Please excuse me for my English ^^'
I'm trying to answer to my title question.
There is the content of my /etc/aide/aide.conf :
# AIDE conf
# The daily cron job depends on these paths
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
database_new=file:/var/lib/aide/aide.db.new
gzip_dbout=no
# Set to no to disable summarize_changes option.
summarize_changes=yes
# Set to no to disable grouping of files in report.
grouped=yes
# standard verbose level
verbose = 6
# Set to yes to print the checksums in the report in hex format
report_base16 = no
# if you want to sacrifice security for speed, remove some of these
# checksums. Whirlpool is broken on sparc and sparc64 (see #429180,
# #420547, #152203).
Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
# The checksums of the databases to be printed in the report
# Set to 'E' to disable.
database_attrs = Checksums
# check permissions, owner, group and file type
OwnerMode = p+u+g+ftype
# Check size and block count
Size = s+b
# Files that stay static
InodeData = OwnerMode+n+i+Size+l+X
StaticFile = m+c+Checksums
# Files that stay static but are copied to a ram disk on startup
# (causing different inode)
RamdiskData = InodeData-i
# Check everything
Full = InodeData+StaticFile
# Files that change their mtimes or ctimes but not their contents
VarTime = InodeData+Checksums
# Files that are recreated regularly but do not change their contents
VarInode = VarTime-i
# Files that change their contents during system operation
VarFile = OwnerMode+n+l+X
# Directories that change their contents during system operation
VarDir = OwnerMode+n+i+X
# Directories that are recreated regularly and change their contents
VarDirInode = OwnerMode+n+X
# Directories that change their mtimes or ctimes but not their contents
VarDirTime = InodeData
# Logs grow in size. Log rotation of these logs will be reported, so
# this should only be used for logs that are not rotated daily.
Log = OwnerMode+n+S+X
# Logs that are frequently rotated
FreqRotLog = Log-S
# The first instance of a rotated log: After the log has stopped being
# written to, but before rotation
LowLog = Log-S
# Rotated logs change their file name but retain all their other properties
SerMemberLog = Full+I
# The first instance of a compressed, rotated log: After a LowLog was
# compressed.
LoSerMemberLog = SerMemberLog+ANF
# The last instance of a compressed, rotated log: After this name, a log
# will be removed
HiSerMemberLog = SerMemberLog+ARF
# Not-yet-compressed log created by logrotate's dateext option:
# These files appear one rotation (renamed from the live log) and are gone
# the next rotation (being compressed)
LowDELog = SerMemberLog+ANF+ARF
# Compressed log created by logrotate's dateext option: These files appear
# once and are not touched any more.
SerMemberDELog = Full+ANF
I don't understand why AIDE adds just over 400.000 entries to the new database when I execute the following command : update-aide.conf ; aideinit
In the config file there is nowhere selection lines or restricted selection lines, so I'm wondering if AIDE doesn't add some by default.
I'm on Ubuntu 18.04.4 so the package aide comes with aide-common wrapper package.
I would like to have a clean aide.conf file but when I tried to delete SerMemberDELog = Full+ANF for example, I get the following error :
846:Error in expression:
Configuration error
error checking aide config, not running aide
AIDE --init return code 255
Big thanks to anyone who will help me :) ! If you need more details I'm always here.
