Merge branch 'main' of https://gitea.lyc-lecastel.fr/alhassane.kone/siotp
This commit is contained in:
		
							
								
								
									
										8
									
								
								sio2/CYBER/IDS/aide
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										8
									
								
								sio2/CYBER/IDS/aide
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| #!/bin/bash | ||||
| aideinit  #initialisation | ||||
| /etc/cron.daily/aide  # on lance aide pour vérifier | ||||
| more /var/log/aide/aide.log  # on affiche le compte-rendu : pas de changements | ||||
| touch /etc/truc # on créée un fichier | ||||
| echo  "#########" >> /etc/hosts # on en modifie un autre | ||||
| /etc/cron.daily/aide  # on vérifie à nouveau | ||||
| more /var/log/aide/aide.log  # on constate les changements survenus ... | ||||
							
								
								
									
										189
									
								
								sio2/CYBER/IDS/aide.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										189
									
								
								sio2/CYBER/IDS/aide.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,189 @@ | ||||
| # AIDE conf | ||||
|  | ||||
| # set environment for executable config files included by x_include | ||||
| @@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d | ||||
|  | ||||
| # The daily cron job depends on these paths | ||||
| database_in=file:/var/lib/aide/aide.db | ||||
| database_out=file:/var/lib/aide/aide.db.new | ||||
| database_new=file:/var/lib/aide/aide.db.new | ||||
| gzip_dbout=yes | ||||
|  | ||||
| # Set to no to disable report_summarize_changes option. | ||||
| report_summarize_changes=yes | ||||
|  | ||||
| # Set to no to disable grouping of files in report. | ||||
| report_grouped=yes | ||||
|  | ||||
| # Set verbosity of aide run and reports | ||||
| log_level=warning | ||||
| report_level=changed_attributes | ||||
|  | ||||
| # Set to yes to print the checksums in the report in hex format | ||||
| report_base16 = no | ||||
|  | ||||
| # if you want to sacrifice security for speed, remove some of these | ||||
| # checksums. | ||||
| Checksums = sha256+sha512+haval | ||||
|  | ||||
| # The checksums of the databases to be printed in the report | ||||
| # Set to 'E' to disable. | ||||
| database_attrs = Checksums | ||||
|  | ||||
| # check permissions, owner, group and file type | ||||
| OwnerMode = p+u+g+ftype | ||||
|  | ||||
| # Check size and block count | ||||
| Size = s+b | ||||
|  | ||||
| # Files that stay static | ||||
| InodeData = OwnerMode+n+i+Size+l+X | ||||
| StaticFile = m+c+Checksums | ||||
|  | ||||
| # Files that stay static but are copied to a ram disk on startup | ||||
| # (causing different inode) | ||||
| RamdiskData = InodeData-i | ||||
|  | ||||
| # Check everything | ||||
| Full = InodeData+StaticFile | ||||
|  | ||||
| # Files that change their mtimes or ctimes but not their contents | ||||
| VarTime = InodeData+Checksums | ||||
|  | ||||
| # Files that are recreated regularly but do not change their contents | ||||
| VarInode = VarTime-i | ||||
|  | ||||
| # Files that change their contents during system operation | ||||
| VarFile = OwnerMode+n+l+X | ||||
|  | ||||
| # Directories that change their contents during system operation | ||||
| VarDir = OwnerMode+n+i+X | ||||
|  | ||||
| # Directories that are recreated regularly and change their contents | ||||
| VarDirInode = OwnerMode+n+X | ||||
|  | ||||
| # Directories that change their mtimes or ctimes but not their contents | ||||
| VarDirTime = InodeData | ||||
|  | ||||
| # Logs are special: they are continously written to, may be compressed | ||||
| # have their file name changed in different, mutually incompatibly ways | ||||
| # and apprear and vanish at will. Handling this is a a complex and error- | ||||
| # prone issue. | ||||
| # | ||||
| # This is best broken down in a number of small tasks: | ||||
| # | ||||
| # | ||||
| # (A) | ||||
| # While a live log is being written to, it doesn't change its mode and | ||||
| # inode and its size only increases. | ||||
| # | ||||
| # (B) | ||||
| # When a live log is rotated for the first time, it should not change | ||||
| # its mode, may change its inode, and its size decreases. The size | ||||
| # decrease may not be noticed by aide if the file had size x at the last | ||||
| # aide run, was rotated in the mean time and was written to so that it | ||||
| # had a size > x at the next aide run. | ||||
| # | ||||
| # (C) | ||||
| # When a log is compressed, this looks to aide like the uncompressed | ||||
| # file vanished (or was replaced by another file) and the compressed | ||||
| # file appeared out of the blue. There is (currently) no way to | ||||
| # associate the (gone) uncompressed file's contents with the (new) | ||||
| # compressed file's contents | ||||
| # | ||||
| # (D) | ||||
| # The actual log rotation may rename foo.{x}.bar to foo.{x+1}.bar without | ||||
| # changing the other properties of the file | ||||
| # | ||||
| # (E) | ||||
| # If only a given number of log generations is to be kept, foo.{y}.bar may | ||||
| # vanish, but usually only when no foo.{z}.bar exists for z>y. | ||||
| # | ||||
| # (F) | ||||
| # The set of files foo.{x}.bar to foo.{y}.bar is called a "log series" | ||||
| # in aide terms, with the lowest x being called the "LoSerMember" element | ||||
| # and the highest y being called the "HiSerMember" element, and the z | ||||
| # with x<z<y simple called "SerMember". The Lo and Hi members need to | ||||
| # be special cased in aide configuration. | ||||
| # | ||||
| # | ||||
| # This is an example of the normal life of a log named foo in a logrotate | ||||
| # configuration using a configuration at it is commonly used in Debian | ||||
| # (from old to new): | ||||
| #     1 logrotate deletes HiSerMember foo.{y}.gz | ||||
| #     2 logrotate rotates SerMember foo.{z-1}.gz to foo.{z}.gz for all | ||||
| #       z with 3<z<=y. This includes rotation of foo.{y-1}.gz to | ||||
| #       foo.{y}.gz and foo.2.gz to foo.3.gz | ||||
| #     3 logrotate compresses foo.1 to foo.2.gz, creating LoSerMember foo.2.gz | ||||
| #     4 logrotate rotates foo to foo.1 (a simple rename) | ||||
| #     5 logrotate creates new, empty foo | ||||
| #     6 foo daemon logs to foo - foo grows in size | ||||
| # | ||||
| # we need the following rules: | ||||
| # /var/log/foo$ f Log | ||||
| # /var/log/foo$ f FreqRotLog | ||||
| #    this takes care of the growing live log (step 7). The "Log" rule | ||||
| #    is appropriate for logs that are not rotated daily as rotation | ||||
| #    might be reported (if the file size has decreased since the last | ||||
| #    aide run). For daily rotated logs, the "FreqRotLog" may be more | ||||
| #    appropriate. | ||||
| # /var/log/foo\.1$ f LowLog | ||||
| #    this takes care of step 5. | ||||
| # /var/log/foo\.2\.gz$ f LoSerMemberLog | ||||
| #    this allows yet unknown new files to appear with a \.2\.gz extension, | ||||
| #    covering step 3. | ||||
| # /var/log/foo\.[3..y-1]\.gz$ f SerMemberLog | ||||
| #    this watches the log files as they wander through the Series, | ||||
| #    changing only their file name but not their contents or metadata, | ||||
| #    covering step 2. | ||||
| #    Please note that [3..y-1] needs to be a manually crafted regexp covering | ||||
| #    all numbers between 3 and y-1. | ||||
| # /var/log/foo\.y\.gz$ f HiSerMemberLog | ||||
| #    finally, the last element of the Series is allowed to vanish without | ||||
| #    being reported, covering step 1. | ||||
| # | ||||
| # Please note that these example rules need to be adapted to the logrotate | ||||
| # configuration for the log. Compression may be disabled or lead to a different | ||||
| # extension, the dateext option may be used, old logs might be held in a | ||||
| # different place, a log series does not necessarily need to be compressed etc. | ||||
| # | ||||
| # Please note that savelog rotates the live log to .0 and not to .1 as it | ||||
| # is logrotates (changeable) default. | ||||
|  | ||||
|  | ||||
| # Logs grow in size. Log rotation of these logs will be reported, so | ||||
| # this should only be used for logs that are not rotated daily. | ||||
| Log = OwnerMode+n+S+X | ||||
|  | ||||
| # Logs that are frequently rotated | ||||
| FreqRotLog = Log-S | ||||
|  | ||||
| # The first instance of a rotated log: After the log has stopped being | ||||
| # written to, but before rotation | ||||
| LowLog = Log-S | ||||
|  | ||||
| # Rotated logs change their file name but retain all their other properties | ||||
| SerMemberLog  = Full+I | ||||
|  | ||||
| # The first instance of a compressed, rotated log: After a LowLog was | ||||
| # compressed. | ||||
| LoSerMemberLog = SerMemberLog+ANF | ||||
|  | ||||
| # The last instance of a compressed, rotated log: After this name, a log | ||||
| # will be removed | ||||
| HiSerMemberLog = SerMemberLog+ARF | ||||
|  | ||||
| # Not-yet-compressed log created by logrotate's dateext option: | ||||
| # These files appear one rotation (renamed from the live log) and are gone | ||||
| # the next rotation (being compressed) | ||||
| LowDELog = SerMemberLog+ANF+ARF | ||||
|  | ||||
| # Compressed log created by logrotate's dateext option: These files appear | ||||
| # once and are not touched any more. | ||||
| SerMemberDELog = Full+ANF | ||||
|  | ||||
| # For daemons that log to a variable file name and have the live log | ||||
| # hardlinked to a static file name | ||||
| LinkedLog = Log-n | ||||
|  | ||||
| @@x_include /etc/aide/aide.conf.d ^[a-zA-Z0-9_-]+$ | ||||
		Reference in New Issue
	
	Block a user