editfiles: # AIDE section { /etc/aide/aide.conf # # Devices = p+i+n+u+g+s+b+md5+sha1 # # Ignore ctime - some devices change ctime when used (ttySx with hylafax) # BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" Append "Devices = p+i+n+u+g+s+b+md5+sha1 # Added by cfengine" EndGroup LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbmd5sha1]*([[:blank:]]+(#.*)?)?" ReplaceLineWith "Devices = p+i+n+u+g+s+b+md5+sha1 # Edited by cfengine" EndGroup # # #/var/log... # # Ignore logfiles - Aide can't handle rotation # HashCommentLinesMatching "^/var/log.*" # # !/dev/xconsole # !/dev/core # !/dev/ttyS* # LocateLineMatching "^[[:blank:]]*\!/dev/.*" CatchAbort BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/.*" GotoLastLine EndGroup DeleteLinesMatching "^\!/dev/xconlsole # Added by cfengine" BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/xconsole([[:blank:]]+(#.*)?)?" InsertLine "!/dev/xconsole # Added by cfengine" EndGroup BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/core([[:blank:]]+(#.*)?)?" InsertLine "!/dev/core # Added by cfengine" EndGroup BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/ttyS\*([[:blank:]]+(#.*)?)?" InsertLine "!/dev/ttyS* # Added by cfengine" EndGroup } ## logcheck section #{ /etc/aide/aide.conf #} { /etc/integrit/integrit.conf # # Uncomment suggested defaults # # SetCommentStart "#" # SetCommentEnd "" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*root=.*" ReplaceLineWith "root=/" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*known=.*" ReplaceLineWith "known=/var/lib/integrit/known.cdb" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*current=.*" ReplaceLineWith "current=/var/lib/integrit/current.cdb" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/cdrom" ReplaceLineWith "!/cdrom" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/dev" ReplaceLineWith "!/dev" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/etc" ReplaceLineWith "!/etc" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/floppy" ReplaceLineWith "!/floppy" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/home" ReplaceLineWith "!/home" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/lost\+found" ReplaceLineWith "!/lost+found" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/mnt" ReplaceLineWith "!/mnt" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/proc" ReplaceLineWith "!/proc" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/root" ReplaceLineWith "!/root" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/tmp" ReplaceLineWith "!/tmp" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/var" ReplaceLineWith "!/var" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/include" ReplaceLineWith "=/usr/include" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/include" ReplaceLineWith "=/usr/X11R6/include" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/doc" ReplaceLineWith "=/usr/doc" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/info" ReplaceLineWith "=/usr/info" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/share" ReplaceLineWith "=/usr/share" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/man" ReplaceLineWith "=/usr/X11R6/man" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/lib/X11/fonts" ReplaceLineWith "=/usr/X11R6/lib/X11/fonts" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/usr/local" ReplaceLineWith "!/usr/local" ResetSearch "1" LocateLineMatching "^#[[:blank:]]*!/usr/src" ReplaceLineWith "!/usr/src" } # { /etc/cron.daily/integrit # # # # Uncomment defaults # # ## SetCommentStart "# ! " ## SetCommentEnd "" # ResetSearch "1" # LocateLineMatching '^[[:blank:]]*\#[[:blank:]]*\# ! if \[ "$\(echo "$output".*' # ReplaceLineWith ' if [ "$\(echo "$output" | egrep -v "^integrit: ")" ]; then' # ResetSearch "1" # LocateLineMatching "^[[:blank:]]*#[[:blank:]]*# ! fi" # ReplaceLineWith " fi" # }