diff options
Diffstat (limited to 'recipes-ids/aide/aide/aide.conf')
-rw-r--r-- | recipes-ids/aide/aide/aide.conf | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/recipes-ids/aide/aide/aide.conf b/recipes-ids/aide/aide/aide.conf new file mode 100644 index 0000000..c4b917e --- /dev/null +++ b/recipes-ids/aide/aide/aide.conf @@ -0,0 +1,91 @@ +# Example configuration file for AIDE. + +@@define DBDIR /usr/lib/aide +@@define LOGDIR /usr/lib/aide/logs + +# The location of the database to be read. +database_in=file:@@{DBDIR}/aide.db.gz + +# The location of the database to be written. +#database_out=sql:host:port:database:login_name:passwd:table +#database_out=file:aide.db.new +database_out=file:@@{DBDIR}/aide.db.gz + +# Whether to gzip the output to database +gzip_dbout=yes + +# Default. +log_level=warning + +report_url=file:@@{LOGDIR}/aide.log +report_url=stdout +#report_url=stderr +#NOT IMPLEMENTED report_url=mailto:root@foo.com +#NOT IMPLEMENTED report_url=syslog:LOG_AUTH + +# These are the default rules. +# +#p: permissions +#i: inode: +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#acl: Access Control Lists +#selinux SELinux security context +#xattrs: Extended file attributes +#md5: md5 checksum +#sha1: sha1 checksum +#sha256: sha256 checksum +#sha512: sha512 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum + +#haval: haval checksum (MHASH only) +#gost: gost checksum (MHASH only) +#crc32: crc32 checksum (MHASH only) +#whirlpool: whirlpool checksum (MHASH only) + +FIPSR = p+u+g+s+acl+xattrs+sha256 + +#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 +#L: p+i+n+u+g+acl+selinux+xattrs +#E: Empty group +#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs + +# You can create custom rules like this. +# With MHASH... +# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 +ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger +# Everything but access time (Ie. all changes) +EVERYTHING = R+ALLXTRAHASHES + +# Sane, with multiple hashes +# NORMAL = R+rmd160+sha256+whirlpool +NORMAL = FIPSR+sha512 + +# For directories, don't bother doing hashes +DIR = p+u+g+acl+xattrs + +# Access control only +PERMS = p+u+g+acl + +# Logfile are special, in that they often change +LOG = > + +# Just do sha256 and sha512 hashes +LSPP = FIPSR+sha512 + +# Some files get updated automatically, so the inode/ctime/mtime change +# but we want to know when the data inside them changes +DATAONLY = p+u+g+s+acl+xattrs+sha256 + +# Next decide what directories/files you want in the database. + +# Check only permissions, inode, user and group for /etc, but +# cover some important files closely. |