Re: aide.conf

[Bill Tangren <bjt aa usno navy mil>]

Chris St. Pierre wrote:
> Bill--
>
> IANAAE (I Am Not An Aide Expert :), but here's one of my AIDE configs
> for a Postfix server we have:
>
> most=p+i+n+u+g+s+md5
>
> /sbin most
> /bin most
> /lib most
> /boot most
> /usr most
> /opt most
> /etc most
> !/**~
> !/**.cfsaved
> !/etc/ld.so.cache$
> !/etc/printcap$
> !/etc/lvm/.cache$
> !/etc/mtab$
> !/etc/aide$
> !/etc/cups$
> !/etc/nagios/*
> !/etc/postfix/prng_exch
> !/usr/share$
> !/etc/prelink.cache$
> !/etc/ssh/ssh_known_hosts$
> !/usr/local/var$
> !/usr/local/maint$
> !/etc/mail/spamassassin/local.cf$
>
> I'm not sure how *good* that config is; generally, I don't get too
> many changes to my db, but we've also never had an intrusion (that I
> know of :), so I'm not sure if this would alert me or not.
>
> HTH.
>
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University

Thanks!

> On Mon, 2 Oct 2006, Bill Tangren wrote:
>
> > Would whomever is using AIDE be willing to point out (back channel if you are
> > more comfortable with that) which directories to include and which options on
> > each directory for RHEL? I've seen several examples, including the one I found
> > here (http://www.cs.tut.fi/~rammer/aide/manual.html), but I'd like some input
> > on RHEL users on what is best to protect.
> >
> > Thanks!
> >
> > Bill Tangren
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list