aide.conf

# AIDE conf
# This configuration file does not contain every possible option
# For a complete reference, see man aide.conf(5)

# set environment for executable config files included by x_include
@@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d
@@x_include_setenv PATH /bin:/usr/bin

# The daily cron job depends on these paths and settings
database_in=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
database_new=file:/var/lib/aide/aide.db.new
gzip_dbout=yes

# Set to no to disable report_summarize_changes option.
#report_summarize_changes=true

# Set to no to disable grouping of files in report.
#report_grouped=true

# have AIDE version and time of database generation in database
#database_add_metadata=true

# Set verbosity of aide run and reports
#log_level=warning
#report_level=changed_attributes

# Ignore e2fs attributes that cannot be set manually
report_ignore_e2fsattrs=VNIE

# Set to yes to print the checksums in the report in hex format
#report_base16 = false

###### GROUPS ######

# See documentation in aide.conf(5). To list the default compount
# groups available in this aide binary, use aide --version.

# if you want to sacrifice security for speed, list some checksum
# explicitly here. H specifies that all checksums compiled in are used.
Checksums = H

# The checksums of the databases to be printed in the report
# Set to 'E' to disable. Set to a list if you want a special set of
# checksums for the database itself
database_attrs = Checksums

OwnerMode = p+u+g+ftype
Size = s+b
InodeData = OwnerMode+n+i+Size+l+X
StaticFile = m+c+Checksums
Full = InodeData+StaticFile
VarTime = InodeData+Checksums
VarInode = VarTime-i
VarFile = OwnerMode+n+l+X
VarDir = OwnerMode+n+i+X
RecreatedDir = OwnerMode+n+X

# Files that stay static but are copied to a ram disk on startup
# (causing different inode). Please do not use for new rules.
RamdiskData = InodeData-i

# VarDirInode is kind of a misnomer, as it does _less_ checks than
# VarDir. Renaming it would mean touching > 60 rule files though.
# Please use RecreatedDir for new rules.
VarDirInode = RecreatedDir

# Directories that change their mtimes or ctimes but not their contents
VarDirTime = InodeData

###### LOG HANDLING ######

# aide 0.18 is the first version of aide that offers infrastructure to
# track log contents on its entire way through the log rotation mechanics
# common on unxoid operating systems.

# For a detailed description of the challenges of handling logs with
# aide, see the "LOG HANDLING" section in aide.conf(5).

ActLog = Full+growing+ANF+I
RotLog = Full
CompSerLog = Full+I+compressed
MidlSerLog = Full+I
LastSerLog = Full+ARF

# Please note that these example rules need to be adapted to the logrotate
# configuration for the log. Compression may be disabled or lead to a
# different extension, the dateext option may be used, old logs might be
# held in a different place, a log series does not necessarily need to be
# compressed etc.

# Please note that savelog rotates the live log to .0 and not to .1 as it
# is logrotates (changeable) default.

# Log Handling, old method. This causes false reports and is not
# necessary any more since aide 0.18. Please consider migating your
# log rules to the new method. The groups used in this method will be
# removed after Debian bookworm (but of course you can re-add them).
#
Log = OwnerMode+n+growing+s+X
FreqRotLog = Log-growing-s
LowLog = Log-growing-s
LoSerMemberLog = Full+I+ANF
SerMemberLog  = Full+I
HiSerMemberLog = Full+I+ARF
LowDELog = SerMemberLog+ANF+ARF
SerMemberDELog = Full+ANF
LinkedLog = Log-n

# include rules from /etc/aide/aide.conf.d, honoring the
# file name restrictions that are common in Debian. Files with
# the x bit set are executed and their output included.
@@x_include /etc/aide/aide.conf.d ^[a-zA-Z0-9_-]+$