# AIDE Configuration for Football Secure Access System
# Comprehensive file integrity monitoring

# Configuration file location
@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide
@@define SYSCONFDIR /etc
@@define BINDIR /usr/bin
@@define SBINDIR /usr/sbin
@@define LIBDIR /usr/lib
@@define LOCALSTATEDIR /var/local

# File selection rules
All=p+i+n+u+g+s+m+c+md5+sha1+rmd160+tiger

# Database locations
database=file:@@{DBDIR}/aide.db
database_out=file:@@{DBDIR}/aide.db.new

# Log file
log_file=@@{LOGDIR}/aide.log

# Monitoring scope

# Root filesystem
/bin All
/sbin All
/usr/bin All
/usr/sbin All
/usr/local/bin All
/usr/local/sbin All

# Configuration directories
/etc All
/etc/X11 All
/etc/opt All
/etc/sgml All
/etc/xml All
/etc/default All
/etc/init.d All
/etc/init All
/etc/rc*.d All
/etc/udev All
/etc/rsyslog.d All
/etc/network All
/etc/wireguard All

# Security-critical directories
/etc/security All
/etc/sudoers.d All
/etc/apparmor.d All
/etc/apparmor All
/etc/fail2ban All
/etc/audit All
/etc/pam.d All
/etc/ssh All

# Boot-related directories
/boot All
/boot/grub All
/boot/grub.cfg All
/boot/efi All
/boot/efi/EFI All
/boot/efi/EFI/debian All
/boot/efi/EFI/BOOT All

# Kernel modules
/lib/modules All
/lib/firmware All

# System libraries
/lib All
/lib64 All
/usr/lib All
/usr/lib64 All
/usr/local/lib All
/usr/local/lib64 All

# User directories (monitor for changes)
/home/user All
/home/user/.config All
/home/user/.local All
/home/user/.ssh All

# Root user directories
/root All

# System state
/var All
!/var/log
!/var/run
!/var/lock
!/var/tmp
!/var/spool
!/var/cache
!/var/mail
!/var/lib/aide

# Temporary directories
!/tmp
!/var/tmp
!/var/cache
!/var/spool

# Application-specific monitoring

# Remmina configuration
/home/user/.config/remmina All
/usr/bin/remmina All
/usr/share/applications/remmina.desktop All

# IceWM configuration
/home/user/.config/icewm All
/usr/bin/icewm All
/usr/share/icewm All

# Network configuration
/etc/network/interfaces All
/etc/NetworkManager All
/etc/resolv.conf All
/etc/hosts All
/etc/hostname All

# Package management
/etc/apt All
/var/lib/apt All
/var/cache/apt All
/usr/bin/apt All
/usr/bin/apt-get All
/usr/bin/dpkg All

# Audit system
/etc/audit All
/var/log/audit All
/usr/sbin/auditd All
/usr/sbin/aureport All
/usr/sbin/ausearch All

# Rsyslog
/etc/rsyslog* All
/usr/sbin/rsyslogd All
/var/log/security All

# Firewall configuration
/etc/iptables All
/etc/nftables.conf All
/etc/ufw All
/usr/sbin/iptables All
/usr/sbin/nft All

# VPN configuration
/etc/wireguard All
/usr/bin/wg All
/usr/bin/wg-quick All

# Security tools
/usr/bin/aide All
/etc/aide.conf All
/usr/sbin/fail2ban-server All
/etc/fail2ban All

# GRUB bootloader
/etc/default/grub All
/etc/grub.d All
/usr/sbin/grub-install All
/usr/sbin/grub-mkconfig All

# Systemd configuration
/etc/systemd All
/lib/systemd All
/usr/lib/systemd All
/etc/systemd/system All
/run/systemd All

# Cryptographic libraries
/lib/x86_64-linux-gnu/security All
/usr/lib/x86_64-linux-gnu/security All
/lib/security All

# SSL/TLS certificates
/etc/ssl All
/etc/pki All
/usr/local/share/ca-certificates All
/etc/ca-certificates All

# SSH configuration and keys
/etc/ssh/sshd_config All
/etc/ssh/sshd_config.d All
/root/.ssh All
/home/user/.ssh All

# Sudoers configuration
/etc/sudoers All
/etc/sudoers.d All
/usr/bin/sudo All
/usr/sbin/visudo All

# PAM authentication
/etc/pam.d All
/lib/security All
/usr/lib/security All
/etc/security All

# Password and shadow files
/etc/passwd All
/etc/shadow All
/etc/group All
/etc/gshadow All

# AppArmor profiles
/etc/apparmor All
/etc/apparmor.d All
/usr/sbin/apparmor_status All
/usr/sbin/aa-status All

# Secure Boot keys
/etc/secure-boot All

# Linux kernel
/boot/vmlinu* All
/boot/initrd* All
/boot/System.map* All
/boot/config* All

# Device nodes (monitor for suspicious changes)
/dev All
!/dev/pts
!/dev/shm
!/proc
!/sys

# Proc filesystem (read-only monitoring)
/proc/version Normal
/proc/cpuinfo Normal
/proc/meminfo Normal
/proc/uptime Normal
/proc/loadavg Normal
/proc/version Normal
/proc/mounts Normal
/proc/filesystems Normal
/proc/swaps Normal

# System filesystem
/sys All

# Exclusion patterns (for dynamic content)

# Log files (too dynamic for integrity checking)
!/var/log/*
!/var/log/security/*
!/var/log/audit/*
!/var/log/aide/*

# Temporary and cache files
!/tmp/*
!/var/tmp/*
!/var/cache/*
!/var/spool/*
!/var/run/*
!/var/lock/*

# PID files
!/var/run/*.pid

# Lock files
!/var/lock/*

# Database files that change frequently
!/var/lib/locate/*
!/var/lib/mlocate/*
!/var/lib/updatedb/*

# Package cache
!/var/cache/apt/archives/*.deb

# Compilation artifacts
*.o
*.a
*.so
*.pyc
*.pyo

# Editor backup files
*~
*.swp
*.swo

# Version control directories
!.git
!.svn
!.hg

# AIDE's own database and log files
!@@{DBDIR}/*
!@@{LOGDIR}/*

# End of configuration