Installs and configures the AIDE host-based intrusion detection system.
Tested on CentOS and Ubuntu
-
node["aide"]["binary"]
- Path to aide binary. Defaults to a sensible choice for the platform -
node["aide"]["config"]
- Path to aide.conf file. Defaults to a sensible choice for the platform -
node["aide"]["extra_parameters"]
- Extra parameters to use when invoking aide. Defaults to a sensible choice for the platform. -
node["aide"]["cron_service"]
- The name of the cron service on the platform. Defaults to a sensible choice for the platform. -
node["aide"]["dbdir"]
- Where the AIDE database files are kept. Defaults to /var/lib/aide -
node["aide"]["macros"]
- A dictionary of AIDE macros, pre-populated as in the default AIDE config file. -
node["aide"]["paths"]
- A dictionary of paths for AIDE to inspect and how to handle them, pre-populated as in the default AIDE config file. -
node["aide"]["report_url"]
- Where to send the output. Defaults to "stdout". See the AIDE documentation for other options. -
node["aide"]["cron_mailto"]
- Where to send the cron jobs' output. Either a string or the valuenil
. Defaults tonil
(i.e. mail cron job output to the user the cron job runs as).
Typically, you'll want to add the default recipe to a role's run list, then
add to the paths dictionary with locations to ignore. Remember that paths
use regex syntax, not glob syntax, so "all files in /opt/foo" is expressed
as "/opt/foo/.*"
not "/opt/foo/*"
.
{
"name": "foo",
...
"run_list": [
...
"recipe[aide]"
],
"override_attributes": {
...
"aide": {
"paths": {
"/opt/foo/.*": "!"
}
}
}
}
Author:: Elliot Kendall (elliot.kendall@ucsf.edu) Contributor:: Michael Burns (michael@mirwin.net)
Copyright:: 2013, The Regents of the University of California