# AIDE conf
# $Id: aide.conf 110 2006-04-22 15:58:58Z my-mac-user $
# customized linux debian conf for osx, macports

@@define MAILTO=my-mac-user
@@define LINES=500
## Not working line w var...
@@define USER=my-mac-user

database=file:/opt/local/var/lib/aide/aide.db
database_out=file:/opt/local/var/lib/aide/aide.db.new

# Change this to "no" or remove it to not gzip output
# (only useful on systems with few CPU cycles to spare)
gzip_dbout=yes

warn_dead_symlinks=no

summarize_changes=yes
grouped=yes

#Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
Checksums = sha512+rmd160+haval
X=L-p-ftype-i-l-n-u-g
OwnerMode = p+u+g+ftype
Size = s+b
InodeData = OwnerMode+n+i+Size+l+X
StaticFile = m+c+Checksums
RamdiskData = InodeData-i
Full = InodeData+StaticFile
Binlib = Full
VarTime = InodeData+Checksums
VarInode = VarTime-i
VarFile = OwnerMode+n+l+X
VarDir = OwnerMode+n+i+X
ManPages = VarDir
StaticDir = VarDir
VarDirInode = OwnerMode+n+X
VarDirTime = InodeData
Log = OwnerMode+n+S+X
FreqRotLog = Log-S
LowLog = Log-S
SerMemberLog  = Full+I
LoSerMemberLog = SerMemberLog+ANF
HiSerMemberLog = SerMemberLog+ARF
LowDELog = SerMemberLog+ANF+ARF
SerMemberDELog = Full+ANF
LinkedLog = Log-n

# Kernel, system map, etc.
#=/boot$ Binlib
# Binaries
/bin Binlib
/sbin Binlib
/usr/bin Binlib
/usr/sbin Binlib
/usr/local/bin Binlib
/usr/local/sbin Binlib
#/usr/games Binlib
# Libraries
#/lib Binlib
/usr/lib Binlib
/usr/local/lib Binlib
# Log files
/var/log$ StaticDir
#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
#/var/log/aide/error.log(.[0-9])?(.gz)? Databases
#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
/var/log Log
# Devices
/dev RamdiskData
!/dev/fd
# Other miscellaneous files
/var/run$ StaticDir
#!/var/run
!/private/var/run
# Test only the directory when dealing with /proc
#/proc$ StaticDir
#!/proc

# You can look through these examples to get further ideas

# MD5 sum files - especially useful with debsums -g
#/var/lib/dpkg/info/([^\.]+).md5sums

# Check crontabs
#/var/spool/anacron/cron.daily Databases
#/var/spool/anacron/cron.monthly Databases
#/var/spool/anacron/cron.weekly Databases
#/var/spool/cron Databases
#/var/spool/cron/crontabs Databases

# manpages can be trojaned, especially depending on *roff implementation
#/usr/man ManPages
/usr/share/man ManPages
/usr/local/man ManPages

# docs
#/usr/doc ManPages
#/usr/share/doc ManPages

# check users' home directories
#/home Binlib

# check sources for modifications
#/usr/src L
#/usr/local/src L

# Check headers for same
#/usr/include L
#/usr/local/include L

/private Binlib
/private/etc$ VarDir
#/private/var/audit$ VarDir ## NOK
!/private/var/audit
#/private/var/folders$ VarDir
!/private/var/folders$
#/private/var/db/systemstats$ VarDir
!/private/var/db/systemstats$
!/private/var/db/BootCaches$
/private/var/db$ VarDir
/private/var/db/dhcpclient/leases$ VarDir
/private/var/db/crls$ VarDir
/private/var/spool$ VarDir
!/private/var/spool/cups
/private/var/vm$ VarDir
### 20140522 commenting /var/log and see...
#/private/var/log Log
#/private/var/log/*\.log Log
#/private/var/log/*\.log\.0\.gz LoSerMemberLog
#/private/var/log/*\.log\.[1-9]\.gz LoSerMemberLog
/private/var/tmp$ OwnerMode+i
!/private/var/tmp
#/private/tmp$ OwnerMode+i
#/private/tmp$ VarDir ## NOK
!/private/tmp
/private/var/tmp$ VarDir
/private/var/root/Library/Logs Log
/private/opt/tmp$ VarDir

### MacOS X specific stuff
/Applications Binlib
/System Binlib
/System/Library/Extensions Binlib
## normally root ca, but empty on my 10.9.2
/System/Library/OpenSSL/certs StaticDir
/Library Binlib
/Library/Logs Log
/Developer Binlib
/cores Binlib
=/Volumes StaticDir
/Users StaticDir
/Trash StaticDir
#/Library/Caches VarDir ## NOK
#/System/Library/Caches VarDir ## NOK
!/Library/Caches
!/System/Library/Caches

## Exclusion: too much auto-update
!/Applications/Extra/Communication/Google\ Chrome\ Canary.app/Contents

## Apple Malware definitions
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist$ VarFile
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist$ VarFile

## Startup items
/System/Library/LaunchDaemons VarDir
/System/Library/LaunchAgents VarDir
/Library/LaunchDaemons VarDir
/Library/LaunchAgents VarDir
/Library/Preferences/com.apple.loginwindow.plist VarFile
/System/Library/XPCServices VarDir

## Web Server
#/Library/WebServer/Documents

## specific files
/Library/Application\ Support/com.apple.TCC/TCC.db$ VarFile
/Library/Preferences/SystemConfiguration$ VarDir
/Library/Keychains$ VarDir

## User directories
#=/Users/*/Library/Caches$ VarDir
#!/Users/@@{USER}/Library/Caches$
#/Users/@@{USER}/Library/Caches$ VarDir ## NOK
#!/Users/@@{USER}/Library/Caches ## NOK
#!/Users/*/Library/Caches ## NOK
!/Users/my-mac-user/Library/Caches
!/Users/*/.Trash$
!/Users/my-mac-user/.Trash
!/Users/*/.macports$
#!/Users/*/Library/Application Support/MobileSync/Backup$ ## NOK
#!/Users/@@{USER}/Library/Application\ Support/MobileSync/Backup$ ## NOK
!/Users/my-mac-user/Library/Application\ Support/MobileSync/Backup
!/Users/my-mac-user/Library/Containers/com.twitter.TweetDeck/Data/Library/Caches
#=/Users/*/.cache$ VarDir		NOK
=/Users/@@${USER}/.cache$ VarDir
/Users/*/Library/Cookies VarDir
/Users/*/Library/Preferences VarDir
/Users/*/Library/Logs Log
/Users/*/Library/Logs/*.log Log
/Users/*/Library/Logs/*.log.1 LowLog
#!/Users/@@{USER}/Music/iTunes/Album\ Artwork/Cache$
!/Users/@@{USER}/Music$
!/Users/@@{USER}/Pictures$
#/Users/@@{USER}/.macports/opt/local/var/macports/build$ VarDir ## NOK
#!/Users/@@{USER}/.macports/opt/local/var/macports/build ## NOK
!/Users/my-mac-user/.macports/opt/local/var/macports/build
#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Local\ Storage
#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Session\ Storage
#!/Users/@@{USER}/Library/Application Support/Google/Chrome Canary/Default/Pepper\ Data
#!/Users/@@{USER}/Library/Application Support/Kindle/Cache
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Local\ Storage
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Local\ Extension
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Session\ Storage
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Pepper\ Data
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Extensions
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Extension\ State
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/File\ System
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/IndexedDB
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Web\ Applications
!/Users/my-mac-user/Library/Application\ Support/Google/Chrome\ Canary/Default/Applications\ Cache
!/Users/my-mac-user/Library/Application\ Support/Kindle/Cache
!/Users/my-mac-user/Library/Containers/com.apple.Preview/Data/Library/Application\ Support/Preview/SearchIndexes
!/Users/my-mac-user/Library/Containers/com.apple.Preview/Data/Library/Saved\ Application\ State
!/Users/my-mac-user/Library/Containers/com.apple.appstore/Data/Library/Caches
!/Users/my-mac-user/Library/Containers/com.apple.appstore/Data/Library/Saved\ Application\ State
!/Users/my-mac-user/Library/Saved\ Application\ State
!/Users/my-mac-user/Library/Calendars
!/Users/my-mac-user/.dropbox/l
!/Users/my-mac-user/.cache/fontconfig
!/Users/my-mac-user/.fontconfig
!/Users/my-mac-user/Library/Containers/com.blackpixel.netnewswire/Data/Library/Caches
!/Users/my-mac-user/Library/Containers/com.blackpixel.netnewswire/Data/Library/Application\ Support/NetNewsWire\ 4/OPML\ Backups
!/Users/my-mac-user/Library/Application\ Support/LibreOffice/4/user/temp
!/Users/my-mac-user/Library/Application\ Support/LibreOffice/4/user/uno_packages/cache
/Users/my-mac-user/Library/Preferences/com.apple.loginitems.plist VarFile
/Users/my-mac-user/Library/Mail/V2/MailData/Accounts.plist VarFile
/Users/my-mac-user/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 VarFile
/Users/Shared VarDir

### Macports
/opt/local/bin Binlib
/opt/local/sbin Binlib
/opt/local/etc$ VarDir
/opt/local/lib Binlib
/opt/local/Library Binlib
/opt/local/share/man ManPages
/opt/local/var/log Log
#/opt/local/var/macports/build VarDir ## NOK
!/opt/local/var/macports/build
## Web server
#/opt/local/www