# # AIDE Configuration file for systemd service aide.service # # # Configuration parameters # database_in=file:/var/lib/aide/aide.db database_out=file:/var/lib/aide/aide.db.new report_url=file:/var/log/aide_service.log warn_dead_symlinks=yes # # Custom rules # Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 Logs = p+i+n+u+g+S Devices = p+i+n+u+g+s+b+c+sha256+sha512 Databases = p+n+u+g StaticDir = p+i+n+u+g ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 # # Directories and files # # Kernel, system map, etc. /boot Binlib # watch config files, but exclude, what changes at boot time, ... !/etc/mtab !/etc/lvm* /etc ConfFiles # Binaries /bin Binlib /sbin Binlib # Libraries /lib Binlib # Complete /usr and /opt /usr Binlib /opt Binlib # Log files /var/log$ StaticDir #/var/log/aide/aide.log(.[0-9])?(.gz)? Databases #/var/log/aide/error.log(.[0-9])?(.gz)? Databases #/var/log/setuid.changes(.[0-9])?(.gz)? Databases /var/log Logs # Devices !/dev/pts /dev Devices # Other miscellaneous files /var/run$ StaticDir !/var/run /var/lib Databases # Test only the directory when dealing with /proc /proc$ StaticDir !/proc # manpages can be trojaned, especially depending on *roff implementation #/usr/man ManPages #/usr/share/man ManPages #/usr/local/man ManPages # check sources for modifications #/usr/src L #/usr/local/src L # Check headers for same #/usr/include L #/usr/local/include L