[Aide] aide configuration on debian
John Kristoff
jtk at depaul.edu
Fri Oct 13 17:36:42 EEST 2017
On Fri, 13 Oct 2017 12:32:39 +0000
John Ratliff <john at bluemarble.net> wrote:
> Is there a reason to monitor things like
> /dev
> /run
> /tmp
> /var/log (rotated log files in particular)
Here is what I've done when run as non-root:
soft = p+n+u+g
/dev soft
!/dev/char
!/dev/tty[0-9]+
!/dev/vcs[0-9]+
!/dev/vcsa[0-9]+
!/dev/xconsole
=/run$ L
=/tmp$ L
=/var$ L
This is for server systems that don't have a lot of users so your
mileage may vary.
John
More information about the Aide
mailing list