# CIS Benchmark - AIDE Configuration
# File Integrity Monitoring for CMMC/FedRAMP compliance

# Database location
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new

# Default configuration
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160

# Define file types
Normal=p+i+n+u+g+s+m+c+md5+sha1
Binaries=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160
Config=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs
Logs=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux
Dynamic=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux

# ============================================================================
# Directories to Monitor (CIS 4.2.2)
# ============================================================================

# System binaries
/bin            All
/sbin           All
/usr/bin        All
/usr/sbin       All
/usr/local/bin  All
/usr/local/sbin All

# System configuration
/etc            Config

# Libraries
/lib            All
/lib64          All
/usr/lib        All
/usr/lib64      All
/usr/local/lib  All

# Kernel modules
/lib/modules    Binaries

# Boot files
/boot           Config

# System services
/etc/systemd    Config
/lib/systemd    Binaries

# Security configuration
/etc/pam.d      Config
/etc/security   Config

# Network configuration
/etc/network    Config
/etc/wireguard  Config

# Firewall rules
/etc/iptables   Config

# Audit configuration
/etc/audit      Config

# AppArmor profiles
/etc/apparmor   Config

# Sudo configuration
/etc/sudoers    Config
/etc/sudoers.d  Config

# ============================================================================
# Directories to Exclude (due to high volatility)
# ============================================================================

!/proc
!/sys
!/dev
!/tmp
!/var/tmp
!/run
!/var/run

# Exclude logs (monitored separately)
!/var/log

# Exclude spool directories
!/var/spool

# Exclude cache
!/var/cache

# Exclude lock files
!/var/lock

# Exclude AIDE database
!/var/lib/aide/aide.db

# Exclude volatile system files
!/etc/mtab
!/etc/fstab.backup

# Exclude user-specific volatile files
!/home/user/.cache
!/home/user/.local/share/Trash

# Exclude IceWM and Remmina cache
!/home/user/.icewm/.cache
!/home/user/.local/share/remmina/*.log

# ============================================================================
# Monitor critical system files for compliance
# ============================================================================

# Password and shadow files
/etc/passwd      Normal
/etc/shadow      Config
/etc/group       Normal
/etc/gshadow     Config

# Login configuration
/etc/login.defs  Config
/etc/securetty   Config

# Hosts configuration
/etc/hosts       Config
/etc/hostname    Config

# Time configuration
/etc/localtime   Config
/etc/timezone    Config

# Cron configuration
/etc/crontab     Config

# Startup scripts
/etc/init.d      Config

# Package management
/var/lib/dpkg    Config

# Kernel parameters
/etc/sysctl.d    Config

# ============================================================================
# Additional Security Rules
# ============================================================================

# Monitor for SUID/SGID files
+s+a+xattr

# Monitor for world-writable files
+dir+w+u+g+s

# Monitor for SUID root files
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160+xattrs