diff options
author | Daniel Hiepler <daniel-gentoo@coderdu.de> | 2022-03-11 13:37:36 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2022-03-12 00:11:41 +0000 |
commit | 2823ca8dc37d4377400cdd3eaa647827d0120596 (patch) | |
tree | df6d9aec3cf5e46c0d76a413b0d557ef8a757073 /app-forensics/aide/files | |
parent | app-forensics/aide: create new revision of aide.cron (diff) | |
download | gentoo-2823ca8dc37d4377400cdd3eaa647827d0120596.tar.gz gentoo-2823ca8dc37d4377400cdd3eaa647827d0120596.tar.bz2 gentoo-2823ca8dc37d4377400cdd3eaa647827d0120596.zip |
app-forensics/aide: create new revision of aide.conf
* verbose option was replaced by log_level & report_level
* database option was renamed to database_in
Signed-off-by: Daniel Hiepler <daniel-gentoo@coderdu.de>
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-forensics/aide/files')
-rw-r--r-- | app-forensics/aide/files/aide.conf-r2 | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/app-forensics/aide/files/aide.conf-r2 b/app-forensics/aide/files/aide.conf-r2 new file mode 100644 index 000000000000..4bce675f7da3 --- /dev/null +++ b/app-forensics/aide/files/aide.conf-r2 @@ -0,0 +1,136 @@ +# Example configuration file for AIDE +# See more: man 5 aide.conf + +database_in=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Default: warning +#log_level=info + +# Default: changed_attributes +#report_level=added_removed_attributes + +report_url=file:/var/log/aide/aide.log +report_url=stdout +#report_url=stderr + +# Here are all the things we can check - these are the default rules +# +# p: permissions +# ftype: file type +# i: inode +# l: link name +# n: number of links +# u: user +# g: group +# s: size +# b: block count +# m: mtime (modification time) +# a: atime (access time) +# c: ctime (change time) +# S: check for growing size +# I: ignore changed filename +# ANF: allow new files +# ARF: allow removed files +# md5: md5 checksum +# sha1: sha1 checksum +# sha256: sha256 checksum +# sha512: sha512 checksum +# rmd160: rmd160 checksum +# tiger: tiger checksum +# crc32: crc32 checksum +# R: p+ftype+i+l+n+u+g+s+m+c+md5+X +# L: p+ftype+i+l+n+u+g+X +# E: Empty group +# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled) +# >: Growing file p+ftype+l+u+g+i+n+S+X + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Configs +/etc ConfFiles +!/etc/mtab +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/libexec Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib(64)? Binlib +/usr/lib(64)? Binlib +/usr/local/lib(64)? Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L |