2 # Integrity measure policy
6 dont_measure fsmagic=0x9fa0
7 # dont_appraise fsmagic=0x9fa0
10 dont_measure fsmagic=0x62656572
11 # dont_appraise fsmagic=0x62656572
14 dont_measure fsmagic=0x64626720
15 # dont_appraise fsmagic=0x64626720
18 dont_measure fsmagic=0x01021994
19 # dont_appraise fsmagic=0x01021994
22 dont_measure fsmagic=0x73636673
23 # dont_appraise fsmagic=0x73636673
26 dont_measure fsmagic=0xf97cff8c
27 # dont_appraise fsmagic=0xf97cff8c
30 dont_measure obj_type=var_log_t
31 # dont_appraise obj_type=var_log_t
34 dont_measure obj_type=auditd_log_t
35 # dont_appraise obj_type=auditd_log_t
37 # Don't measure files touched by AIDE
39 # unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28862 20.3 0.1 30492 3396 pts/0 D+ 19:49 0:01 aide -i
40 # update AIDE policy e.g. "system_u:system_r:aide_t"
42 dont_measure subj_type=unconfined_t
43 # dont_appraise obj_type=unconfined_t
46 measure func=FILE_MMAP mask=MAY_EXEC
47 measure func=BPRM_CHECK mask=MAY_EXEC
48 # measure func=FILE_CHECK mask=MAY_READ uid=0
49 measure func=PATH_CHECK mask=MAY_READ uid=0