meta-security/recipes-ids/aide/aide/aide.conf - openbmc/openbmc - Gitiles

 # Example configuration file for AIDE.

 @@define DBDIR /usr/lib/aide
 @@define LOGDIR /usr/lib/aide/logs

 # The location of the database to be read.
 database_in=file:@@{DBDIR}/aide.db.gz

 # The location of the database to be written.
 #database_out=sql:host:port:database:login_name:passwd:table
 #database_out=file:aide.db.new
 database_out=file:@@{DBDIR}/aide.db.gz

 # Whether to gzip the output to database
 gzip_dbout=yes

 # Default.
 log_level=warning

 report_url=file:@@{LOGDIR}/aide.log
 report_url=stdout
 #report_url=stderr
 #NOT IMPLEMENTED report_url=mailto:root@foo.com
 #NOT IMPLEMENTED report_url=syslog:LOG_AUTH

 # These are the default rules.
 #
 #p:      permissions
 #i:      inode:
 #n:      number of links
 #u:      user
 #g:      group
 #s:      size
 #b:      block count
 #m:      mtime
 #a:      atime
 #c:      ctime
 #S:      check for growing size
 #acl:           Access Control Lists
 #selinux        SELinux security context
 #xattrs:        Extended file attributes
 #md5:    md5 checksum
 #sha1:   sha1 checksum
 #sha256:        sha256 checksum
 #sha512:        sha512 checksum
 #rmd160: rmd160 checksum
 #tiger:  tiger checksum

 #haval:  haval checksum (MHASH only)
 #gost:   gost checksum (MHASH only)
 #crc32:  crc32 checksum (MHASH only)
 #whirlpool:     whirlpool checksum (MHASH only)

 FIPSR = p+u+g+s+acl+xattrs+sha256

 #R:             p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
 #L:             p+i+n+u+g+acl+selinux+xattrs
 #E:             Empty group
 #>:             Growing logfile p+u+g+i+n+S+acl+selinux+xattrs

 # You can create custom rules like this.
 # With MHASH...
 # ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
 ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
 # Everything but access time (Ie. all changes)
 EVERYTHING = R+ALLXTRAHASHES

 # Sane, with multiple hashes
 # NORMAL = R+rmd160+sha256+whirlpool
 NORMAL = FIPSR+sha512

 # For directories, don't bother doing hashes
 DIR = p+u+g+acl+xattrs

 # Access control only
 PERMS = p+u+g+acl

 # Logfile are special, in that they often change
 LOG = >

 # Just do sha256 and sha512 hashes
 LSPP = FIPSR+sha512

 # Some files get updated automatically, so the inode/ctime/mtime change
 # but we want to know when the data inside them changes
 DATAONLY =  p+u+g+s+acl+xattrs+sha256

 # Next decide what directories/files you want in the database.

 # Check only permissions, inode, user and group for /etc, but
 # cover some important files closely.
	# Example configuration file for AIDE.

	@@define DBDIR /usr/lib/aide
	@@define LOGDIR /usr/lib/aide/logs

	# The location of the database to be read.
	database_in=file:@@{DBDIR}/aide.db.gz

	# The location of the database to be written.
	#database_out=sql:host:port:database:login_name:passwd:table
	#database_out=file:aide.db.new
	database_out=file:@@{DBDIR}/aide.db.gz

	# Whether to gzip the output to database
	gzip_dbout=yes

	# Default.
	log_level=warning

	report_url=file:@@{LOGDIR}/aide.log
	report_url=stdout
	#report_url=stderr
	#NOT IMPLEMENTED report_url=mailto:root@foo.com
	#NOT IMPLEMENTED report_url=syslog:LOG_AUTH

	# These are the default rules.
	#
	#p: permissions
	#i: inode:
	#n: number of links
	#u: user
	#g: group
	#s: size
	#b: block count
	#m: mtime
	#a: atime
	#c: ctime
	#S: check for growing size
	#acl: Access Control Lists
	#selinux SELinux security context
	#xattrs: Extended file attributes
	#md5: md5 checksum
	#sha1: sha1 checksum
	#sha256: sha256 checksum
	#sha512: sha512 checksum
	#rmd160: rmd160 checksum
	#tiger: tiger checksum

	#haval: haval checksum (MHASH only)
	#gost: gost checksum (MHASH only)
	#crc32: crc32 checksum (MHASH only)
	#whirlpool: whirlpool checksum (MHASH only)

	FIPSR = p+u+g+s+acl+xattrs+sha256

	#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
	#L: p+i+n+u+g+acl+selinux+xattrs
	#E: Empty group
	#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs

	# You can create custom rules like this.
	# With MHASH...
	# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
	ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
	# Everything but access time (Ie. all changes)
	EVERYTHING = R+ALLXTRAHASHES

	# Sane, with multiple hashes
	# NORMAL = R+rmd160+sha256+whirlpool
	NORMAL = FIPSR+sha512

	# For directories, don't bother doing hashes
	DIR = p+u+g+acl+xattrs

	# Access control only
	PERMS = p+u+g+acl

	# Logfile are special, in that they often change
	LOG = >

	# Just do sha256 and sha512 hashes
	LSPP = FIPSR+sha512

	# Some files get updated automatically, so the inode/ctime/mtime change
	# but we want to know when the data inside them changes
	DATAONLY = p+u+g+s+acl+xattrs+sha256

	# Next decide what directories/files you want in the database.

	# Check only permissions, inode, user and group for /etc, but
	# cover some important files closely.