# Example configuration file for AIDE. @ @define dbdir/var/lib/aide // Defining Variables Dbdir @ @define logdir/var/log/aide // Defining Variables LogDir # The location of the database is read. database=file:@@{dbdir}/aide.db.gz //aide The storage path of the file database (signature file) read when performing the check and its file name # The location of the database is written. #database_out =sql:host:port:database:login_name:passwd:table #database_out =file:aide.db.new database_out=file:@@{dbdir}/aide.db.new.gz // the storage path after the file database (signature file) is generated and its file name # Whether to gzip the output to database. Gzip_dbout=yes # Default. Verbose=5 report_url=file:@@{logdir}/aide.log // log file path report_url=stdout // The comparison results are standard output to the screen #report_url =stderr #NOT implemented Report_url=mailto:[email protected] #NOT implemented Report_url=syslog:log_auth # These is the default rules. # #p: Permissions // specifies that the letter P represents the permission #i: inode: // Specifies that the letter I represents the index node #n: Number of links // specifies that the letter n represents the number of links #u: User // specifies that the letter U represents the user #g: Group // Specify the letter G for the group #s: Size // specifies that the letter s represents the size #b: Block count // Specify the letter B to represent the number of blocks #m: Mtime // Specifies that m represents the content modification time #a: Atime // Specifies that a represents the last access time #c: CTime // Specifies that C represents a change in the properties or permissions of the file, and the time of the update #S: Check for growing size #acl: Access Control Lists #selinux SELinux Security Context #xattrs: Extended file attributes #md5: MD5 Checksum #sha1: SHA1 Checksum #sha256: sha256 Checksum #sha512: sha512 Checksum #rmd160: rmd160 Checksum #tiger: Tiger Checksum #haval: Haval checksum (Mhash only) #gost: Gost checksum (Mhash only) #crc32: CRC32 checksum (Mhash only) #whirlpool: Whirlpool Checksum (Mhash only) FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 #R: P+I+N+U+G+S+M+C+ACL+SELINUX+XATTRS+MD5 #L: P+i+n+u+g+acl+selinux+xattrs #E: Empty Group #>: Growing logfile P+u+g+i+n+s+acl+selinux+xattrs # You can create a custom rules like this. # with Mhash ... # allxtrahashes = Sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 Allxtrahashes = Sha1+rmd160+sha256+sha512+tiger # Everything but access time (Ie. All changes) everything = R+allxtrahashes # Sane, with one good hash. # NORMAL = sha256 NORMAL = sha256 /usr/local/mysql/normal // define the directory to be detected and what information is detected, normal is defined above /opt/normal !/usr/local/mysql/tttt.txt // exclamation point indicates what is not detected |