From 0536d54157200204e22991347219c3afd938e22b Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sat, 9 Mar 2002 15:37:55 +0000 Subject: cfengine: harden: Ignore all logfiles (Aide does not handle rotation) and correctly ignore /dev Ctime. --- cfengine/cf.services.harden | 43 +++++++------------------------------------ 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/cfengine/cf.services.harden b/cfengine/cf.services.harden index 18d80bd..50a0d08 100644 --- a/cfengine/cf.services.harden +++ b/cfengine/cf.services.harden @@ -1,51 +1,25 @@ editfiles: # AIDE section { /etc/aide/aide.conf - # - # Logs = p+n+u+g - # - # Debian rotates its logfiles, so ignore inode, number of inodes and growing size - # - BeginGroupIfNoLineMatching "^[[:blank:]]*Logs[[:blank:]]*=.*$" - Append "Logs = p+n+u+g # Added by cfengine" - EndGroup - LocateLineMatching "^[[:blank:]]*Logs[[:blank:]]*=.*$" - BeginGroupIfNoLineMatching "^[[:blank:]]*Logs[[:blank:]]*=[[:blank:]][\+pug]*([[:blank:]]+(#.*)?)?" - ReplaceLineWith "Logs = p+u+g # Edited by cfengine" - EndGroup # # Devices = p+i+n+u+g+s+b+md5+sha1 # # Ignore ctime - some devices change ctime when used (ttySx with hylafax) # - BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*$" + BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" Append "Devices = p+i+n+u+g+s+b+md5+sha1 # Added by cfengine" EndGroup - LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*$" - BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbcmd5sha1]*([[:blank:]]+(#.*)?)?" - ReplaceLineWith "Devices = p+i+n+u+g+s+b+c+md5+sha1 # Edited by cfengine" + LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" + BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbmd5sha1]*([[:blank:]]+(#.*)?)?" + ReplaceLineWith "Devices = p+i+n+u+g+s+b+md5+sha1 # Edited by cfengine" EndGroup # - # #/var/log/aide/... - # #/var/log/setuid... + # #/var/log... # - # Treat these as regular logfiles - they are rotated as well + # Ignore logfiles - Aide can't handle rotation # - HashCommentLinesMatching "^/var/log/aide/.*" - HashCommentLinesMatching "^/var/log/setuid.*" + HashCommentLinesMatching "^/var/log.*" # - # #/var/log$ StaticDir - # - SetCommentStart "#" - SetCommentEnd "" -# bug! CommentLinesMatching "^/var/log\$[[:blank:]]StaticDir.*" -# LocateLineMatching "^/var/log\$[[:blank:]]StaticDir.*" -# bug! CommentNLines "1" - LocateLineMatching "^/var/log\$[[:blank:]]StaticDir[[:blank:]]*" - ReplaceLineWith "#/var/log$ StaticDir" - CatchAbort - # - # !/dev/log # !/dev/xconsole # !/dev/core # !/dev/ttyS* @@ -55,9 +29,6 @@ editfiles: BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/.*" GotoLastLine EndGroup - BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/log([[:blank:]]+(#.*)?)?" - InsertLine "!/dev/log # Added by cfengine" - EndGroup DeleteLinesMatching "^\!/dev/xconlsole # Added by cfengine" BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/xconsole([[:blank:]]+(#.*)?)?" InsertLine "!/dev/xconsole # Added by cfengine" -- cgit v1.2.3