Hello, I'm having a little trouble Aide 0.9 on Redhat 7.3.
It seems that no matter how I set up my aide.conf file, or if I --update or --init, I still get thousands of files reported as added, or changed. Can someone please look at my aide.conf and let me know what I'm doing wrong. This config was built from the default aide.conf that comes with 0.9 and I added rules from my 0.7 conf (which worked flawlessly). Here is my aide.conf file, and thanks! # # AIDE 0.9 # # example configuration file # # IMPORTANT NOTE!! PLEASE READ # # This configuration file checks the integrity of the # AIDE package. # # This file is not intended to be used as the primary aide.conf file for # your system. This file is intended to be a showcase for different # features for aide.conf file. # # WRITE YOUR OWN CONFIGURATION FILE AND UNDERSTAND WHAT YOU ARE WRITING # # # Default values for the parameters are in comments before the # corresponding line. # @@define TOPDIR /usr/local/install/aide-0.9 @@ifndef TOPDIR @@define TOPDIR / @@endif @@ifdef DEBUG @@define DEBUG ison @@undef NOT_DEBUG @@else @@define NOT_DEBUG true @@undef DEBUG @@endif @@ifhost korppi @@define KORPPI yes @@endif @@ifnhost ftp @@define BUMMER true @@endif # The location of the database to be read. database=file:/mnt/floppy/aide.db.trust # The location of the database to be written. #database_out=sql:host:port:database:login_name:passwd:table #database_out=file:aide.db.new database_out=file:/mnt/floppy/aide.db.new # Whether to gzip the output to database # gzip_dbout=no #verbose=5 verbose=20 #report_url=stdout #other possibilities #report_url=stderr #NOT IMPLEMENTED report_url=mailto:[EMAIL PROTECTED] report_url=file:/var/log/aide_result.log #NOT IMPLEMENTED report_url=syslog:LOG_AUTH #report_url=stdout # @@{TOPDIR} is replaced with /usr/local/install/aide-0.9 when # read by aide. #p: permissions #i: inode #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S #The following are available if you have mhash support enabled. #haval: haval checksum #gost: gost checksum #crc32: crc32 checksum # Rule definition All=R+a+sha1+rmd160 # ignore_list is a special rule definition # the attributes listed in it are not displayed in the # final report # Attributes that can be used to verify that aide in intact # by people that have downloaded it from the web. # Let's be paranoid Norm=s+n+b+md5+sha1+rmd160 # The commented rules are just examples the rest are used by # make check #Selection regexp rule @@{TOPDIR}/.* Norm #Equals selection only the directory doc is checked and not it's children #=@@{TOPDIR}/doc L #Negative selection no rule is necessary but ignored if there !@@{TOPDIR}/.*~ !@@{TOPDIR}/src/.*\.o !@@{TOPDIR}/src/(aide|core)$ L !@@{TOPDIR}/.*RCS !@@{TOPDIR}/.*CVS !@@{TOPDIR}/.*aide\.db.* !@@{TOPDIR}/.*\.cvsignore.* # @@{TOPDIR}/doc/.* All /etc All /bin All /sbin All /usr/local/ All !/wwwsys/stronghold-3.0/htdocs/cfdocs/.* !/wwwsys/stronghold-3.0/manual/.* !/wwwsys/stronghold-3.0/logs/.* !/wwwsys/stronghold-3.0/cache/.* -- James Herschel <[EMAIL PROTECTED]> Quarry Integrated Communications
