aide/aide.conf

# Example configuration file for AIDE.

@@define DBDIR /var/lib/aide

# The location of the database to be read.
database=file:@@{DBDIR}/aide.db.gz

# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:@@{DBDIR}/aide.db.new.gz

# Whether to gzip the output to database
gzip_dbout=yes

# Default.
verbose=5

report_url=file:/var/log/aide.log
report_url=stdout
#report_url=stderr
#NOT IMPLEMENTED report_url=mailto:root@foo.com
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH

# These are the default rules.
#
#p:      permissions
#i:      inode:
#n:      number of links
#u:      user
#g:      group
#s:      size
#b:      block count
#m:      mtime
#a:      atime
#c:      ctime
#S:      check for growing size
#md5:    md5 checksum
#sha1:   sha1 checksum
#rmd160: rmd160 checksum
#tiger:  tiger checksum
#haval:  haval checksum
#gost:   gost checksum
#crc32:  crc32 checksum
#R:      p+i+n+u+g+s+m+c+md5
#L:      p+i+n+u+g
#E:      Empty group
#>:      Growing logfile p+u+g+i+n+S

# You can create custom rules like this.

NORMAL = R+b+sha1

DIR = p+i+n+u+g

# Next decide what directories/files you want in the database.

/boot   NORMAL
/bin    NORMAL
/sbin   NORMAL
/lib    NORMAL
/opt    NORMAL
/usr    NORMAL
/root   NORMAL

# Check only permissions, inode, user and group for /etc, but
# cover some important files closely.
/etc    p+i+u+g
!/etc/mtab
/etc/exports  NORMAL
/etc/fstab    NORMAL
/etc/passwd   NORMAL
/etc/group    NORMAL
/etc/gshadow  NORMAL
/etc/shadow   NORMAL

/var/log   p+n+u+g

# With AIDE's default verbosity level of 5, these would give lots of
# warnings upon tree traversal. It might change with future version.
#
#=/lost\+found    DIR
#=/home           DIR
auto-import changelog data from aide-0.10-0.fdr.0.1.cvs20031104.rh90.src.rpm 0.10-0.fdr.0.1.cvs20031104 - Only tar.gz available upstream. - byacc not needed when bison -y is available. - Installed Russian manual pages. - Updated with changes from CVS (2003-11-04). - getopt patch merged upstream. - bison-1.35 patch incorporated upstream. 0.9-0.fdr.0.2.20030902 - Added fixes for further memleaks. 0.9-0.fdr.0.1.20030902 - Initial package version. 2004-11-08 04:00:58 +00:00			`# Example configuration file for AIDE.`

			`@@define DBDIR /var/lib/aide`

			`# The location of the database to be read.`
			`database=file:@@{DBDIR}/aide.db.gz`

			`# The location of the database to be written.`
			`#database_out=sql:host:port:database:login_name:passwd:table`
			`#database_out=file:aide.db.new`
			`database_out=file:@@{DBDIR}/aide.db.new.gz`

			`# Whether to gzip the output to database`
			`gzip_dbout=yes`

			`# Default.`
			`verbose=5`

			`report_url=file:/var/log/aide.log`
			`report_url=stdout`
			`#report_url=stderr`
			`#NOT IMPLEMENTED report_url=mailto:root@foo.com`
			`#NOT IMPLEMENTED report_url=syslog:LOG_AUTH`

			`# These are the default rules.`
			`#`
			`#p: permissions`
			`#i: inode:`
			`#n: number of links`
			`#u: user`
			`#g: group`
			`#s: size`
			`#b: block count`
			`#m: mtime`
			`#a: atime`
			`#c: ctime`
			`#S: check for growing size`
			`#md5: md5 checksum`
			`#sha1: sha1 checksum`
			`#rmd160: rmd160 checksum`
			`#tiger: tiger checksum`
			`#haval: haval checksum`
			`#gost: gost checksum`
			`#crc32: crc32 checksum`
			`#R: p+i+n+u+g+s+m+c+md5`
			`#L: p+i+n+u+g`
			`#E: Empty group`
			`#>: Growing logfile p+u+g+i+n+S`

			`# You can create custom rules like this.`

			`NORMAL = R+b+sha1`

			`DIR = p+i+n+u+g`

			`# Next decide what directories/files you want in the database.`

			`/boot NORMAL`
			`/bin NORMAL`
			`/sbin NORMAL`
			`/lib NORMAL`
			`/opt NORMAL`
			`/usr NORMAL`
			`/root NORMAL`

			`# Check only permissions, inode, user and group for /etc, but`
			`# cover some important files closely.`
			`/etc p+i+u+g`
			`!/etc/mtab`
			`/etc/exports NORMAL`
			`/etc/fstab NORMAL`
			`/etc/passwd NORMAL`
			`/etc/group NORMAL`
			`/etc/gshadow NORMAL`
			`/etc/shadow NORMAL`

			`/var/log p+n+u+g`

			`# With AIDE's default verbosity level of 5, these would give lots of`
			`# warnings upon tree traversal. It might change with future version.`
			`#`
			`#=/lost\+found DIR`
			`#=/home DIR`