Consider to correct AIDE default config file (/etc/aide.conf), due some errors there. Steps to reproduce: 1. Install aide (# apt-get install aide) 2. Run initialization of integrity database (# aide --init) Get an error, i.e.: ERROR: /etc/aide.conf:7: unexpected character: ' ' (line: 'database in = file:@@{DBDIR}/aide.db.gz') and so on. Most likely, in this version of AIDE config file it does not recognize some spaces, i.e., for example all includes like: database_in = file:@@{DBDIR}/aide.db.gz must be changed into: database_in=file:@@{DBDIR}/aide.db.gz And includes with comma: BINLIB=p+i+n+u+g+s+b+m+c+acl+caps,sha512 must be changed into: BINLIB=p+i+n+u+g+s+b+m+c+acl+caps+sha512 Example of a config file: ### AIDE Example Configuration ## Global settings @@define DBDIR /var/lib/aide @@define LOGDIR /var/log/aide database_in=file:@@{DBDIR}/aide.db.gz database_out=file:@@{DBDIR}/aide.db.new.gz gzip_dbout=yes report_url=stdout ## Rules # File attributes:: # a: atime # b: block count # c: ctime # ftype: file type (regular, symlink, &c.) # g: group # i: inode # l: symlink name # m: mtime # n: number of hard links # p: permissions # s: size # u: user # Extended attributes:: # acl: POSIX Access Control Lists # caps: Capabilities # e2fsattrs: ext2 attributes # selinux: SELinux security context # xattrs: eXtended file attributes # Special groups:: # ANF: allow new files # ARF: allow removed files # I: ignore changed filename: l+p+i+n+u+g+X # S: check for growing size # Compound groups:: # (assuming 'common' attrs are: p+ftype+i+n+u+g) # >: Growing files: L+S # E: Empty group # H: All hashsums: crc32+gost+sha256+sha512+stribog256+stribog512 # L: Links: I+ftype # R: Files: L+s+m+c+md5 # X: Extra attributes: acl+selinux+xattrs+e2fsattrs+caps # Hashsums:: # crc32: crc32 checksum # gost: GOST R 34.11-94 # sha256: sha256 # sha512: sha512 # stribog256: GOST R 34.11-2012, 256 bit # stribog512: GOST R 34.11-2012, 512 bit # Restriction file types:: # b: restrict rule to block devices # c: restrict rule to character devices # d: restrict rule to directories # f: restrict rule to regular files # l: restrict rule to symbolic links # p: restrict rule to FIFO files # s: restrict rule to UNIX sockets # Custom rules BINLIB=p+i+n+u+g+s+b+m+c+acl+caps+sha512 CONFFILES= p+i+n+u+g+s+b+m+c+acl+sha512 LOGS=p+i+n+u+g+S DEVICES=p+i+n+u+g+s+b+c+sha512 DATABASES=p+n+u+g STATICDIR=p+i+n+u+g MANPAGES=p+i+n+u+g+s+b+m+c+sha512 # Directories and files # NB! Just am example not intended for serious security /boot BINLIB /etc CONFFILES /bin BINLIB /sbin BINLIB /lib BINLIB /usr BINLIB /opt BINLIB /var/log LOGS /dev DEVICES /var/log/audit LOGS #=/dev/pts =/var/run STATICDIR /var/lib DATABASES =/proc STATICDIR =/dev/shm STATICDIR =/run STATICDIR =/run/media STATICDIR =/var/media STATICDIR =/mnt STATICDIR
Thank you. Even though default `aide.conf` is not intended for real use it's would be useful to fix the syntax errors so users don't waste their time on them. New package is prepared in task 351558 but is not committed into Sisyphus yet. If you with you can test it with # apt-repo test 351558 Thanks,
aide-0.18.8-alt2 -> sisyphus: Tue Jun 25 2024 Vitaly Chikunov <vt@altlinux> 0.18.8-alt2 - Fix syntax errors in default aide.conf (ALT#50748).
Thank you.
