Bill-- IANAAE (I Am Not An Aide Expert :), but here's one of my AIDE configs for a Postfix server we have: most=p+i+n+u+g+s+md5 /sbin most /bin most /lib most /boot most /usr most /opt most /etc most !/**~ !/**.cfsaved !/etc/ld.so.cache$ !/etc/printcap$ !/etc/lvm/.cache$ !/etc/mtab$ !/etc/aide$ !/etc/cups$ !/etc/nagios/* !/etc/postfix/prng_exch !/usr/share$ !/etc/prelink.cache$ !/etc/ssh/ssh_known_hosts$ !/usr/local/var$ !/usr/local/maint$ !/etc/mail/spamassassin/local.cf$ I'm not sure how *good* that config is; generally, I don't get too many changes to my db, but we've also never had an intrusion (that I know of :), so I'm not sure if this would alert me or not. HTH. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Mon, 2 Oct 2006, Bill Tangren wrote: > Would whomever is using AIDE be willing to point out (back channel if you are > more comfortable with that) which directories to include and which options on > each directory for RHEL? I've seen several examples, including the one I found > here (http://www.cs.tut.fi/~rammer/aide/manual.html), but I'd like some input > on RHEL users on what is best to protect. > > Thanks! > > Bill Tangren > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
