rpms / aide

Clone
Source Code
GIT

Blame SOURCES/aide.conf

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-ppc64le c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 fc6 master
  1.   c8-beta
  2.   SOURCES
  3.   aide.conf
Blob History Raw
2e9c9a 
# Example configuration file for AIDE.
2e9c9a
2e9c9a 
@@define DBDIR /var/lib/aide
2e9c9a 
@@define LOGDIR /var/log/aide
2e9c9a
2e9c9a 
# The location of the database to be read.
2e9c9a 
database=file:@@{DBDIR}/aide.db.gz
2e9c9a
2e9c9a 
# The location of the database to be written.
2e9c9a 
#database_out=sql:host:port:database:login_name:passwd:table
2e9c9a 
#database_out=file:aide.db.new
2e9c9a 
database_out=file:@@{DBDIR}/aide.db.new.gz
2e9c9a
2e9c9a 
# Whether to gzip the output to database
2e9c9a 
gzip_dbout=yes
2e9c9a
2e9c9a 
# Default.
2e9c9a 
verbose=5
2e9c9a
2e9c9a 
report_url=file:@@{LOGDIR}/aide.log
2e9c9a 
report_url=stdout
2e9c9a 
#report_url=stderr
2e9c9a 
#NOT IMPLEMENTED report_url=mailto:root@foo.com
2e9c9a 
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
2e9c9a
2e9c9a 
# These are the default rules.
2e9c9a 
#
2e9c9a 
#p:      permissions
2e9c9a 
#i:      inode:
2e9c9a 
#n:      number of links
2e9c9a 
#u:      user
2e9c9a 
#g:      group
2e9c9a 
#s:      size
2e9c9a 
#b:      block count
2e9c9a 
#m:      mtime
2e9c9a 
#a:      atime
2e9c9a 
#c:      ctime
2e9c9a 
#S:      check for growing size
2e9c9a 
#acl:           Access Control Lists
2e9c9a 
#selinux        SELinux security context
2e9c9a 
#xattrs:        Extended file attributes
2e9c9a 
#md5:    md5 checksum
2e9c9a 
#sha1:   sha1 checksum
2e9c9a 
#sha256:        sha256 checksum
2e9c9a 
#sha512:        sha512 checksum
2e9c9a 
#rmd160: rmd160 checksum
2e9c9a 
#tiger:  tiger checksum
2e9c9a
2e9c9a 
#haval:  haval checksum (MHASH only)
2e9c9a 
#gost:   gost checksum (MHASH only)
2e9c9a 
#crc32:  crc32 checksum (MHASH only)
2e9c9a 
#whirlpool:     whirlpool checksum (MHASH only)
2e9c9a
2e9c9a 
#R:             p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
2e9c9a 
#L:             p+i+n+u+g+acl+selinux+xattrs
2e9c9a 
#E:             Empty group
2e9c9a 
#>:             Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
2e9c9a
2e9c9a 
# You can create custom rules like this.
2e9c9a 
# With MHASH...
2e9c9a 
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
2e9c9a 
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
2e9c9a 
# Everything but access time (Ie. all changes)
2e9c9a 
EVERYTHING = R+ALLXTRAHASHES
2e9c9a
2e9c9a 
# Sane
2e9c9a 
# NORMAL = R+sha512
2e9c9a 
NORMAL = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha512
2e9c9a
2e9c9a 
# For directories, don't bother doing hashes
2e9c9a 
DIR = p+i+n+u+g+acl+selinux+xattrs
2e9c9a
2e9c9a 
# Access control only
2e9c9a 
PERMS = p+u+g+acl+selinux+xattrs
2e9c9a
2e9c9a 
# Logfile are special, in that they often change
2e9c9a 
LOG = p+u+g+n+S+acl+selinux+xattrs
2e9c9a
2e9c9a 
# Content + file type.
2e9c9a 
CONTENT = sha512+ftype
2e9c9a
2e9c9a 
# Extended content + file type + access.
2e9c9a 
CONTENT_EX = sha512+ftype+p+u+g+n+acl+selinux+xattrs
2e9c9a
2e9c9a 
# Some files get updated automatically, so the inode/ctime/mtime change
2e9c9a 
# but we want to know when the data inside them changes
2e9c9a 
DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
2e9c9a
2e9c9a 
# Next decide what directories/files you want in the database.
2e9c9a
925534 
/boot       CONTENT_EX
925534 
/opt        CONTENT
2e9c9a
2e9c9a 
# Admins dot files constantly change, just check perms
2e9c9a 
/root/\..* PERMS
2e9c9a 
# Otherwise get all of /root.
925534 
/root   CONTENT_EX
2e9c9a
2e9c9a 
# These are too volatile
925534 
!/usr/src
925534 
!/usr/tmp
2e9c9a
2e9c9a 
# Otherwise get all of /usr.
925534 
/usr    CONTENT_EX
2e9c9a
2e9c9a 
# trusted databases
2e9c9a 
/etc/hosts$      CONTENT_EX
2e9c9a 
/etc/host.conf$  CONTENT_EX
2e9c9a 
/etc/hostname$   CONTENT_EX
2e9c9a 
/etc/issue$      CONTENT_EX
2e9c9a 
/etc/issue.net$  CONTENT_EX
2e9c9a 
/etc/protocols$  CONTENT_EX
2e9c9a 
/etc/services$   CONTENT_EX
2e9c9a 
/etc/localtime$  CONTENT_EX
925534 
/etc/alternatives CONTENT_EX
2e9c9a 
/etc/sysconfig   CONTENT_EX
2e9c9a 
/etc/mime.types$ CONTENT_EX
925534 
/etc/terminfo    CONTENT_EX
2e9c9a 
/etc/exports$    CONTENT_EX
2e9c9a 
/etc/fstab$      CONTENT_EX
2e9c9a 
/etc/passwd$     CONTENT_EX
2e9c9a 
/etc/group$      CONTENT_EX
2e9c9a 
/etc/gshadow$    CONTENT_EX
2e9c9a 
/etc/shadow$     CONTENT_EX
2e9c9a 
/etc/subgid$     CONTENT_EX
2e9c9a 
/etc/subuid$     CONTENT_EX
2e9c9a 
/etc/security/opasswd$ CONTENT_EX
925534 
/etc/skel        CONTENT_EX
2e9c9a 
/etc/subuid$     CONTENT_EX
2e9c9a 
/etc/subgid$     CONTENT_EX
925534 
/etc/sssd        CONTENT_EX
2e9c9a 
/etc/machine-id$ CONTENT_EX
925534 
/etc/swid        CONTENT_EX
2e9c9a 
/etc/system-release-cpe$ CONTENT_EX
2e9c9a 
/etc/shells$     CONTENT_EX
2e9c9a 
/etc/tmux.conf$  CONTENT_EX
2e9c9a 
/etc/xattr.conf$ CONTENT_EX
2e9c9a
2e9c9a
2e9c9a 
# networking
2e9c9a 
/etc/hosts.allow$   CONTENT_EX
2e9c9a 
/etc/hosts.deny$    CONTENT_EX
925534 
/etc/firewalld      CONTENT_EX
925534 
!/etc/NetworkManager/system-connections
925534 
/etc/NetworkManager CONTENT_EX
2e9c9a 
/etc/networks$ CONTENT_EX
925534 
/etc/dhcp CONTENT_EX
925534 
/etc/wpa_supplicant CONTENT_EX
2e9c9a 
/etc/resolv.conf$ DATAONLY
2e9c9a 
/etc/nscd.conf$ CONTENT_EX
2e9c9a
2e9c9a 
# logins and accounts
2e9c9a 
/etc/login.defs$ CONTENT_EX
2e9c9a 
/etc/libuser.conf$ CONTENT_EX
2e9c9a 
/var/log/faillog$ PERMS
2e9c9a 
/var/log/lastlog$ PERMS
925534 
/var/run/faillock PERMS
925534 
/etc/pam.d CONTENT_EX
925534 
/etc/security CONTENT_EX
2e9c9a 
/etc/securetty$ CONTENT_EX
925534 
/etc/polkit-1 CONTENT_EX
2e9c9a 
/etc/sudo.conf$ CONTENT_EX
925534 
/etc/sudoers$ CONTENT_EX
925534 
/etc/sudoers.d CONTENT_EX
2e9c9a
2e9c9a 
# Shell/X startup files
2e9c9a 
/etc/profile$ CONTENT_EX
925534 
/etc/profile.d CONTENT_EX
2e9c9a 
/etc/bashrc$ CONTENT_EX
925534 
/etc/bash_completion.d CONTENT_EX
2e9c9a 
/etc/zprofile$ CONTENT_EX
2e9c9a 
/etc/zshrc$ CONTENT_EX
2e9c9a 
/etc/zlogin$ CONTENT_EX
2e9c9a 
/etc/zlogout$ CONTENT_EX
925534 
/etc/X11 CONTENT_EX
2e9c9a
2e9c9a 
# Pkg manager
925534 
/etc/dnf CONTENT_EX
2e9c9a 
/etc/yum.conf$ CONTENT_EX
925534 
/etc/yum CONTENT_EX
925534 
/etc/yum.repos.d CONTENT_EX
2e9c9a
2e9c9a 
# This gets new/removes-old filenames daily
2e9c9a 
!/var/log/sa
2e9c9a 
# As we are checking it, we've truncated yesterdays size to zero.
2e9c9a 
!/var/log/aide.log
2e9c9a
2e9c9a 
# auditing
2e9c9a 
# AIDE produces an audit record, so this becomes perpetual motion.
925534 
/var/log/audit PERMS
925534 
/etc/audit CONTENT_EX
2e9c9a 
/etc/libaudit.conf$ CONTENT_EX
2e9c9a 
/etc/aide.conf$  CONTENT_EX
2e9c9a
2e9c9a 
# System logs
2e9c9a 
/etc/rsyslog.conf$ CONTENT_EX
925534 
/etc/rsyslog.d CONTENT_EX
2e9c9a 
/etc/logrotate.conf$ CONTENT_EX
925534 
/etc/logrotate.d CONTENT_EX
2e9c9a 
/etc/systemd/journald.conf$ CONTENT_EX
925534 
/var/log LOG+ANF+ARF
2e9c9a 
/var/run/utmp LOG
2e9c9a
2e9c9a 
# secrets
925534 
/etc/pkcs11 CONTENT_EX
925534 
/etc/pki CONTENT_EX
925534 
/etc/crypto-policies CONTENT_EX
925534 
/etc/certmonger CONTENT_EX
2e9c9a 
/var/lib/systemd/random-seed$ PERMS
2e9c9a
2e9c9a 
# init system
925534 
/etc/systemd CONTENT_EX
925534 
/etc/rc.d CONTENT_EX
925534 
/etc/tmpfiles.d CONTENT_EX
2e9c9a
2e9c9a 
# boot config
925534 
/etc/default CONTENT_EX
925534 
/etc/grub.d CONTENT_EX
925534 
/etc/dracut.conf$ CONTENT_EX
925534 
/etc/dracut.conf.d CONTENT_EX
2e9c9a
2e9c9a 
# glibc linker
2e9c9a 
/etc/ld.so.cache$ CONTENT_EX
2e9c9a 
/etc/ld.so.conf$ CONTENT_EX
925534 
/etc/ld.so.conf.d CONTENT_EX
2e9c9a 
/etc/ld.so.preload$ CONTENT_EX
2e9c9a
2e9c9a 
# kernel config
925534 
/etc/sysctl.conf$ CONTENT_EX
925534 
/etc/sysctl.d CONTENT_EX
925534 
/etc/modprobe.d CONTENT_EX
925534 
/etc/modules-load.d CONTENT_EX
925534 
/etc/depmod.d CONTENT_EX
925534 
/etc/udev CONTENT_EX
2e9c9a 
/etc/crypttab$ CONTENT_EX
2e9c9a
2e9c9a 
#### Daemons ####
2e9c9a
2e9c9a 
# cron jobs
925534 
/var/spool/at CONTENT
2e9c9a 
/etc/at.allow$ CONTENT
2e9c9a 
/etc/at.deny$ CONTENT
2e9c9a 
/var/spool/anacron CONTENT
2e9c9a 
/etc/anacrontab$ CONTENT_EX
2e9c9a 
/etc/cron.allow$ CONTENT_EX
2e9c9a 
/etc/cron.deny$ CONTENT_EX
925534 
/etc/cron.d CONTENT_EX
925534 
/etc/cron.daily CONTENT_EX
925534 
/etc/cron.hourly CONTENT_EX
925534 
/etc/cron.monthly CONTENT_EX
925534 
/etc/cron.weekly CONTENT_EX
2e9c9a 
/etc/crontab$ CONTENT_EX
925534 
/var/spool/cron/root CONTENT
2e9c9a
2e9c9a 
# time keeping
925534 
/etc/chrony.conf$ CONTENT_EX
2e9c9a 
/etc/chrony.keys$ CONTENT_EX
2e9c9a
2e9c9a 
# mail
2e9c9a 
/etc/aliases$ CONTENT_EX
2e9c9a 
/etc/aliases.db$ CONTENT_EX
925534 
/etc/postfix CONTENT_EX
2e9c9a
2e9c9a 
# ssh
925534 
/etc/ssh/sshd_config$ CONTENT_EX
925534 
/etc/ssh/ssh_config$ CONTENT_EX
2e9c9a
2e9c9a 
# stunnel
925534 
/etc/stunnel CONTENT_EX
2e9c9a
2e9c9a 
# printing
925534 
/etc/cups CONTENT_EX
925534 
/etc/cupshelpers CONTENT_EX
925534 
/etc/avahi CONTENT_EX
2e9c9a
2e9c9a 
# web server
925534 
/etc/httpd CONTENT_EX
2e9c9a
2e9c9a 
# dns
925534 
/etc/named CONTENT_EX
2e9c9a 
/etc/named.conf$ CONTENT_EX
2e9c9a 
/etc/named.iscdlv.key$ CONTENT_EX
2e9c9a 
/etc/named.rfc1912.zones$ CONTENT_EX
2e9c9a 
/etc/named.root.key$ CONTENT_EX
2e9c9a
2e9c9a 
# xinetd
2e9c9a 
/etc/xinetd.conf$ CONTENT_EX
925534 
/etc/xinetd.d CONTENT_EX
2e9c9a
2e9c9a 
# IPsec
925534 
/etc/ipsec.conf$ CONTENT_EX
925534 
/etc/ipsec.secrets$ CONTENT_EX
925534 
/etc/ipsec.d CONTENT_EX
2e9c9a
2e9c9a 
# USB guard
925534 
/etc/usbguard CONTENT_EX
2e9c9a
2e9c9a 
# Ignore some files
2e9c9a 
!/etc/mtab$
2e9c9a 
!/etc/.*~
2e9c9a
2e9c9a 
# Now everything else
925534 
/etc    PERMS
2e9c9a
2e9c9a
2e9c9a 
# With AIDE's default verbosity level of 5, these would give lots of
2e9c9a 
# warnings upon tree traversal. It might change with future version.
2e9c9a 
#
2e9c9a 
#=/lost\+found    DIR
2e9c9a 
#=/home           DIR
2e9c9a
2e9c9a 
# Ditto /var/log/sa reason...
2e9c9a 
!/var/log/and-httpd
2e9c9a
2e9c9a 
# Admins dot files constantly change, just check perms
2e9c9a 
/root/\..* PERMS
2e9c9a 
!/root/.xauth*

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation