Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 169

For a complete list of the available checking options, see /usr/share/doc/
packages/aide/manual.html
Before you can start using AIDE, you have to define which files should be checked
with what checking options. The definition of the file selection needs some knowledge
about regular expression. There are three major possibilities to define the files to be
checked. These are defined by the first letter of each line that defines a file selection:
/
Check if a file matches the following regular expression.
=
Select only the file that directly match the file specified after the =. Note, for direc-
tories you should not use a trialing "/".
!
This is similar to the selection with / but defines which files not to use.
A configuration, that checks for all files in /sbin with the options defined in Binlib
but omits the directory /sbin/conf.d would look like the following:
/sbin Binlib
!/sbin/conf.d
After creating the configuration file /etc/aide.conf, first check if the configuration
is sane with the command:
aide --config-check
Any output of this command is a hint that the configuration is not alright. For example,
if you get the following output:
aide --config-check
35:syntax error:!
35:Error while reading configuration:!
Configuration error
The error is to be expected in line 36 of /etc/aide.conf. Note, that the error
message contains the last successfully read line of the configuration file.
To actually initialize the AIDE database, run the command:
aide -i
Intrusion Detection with AIDE 155