Initial commit
This commit is contained in:
Your Name
@@ -0,0 +1,91 @@
|
||||
# Example configuration file for AIDE.
|
||||
|
||||
@@define DBDIR /usr/lib/aide
|
||||
@@define LOGDIR /usr/lib/aide/logs
|
||||
|
||||
# The location of the database to be read.
|
||||
database_in=file:@@{DBDIR}/aide.db.gz
|
||||
|
||||
# The location of the database to be written.
|
||||
#database_out=sql:host:port:database:login_name:passwd:table
|
||||
#database_out=file:aide.db.new
|
||||
database_out=file:@@{DBDIR}/aide.db.gz
|
||||
|
||||
# Whether to gzip the output to database
|
||||
gzip_dbout=yes
|
||||
|
||||
# Default.
|
||||
log_level=warning
|
||||
|
||||
report_url=file:@@{LOGDIR}/aide.log
|
||||
report_url=stdout
|
||||
#report_url=stderr
|
||||
#NOT IMPLEMENTED report_url=mailto:root@foo.com
|
||||
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
|
||||
|
||||
# These are the default rules.
|
||||
#
|
||||
#p: permissions
|
||||
#i: inode:
|
||||
#n: number of links
|
||||
#u: user
|
||||
#g: group
|
||||
#s: size
|
||||
#b: block count
|
||||
#m: mtime
|
||||
#a: atime
|
||||
#c: ctime
|
||||
#S: check for growing size
|
||||
#acl: Access Control Lists
|
||||
#selinux SELinux security context
|
||||
#xattrs: Extended file attributes
|
||||
#md5: md5 checksum
|
||||
#sha1: sha1 checksum
|
||||
#sha256: sha256 checksum
|
||||
#sha512: sha512 checksum
|
||||
#rmd160: rmd160 checksum
|
||||
#tiger: tiger checksum
|
||||
|
||||
#haval: haval checksum (MHASH only)
|
||||
#gost: gost checksum (MHASH only)
|
||||
#crc32: crc32 checksum (MHASH only)
|
||||
#whirlpool: whirlpool checksum (MHASH only)
|
||||
|
||||
FIPSR = p+u+g+s+acl+xattrs+sha256
|
||||
|
||||
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
|
||||
#L: p+i+n+u+g+acl+selinux+xattrs
|
||||
#E: Empty group
|
||||
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
|
||||
|
||||
# You can create custom rules like this.
|
||||
# With MHASH...
|
||||
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
||||
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||
# Everything but access time (Ie. all changes)
|
||||
EVERYTHING = R+ALLXTRAHASHES
|
||||
|
||||
# Sane, with multiple hashes
|
||||
# NORMAL = R+rmd160+sha256+whirlpool
|
||||
NORMAL = FIPSR+sha512
|
||||
|
||||
# For directories, don't bother doing hashes
|
||||
DIR = p+u+g+acl+xattrs
|
||||
|
||||
# Access control only
|
||||
PERMS = p+u+g+acl
|
||||
|
||||
# Logfile are special, in that they often change
|
||||
LOG = >
|
||||
|
||||
# Just do sha256 and sha512 hashes
|
||||
LSPP = FIPSR+sha512
|
||||
|
||||
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||
# but we want to know when the data inside them changes
|
||||
DATAONLY = p+u+g+s+acl+xattrs+sha256
|
||||
|
||||
# Next decide what directories/files you want in the database.
|
||||
|
||||
# Check only permissions, inode, user and group for /etc, but
|
||||
# cover some important files closely.
|
||||
Reference in New Issue
Block a user