Adjust default config to avoid false positives in /etc

This commit is contained in:
Cropi 2025-10-16 09:46:00 +02:00
commit 9a67d750d4

View file

@ -126,7 +126,7 @@ CONTENT = ftype+sha512
DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
# Access control only - added file type and link name
PERMS = ftype+p+i+l+u+g+acl+selinux
PERMS = ftype+p+u+g+acl+selinux+xattrs
# Logfiles are special, in that they often change due to log rotation
# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes
@ -159,7 +159,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
# Check only permissions, inode, user and group for /etc, but
# cover some important files closely.
/etc PERMS
!/etc/mtab
# Ignore backup files
!/etc/.*~
@ -352,6 +351,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
# USBGuard
/etc/usbguard NORMAL
# Now everything else
/etc PERMS
# This gets new/removes-old filenames daily
!/var/log/sa
# As we are checking it, we've truncated yesterdays size to zero.