Somebody can give me a basic aide.conf file for a solaris 8 ?
This is the one I used when I was still running Solaris 8. You will probably need to do some tweaking of the /devices directory depending on the hardware you have installed.
Sincerely,
Richard van den Berg
# Here are all the things we can check - these are the default rules # #p: permissions #i: inode #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S
# Place of databases # gzip_dbout = yes #database = file:///etc/aide/aide.db.gz database = file:///floppy/aidedb/aide.db.gz database_out = file:///etc/aide/aide.db.new.gz database_new = file:///etc/aide/aide.db.new.gz # Custom rules # Default = p+i+n+u+g+s+b+m+c+md5+sha1 C = p+i+n T = p+i+u+g F = i+n+u+g Y = i+n # Configutations /etc Default /etc/.*pipe$ L /etc/.name_service_door$ n+u+g+p /etc/mnttab T !/etc/ppp/resolv.conf$ !/etc/cron.d/FIFO$ /usr/local/etc Default /usr/.*/etc.* Default /usr/local/.*/etc.* Default !/usr/local/etc/.*.cache$ /opt/.*/etc Default !/etc/rmtab$ !/etc/Master.ini$ # Executables /usr/bin Default /usr/ucb Default /usr/.*/bin.* Default /usr/local/.*/bin.* Default /sbin Default /usr/sbin Default /usr/.*/sbin.* Default /usr/local/.*/sbin.* Default /opt/.*/bin.* Default /opt/.*/sbin.* Default # Libraries /usr/lib Default /usr/.*/lib.* Default /usr/local/.*/lib.* Default /opt/.*/lib.* Default /var Default /var/audit$ L !/var/audit/.* /var/log$ L !/var/log/.* /var/mail$ L !/var/mail/.* /var/squid$ L !/var/squid/.* /var/cron/log$ L !/var/cron/log/.* /var/adm$ L !/var/adm/.*log /var/dt$ L !/var/dt/.* /var/dhcp$ L !/var/dhcp/\..* !/var/dhcp/SUNWfiles1_192_168_0_0 !/var/adm/messages.* !/var/spool/.* !/var/adm/utmpx$ !/var/adm/wtmpx$ /var/spool/lp/tmp$ L !/var/spool/lp/tmp/.* !/var/preserve/sunpcilogs.* /var/adm/X10msgs > # Critical devices /dev/dsk Default /dev/rdsk Default /devices Default /devices/pseudo/pts.* Y /devices/pseudo/.*tty.* Y /devices/pseudo/[EMAIL PROTECTED]:console C /devices/pseudo/cons.* C /devices/pseudo/random.* L #/devices/[EMAIL PROTECTED],0/.* L /devices/[EMAIL PROTECTED],0/sound.* C /devices/[EMAIL PROTECTED],0/[EMAIL PROTECTED]:sound,audioctl Y /devices/[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED]:m640 C /devices/[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED],0/floppy* F /devices/[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED],3f8:a L /devices/[EMAIL PROTECTED],0/[EMAIL PROTECTED]/pci108e,[EMAIL PROTECTED]:sunpci2drv L /dev/kmem Default /dev/mem Default /dev/null Default /dev/zero Default /devices/pseudo/[EMAIL PROTECTED]:kmem L /devices/pseudo/[EMAIL PROTECTED]:mem Default /devices/pseudo/[EMAIL PROTECTED]:null L /devices/pseudo/[EMAIL PROTECTED]:zero L # Other critical /kernel Default # Temporary directories /usr/tmp$ T !/usr/tmp/.* /var/tmp$ T !/var/tmp/.* /var/run$ T !/var/run/.* /var/dt/tmp$ T !/var/dt/tmp/.* /tmp$ T !/tmp/.* /usr/aset/tmp$ T !/usr/aset/tmp/.* /usr/oasys/tmp$ T !/usr/oasys/tmp/.* # Aide stuff /etc/aide$ L !/etc/aide/.*\.log !/etc/aide/.*\.new !/etc/aide/.*\.db /etc/aide/aide.conf Default #/etc/aide/aide.db Default
