On Tue, Oct 24, 2023 at 10:27:11AM -0700, Jeffrey Shepherd wrote: > Are these recommendations valid? What are the implications of omitting > /opt, /run, and /var? I know (for example) with !/opt an attacker > could come in and place a rootkit in /opt.
It depends... If you want to monitor a system for malicious file changes it might not be a good idea to exclude such directories. Writing an aide configuration is time consuming and a lot of work, if you want to reduce false positive reports of changed files to a minimum. The Debian/Ubuntu package for example provides a huge amount of fine-grained rules for numerous packages[0]. Best regards Hannes [0] https://salsa.debian.org/debian/aide/-/tree/master/debian/aide.conf.d _______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
