Package: aide Version: 0.10-6.1 Followup-For: Bug #245423
I am facing the same issue with /sbin and with a certain number of files in /dev. I have been using aide for woody for a long time and never face this issue. The issue came on board quickly after I moved to Sarge. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages aide depends on: ii debconf 1.4.30.11 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent -- debconf information: * aide/aideinit: false * aide/mustaideinit: * aideinit/copynew: true aideinit/overwritenew: true aide/newlibdir: false * aide/setmailaddress: aideinit/warnnew:
# AIDE conf database=file:/var/lib/aide/aide.db database_out=file:/var/lib/aide/aide.db.new # Change this to "no" or remove it to not gzip output # (only useful on systems with few CPU cycles to spare) gzip_dbout=yes # Here are all the things we can check - these are the default rules # #p: permissions #i: inode #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S #haval: haval checksum #gost: gost checksum #crc32: crc32 checksum # Defines formerly set here have been moved to /etc/default/aide. # Custom rules Binlib = p+i+n+u+g+s+b+m+md5+sha1 ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 Logs = p+i+n+u+g+S Devices = p+i+n+u+g+s+b+md5+sha1 Databases = p+n+u+g StaticDir = p+i+n+u+g ManPages = p+i+n+u+g+s+b+m+md5+sha1 # Next decide what directories/files you want in the database # Kernel, system map, etc. =/boot$ Binlib # Binaries /bin Binlib /usr/bin Binlib /usr/sbin Binlib /sbin Binlib /usr/local/bin Binlib /usr/local/sbin Binlib /usr/games Binlib # Libraries /lib Binlib /usr/lib Binlib /usr/local/lib Binlib # Log files =/var/log$ StaticDir !/var/log/ksymoops /var/log/aide/aide.log(.[0-9])?(.gz)? Databases /var/log/aide/error.log(.[0-9])?(.gz)? Databases /var/log/setuid.changes(.[0-9])?(.gz)? Databases !/var/log/aide /var/log Logs # Devices !/dev/pts # If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, # you may uncomment this to get rid of them. They're harmless but sometimes # annoying. #!/dev/cpu/mtrr !/dev/xconsole /dev Devices # Other miscellaneous files /var/run$ StaticDir !/var/run # Test only the directory when dealing with /proc /proc$ StaticDir !/proc # You can look through these examples to get further ideas # MD5 sum files - especially useful with debsums -g /var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 # Check crontabs #/var/spool/anacron/cron.daily Databases #/var/spool/anacron/cron.monthly Databases #/var/spool/anacron/cron.weekly Databases #/var/spool/cron Databases #/var/spool/cron/crontabs Databases # manpages can be trojaned, especially depending on *roff implementation #/usr/man ManPages #/usr/share/man ManPages #/usr/local/man ManPages # docs #/usr/doc ManPages #/usr/share/doc ManPages # check users' home directories #/home Binlib # check sources for modifications #/usr/src L #/usr/local/src L # Check headers for same #/usr/include L #/usr/local/include L
