Product SiteDocumentation Site

3.4. AIDE Configuration

the configuration file in /etc/aide.conf is the primary area of configuration for aide. At present CSI demands the files below be tracked. This is a minimum configuration and admins are encouraged to add additional files. /etc/aide.conf should be owned by root and mode 600.

Note

What is listed here is by all means a work in progress. Generally maintaining a list of files to check is a losing propistion, always playing catchup. Those with experience using aide or other IDS systems are encouraged to contact the CSI devel list to come up with a more comprehensive test
/boot /lib/modules /bin/bash /bin/sh /sbin/grub /sbin/grub-install /sbin/grub-md5-crypt /sbin/grub-terminfo /usr/bin/mbchk /usr/bin/scp /usr/bin/sftp /usr/bin/slogin /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-copy-id /usr/bin/ssh-keyscan /bin/basename /bin/cat /bin/chgrp /bin/chmod /bin/chown /bin/cp /bin/cut /bin/date /bin/dd /bin/df /bin/echo /bin/env /bin/false /bin/link /bin/ln /bin/ls /bin/mkdir /bin/mknod /bin/mv /bin/nice /bin/pwd /bin/rm /bin/rmdir /bin/sleep /bin/sort /bin/stty /bin/su /bin/sync /bin/touch /bin/true /bin/uname /bin/unlink /sbin/runuser /usr/bin/\[ /usr/bin/base64 /usr/bin/chcon /usr/bin/cksum /usr/bin/comm /usr/bin/csplit /usr/bin/cut /usr/bin/dir /usr/bin/dircolors /usr/bin/dirname /usr/bin/du /usr/bin/env /usr/bin/expand /usr/bin/expr /usr/bin/factor /usr/bin/fmt /usr/bin/fold /usr/bin/groups /usr/bin/head /usr/bin/hostid /usr/bin/id /usr/bin/install /usr/bin/join /usr/bin/logname /usr/bin/md5sum /usr/bin/mkfifo /usr/bin/nl /usr/bin/nohup /usr/bin/od /usr/bin/paste /usr/bin/pathchk /usr/bin/pinky /usr/bin/pr /usr/bin/printenv /usr/bin/printf /usr/bin/ptx /usr/bin/readlink /usr/bin/runcon /usr/bin/seq /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shred /usr/bin/shuf /usr/bin/split /usr/bin/stat /usr/bin/sum /usr/bin/tac /usr/bin/tail /usr/bin/tee /usr/bin/test /usr/bin/tr /usr/bin/tsort /usr/bin/tty /usr/bin/unexpand /usr/bin/uniq /usr/bin/users /usr/bin/vdir /usr/bin/wc /usr/bin/who /usr/bin/whoami /usr/bin/yes /usr/sbin/chroot /bin/rpm /usr/bin/gendiff /usr/bin/rpm2cpio /usr/bin/rpmdb /usr/bin/rpmquery /usr/bin/rpmsign /usr/bin/rpmverify