| 1 |
Howdy, |
| 2 |
|
| 3 |
It purports to be a better file integrity checker than tripwire; |
| 4 |
it even supports using postgresql for very large needs. |
| 5 |
|
| 6 |
There is a scant list of files suggested in the aide docs |
| 7 |
to generate the initial md5 records of these (critically) |
| 8 |
monitored files. [1] |
| 9 |
|
| 10 |
<snip> |
| 11 |
# Next decide what directories/files you want in the database |
| 12 |
|
| 13 |
/etc p+i+u+g #check only permissions, inode, user and group for etc |
| 14 |
/bin MyRule # apply the custom rule to the files in bin |
| 15 |
/sbin MyRule # apply the same custom rule to the files in sbin |
| 16 |
/var MyRule |
| 17 |
!/var/log/.* # ignore the log dir it changes too often |
| 18 |
!/var/spool/.* # ignore spool dirs as they change too often |
| 19 |
!/var/adm/utmp$ # ignore the file /var/adm/utmp |
| 20 |
<end/snip> |
| 21 |
|
| 22 |
I'd be curious if anyone has a more, gentoo-specific list tailored to royjrt |
| 23 |
gentoo servers or workstations, to generate the initial md5 records for a |
| 24 |
(newly installed) gentoo system. |
| 25 |
|
| 26 |
|
| 27 |
[1] http://aide.sourceforge.net/stable/manual.html |
| 28 |
|
| 29 |
|
| 30 |
TIA, |
| 31 |
James |
Archives