Adjust default config to avoid false positives in /etc
This commit is contained in:
Cropi
parent
c4ba6e2926
commit
9a67d750d4
1 changed files with 4 additions and 2 deletions
|
|
@ -126,7 +126,7 @@ CONTENT = ftype+sha512
|
|||
DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
|
||||
|
||||
# Access control only - added file type and link name
|
||||
PERMS = ftype+p+i+l+u+g+acl+selinux
|
||||
PERMS = ftype+p+u+g+acl+selinux+xattrs
|
||||
|
||||
# Logfiles are special, in that they often change due to log rotation
|
||||
# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes
|
||||
|
|
@ -159,7 +159,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
|
|||
|
||||
# Check only permissions, inode, user and group for /etc, but
|
||||
# cover some important files closely.
|
||||
/etc PERMS
|
||||
!/etc/mtab
|
||||
# Ignore backup files
|
||||
!/etc/.*~
|
||||
|
|
@ -352,6 +351,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
|
|||
# USBGuard
|
||||
/etc/usbguard NORMAL
|
||||
|
||||
# Now everything else
|
||||
/etc PERMS
|
||||
|
||||
# This gets new/removes-old filenames daily
|
||||
!/var/log/sa
|
||||
# As we are checking it, we've truncated yesterdays size to zero.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue