diff options
Diffstat (limited to 'app-forensics/aide/files/aide.conf-r1')
-rw-r--r-- | app-forensics/aide/files/aide.conf-r1 | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/app-forensics/aide/files/aide.conf-r1 b/app-forensics/aide/files/aide.conf-r1 deleted file mode 100644 index 87df5e168c80..000000000000 --- a/app-forensics/aide/files/aide.conf-r1 +++ /dev/null @@ -1,133 +0,0 @@ -# Example configuration file for AIDE -# See more: man 5 aide.conf - -database=file:/var/lib/aide/aide.db -database_out=file:/var/lib/aide/aide.db.new - -# Change this to "no" or remove it to not gzip output -# (only useful on systems with few CPU cycles to spare) -gzip_dbout=yes - -# Default: 5 -#verbose=5 - -report_url=file:/var/log/aide/aide.log -report_url=stdout -#report_url=stderr - -# Here are all the things we can check - these are the default rules -# -# p: permissions -# ftype: file type -# i: inode -# l: link name -# n: number of links -# u: user -# g: group -# s: size -# b: block count -# m: mtime (modification time) -# a: atime (access time) -# c: ctime (change time) -# S: check for growing size -# I: ignore changed filename -# ANF: allow new files -# ARF: allow removed files -# md5: md5 checksum -# sha1: sha1 checksum -# sha256: sha256 checksum -# sha512: sha512 checksum -# rmd160: rmd160 checksum -# tiger: tiger checksum -# crc32: crc32 checksum -# R: p+ftype+i+l+n+u+g+s+m+c+md5+X -# L: p+ftype+i+l+n+u+g+X -# E: Empty group -# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled) -# >: Growing file p+ftype+l+u+g+i+n+S+X - -# Defines formerly set here have been moved to /etc/default/aide. - -# Custom rules -Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 -ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 -Logs = p+i+n+u+g+S -Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160 -Databases = p+n+u+g -StaticDir = p+i+n+u+g -ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160 - -# Next decide what directories/files you want in the database - -# Kernel, system map, etc. -=/boot$ Binlib -# Configs -/etc ConfFiles -!/etc/mtab -# Binaries -/bin Binlib -/sbin Binlib -/usr/bin Binlib -/usr/sbin Binlib -/usr/libexec Binlib -/usr/local/bin Binlib -/usr/local/sbin Binlib -#/usr/games Binlib -# Libraries -/lib(64)? Binlib -/usr/lib(64)? Binlib -/usr/local/lib(64)? Binlib -# Log files -=/var/log$ StaticDir -#!/var/log/ksymoops -/var/log/aide/aide.log(.[0-9])?(.gz)? Databases -/var/log/aide/error.log(.[0-9])?(.gz)? Databases -#/var/log/setuid.changes(.[0-9])?(.gz)? Databases -!/var/log/aide -/var/log Logs -# Devices -!/dev/pts -# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, -# you may uncomment this to get rid of them. They're harmless but sometimes -# annoying. -#!/dev/cpu/mtrr -#!/dev/xconsole -/dev Devices -# Other miscellaneous files -/var/run$ StaticDir -!/var/run -# Test only the directory when dealing with /proc -/proc$ StaticDir -!/proc - -# You can look through these examples to get further ideas - -# MD5 sum files - especially useful with debsums -g -#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 - -# Check crontabs -#/var/spool/anacron/cron.daily Databases -#/var/spool/anacron/cron.monthly Databases -#/var/spool/anacron/cron.weekly Databases -#/var/spool/cron Databases -#/var/spool/cron/crontabs Databases - -# manpages can be trojaned, especially depending on *roff implementation -#/usr/man ManPages -#/usr/share/man ManPages -#/usr/local/man ManPages - -# docs -#/usr/doc ManPages -#/usr/share/doc ManPages - -# check users' home directories -#/home Binlib - -# check sources for modifications -#/usr/src L -#/usr/local/src L - -# Check headers for same -#/usr/include L -#/usr/local/include L |