297 lines
4.7 KiB
Plaintext
297 lines
4.7 KiB
Plaintext
# AIDE Configuration for Football Secure Access System
|
|
# Comprehensive file integrity monitoring
|
|
|
|
# Configuration file location
|
|
@@define DBDIR /var/lib/aide
|
|
@@define LOGDIR /var/log/aide
|
|
@@define SYSCONFDIR /etc
|
|
@@define BINDIR /usr/bin
|
|
@@define SBINDIR /usr/sbin
|
|
@@define LIBDIR /usr/lib
|
|
@@define LOCALSTATEDIR /var/local
|
|
|
|
# File selection rules
|
|
All=p+i+n+u+g+s+m+c+md5+sha1+rmd160+tiger
|
|
|
|
# Database locations
|
|
database=file:@@{DBDIR}/aide.db
|
|
database_out=file:@@{DBDIR}/aide.db.new
|
|
|
|
# Log file
|
|
log_file=@@{LOGDIR}/aide.log
|
|
|
|
# Monitoring scope
|
|
|
|
# Root filesystem
|
|
/bin All
|
|
/sbin All
|
|
/usr/bin All
|
|
/usr/sbin All
|
|
/usr/local/bin All
|
|
/usr/local/sbin All
|
|
|
|
# Configuration directories
|
|
/etc All
|
|
/etc/X11 All
|
|
/etc/opt All
|
|
/etc/sgml All
|
|
/etc/xml All
|
|
/etc/default All
|
|
/etc/init.d All
|
|
/etc/init All
|
|
/etc/rc*.d All
|
|
/etc/udev All
|
|
/etc/rsyslog.d All
|
|
/etc/network All
|
|
/etc/wireguard All
|
|
|
|
# Security-critical directories
|
|
/etc/security All
|
|
/etc/sudoers.d All
|
|
/etc/apparmor.d All
|
|
/etc/apparmor All
|
|
/etc/fail2ban All
|
|
/etc/audit All
|
|
/etc/pam.d All
|
|
/etc/ssh All
|
|
|
|
# Boot-related directories
|
|
/boot All
|
|
/boot/grub All
|
|
/boot/grub.cfg All
|
|
/boot/efi All
|
|
/boot/efi/EFI All
|
|
/boot/efi/EFI/debian All
|
|
/boot/efi/EFI/BOOT All
|
|
|
|
# Kernel modules
|
|
/lib/modules All
|
|
/lib/firmware All
|
|
|
|
# System libraries
|
|
/lib All
|
|
/lib64 All
|
|
/usr/lib All
|
|
/usr/lib64 All
|
|
/usr/local/lib All
|
|
/usr/local/lib64 All
|
|
|
|
# User directories (monitor for changes)
|
|
/home/user All
|
|
/home/user/.config All
|
|
/home/user/.local All
|
|
/home/user/.ssh All
|
|
|
|
# Root user directories
|
|
/root All
|
|
|
|
# System state
|
|
/var All
|
|
!/var/log
|
|
!/var/run
|
|
!/var/lock
|
|
!/var/tmp
|
|
!/var/spool
|
|
!/var/cache
|
|
!/var/mail
|
|
!/var/lib/aide
|
|
|
|
# Temporary directories
|
|
!/tmp
|
|
!/var/tmp
|
|
!/var/cache
|
|
!/var/spool
|
|
|
|
# Application-specific monitoring
|
|
|
|
# Remmina configuration
|
|
/home/user/.config/remmina All
|
|
/usr/bin/remmina All
|
|
/usr/share/applications/remmina.desktop All
|
|
|
|
# IceWM configuration
|
|
/home/user/.config/icewm All
|
|
/usr/bin/icewm All
|
|
/usr/share/icewm All
|
|
|
|
# Network configuration
|
|
/etc/network/interfaces All
|
|
/etc/NetworkManager All
|
|
/etc/resolv.conf All
|
|
/etc/hosts All
|
|
/etc/hostname All
|
|
|
|
# Package management
|
|
/etc/apt All
|
|
/var/lib/apt All
|
|
/var/cache/apt All
|
|
/usr/bin/apt All
|
|
/usr/bin/apt-get All
|
|
/usr/bin/dpkg All
|
|
|
|
# Audit system
|
|
/etc/audit All
|
|
/var/log/audit All
|
|
/usr/sbin/auditd All
|
|
/usr/sbin/aureport All
|
|
/usr/sbin/ausearch All
|
|
|
|
# Rsyslog
|
|
/etc/rsyslog* All
|
|
/usr/sbin/rsyslogd All
|
|
/var/log/security All
|
|
|
|
# Firewall configuration
|
|
/etc/iptables All
|
|
/etc/nftables.conf All
|
|
/etc/ufw All
|
|
/usr/sbin/iptables All
|
|
/usr/sbin/nft All
|
|
|
|
# VPN configuration
|
|
/etc/wireguard All
|
|
/usr/bin/wg All
|
|
/usr/bin/wg-quick All
|
|
|
|
# Security tools
|
|
/usr/bin/aide All
|
|
/etc/aide.conf All
|
|
/usr/sbin/fail2ban-server All
|
|
/etc/fail2ban All
|
|
|
|
# GRUB bootloader
|
|
/etc/default/grub All
|
|
/etc/grub.d All
|
|
/usr/sbin/grub-install All
|
|
/usr/sbin/grub-mkconfig All
|
|
|
|
# Systemd configuration
|
|
/etc/systemd All
|
|
/lib/systemd All
|
|
/usr/lib/systemd All
|
|
/etc/systemd/system All
|
|
/run/systemd All
|
|
|
|
# Cryptographic libraries
|
|
/lib/x86_64-linux-gnu/security All
|
|
/usr/lib/x86_64-linux-gnu/security All
|
|
/lib/security All
|
|
|
|
# SSL/TLS certificates
|
|
/etc/ssl All
|
|
/etc/pki All
|
|
/usr/local/share/ca-certificates All
|
|
/etc/ca-certificates All
|
|
|
|
# SSH configuration and keys
|
|
/etc/ssh/sshd_config All
|
|
/etc/ssh/sshd_config.d All
|
|
/root/.ssh All
|
|
/home/user/.ssh All
|
|
|
|
# Sudoers configuration
|
|
/etc/sudoers All
|
|
/etc/sudoers.d All
|
|
/usr/bin/sudo All
|
|
/usr/sbin/visudo All
|
|
|
|
# PAM authentication
|
|
/etc/pam.d All
|
|
/lib/security All
|
|
/usr/lib/security All
|
|
/etc/security All
|
|
|
|
# Password and shadow files
|
|
/etc/passwd All
|
|
/etc/shadow All
|
|
/etc/group All
|
|
/etc/gshadow All
|
|
|
|
# AppArmor profiles
|
|
/etc/apparmor All
|
|
/etc/apparmor.d All
|
|
/usr/sbin/apparmor_status All
|
|
/usr/sbin/aa-status All
|
|
|
|
# Secure Boot keys
|
|
/etc/secure-boot All
|
|
|
|
# Linux kernel
|
|
/boot/vmlinu* All
|
|
/boot/initrd* All
|
|
/boot/System.map* All
|
|
/boot/config* All
|
|
|
|
# Device nodes (monitor for suspicious changes)
|
|
/dev All
|
|
!/dev/pts
|
|
!/dev/shm
|
|
!/proc
|
|
!/sys
|
|
|
|
# Proc filesystem (read-only monitoring)
|
|
/proc/version Normal
|
|
/proc/cpuinfo Normal
|
|
/proc/meminfo Normal
|
|
/proc/uptime Normal
|
|
/proc/loadavg Normal
|
|
/proc/version Normal
|
|
/proc/mounts Normal
|
|
/proc/filesystems Normal
|
|
/proc/swaps Normal
|
|
|
|
# System filesystem
|
|
/sys All
|
|
|
|
# Exclusion patterns (for dynamic content)
|
|
|
|
# Log files (too dynamic for integrity checking)
|
|
!/var/log/*
|
|
!/var/log/security/*
|
|
!/var/log/audit/*
|
|
!/var/log/aide/*
|
|
|
|
# Temporary and cache files
|
|
!/tmp/*
|
|
!/var/tmp/*
|
|
!/var/cache/*
|
|
!/var/spool/*
|
|
!/var/run/*
|
|
!/var/lock/*
|
|
|
|
# PID files
|
|
!/var/run/*.pid
|
|
|
|
# Lock files
|
|
!/var/lock/*
|
|
|
|
# Database files that change frequently
|
|
!/var/lib/locate/*
|
|
!/var/lib/mlocate/*
|
|
!/var/lib/updatedb/*
|
|
|
|
# Package cache
|
|
!/var/cache/apt/archives/*.deb
|
|
|
|
# Compilation artifacts
|
|
*.o
|
|
*.a
|
|
*.so
|
|
*.pyc
|
|
*.pyo
|
|
|
|
# Editor backup files
|
|
*~
|
|
*.swp
|
|
*.swo
|
|
|
|
# Version control directories
|
|
!.git
|
|
!.svn
|
|
!.hg
|
|
|
|
# AIDE's own database and log files
|
|
!@@{DBDIR}/*
|
|
!@@{LOGDIR}/*
|
|
|
|
# End of configuration |