Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-forensics/aide/files/aide.conf
diff options
context:
space:
mode:
Diffstat (limited to 'app-forensics/aide/files/aide.conf')
-rw-r--r--app-forensics/aide/files/aide.conf115
1 files changed, 115 insertions, 0 deletions
diff --git a/app-forensics/aide/files/aide.conf b/app-forensics/aide/files/aide.conf
new file mode 100644
index 000000000000..cef1813db9f8
--- /dev/null
+++ b/app-forensics/aide/files/aide.conf
@@ -0,0 +1,115 @@
+# AIDE conf
+
+database=file:/var/lib/aide/aide.db
+database_out=file:/var/lib/aide/aide.db.new
+
+# Change this to "no" or remove it to not gzip output
+# (only useful on systems with few CPU cycles to spare)
+gzip_dbout=yes
+
+# Here are all the things we can check - these are the default rules
+#
+#p: permissions
+#i: inode
+#n: number of links
+#u: user
+#g: group
+#s: size
+#b: block count
+#m: mtime
+#a: atime
+#c: ctime
+#S: check for growing size
+#md5: md5 checksum
+#sha1: sha1 checksum
+#rmd160: rmd160 checksum
+#tiger: tiger checksum
+#R: p+i+n+u+g+s+m+c+md5
+#L: p+i+n+u+g
+#E: Empty group
+#>: Growing logfile p+u+g+i+n+S
+#haval: haval checksum
+#gost: gost checksum
+#crc32: crc32 checksum
+
+# Defines formerly set here have been moved to /etc/default/aide.
+
+# Custom rules
+Binlib = p+i+n+u+g+s+b+m+c+md5+sha1
+ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1
+Logs = p+i+n+u+g+S
+Devices = p+i+n+u+g+s+b+c+md5+sha1
+Databases = p+n+u+g
+StaticDir = p+i+n+u+g
+ManPages = p+i+n+u+g+s+b+m+c+md5+sha1
+
+# Next decide what directories/files you want in the database
+
+# Kernel, system map, etc.
+=/boot$ Binlib
+# Binaries
+/bin Binlib
+/sbin Binlib
+/usr/bin Binlib
+/usr/sbin Binlib
+/usr/local/bin Binlib
+/usr/local/sbin Binlib
+#/usr/games Binlib
+# Libraries
+/lib Binlib
+/usr/lib Binlib
+/usr/local/lib Binlib
+# Log files
+=/var/log$ StaticDir
+#!/var/log/ksymoops
+/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
+/var/log/aide/error.log(.[0-9])?(.gz)? Databases
+#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
+!/var/log/aide
+/var/log Logs
+# Devices
+!/dev/pts
+# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr,
+# you may uncomment this to get rid of them. They're harmless but sometimes
+# annoying.
+#!/dev/cpu/mtrr
+#!/dev/xconsole
+/dev Devices
+# Other miscellaneous files
+/var/run$ StaticDir
+!/var/run
+# Test only the directory when dealing with /proc
+/proc$ StaticDir
+!/proc
+
+# You can look through these examples to get further ideas
+
+# MD5 sum files - especially useful with debsums -g
+#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1
+
+# Check crontabs
+#/var/spool/anacron/cron.daily Databases
+#/var/spool/anacron/cron.monthly Databases
+#/var/spool/anacron/cron.weekly Databases
+#/var/spool/cron Databases
+#/var/spool/cron/crontabs Databases
+
+# manpages can be trojaned, especially depending on *roff implementation
+#/usr/man ManPages
+#/usr/share/man ManPages
+#/usr/local/man ManPages
+
+# docs
+#/usr/doc ManPages
+#/usr/share/doc ManPages
+
+# check users' home directories
+#/home Binlib
+
+# check sources for modifications
+#/usr/src L
+#/usr/local/src L
+
+# Check headers for same
+#/usr/include L
+#/usr/local/include L