Chris St. Pierre wrote:
Bill--
IANAAE (I Am Not An Aide Expert :), but here's one of my AIDE configs
for a Postfix server we have:
most=p+i+n+u+g+s+md5
/sbin most
/bin most
/lib most
/boot most
/usr most
/opt most
/etc most
!/**~
!/**.cfsaved
!/etc/ld.so.cache$
!/etc/printcap$
!/etc/lvm/.cache$
!/etc/mtab$
!/etc/aide$
!/etc/cups$
!/etc/nagios/*
!/etc/postfix/prng_exch
!/usr/share$
!/etc/prelink.cache$
!/etc/ssh/ssh_known_hosts$
!/usr/local/var$
!/usr/local/maint$
!/etc/mail/spamassassin/local.cf$
I'm not sure how *good* that config is; generally, I don't get too
many changes to my db, but we've also never had an intrusion (that I
know of :), so I'm not sure if this would alert me or not.
HTH.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
Thanks!
On Mon, 2 Oct 2006, Bill Tangren wrote:
Would whomever is using AIDE be willing to point out (back channel if you are
more comfortable with that) which directories to include and which options on
each directory for RHEL? I've seen several examples, including the one I found
here (http://www.cs.tut.fi/~rammer/aide/manual.html), but I'd like some input
on RHEL users on what is best to protect.
Thanks!
Bill Tangren
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list