diff --git a/SOURCES/aide.conf b/SOURCES/aide.conf index efe1f63..b934dc3 100644 --- a/SOURCES/aide.conf +++ b/SOURCES/aide.conf @@ -88,20 +88,20 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 # Next decide what directories/files you want in the database. -/boot/ CONTENT_EX -/opt/ CONTENT +/boot CONTENT_EX +/opt CONTENT # Admins dot files constantly change, just check perms /root/\..* PERMS # Otherwise get all of /root. -/root/ CONTENT_EX +/root CONTENT_EX # These are too volatile -!/usr/src/ -!/usr/tmp/ +!/usr/src +!/usr/tmp # Otherwise get all of /usr. -/usr/ CONTENT_EX +/usr CONTENT_EX # trusted databases /etc/hosts$ CONTENT_EX @@ -112,10 +112,10 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 /etc/protocols$ CONTENT_EX /etc/services$ CONTENT_EX /etc/localtime$ CONTENT_EX -/etc/alternatives/ CONTENT_EX -/etc/sysconfig/ CONTENT_EX +/etc/alternatives CONTENT_EX +/etc/sysconfig CONTENT_EX /etc/mime.types$ CONTENT_EX -/etc/terminfo/ CONTENT_EX +/etc/terminfo CONTENT_EX /etc/exports$ CONTENT_EX /etc/fstab$ CONTENT_EX /etc/passwd$ CONTENT_EX @@ -125,12 +125,12 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 /etc/subgid$ CONTENT_EX /etc/subuid$ CONTENT_EX /etc/security/opasswd$ CONTENT_EX -/etc/skel/ CONTENT_EX +/etc/skel CONTENT_EX /etc/subuid$ CONTENT_EX /etc/subgid$ CONTENT_EX -/etc/sssd/ CONTENT_EX +/etc/sssd CONTENT_EX /etc/machine-id$ CONTENT_EX -/etc/swid/ CONTENT_EX +/etc/swid CONTENT_EX /etc/system-release-cpe$ CONTENT_EX /etc/shells$ CONTENT_EX /etc/tmux.conf$ CONTENT_EX @@ -140,12 +140,12 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 # networking /etc/hosts.allow$ CONTENT_EX /etc/hosts.deny$ CONTENT_EX -/etc/firewalld/ CONTENT_EX -!/etc/NetworkManager/system-connections/ -/etc/NetworkManager/ CONTENT_EX +/etc/firewalld CONTENT_EX +!/etc/NetworkManager/system-connections +/etc/NetworkManager CONTENT_EX /etc/networks$ CONTENT_EX -/etc/dhcp/ CONTENT_EX -/etc/wpa_supplicant/ CONTENT_EX +/etc/dhcp CONTENT_EX +/etc/wpa_supplicant CONTENT_EX /etc/resolv.conf$ DATAONLY /etc/nscd.conf$ CONTENT_EX @@ -154,31 +154,31 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 /etc/libuser.conf$ CONTENT_EX /var/log/faillog$ PERMS /var/log/lastlog$ PERMS -/var/run/faillock/ PERMS -/etc/pam.d/ CONTENT_EX -/etc/security/ CONTENT_EX +/var/run/faillock PERMS +/etc/pam.d CONTENT_EX +/etc/security CONTENT_EX /etc/securetty$ CONTENT_EX -/etc/polkit-1/ CONTENT_EX +/etc/polkit-1 CONTENT_EX /etc/sudo.conf$ CONTENT_EX /etc/sudoers$ CONTENT_EX -/etc/sudoers.d/ CONTENT_EX +/etc/sudoers.d CONTENT_EX # Shell/X startup files /etc/profile$ CONTENT_EX -/etc/profile.d/ CONTENT_EX +/etc/profile.d CONTENT_EX /etc/bashrc$ CONTENT_EX -/etc/bash_completion.d/ CONTENT_EX +/etc/bash_completion.d CONTENT_EX /etc/zprofile$ CONTENT_EX /etc/zshrc$ CONTENT_EX /etc/zlogin$ CONTENT_EX /etc/zlogout$ CONTENT_EX -/etc/X11/ CONTENT_EX +/etc/X11 CONTENT_EX # Pkg manager -/etc/dnf/ CONTENT_EX +/etc/dnf CONTENT_EX /etc/yum.conf$ CONTENT_EX -/etc/yum/ CONTENT_EX -/etc/yum.repos.d/ CONTENT_EX +/etc/yum CONTENT_EX +/etc/yum.repos.d CONTENT_EX # This gets new/removes-old filenames daily !/var/log/sa @@ -187,70 +187,70 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 # auditing # AIDE produces an audit record, so this becomes perpetual motion. -/var/log/audit/ PERMS -/etc/audit/ CONTENT_EX +/var/log/audit PERMS +/etc/audit CONTENT_EX /etc/libaudit.conf$ CONTENT_EX /etc/aide.conf$ CONTENT_EX # System logs /etc/rsyslog.conf$ CONTENT_EX -/etc/rsyslog.d/ CONTENT_EX +/etc/rsyslog.d CONTENT_EX /etc/logrotate.conf$ CONTENT_EX -/etc/logrotate.d/ CONTENT_EX +/etc/logrotate.d CONTENT_EX /etc/systemd/journald.conf$ CONTENT_EX -/var/log/ LOG+ANF+ARF -/var/run/utmp/ LOG +/var/log LOG+ANF+ARF +/var/run/utmp LOG # secrets -/etc/pkcs11/ CONTENT_EX -/etc/pki/ CONTENT_EX -/etc/crypto-policies/ CONTENT_EX -/etc/certmonger/ CONTENT_EX +/etc/pkcs11 CONTENT_EX +/etc/pki CONTENT_EX +/etc/crypto-policies CONTENT_EX +/etc/certmonger CONTENT_EX /var/lib/systemd/random-seed$ PERMS # init system -/etc/systemd/ CONTENT_EX -/etc/rc.d/ CONTENT_EX -/etc/tmpfiles.d/ CONTENT_EX +/etc/systemd CONTENT_EX +/etc/rc.d CONTENT_EX +/etc/tmpfiles.d CONTENT_EX # boot config -/etc/default/ CONTENT_EX -/etc/grub.d/ CONTENT_EX +/etc/default CONTENT_EX +/etc/grub.d CONTENT_EX /etc/dracut.conf$ CONTENT_EX -/etc/dracut.conf.d/ CONTENT_EX +/etc/dracut.conf.d CONTENT_EX # glibc linker /etc/ld.so.cache$ CONTENT_EX /etc/ld.so.conf$ CONTENT_EX -/etc/ld.so.conf.d/ CONTENT_EX +/etc/ld.so.conf.d CONTENT_EX /etc/ld.so.preload$ CONTENT_EX # kernel config /etc/sysctl.conf$ CONTENT_EX -/etc/sysctl.d/ CONTENT_EX -/etc/modprobe.d/ CONTENT_EX -/etc/modules-load.d/ CONTENT_EX -/etc/depmod.d/ CONTENT_EX -/etc/udev/ CONTENT_EX +/etc/sysctl.d CONTENT_EX +/etc/modprobe.d CONTENT_EX +/etc/modules-load.d CONTENT_EX +/etc/depmod.d CONTENT_EX +/etc/udev CONTENT_EX /etc/crypttab$ CONTENT_EX #### Daemons #### # cron jobs -/var/spool/at/ CONTENT +/var/spool/at CONTENT /etc/at.allow$ CONTENT /etc/at.deny$ CONTENT -/var/spool/anacron/ CONTENT +/var/spool/anacron CONTENT /etc/anacrontab$ CONTENT_EX /etc/cron.allow$ CONTENT_EX /etc/cron.deny$ CONTENT_EX -/etc/cron.d/ CONTENT_EX -/etc/cron.daily/ CONTENT_EX -/etc/cron.hourly/ CONTENT_EX -/etc/cron.monthly/ CONTENT_EX -/etc/cron.weekly/ CONTENT_EX +/etc/cron.d CONTENT_EX +/etc/cron.daily CONTENT_EX +/etc/cron.hourly CONTENT_EX +/etc/cron.monthly CONTENT_EX +/etc/cron.weekly CONTENT_EX /etc/crontab$ CONTENT_EX -/var/spool/cron/root/ CONTENT +/var/spool/cron/root CONTENT # time keeping /etc/chrony.conf$ CONTENT_EX @@ -259,25 +259,25 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 # mail /etc/aliases$ CONTENT_EX /etc/aliases.db$ CONTENT_EX -/etc/postfix/ CONTENT_EX +/etc/postfix CONTENT_EX # ssh /etc/ssh/sshd_config$ CONTENT_EX /etc/ssh/ssh_config$ CONTENT_EX # stunnel -/etc/stunnel/ CONTENT_EX +/etc/stunnel CONTENT_EX # printing -/etc/cups/ CONTENT_EX -/etc/cupshelpers/ CONTENT_EX -/etc/avahi/ CONTENT_EX +/etc/cups CONTENT_EX +/etc/cupshelpers CONTENT_EX +/etc/avahi CONTENT_EX # web server -/etc/httpd/ CONTENT_EX +/etc/httpd CONTENT_EX # dns -/etc/named/ CONTENT_EX +/etc/named CONTENT_EX /etc/named.conf$ CONTENT_EX /etc/named.iscdlv.key$ CONTENT_EX /etc/named.rfc1912.zones$ CONTENT_EX @@ -285,22 +285,22 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512 # xinetd /etc/xinetd.conf$ CONTENT_EX -/etc/xinetd.d/ CONTENT_EX +/etc/xinetd.d CONTENT_EX # IPsec /etc/ipsec.conf$ CONTENT_EX /etc/ipsec.secrets$ CONTENT_EX -/etc/ipsec.d/ CONTENT_EX +/etc/ipsec.d CONTENT_EX # USB guard -/etc/usbguard/ CONTENT_EX +/etc/usbguard CONTENT_EX # Ignore some files !/etc/mtab$ !/etc/.*~ # Now everything else -/etc/ PERMS +/etc PERMS # With AIDE's default verbosity level of 5, these would give lots of diff --git a/SPECS/aide.spec b/SPECS/aide.spec index 8cc3cf1..6ae3f3a 100644 --- a/SPECS/aide.spec +++ b/SPECS/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 12%{?dist} +Release: 13%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -81,6 +81,11 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue May 19 2020 Attila Lakatos - 0.16-13 +- RHEL 8.3 +- minor edit of aide.conf to make it consistent + resolves: rhbz#1740754 + * Mon Apr 06 2020 Attila Lakatos - 0.16-12 - RHEL 8.3 - minor edit of aide.conf