# integrit-foohost.conf                              -*- fundamental -*-
# Ed Cashin, 20001212
#
# This example configuration file is based on one for a 6.x RedHat 
# Linux web server.  Be sure to tune it to your own machine!
#
# The known database and the production config file should be
# read-only from the machine being checked.
#

root=/
known=/mnt/secdb/integrit-foohost.cdb
current=/root/databases/integrit-foohost.cdb.new

# from the integrit README file:
# 
# Here's a table of letters and the corresponding checks / options:
# 
# 	  s	checksum
# 	  i	inode
# 	  p	permissions
# 	  l	number of links
# 	  u	uid
# 	  g	gid
# 	  z	file size (redundant if checksums are on)
# 	  a	access time
# 	  m	modification time
# 	  c	ctime (time UN*X file info last changed)
# 	  r	reset access time (use with care)

# Files whose contents are expected to change only get checks on
# permissions, user owner and group owner of the file.

/root/.ssh/random_seed	SIMC
/root/.bash_history	SIMC
/root/.Xauthority	SIMC
/root/databases/integrit-foohost.conf	SIMC

=/root/.netscape
=/root/.cpan

/etc/mtab		SIMC
#--------this one gets over-written at boot, so only report changes 
#        in its contents
/etc/motd		sIMC
/etc/ssh/ssh_random_seed	SIMC
/etc/ntp/drift			SIMC

/dev			S
=/usr/src
=/usr/local/src

# to cut down on runtime and db size:
=/usr/doc
=/usr/info
=/usr/share/zoneinfo
=/usr/share/gnome/help
=/usr/share/gimp

=/home

=/var/spool
/var/log		SIMC
=/var/lock
=/var/tmp		SILMC
/var/run/utmp		SIMC
=/var/catman

#---------------------- user-generated fonts
=/var/lib/texmf/pk
/var/run/sshd.pid		SIMC
=/var/lib/mysql
=/var/lib/pgsql
/var/run			SIMC

#---------------------- files that change a lot
/usr/local/man/whatis		SIMC
/usr/X11R6/man/whatis		SIMC
/usr/lib/perl5/man/whatis	SIMC
/usr/man/whatis			SIMC
/etc/ssh_random_seed		SIMC
/var/lib/slocate		SIMC
/var/lib/logrotate.status	SIMC

# unusual directories
=/proc		L
=/tmp		SILMC
!/mnt

#---------------the web stuff deserves special attention
#               we're not checking content files, just system
#               files.
=/web/BIOMED
=/web/DEVEL
=/web/INTRA
=/web/IT
=/web/LOCAL
=/web/SSL
=/web/TEST
# do check /web/apache
=/web/apache/conf.30Jun99
!/web/apache/logs
# do check /web/bin
=/web/cache
# do check /web/cgi-bin
=/web/src

#--------------nfs directories
!/mnt/secdb
!/barhost-home
!/adm/barhost-cgi