Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1951417 Details for
Bug 2175684
AIDE compliancy
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh90 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
Aide config file
aide.conf (text/plain), 4.63 KB, created by
pierre.lemmers
on 2023-03-17 09:32:44 UTC
(
hide
)
Description:
Aide config file
Filename:
MIME Type:
Creator:
pierre.lemmers
Created:
2023-03-17 09:32:44 UTC
Size:
4.63 KB
patch
obsolete
># Example configuration file for AIDE. > >@@define DBDIR /var/lib/aide >@@define LOGDIR /var/log/aide > ># The location of the database to be read. >database=file:@@{DBDIR}/aide.db.gz > ># The location of the database to be written. >#database_out=sql:host:port:database:login_name:passwd:table >#database_out=file:aide.db.new >database_out=file:@@{DBDIR}/aide.db.new.gz > ># Whether to gzip the output to database >gzip_dbout=yes > ># Default. >verbose=5 > >syslog_format=yes >report_url=file:@@{LOGDIR}/aide.log >report_url=syslog:LOG_AUTH > ># These are the default rules. ># >#p: permissions >#i: inode: >#n: number of links >#u: user >#g: group >#s: size >#b: block count >#m: mtime >#a: atime >#c: ctime >#S: check for growing size >#acl: Access Control Lists >#selinux SELinux security context >#xattrs: Extended file attributes >#md5: md5 checksum >#sha1: sha1 checksum >#sha256: sha256 checksum >#sha512: sha512 checksum >#rmd160: rmd160 checksum >#tiger: tiger checksum > >#haval: haval checksum (MHASH only) >#gost: gost checksum (MHASH only) >#crc32: crc32 checksum (MHASH only) >#whirlpool: whirlpool checksum (MHASH only) > >#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 >#L: p+i+n+u+g+acl+selinux+xattrs >#E: Empty group >#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs > ># You can create custom rules like this. ># With MHASH... ># ALLXTRAHASHES = sha1+rmd160+sha512+whirlpool+tiger+haval+gost+crc32 >ALLXTRAHASHES = sha512 ># Everything but access time (Ie. all changes) >EVERYTHING = R+ALLXTRAHASHES+xattrs+acl+sha512 > ># Sane, with multiple hashes ># NORMAL = R+rmd160+sha512+whirlpool >NORMAL = R+sha512+xattrs+acl > ># For directories, don't bother doing hashes >DIR = p+i+n+u+g+acl+selinux+xattrs+sha512 > ># Access control only >PERMS = p+i+u+g+acl+selinux+xattrs+sha512 > ># Logfile are special, in that they often change >LOG = >+xattrs+acl+sha512 > ># Just do md5 and sha256 hashes >LSPP = R+sha512+xattrs+acl > ># Some files get updated automatically, so the inode/ctime/mtime change ># but we want to know when the data inside them changes >DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha512 > ># Next decide what directories/files you want in the database. > >/boot NORMAL >/bin NORMAL >/sbin NORMAL >/lib NORMAL >/lib64 NORMAL >/opt NORMAL >/usr NORMAL >/root NORMAL ># These are too volatile >!/usr/src >!/usr/tmp > ># Check only permissions, inode, user and group for /etc, but ># cover some important files closely. >/etc PERMS >!/etc/mtab ># Ignore backup files >!/etc/.*~ >/etc/exports NORMAL >/etc/fstab NORMAL >/etc/passwd NORMAL >/etc/group NORMAL >/etc/gshadow NORMAL >/etc/shadow NORMAL >/etc/security/opasswd NORMAL > >/etc/hosts.allow NORMAL >/etc/hosts.deny NORMAL > >/etc/sudoers NORMAL >/etc/skel NORMAL > >/etc/logrotate.d NORMAL > >/etc/resolv.conf DATAONLY > >/etc/nscd.conf NORMAL >/etc/securetty NORMAL > ># Shell/X starting files >/etc/profile NORMAL >/etc/bashrc NORMAL >/etc/bash_completion.d/ NORMAL >/etc/login.defs NORMAL >/etc/zprofile NORMAL >/etc/zshrc NORMAL >/etc/zlogin NORMAL >/etc/zlogout NORMAL >/etc/profile.d/ NORMAL >/etc/X11/ NORMAL > ># Pkg manager >/etc/yum.conf NORMAL >/etc/yumex.conf NORMAL >/etc/yumex.profiles.conf NORMAL >/etc/yum/ NORMAL >/etc/yum.repos.d/ NORMAL > >!/var/log/ >!/usr/ibm/tivoli/ >!/usr/local/ctmag/ctm/temp/ >!/usr/local/ctmag/ctm/locks/ >!/opt/tivoli/cit/cache_data/ >!/opt/tivoli/cit/bin/etc/wscansw >!/opt/tivoli/cit/bin/etc/wscanfs > >/var/run/utmp LOG > ># LSPP rules... ># AIDE produces an audit record, so this becomes perpetual motion. ># /var/log/audit/ LSPP >/etc/audit/ LSPP >/etc/libaudit.conf LSPP >/usr/sbin/stunnel LSPP >/var/spool/at LSPP >/etc/at.allow LSPP >/etc/at.deny LSPP >/etc/cron.allow LSPP >/etc/cron.deny LSPP >/etc/cron.d/ LSPP >/etc/cron.daily/ LSPP >/etc/cron.hourly/ LSPP >/etc/cron.monthly/ LSPP >/etc/cron.weekly/ LSPP >/etc/crontab LSPP >/var/spool/cron/root LSPP > >/etc/login.defs LSPP >/etc/securetty LSPP > >/etc/hosts LSPP >/etc/sysconfig LSPP > >/etc/inittab LSPP >/etc/grub/ LSPP >/etc/rc.d LSPP > >/etc/ld.so.conf LSPP > >/etc/localtime LSPP > >/etc/sysctl.conf LSPP > >/etc/modprobe.conf LSPP > >/etc/pam.d LSPP >/etc/security LSPP >/etc/aliases LSPP >/etc/postfix LSPP > >/etc/ssh/sshd_config LSPP >/etc/ssh/ssh_config LSPP > >/etc/stunnel LSPP > >/etc/vsftpd.ftpusers LSPP >/etc/vsftpd LSPP > >/etc/issue LSPP >/etc/issue.net LSPP > >/etc/cups LSPP > ># With AIDE's default verbosity level of 5, these would give lots of ># warnings upon tree traversal. It might change with future version. ># >#=/lost\+found DIR >#=/home DIR > ># Admins dot files constantly change, just check perms >/root/\..* PERMS >!/opt/sophos-av/log/sophosav/mcs_envelope.log >!/root/cron_env.out >!/root/ksh_cron_env.out >!/var/run/utmp
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1951417">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2175684
:
1951416
| 1951417 |
1951418
|
1951431
|
1951432
|
1951434