editfiles:
# AIDE section
{ /etc/aide/aide.conf
#
# Devices = p+i+n+u+g+s+b+md5+sha1
#
# Ignore ctime - some devices change ctime when used (ttySx with hylafax)
#
BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*"
Append "Devices = p+i+n+u+g+s+b+md5+sha1 # Added by cfengine"
EndGroup
LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*"
BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbmd5sha1]*([[:blank:]]+(#.*)?)?"
ReplaceLineWith "Devices = p+i+n+u+g+s+b+md5+sha1 # Edited by cfengine"
EndGroup
#
# #/var/log...
#
# Ignore logfiles - Aide can't handle rotation
#
HashCommentLinesMatching "^/var/log.*"
#
# !/dev/xconsole
# !/dev/core
# !/dev/ttyS*
#
LocateLineMatching "^[[:blank:]]*\!/dev/.*"
CatchAbort
BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/.*"
GotoLastLine
EndGroup
DeleteLinesMatching "^\!/dev/xconlsole # Added by cfengine"
BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/xconsole([[:blank:]]+(#.*)?)?"
InsertLine "!/dev/xconsole # Added by cfengine"
EndGroup
BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/core([[:blank:]]+(#.*)?)?"
InsertLine "!/dev/core # Added by cfengine"
EndGroup
BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/ttyS\*([[:blank:]]+(#.*)?)?"
InsertLine "!/dev/ttyS* # Added by cfengine"
EndGroup
}
## logcheck section
#{ /etc/aide/aide.conf
#}
{ /etc/integrit/integrit.conf
#
# Uncomment suggested defaults
#
# SetCommentStart "#"
# SetCommentEnd ""
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*root=.*"
ReplaceLineWith "root=/"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*known=.*"
ReplaceLineWith "known=/var/lib/integrit/known.cdb"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*current=.*"
ReplaceLineWith "current=/var/lib/integrit/current.cdb"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/cdrom"
ReplaceLineWith "!/cdrom"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/dev"
ReplaceLineWith "!/dev"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/etc"
ReplaceLineWith "!/etc"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/floppy"
ReplaceLineWith "!/floppy"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/home"
ReplaceLineWith "!/home"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/lost\+found"
ReplaceLineWith "!/lost+found"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/mnt"
ReplaceLineWith "!/mnt"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/proc"
ReplaceLineWith "!/proc"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/root"
ReplaceLineWith "!/root"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/tmp"
ReplaceLineWith "!/tmp"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/var"
ReplaceLineWith "!/var"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/include"
ReplaceLineWith "=/usr/include"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/include"
ReplaceLineWith "=/usr/X11R6/include"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/doc"
ReplaceLineWith "=/usr/doc"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/info"
ReplaceLineWith "=/usr/info"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/share"
ReplaceLineWith "=/usr/share"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/man"
ReplaceLineWith "=/usr/X11R6/man"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/lib/X11/fonts"
ReplaceLineWith "=/usr/X11R6/lib/X11/fonts"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/usr/local"
ReplaceLineWith "!/usr/local"
ResetSearch "1"
LocateLineMatching "^#[[:blank:]]*!/usr/src"
ReplaceLineWith "!/usr/src"
}
# { /etc/cron.daily/integrit
# #
# # Uncomment defaults
# #
## SetCommentStart "# ! "
## SetCommentEnd ""
# ResetSearch "1"
# LocateLineMatching '^[[:blank:]]*\#[[:blank:]]*\# ! if \[ "$\(echo "$output".*'
# ReplaceLineWith ' if [ "$\(echo "$output" | egrep -v "^integrit: ")" ]; then'
# ResetSearch "1"
# LocateLineMatching "^[[:blank:]]*#[[:blank:]]*# ! fi"
# ReplaceLineWith " fi"
# }