Package: aide
Version: 0.1.15-8
Severity: wishlist
Dear Maintainer,
Please consider applying the attached patch to upstream. It contains an essence
of my efforts made to configure mail servers running dovecot+postfix with
amavis, fail2ban, postfix-cluebringer mysql and vsftpd.
These rules are based on the default set provided by amavis-0.15-8 and were
tuned to the moment, at which aide was able to survive server reboot without
generating noise about changes in files (without false positives).
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -rupN debian/aide.conf.d/10_aide_dpkg-architecture debian/aide.conf.d/10_aide_dpkg-architecture
--- a/debian/aide.conf.d/10_aide_dpkg-architecture 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/10_aide_dpkg-architecture 2013-11-10 03:08:54.831457508 +0100
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# this simple invocation yields the following variables (example for amd64 platform):
+#
+# @@define DEB_BUILD_ARCH amd64
+# @@define DEB_BUILD_ARCH_BITS 64
+# @@define DEB_BUILD_ARCH_CPU amd64
+# @@define DEB_BUILD_ARCH_ENDIAN little
+# @@define DEB_BUILD_ARCH_OS linux
+# @@define DEB_BUILD_GNU_CPU x86_64
+# @@define DEB_BUILD_GNU_SYSTEM linux-gnu
+# @@define DEB_BUILD_GNU_TYPE x86_64-linux-gnu
+# @@define DEB_BUILD_MULTIARCH x86_64-linux-gnu
+# @@define DEB_HOST_ARCH amd64
+# @@define DEB_HOST_ARCH_BITS 64
+# @@define DEB_HOST_ARCH_CPU amd64
+# @@define DEB_HOST_ARCH_ENDIAN little
+# @@define DEB_HOST_ARCH_OS linux
+# @@define DEB_HOST_GNU_CPU x86_64
+# @@define DEB_HOST_GNU_SYSTEM linux-gnu
+# @@define DEB_HOST_GNU_TYPE x86_64-linux-gnu
+# @@define DEB_HOST_MULTIARCH x86_64-linux-gnu
+
+
+dpkg-architecture -l | sed -e 's/^/@@define /' -e 's/=/ /'
diff -rupN debian/aide.conf.d/31_aide_amavisd-new debian/aide.conf.d/31_aide_amavisd-new
--- a/debian/aide.conf.d/31_aide_amavisd-new 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_amavisd-new 2013-11-10 03:08:54.883455915 +0100
@@ -1,9 +1,14 @@
/@@{RUN}/amavis/amavisd.lock$ VarFile
+/@@{RUN}/amavis/amavisd.pid$ VarFile
+/@@{RUN}/amavis$ VarDirInode
+/var/lib/amavis VarDir
/var/lib/amavis/tmp$ VarDir
!/var/lib/amavis/tmp/amavis-[0-9]{8}T[0-9]{6}-[0-9]{5}$
!/var/lib/amavis/tmp/amavis-[0-9]{8}T[0-9]{6}-[0-9]{5}/(email\.txt|parts)$
+/var/lib/amavis/db VarDir
/var/lib/amavis/db/__db.[0-9]{3} VarFile
/var/lib/amavis/db/(cache(-expiry)?|snmp|nanny)\.db$ VarFile
/var/lib/amavis/.spamassassin$ VarDir
/var/lib/amavis/.spamassassin/bayes_(toks|seen)$ VarFile
/var/lib/amavis/.spamassassin/auto-whitelist$ VarFile
+/var/lib/amavis/amavisd.sock$ VarInode
diff -rupN debian/aide.conf.d/31_aide_courier-authlib debian/aide.conf.d/31_aide_courier-authlib
--- a/debian/aide.conf.d/31_aide_courier-authlib 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_courier-authlib 2013-11-10 03:08:54.971453218 +0100
@@ -0,0 +1,3 @@
+/@@{RUN}/courier/authdaemon/(pid|pid\.lock|socket)$ VarFile
+/@@{RUN}/courier/authdaemon$ VarDirInode
+/@@{RUN}/courier$ VarDirInode
diff -rupN debian/aide.conf.d/31_aide_dcc-common debian/aide.conf.d/31_aide_dcc-common
--- a/debian/aide.conf.d/31_aide_dcc-common 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_dcc-common 2013-11-10 03:08:54.995452483 +0100
@@ -0,0 +1,2 @@
+/var/lib/dcc/map VarFile
+/var/lib/dcc VarDir
diff -rupN debian/aide.conf.d/31_aide_dovecot debian/aide.conf.d/31_aide_dovecot
--- a/debian/aide.conf.d/31_aide_dovecot 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_dovecot 2013-11-10 03:08:55.031451379 +0100
@@ -1,5 +1,43 @@
-/var/lib/dovecot/ssl-parameters\.dat$ VarFile
-/var/lib/dovecot$ VarDir
-/@@{RUN}/dovecot/(auth-worker\.[0-9]{4}|master\.pid)$ VarFile
-/@@{RUN}/dovecot/login/(default|ssl-parameters\.dat)$ VarFile
-/@@{RUN}/dovecot(/login)?$ VarDirInode
+/var/lib/dovecot$ VarDir
+/var/lib/dovecot/ssl-parameters\.dat$ VarFile
+/var/lib/dovecot/instances$ VarFile
+/var/lib/dovecot/mounts$ VarInode
+
+/@@{RUN}/dovecot(/(login|empty))?$ VarDirInode
+
+/@@{RUN}/dovecot/login/default$ VarFile
+/@@{RUN}/dovecot/login/dns-client$ VarFile
+/@@{RUN}/dovecot/login/imap$ VarFile
+/@@{RUN}/dovecot/login/ipc-proxy$ VarFile
+/@@{RUN}/dovecot/login/login$ VarFile
+/@@{RUN}/dovecot/login/pop3$ VarFile
+/@@{RUN}/dovecot/login/ssl-params$ VarFile
+
+/@@{RUN}/dovecot/auth-worker\.[0-9]{4}$ VarFile
+/@@{RUN}/dovecot/master\.pid$ VarFile
+/@@{RUN}/dovecot/anvil$ VarFile
+/@@{RUN}/dovecot/anvil-auth-penalty$ VarFile
+/@@{RUN}/dovecot/auth-client$ VarFile
+/@@{RUN}/dovecot/auth-login$ VarFile
+/@@{RUN}/dovecot/auth-master$ VarFile
+/@@{RUN}/dovecot/auth-userdb$ VarFile
+/@@{RUN}/dovecot/auth-worker$ VarFile
+/@@{RUN}/dovecot/config$ VarFile
+/@@{RUN}/dovecot/dict$ VarFile
+/@@{RUN}/dovecot/director-admin$ VarFile
+/@@{RUN}/dovecot/director-userdb$ VarFile
+/@@{RUN}/dovecot/dns-client$ VarFile
+/@@{RUN}/dovecot/doveadm-server$ VarFile
+/@@{RUN}/dovecot/indexer$ VarFile
+/@@{RUN}/dovecot/indexer-worker$ VarFile
+/@@{RUN}/dovecot/ipc$ VarFile
+/@@{RUN}/dovecot/log-errors$ VarFile
+/@@{RUN}/dovecot/replication-notify$ VarFile
+/@@{RUN}/dovecot/replicator$ VarFile
+/@@{RUN}/dovecot/stats$ VarFile
+
+/@@{RUN}/dovecot/mounts$ VarFile
+/@@{RUN}/dovecot/replication-notify-fifo$ VarFile
+/@@{RUN}/dovecot/stats-mail$ VarFile
+
+/@@{RUN}/dovecot/dovecot.conf$ VarInode
diff -rupN debian/aide.conf.d/31_aide_mdadm debian/aide.conf.d/31_aide_mdadm
--- a/debian/aide.conf.d/31_aide_mdadm 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_mdadm 2013-11-10 03:08:55.155447580 +0100
@@ -1,3 +1,4 @@
/@@{RUN}/mdadm/(monitor|autorebuild)\.pid$ VarFile
-/run/mdadm/m(ap|d[0-9]+-uevent)$ VarInode
+/@@{RUN}/mdadm/m(ap|d[0-9]+-uevent)$ VarInode
/@@{RUN}/mdadm$ VarDirInode
+/lib/init/rw/.mdadm$ VarDirInode
diff -rupN debian/aide.conf.d/31_aide_mysql-server debian/aide.conf.d/31_aide_mysql-server
--- a/debian/aide.conf.d/31_aide_mysql-server 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_mysql-server 2013-11-10 03:08:55.183446722 +0100
@@ -1,5 +1,7 @@
/var/lib/mysql$ VarDir
-/var/lib/mysql/(ibdata1|ib_logfile0)$ VarFile
+/var/lib/mysql/(ibdata1|ib_logfile[01])$ VarFile
+/var/lib/mysql/mysql$ VarDir
+/var/lib/mysql/mysql/(general|slow)_log\.(CSM|CSV|frm)$ VarFile
/var/log/mysql$ VarDir
/var/log/mysql/mysql-bin\.index$ VarFile
!/var/log/mysql/mysql-bin\.[0-9]{3}$
diff -rupN debian/aide.conf.d/31_aide_network debian/aide.conf.d/31_aide_network
--- a/debian/aide.conf.d/31_aide_network 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_network 2013-11-10 03:08:55.195446354 +0100
@@ -1 +1,2 @@
/@@{RUN}/network$ VarDirInode
+/@@{RUN}/network/ifstate$ VarInode
diff -rupN debian/aide.conf.d/31_aide_portmap debian/aide.conf.d/31_aide_portmap
--- a/debian/aide.conf.d/31_aide_portmap 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_portmap 2013-11-10 03:08:55.239445006 +0100
@@ -1,2 +1,2 @@
/@@{RUN}/portmap(\.pid|_mapping)$ VarFile
-/@@{LIBINITRW}/sendsigs\.omit\.d/portmap$ VarInode
+/(lib\/init\/rw|@@{RUN})/sendsigs\.omit\.d/portmap$ VarInode
diff -rupN debian/aide.conf.d/31_aide_postfix debian/aide.conf.d/31_aide_postfix
--- a/debian/aide.conf.d/31_aide_postfix 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_postfix 2013-11-10 03:08:55.243444884 +0100
@@ -0,0 +1,130 @@
+@@ifndef POSTFIX_QUEUE_DIRECTORY
+@@define POSTFIX_QUEUE_DIRECTORY var/spool/postfix
+@@endif
+@@ifndef POSTFIX_DATA_DIRECTORY
+@@define POSTFIX_DATA_DIRECTORY var/lib/postfix
+@@endif
+@@ifndef POSTFIX_SPOOL_DIRECTORY
+@@define POSTFIX_SPOOL_DIRECTORY var/mail
+@@endif
+
+
+#
+# /var/lib/postfix
+#
+/@@{POSTFIX_DATA_DIRECTORY}/master.lock$ VarFile
+/@@{POSTFIX_DATA_DIRECTORY}/smtpd_scache.db$ VarFile
+/@@{POSTFIX_DATA_DIRECTORY}/smtp_scache.db$ VarFile
+/@@{POSTFIX_DATA_DIRECTORY}/prng_exch$ VarFile
+
+#
+# /var/spool/postfix/dev
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/dev$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/dev/urandom$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/dev/random$ VarFile
+
+#
+# /var/spool/postfix/etc
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/hosts$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/localtime$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/nsswitch.conf$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/resolv.conf$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/services$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/ssl$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/ssl/certs$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/etc/ssl/certs/ca-certificates.crt$ VarTime
+
+#
+# /var/spool/postfix/lib
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/lib$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/lib/@@{DEB_HOST_GNU_TYPE}$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/lib/@@{DEB_HOST_GNU_TYPE}/lib[_a-z0-9\.-]+\.so(\.[0-9])?$ VarInode
+
+#
+# /var/spool/postfix/usr
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/usr$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/usr/lib$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/usr/lib/zoneinfo$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/usr/lib/zoneinfo/localtime$ VarFile
+
+
+#
+# /var/spool/postfix/pid
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/pid/master.pid$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/pid/inet\..* VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/pid/unix\..* VarFile
+
+#
+# /var/spool/postfix/private
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/private$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/anvil$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/defer$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/ifmail$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/maildrop$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/relay$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/scache$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/smtp$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/tlsmgr$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/verify$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/bounce$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/discard$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/lmtp$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/mailman$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/retry$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/scalemail-backend$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/smtp-amavis$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/trace$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/virtual$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/bsmtp$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/error$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/local$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/proxymap$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/rewrite$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/private/uucp$ VarFile
+
+#
+# /var/spool/postfix/public
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/public$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/public/cleanup$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/public/flush$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/public/pickup$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/public/qmgr$ VarFile
+/@@{POSTFIX_QUEUE_DIRECTORY}/public/showq$ VarFile
+
+#
+# Queues
+#
+/@@{POSTFIX_QUEUE_DIRECTORY}/active$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/corrupt$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/deferred$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/hold$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/saved$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/bounce$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/defer$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/flush$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/incoming$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/maildrop$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/trace$ VarDir
+
+/@@{POSTFIX_QUEUE_DIRECTORY}/deferred/[A-F0-9]$ VarDir
+/@@{POSTFIX_QUEUE_DIRECTORY}/defer/[A-F0-9]$ VarDir
+
+!/@@{POSTFIX_QUEUE_DIRECTORY}/active/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/corrupt/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/deferred/[A-F0-9]/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/hold/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/saved/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/bounce/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/defer/[A-F0-9]/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/flush/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/incoming/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/maildrop/[A-F0-9]{10}$
+!/@@{POSTFIX_QUEUE_DIRECTORY}/trace/[A-F0-9]{10}$
diff -rupN debian/aide.conf.d/31_aide_postfix-cluebringer debian/aide.conf.d/31_aide_postfix-cluebringer
--- a/debian/aide.conf.d/31_aide_postfix-cluebringer 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_postfix-cluebringer 2013-11-10 03:08:54.967453341 +0100
@@ -0,0 +1,2 @@
+/@@{RUN}/cluebringer/cbpolicyd.pid$ VarFile
+/@@{RUN}/cluebringer VarDirInode
diff -rupN debian/aide.conf.d/31_aide_rsyslog debian/aide.conf.d/31_aide_rsyslog
--- a/debian/aide.conf.d/31_aide_rsyslog 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_rsyslog 2013-11-10 03:08:55.279443781 +0100
@@ -12,4 +12,4 @@
/var/log/@@{LOGFILES4R}\.4\.gz$ HiSerMemberLog
/var/log$ VarDir
/@@{RUN}/rsyslogd.pid$ VarFile
-/@@{LIBINITRW}/sendsigs\.omit\.d/rsyslog$ VarInode
+/(lib/init/rw|@@{RUN})/sendsigs\.omit\.d/rsyslog$ VarInode
diff -rupN debian/aide.conf.d/31_aide_saslauthd debian/aide.conf.d/31_aide_saslauthd
--- a/debian/aide.conf.d/31_aide_saslauthd 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_saslauthd 2013-11-10 03:08:55.287443535 +0100
@@ -0,0 +1,6 @@
+/@@{RUN}/saslauthd$ VarDirInode
+/@@{RUN}/saslauthd/cache.flock$ VarFile
+/@@{RUN}/saslauthd/cache.mmap$ VarFile
+/@@{RUN}/saslauthd/mux$ VarFile
+/@@{RUN}/saslauthd/mux.accept$ VarFile
+/@@{RUN}/saslauthd/saslauthd.pid$ VarFile
diff -rupN debian/aide.conf.d/31_aide_spampd debian/aide.conf.d/31_aide_spampd
--- a/debian/aide.conf.d/31_aide_spampd 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_spampd 2013-11-10 03:08:55.323442433 +0100
@@ -0,0 +1,2 @@
+/var/cache/spampd$ VarDir
+/@@{RUN}/spampd.pid$ VarFile
diff -rupN debian/aide.conf.d/31_aide_ssh-server debian/aide.conf.d/31_aide_ssh-server
--- a/debian/aide.conf.d/31_aide_ssh-server 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_ssh-server 2013-11-10 03:08:55.335442065 +0100
@@ -1 +1,2 @@
/@@{RUN}/sshd.pid$ VarFile
+/@@{RUN}/sshd$ VarDirInode
diff -rupN debian/aide.conf.d/31_aide_syslog-ng debian/aide.conf.d/31_aide_syslog-ng
--- a/debian/aide.conf.d/31_aide_syslog-ng 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_syslog-ng 2013-11-10 03:08:55.347441697 +0100
@@ -0,0 +1,5 @@
+/@@{RUN}/syslog-ng$ VarDirInode
+/@@{RUN}/syslog-ng.pid$$ VarFile
+/var/lib/syslog-ng$ VarDir
+/var/lib/syslog-ng/syslog-ng.ctl$ VarFile
+/var/lib/syslog-ng/syslog-ng.persist$ VarFile
diff -rupN debian/aide.conf.d/31_aide_vsftpd debian/aide.conf.d/31_aide_vsftpd
--- a/debian/aide.conf.d/31_aide_vsftpd 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/31_aide_vsftpd 2013-11-10 03:08:55.383440594 +0100
@@ -0,0 +1,3 @@
+/@@{RUN}/vsftpd$ VarDirInode
+/@@{RUN}/vsftpd/empty$ VarDirInode
+/@@{RUN}/vsftpd/vsftpd.pid$ VarFile
diff -rupN debian/aide.conf.d/31_aide_wpasupplicant debian/aide.conf.d/31_aide_wpasupplicant
--- a/debian/aide.conf.d/31_aide_wpasupplicant 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/31_aide_wpasupplicant 2013-11-10 03:08:55.391440349 +0100
@@ -1,5 +1,5 @@
@@define INTERFACES wlan0
-/@@{LIBINITRW}/sendsigs\.omit\.d/wpasupplicant\.wpa_(supplicant|action)\.@@{INTERFACES}\.pid$ VarFile
+/(lib/init/rw|@@{RUN})/sendsigs\.omit\.d/wpasupplicant\.wpa_(supplicant|action)\.@@{INTERFACES}\.pid$ VarFile
/@@{RUN}/wpa_action\.@@{INTERFACES}\.(pid|timestamp)$ VarFile
/@@{RUN}/wpa_supplicant\.@@{INTERFACES}\.pid$ VarFile
diff -rupN debian/aide.conf.d/70_aide_libinitrw debian/aide.conf.d/70_aide_libinitrw
--- a/debian/aide.conf.d/70_aide_libinitrw 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/70_aide_libinitrw 2013-11-10 03:08:55.427439246 +0100
@@ -0,0 +1,3 @@
+/lib/init/rw/sendsigs\.omit\.d$ VarDirInode
+/lib/init/rw/\.ramfs$ VarFile
+/lib/init/rw$ VarDirInode
diff -rupN debian/aide.conf.d/70_aide_lpd debian/aide.conf.d/70_aide_lpd
--- a/debian/aide.conf.d/70_aide_lpd 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/70_aide_lpd 2013-11-10 03:08:55.135448193 +0100
@@ -0,0 +1,3 @@
+/@@{RUN}/lpd.pid$ VarFile
+/var/spool/lpd VarDir
+/var/spool/lpd/lpd.lock VarFile
diff -rupN debian/aide.conf.d/70_aide_run debian/aide.conf.d/70_aide_run
--- a/debian/aide.conf.d/70_aide_run 2013-11-10 02:53:47.971245692 +0100
+++ b/debian/aide.conf.d/70_aide_run 2013-11-10 03:41:26.879675858 +0100
@@ -1,7 +1,5 @@
-/@@{LIBINITRW}/sendsigs\.omit\.d$ VarDirInode
-/@@{LIBINITRW}/\.ramfs$ VarFile
-/@@{LIBINITRW}$ VarDirInode
-
/@@{RUNLOCK}/\.ramfs$ VarFile
/@@{RUNLOCK}$ VarDirInode
+/@@{RUN}/sendsigs\.omit\.d$ VarDirInode
+/@@{RUN}/initctl$ VarFile
/@@{RUN}$ VarDirInode
diff -rupN debian/aide.conf.d/70_aide_run-shm debian/aide.conf.d/70_aide_run-shm
--- a/debian/aide.conf.d/70_aide_run-shm 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/aide.conf.d/70_aide_run-shm 2013-11-10 03:08:55.295443291 +0100
@@ -0,0 +1,2 @@
+/@@{RUN}/shm$ VarDirInode
+/@@{RUN}/shm/.tmpfs$ VarInode
