a: atime
|
|
cvsextras |
9fe78cd |
#c: ctime
|
|
cvsextras |
9fe78cd |
#S: check for growing size
|
|
cvsextras |
9fe78cd |
#md5: md5 checksum
|
|
cvsextras |
9fe78cd |
#sha1: sha1 checksum
|
|
cvsextras |
9fe78cd |
#rmd160: rmd160 checksum
|
|
cvsextras |
9fe78cd |
#tiger: tiger checksum
|
|
cvsextras |
9fe78cd |
#haval: haval checksum
|
|
cvsextras |
9fe78cd |
#gost: gost checksum
|
|
cvsextras |
9fe78cd |
#crc32: crc32 checksum
|
|
cvsextras |
9fe78cd |
#R: p+i+n+u+g+s+m+c+md5
|
|
cvsextras |
9fe78cd |
#L: p+i+n+u+g
|
|
cvsextras |
9fe78cd |
#E: Empty group
|
|
cvsextras |
9fe78cd |
#>: Growing logfile p+u+g+i+n+S
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# You can create custom rules like this.
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
NORMAL = R+b+sha1
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
DIR = p+i+n+u+g
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# Next decide what directories/files you want in the database.
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
/boot NORMAL
|
|
cvsextras |
9fe78cd |
/bin NORMAL
|
|
cvsextras |
9fe78cd |
/sbin NORMAL
|
|
cvsextras |
9fe78cd |
/lib NORMAL
|
|
cvsextras |
9fe78cd |
/opt NORMAL
|
|
cvsextras |
9fe78cd |
/usr NORMAL
|
|
cvsextras |
9fe78cd |
/root NORMAL
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# Check only permissions, inode, user and group for /etc, but
|
|
cvsextras |
9fe78cd |
# cover some important files closely.
|
|
cvsextras |
9fe78cd |
/etc p+i+u+g
|
|
cvsextras |
9fe78cd |
!/etc/mtab
|
|
cvsextras |
9fe78cd |
/etc/exports NORMAL
|
|
cvsextras |
9fe78cd |
/etc/fstab NORMAL
|
|
cvsextras |
9fe78cd |
/etc/passwd NORMAL
|
|
cvsextras |
9fe78cd |
/etc/group NORMAL
|
|
cvsextras |
9fe78cd |
/etc/gshadow NORMAL
|
|
cvsextras |
9fe78cd |
/etc/shadow NORMAL
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
/var/log p+n+u+g
|
|
cvsextras |
9fe78cd |
|
|
cvsextras |
9fe78cd |
# With AIDE's default verbosity level of 5, these would give lots of
|
|
cvsextras |
9fe78cd |
# warnings upon tree traversal. It might change with future version.
|
|
cvsextras |
9fe78cd |
#
|
|
cvsextras |
9fe78cd |
#=/lost\+found DIR
|
|
cvsextras |
9fe78cd |
#=/home DIR
|
|
cvsextras |
9fe78cd |
|