[Aide] aide configuration on debian

Discussion:

John Ratliff

2017-10-13 12:32:39 UTC

The debian default configuration for AIDE seems too noisy. I'm wondering
if the configuration makes sense in some areas.

Is there a reason to monitor things like
/dev
/run
/tmp
/var/log (rotated log files in particular)

Thanks.

John Kristoff

2017-10-13 14:36:42 UTC

Permalink

On Fri, 13 Oct 2017 12:32:39 +0000

Post by John Ratliff
Is there a reason to monitor things like
/dev
/run
/tmp
/var/log (rotated log files in particular)

Here is what I've done when run as non-root:

soft = p+n+u+g

/dev soft
!/dev/char
!/dev/tty[0-9]+
!/dev/vcs[0-9]+
!/dev/vcsa[0-9]+
!/dev/xconsole

=/run$ L

=/tmp$ L

=/var$ L

This is for server systems that don't have a lot of users so your
mileage may vary.

John

1 Reply
6 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

John Ratliff 2017-10-13 12:32:39 UTC

John Kristoff 2017-10-13 14:36:42 UTC

about - legalese