aide.conf
Chris St. Pierre
stpierre at NebrWesleyan.edu
Tue Oct 3 14:22:27 UTC 2006
Bill--
IANAAE (I Am Not An Aide Expert :), but here's one of my AIDE configs
for a Postfix server we have:
most=p+i+n+u+g+s+md5
/sbin most
/bin most
/lib most
/boot most
/usr most
/opt most
/etc most
!/**~
!/**.cfsaved
!/etc/ld.so.cache$
!/etc/printcap$
!/etc/lvm/.cache$
!/etc/mtab$
!/etc/aide$
!/etc/cups$
!/etc/nagios/*
!/etc/postfix/prng_exch
!/usr/share$
!/etc/prelink.cache$
!/etc/ssh/ssh_known_hosts$
!/usr/local/var$
!/usr/local/maint$
!/etc/mail/spamassassin/local.cf$
I'm not sure how *good* that config is; generally, I don't get too
many changes to my db, but we've also never had an intrusion (that I
know of :), so I'm not sure if this would alert me or not.
HTH.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Mon, 2 Oct 2006, Bill Tangren wrote:
> Would whomever is using AIDE be willing to point out (back channel if you are
> more comfortable with that) which directories to include and which options on
> each directory for RHEL? I've seen several examples, including the one I found
> here (http://www.cs.tut.fi/~rammer/aide/manual.html), but I'd like some input
> on RHEL users on what is best to protect.
>
> Thanks!
>
> Bill Tangren
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
More information about the redhat-list
mailing list