cat /etc/aide/aide.conf
# AIDE conf
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
# Change this to "no" or remove it to not gzip output
# (only useful on systems with few CPU cycles to spare)
gzip_dbout=yes
# Here are all the things we can check - these are the default rules
#
#p: permissions
#i: inode
#n: number of links
#u: user
#g: group
#s: size
#b: block count
#m: mtime
#a: atime
#c: ctime
#S: check for growing size
#md5: md5 checksum
#sha1: sha1 checksum
#rmd160: rmd160 checksum
#tiger: tiger checksum
#R: p+i+n+u+g+s+m+c+md5
#L: p+i+n+u+g
#E: Empty group
#>: Growing logfile p+u+g+i+n+S
#haval: haval checksum
#gost: gost checksum
#crc32: crc32 checksum
# Defines formerly set here have been moved to /etc/default/aide.
# Custom rules
Binlib = p+i+n+u+g+s+b+m+c+md5+sha1
ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1
Logs = p+i+n+u+g+S
Devices = p+i+n+u+g+s+b+c+md5+sha1
Databases = p+n+u+g
StaticDir = p+i+n+u+g
ManPages = p+i+n+u+g+s+b+m+c+md5+sha1
# Next decide what directories/files you want in the database
# Kernel, system map, etc.
=/boot$ Binlib
# Binaries
/bin Binlib
/sbin Binlib
/usr/bin Binlib
/usr/sbin Binlib
/usr/local/bin Binlib
/usr/local/sbin Binlib
#/usr/games Binlib
# Libraries
/lib Binlib
/usr/lib Binlib
/usr/local/lib Binlib
# Log files
=/var/log$ StaticDir
#!/var/log/ksymoops
/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
/var/log/aide/error.log(.[0-9])?(.gz)? Databases
#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
!/var/log/aide
/var/log Logs
# Devices
!/dev/pts
# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr,
# you may uncomment this to get rid of them. They're harmless but sometimes
# annoying.
#!/dev/cpu/mtrr
#!/dev/xconsole
/dev Devices
# Other miscellaneous files
/var/run$ StaticDir
!/var/run
# Test only the directory when dealing with /proc
/proc$ StaticDir
!/proc
# You can look through these examples to get further ideas
# MD5 sum files - especially useful with debsums -g
#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1
# Check crontabs
#/var/spool/anacron/cron.daily Databases
#/var/spool/anacron/cron.monthly Databases
#/var/spool/anacron/cron.weekly Databases
/var/spool/cron Databases
#/var/spool/cron/crontabs Databases
# manpages can be trojaned, especially depending on *roff implementation
#/usr/man ManPages
#/usr/share/man ManPages
#/usr/local/man ManPages
# docs
#/usr/doc ManPages
#/usr/share/doc ManPages
# check users' home directories
/home Binlib
# check sources for modifications
/usr/src L
#/usr/local/src L
# Check headers for same
#/usr/include L
#/usr/local/include L
Linux Security Notes – AIDE File Integrity | HowtoForge – Linux Howtos and Tutorials
Problem: I always Use the Premium Bluestooth Car Kit in my VW Passat with my HD. It works fine, Pairing, Calls, Phonebook all this is OK but when i leave my car and the Bluetooth connection is cancel to the HD it don´t comes back to its local SIM Card. The Antenna Symbol in the upper Screen have a “!” exclamation Mark and the Radio is not working. The only way to get back is to turn “of and on” the cellular radio (Phone) in the Connection Manager. After that all is OK.
Solution: Uncheck “Require PIN when phone is used”
http://forum.xda-developers.com/showthread.php?t=469088&highlight=rsap
echo 200000 > /proc/sys/net/netfilter/nf_conntrack_max
or net.netfilter.nf_conntrack_max = 200000 in /etc/sysctl.conf
# edit the config file (/etc/socks/sockd.conf). Open that file in your favorite editor
It is in this file logging is enabled via the syslog mechanism and internal and external addresses are bound. Whereas the internal bindings include a port specification, the external one does not.
The comments are well formed I’d also spend a little time looking them over.
The details:
logoutput: syslog
internal: eth1 port = 1080
internal: 127.0.0.1 port = 1080
external: 1.2.3.4
# or
external: eth0
To achieve full access (no username/password).
method: username none
# Not using authentication, so unnecessary
#user.privileged: proxy
user.notprivileged: nobody
The access controls for sockd daemon are last. They are checked against in the order they appear in the configuration file. Notice, don’t open your proxy server to the wild world – you’ve been warned.
The first three directives control which IP ranges that have accesss to the server.
- The from: is were the details of the IPs are added. In my cause it is the IP space the clients live in.
- The to: option is one of the IPs the proxy server is bound to that the given IP range can speak to. It is set to the addresses Dante/sockd is listening on.
The last of the three drops any requests that don’t match either of the first two directives.
client pass {
from: 192.168.0.0/16 port 1-65535 to: 0.0.0.0/0
}
client pass {
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
The next four configuration points control who ‘routing’.
- Requests from anywhere to the loopback addresses are dropped.
- From the loopback addresses and 192.168.0.0/16 are allowed to communicated over tcp or udp protocols.
- Finally, drop everything else.
block {
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
}
pass {
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
}
pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
# Start Dante/sockd.
sockd -V // this verifies configuration and exits
sockd -d // this enables debugging to the console.
That will start Dante in debugging mode.
http://linuxlore.blogspot.com/2006/10/gentoo-linux-howto-configure-socks.html
### ROOT SYNC PATHS ###
# first root is my home directory on this laptop
root = /home/micah/
# second directory is my desktop's home folder over SSH
root = ssh://micah@192.168.1.2//home/micah/
### PATHS TO SYNCHRONIZE ###
# sync all of my email data (will ignore parts later)
path = .mozilla-thunderbird/micah.default/
# only sync up bookmarks for firefox
path = .mozilla/firefox/micah.default/bookmarks.html
# sync all gFTP for the bookmarks and cache
path = .gftp/
# gaim/pidgin IM client logs and settings
path = .purple/
# MySQL Query Browser information and history
path = .mysqlgui/
# Personal folders
path = finances/
path = websites/
path = projects/
path = robotics/
path = email_signature
### IGNORE RULES ###
# ignore archived backups
ignore = Path websites/archive/*
# ignore the extensions folder in thunderbird as they are architecture-specific
ignore = Path .mozilla-thunderbird/micah.default/extensions/*
# I don't think these will break anything, but let's ignore anyway
ignore = Path .mozilla-thunderbird/micah.default/compatibility.ini
ignore = Path .mozilla-thunderbird/micah.default/install.log
Synchronizing 2 Ubuntu Systems with Unison
W: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY 7D2C7A23BF810CD5
W: You may want to run apt-get update to correct these problems
gpg --keyserver subkeys.pgp.net --recv 7D2C7A23BF810CD5
gpg --export --armor 7D2C7A23BF810CD5 | sudo apt-key add -
Gentoo Blog » Ubuntu GPG error: http://ppa.launchpad.net
tail -n 1 /etc/modprobe.d/alsa-base.conf
#options snd-hda-intel model=laptop enable=1 index=0
Sound Solutions for Ubuntu 9.04 (Jaunty) Users | Ubuntu Geek
solution 1:
aptitude search linux- | grep ^i
sudo apt-get purge '.*-2.6.24-16-*'
solution 2:
dpkg -l linux-* | awk '/^ii/{ print $2}' | grep -v -e `uname -r | cut -f1,2 -d"-"` | grep -e [0-9] | xargs sudo apt-get --dry-run removedpkg -l linux-* | awk '/^ii/{ print $2}' | grep -v -e `uname -r | cut -f1,2 -d"-"` | grep -e [0-9] | xargs sudo apt-get -y purgeDoIT – Denny on IT: remove old ubuntu kernel solution2
