# == Generic config == # === Home dirs === =/root/.viminfo$ VarFile =/root/.bash_history$ VarFile =/root$ VarDir /@@{HOME}/@@{USERS}/\.bzr\.log$ VarFile /@@{HOME}/@@{USERS}/\.bash_history$ VarFile /@@{HOME}/@@{USERS}/\.dmrc$ Log /@@{HOME}/@@{USERS}/\.lesshst$ VarFile /@@{HOME}/@@{USERS}/\.viminfo$ VarFile /@@{HOME}/@@{USERS}/\.gnupg$ VarDir /@@{HOME}/@@{USERS}/\.gnupg/random_seed$ VarFile /@@{HOME}/@@{USERS}$ VarDir-n # cache =/@@{HOME}/@@{USERS}/.cache$ VarDir !/@@{HOME}/@@{USERS}/\.cache/.+ # hdd backups =/var/backups/hdd/.+\.raw$ VarTime # SSH control sockets =/@@{HOME}/@@{USERS}/\.ssh/known_hosts$ VarFile =/@@{HOME}/@@{USERS}/\.ssh/[[:alnum:]_-]+@[[:alnum:].:-]+:[0-9]{1,5}$ VarFile+ANF+ARF =/@@{HOME}/@@{USERS}/\.ssh$ VarDir =/tmp/ssh-[a-zA-Z0-9]+/agent\.[0-9]+$ VarFile+ANF+ARF =/tmp/ssh-[a-zA-Z0-9]+$ VarDirInode =/@@{RUN}/sshd$ OwnerMode # /etc/hosts is managed by /etc/cron.hourly/dns2alias =/etc/hosts$ VarFile # etckeeper !/etc/\.git # logcheck =/etc/logcheck/local-logcheck/.git/FETCH_HEAD$ VarFile =/etc/logcheck/local-logcheck/.git$ VarDir # unattended-upgrades =/var/log/unattended-upgrades/unattended-upgrades(-shutdown)?\.log$ Log # virt-manager logs =/@@{HOME}/@@{USERS}/\.virt-manager/virt-manager\.log(|\.[0-5])$ VarFile =/@@{HOME}/@@{USERS}/\.virt-manager$ VarDir # === system files/dirs === # logrotate =/var/lib/logrotate$ VarDirTime # upgrade/update =/var/lib/ubuntu-release-upgrader/release-upgrade-available$ VarFile =/var/lib/update-manager/meta-release-lts$ VarFile # upower =/var/lib/upower/history-(charge|time-full|rate|time-empty)-.+\.dat$ VarFile =/var/lib/upower$ VarDir # ureadahead =/var/lib/ureadahead/pack$ VarFile+ANF =/var/lib/ureadahead/.+\.pack$ VarFile+ANF+ARF =/var/lib/ureadahead$ VarDir # apt-xapian-index =/var/cache/apt-xapian-index/index\.[0-9]+/flintlock$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/iamchert$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/postlist\.(DB|base[AB])$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/record\.(DB|base[AB])$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/spelling\.(DB|base[AB])$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/synonym\.(DB|base[AB])$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+/termlist\.(DB|base[AB])$ VarFile+ANF+ARF =/var/cache/apt-xapian-index/index\.[0-9]+$ VarDir+ANF+ARF =/var/cache/apt-xapian-index$ VarDir =/var/lib/apt-xapian-index/README$ VarInode =/var/lib/apt-xapian-index/cataloged_times\.p$ VarFile =/var/lib/apt-xapian-index/index$ VarFile =/var/lib/apt-xapian-index/prefixes$ VarInode =/var/lib/apt-xapian-index/update-timestamp$ VarInode =/var/lib/apt-xapian-index/values$ VarInode =/var/lib/apt-xapian-index$ VarDirTime # NetworkManager =/var/lib/NetworkManager/timestamps$ VarFile =/var/lib/NetworkManager$ VarDir =/@@{RUN}/network/\.ifstate\.lock$ VarInode+ANF+ARF =/@@{RUN}/network/ifstate$ OwnerMode =/@@{RUN}/network/ifup\..+$ VarInode+ANF+ARF =/@@{RUN}/network/static-network-up-emitted$ VarDirInode =/@@{RUN}/network-interface-security$ OwnerMode # resolvconf =/@@{RUN}/resolvconf/interface/.+\.inet6?$ VarInode # == Libvirt == =/var/lib/libvirt/images/.*\.(qcow2|raw|img)$ VarFile =/var/lib/libvirt/images/isos$ VarDir =/var/lib/libvirt/images$ VarDir =/@@{RUN}/hugepages/kvm/libvirt/qemu$ VarDirInode =/@@{RUN}/hugepages/kvm/libvirt$ VarDirInode =/@@{RUN}/hugepages/kvm$ VarDirInode =/@@{RUN}/hugepages$ VarDirInode =/@@{RUN}/libvirt/network/nwfilter\.leases$ OwnerMode =/@@{RUN}/libvirt/network$ VarDirInode # === Logs === # APT =/var/log/apt/history\.log$ VarFile # upstart @@define LOGFILES7R (console-setup|container-detect|kmod|mountall|network-interface-.+|networking|procps-static-network-up|procps-virtual-filesystems|systemd-logind|ureadahead-other|ureadahead) /var/log/upstart/@@{LOGFILES7R}$ Log /var/log/upstart/@@{LOGFILES7R}\.1$ LowLog /var/log/upstart/@@{LOGFILES7R}\.2\.gz$ LoSerMemberLog /var/log/upstart/@@{LOGFILES7R}\.[3-6]\.gz$ SerMemberLog /var/log/upstart/@@{LOGFILES7R}\.7\.gz$ HiSerMemberLog /var/log/upstart$ VarDir # Various system logs =/var/log/pm-(powersave|suspend)\.log$ VarFile # === /run === # Pid and various short lived files @@ifdef OPENVPN_CONF_NAMES =/@@{RUN}/openvpn/@@{OPENVPN_CONF_NAMES}\.(pid|status)$ OwnerMode+ANF+ARF @@endif =/@@{RUN}/libvirt/network/.+\.(pid|status)$ OwnerMode # Nut /@@{RUN}/nut$ VarDirInode /@@{RUN}/nut/upsmon\.pid$ OwnerMode # postfix =/var/lib/postfix/prng_exch$ VarFile =/var/lib/postfix/(s|l)mtp(|d)_scache\.db$ VarFile =/var/spool/postfix/(active|bounce|defer|deferred)$ OwnerMode =/var/spool/postfix/(dev|etc|flush|incoming|lib)$ OwnerMode =/var/spool/postfix/(maildrop|pid|private|public|usr)$ OwnerMode !/var/spool/postfix/(active|bounce|defer|deferred)/.+ !/var/spool/postfix/(dev|etc|flush|incoming|lib)/.+ !/var/spool/postfix/(maildrop|pid|private|public|usr)/.+ # udev =/dev/.udev/rules.d/root.rules$ VarFile =/@@{RUN}/upstart-udev-bridge.pid$ VarFile !/@@{RUN}/udev/data$ !/@@{RUN}/udev/links$ !/@@{RUN}/udev/tags$ !/@@{RUN}/udev/watch$ # systemd =/@@{RUN}/systemd/inhibit/c?[0-9]+(\.ref)?$ OwnerMode+ANF+ARF =/@@{RUN}/systemd/inhibit$ OwnerMode =/@@{RUN}/systemd/seats/seat[0-9]+$ OwnerMode+ANF+ARF =/@@{RUN}/systemd/seats$ OwnerMode =/@@{RUN}/systemd/sessions/c?[0-9]+(\.ref)?$ OwnerMode+ANF+ARF =/@@{RUN}/systemd/sessions$ OwnerMode =/@@{RUN}/systemd/users/[0-9]+$ OwnerMode+ANF+ARF =/@@{RUN}/systemd/users$ OwnerMode =/@@{RUN}/systemd$ OwnerMode # motd =/@@{RUN}/motd.dynamic$ VarFile # user =/@@{RUN}/user/[0-9]+$ OwnerMode+ANF+ARF =/@@{RUN}/user$ OwnerMode # pm-utils =/@@{RUN}/pm-utils/pm-(powersave|suspend)/storage$ VarDirInode =/@@{RUN}/pm-utils/pm-(powersave|suspend)$ VarDirInode =/@@{RUN}/do-not-hibernate$ OwnerMode+ANF+ARF =/@@{RUN}/plymouth$ VarDirInode =/@@{RUN}/pppconfig$ VarDirInode =/@@{RUN}/watershed$ VarDirInode # upstart =/@@{RUN}/upstart-(file|socket)-bridge\.pid$ VarFile # Ignore some devices !/dev/char/[0-9]+:[0-9]+$ =/dev/char$ VarDirInode !/dev/input/by-(id|path)$ !/dev/input/(mouse|event)[0-9]+$ !/dev/bus/usb/[0-9]+/[0-9]+$ !/dev/hidraw[0-9]$ !/dev/vcsa?[0-9]+$ # Ignore pulse SHM files =/@@{RUN}/shm/pulse-shm-[0-9]+$ OwnerMode+ANF+ARF =/@@{RUN}/shm$ VarDirInode # apt stamp (empty) files =/var/lib/apt/periodic/(update(-success)?|upgrade)-stamp$ InodeData+Checksums # Sudo files for unknown use /var/lib/sudo/@@{USERS}/[0-9]+$ VarFile+ANF+ARF /var/lib/sudo/@@{USERS}/tty[1-6]$ VarFile+ANF+ARF /var/lib/sudo/@@{USERS}$ VarDir