aide.conf
Bill Tangren
bjt at aa.usno.navy.mil
Tue Oct 3 14:32:36 UTC 2006
Chris St. Pierre wrote:
> Bill--
>
> IANAAE (I Am Not An Aide Expert :), but here's one of my AIDE configs
> for a Postfix server we have:
>
> most=p+i+n+u+g+s+md5
>
> /sbin most
> /bin most
> /lib most
> /boot most
> /usr most
> /opt most
> /etc most
> !/**~
> !/**.cfsaved
> !/etc/ld.so.cache$
> !/etc/printcap$
> !/etc/lvm/.cache$
> !/etc/mtab$
> !/etc/aide$
> !/etc/cups$
> !/etc/nagios/*
> !/etc/postfix/prng_exch
> !/usr/share$
> !/etc/prelink.cache$
> !/etc/ssh/ssh_known_hosts$
> !/usr/local/var$
> !/usr/local/maint$
> !/etc/mail/spamassassin/local.cf$
>
> I'm not sure how *good* that config is; generally, I don't get too
> many changes to my db, but we've also never had an intrusion (that I
> know of :), so I'm not sure if this would alert me or not.
>
> HTH.
>
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University
Thanks!
>
> On Mon, 2 Oct 2006, Bill Tangren wrote:
>
>> Would whomever is using AIDE be willing to point out (back channel if you are
>> more comfortable with that) which directories to include and which options on
>> each directory for RHEL? I've seen several examples, including the one I found
>> here (http://www.cs.tut.fi/~rammer/aide/manual.html), but I'd like some input
>> on RHEL users on what is best to protect.
>>
>> Thanks!
>>
>> Bill Tangren
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>
More information about the redhat-list
mailing list