[Pkg-aide-maintainers] Bug#729202: aide: rules for mail server

Sun Nov 10 05:30:54 UTC 2013

Package: aide
Version: 0.15.1-8
Severity: wishlist

Dear Maintainer,

Please consider applying the attached patch to upstream. It contains an essence
of my efforts made to configure mail servers running dovecot+postfix  with
amavis, fail2ban, postfix-cluebringer mysql and vsftpd.

These rules are based on the default set provided by amavis-0.15.1-8 and were
tuned to the moment, at which aide was able to survive server reboot without
generating noise about changes in files (without false positives).

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 11-ptomulik_mail_server.patch
Type: text/x-diff
Size: 17419 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-aide-maintainers/attachments/20131110/60ab6e5d/attachment-0001.patch>
-------------- next part --------------
  * 10_aide_dpkg-architecture: define DEB_BUILD_XXX and DEB_HOST_XXX variables  
  * 31_aide_amavisd-new:                                                        
    - added /@@{RUN}/amavis/amavisd.pid$ VarFile                                
    - added /@@{RUN}/amavis$ VarDirInode                                        
    - added /var/lib/amavis VarDir                                              
    - added /var/lib/amavis/db VarDir                                           
    - added /var/lib/amavis/amavisd.sock$ VarInode                              
  * 31_aide_courier-authlib: rules for package courier-authlib                  
  * 31_aide_dcc-common: rules for package dcc-common                            
  * 31_aide_dovecot:                                                            
    - added rules for several files under /run/dovecot                          
  * 31_aide_mdadm:                                                              
    - added /@@{RUN}/mdadm/m(ap|d[0-9]+-uevent)$ VarInode                       
    - added /lib/init/rw/.mdadm$ VarDirInode                                    
  * 31_aide_mysql-server:                                                       
    - added /var/lib/mysql/ib_logfile1$ VarFile                                 
    - added /var/lib/mysql/mysql$ VarDir                                        
    - added /var/lib/mysql/mysql/(general|slow)_log\.(CSM|CSV|frm)$ VarFile     
  * 31_aide_network:                                                            
    - added /@@{RUN}/network/ifstate$ VarInode                                  
  * 31_aide_portmap:                                                            
    - @@{LIBINITRW} -> (lib\/init\/rw|@@{RUN}) for sendsigs\.omit\.d            
  * 31_aide_postfix: rules for postfix package                                  
  * 31_aide_postfix-cluebringer: rules for postfix-cluebringer package          
  * 31_aide_rsyslog:                                                            
    - @@{LIBINITRW} -> (lib\/init\/rw|@@{RUN}) for sendsigs\.omit\.d            
  * 31_aide_saslauthd: rules for saslauthd daemon                               
  * 31_aide_spampd: rules for spampd package                                    
  * 31_aide_ssh-server:                                                         
    - added /@@{RUN}/sshd$ VarDirInode                                          
  * 31_aide_syslog-ng: rules for syslog-ng package                              
  * 31_aide_vsftpd: rules for vsftpd package                                    
  * 31_aide_wpasupplicant:                                                      
    - @@{LIBINITRW} -> (lib\/init\/rw|@@{RUN}) for sendsigs\.omit\.d            
  * 70_aide_libinitrw: rules for some files still under /lib/init/rw            
  * 70_aide_run:                                                                
    - added /@@{RUN}/sendsigs\.omit\.d$ VarDirInode                             
    - added /@@{RUN}/initctl$ VarFile                                           