From: mhoellein <mario@hoellein.online>
Date: Mon, 16 Sep 2019 06:33:51 +0000 (+0200)
Subject: committing changes in /etc after apt run
X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=1f3fd1ec31e8f8c2298faca1f6a82e61bc41b6df;p=vserver

committing changes in /etc after apt run

Package changes:
+aide 0.16-3 amd64
+aide-common 0.16-3 all
+liblockfile-bin 1.14-1.1 amd64
+liblockfile1 1.14-1.1 amd64
---

diff --git a/.etckeeper b/.etckeeper
index 61ef4a438..6523ad7c0 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -92,6 +92,171 @@ maybe chmod 0755 'X11/xkb'
 maybe chmod 0755 'acpi'
 maybe chmod 0755 'acpi/events'
 maybe chmod 0644 'adduser.conf'
+maybe chmod 0755 'aide'
+maybe chmod 0644 'aide/aide.conf'
+maybe chmod 0755 'aide/aide.conf.d'
+maybe chmod 0644 'aide/aide.conf.d/10_aide_constants'
+maybe chmod 0755 'aide/aide.conf.d/10_aide_distribution'
+maybe chmod 0755 'aide/aide.conf.d/10_aide_hostname'
+maybe chmod 0755 'aide/aide.conf.d/10_aide_prevyear'
+maybe chmod 0644 'aide/aide.conf.d/10_aide_run'
+maybe chmod 0755 'aide/aide.conf.d/10_aide_year'
+maybe chmod 0755 'aide/aide.conf.d/30_aide_apache2'
+maybe chmod 0755 'aide/aide.conf.d/30_aide_bind9'
+maybe chmod 0755 'aide/aide.conf.d/30_inn2_vars'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_acpid'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_adjtime'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_aide'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_alsa'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_amanda-client'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_amanda-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_amavisd-new'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_anacron'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_anubis'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apache'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apache2'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apcupsd'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_apt'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_apt-file'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apt-listbugs'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apt-listchanges'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apt-show-versions'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_apt_frqchg'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_aptitude'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_aptitude_frqchg'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_at'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_atop'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_bind9'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_btmp'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_cereal'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_checksecurity'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_clamav'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_clamav-freshclam'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_console-log'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_cracklib-runtime'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_cron'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_cron-apt'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_cups'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_dbus'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ddclient'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_debconf'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_debsecan'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_dlocate'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_dokuwiki'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_dovecot'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_dpkg'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_etckeeper'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_exim4'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_exim4_logs'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_fail2ban'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_fcron'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_findutils'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_gnupg'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_hald'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_hapsd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ifplugd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ifupdown'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_inetd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_initramfs-tools'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_initscripts'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_inn2'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ippl'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_isc-dhcp-client'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_isc-dhcp-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_kerberos'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_laptop-mode-tools'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_lastlog'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_lib-init-rw'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_libapache2-mod-fastcgi'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_libvirt-bin'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_lighttpd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_logcheck'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_logrotate'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_lvm2'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mail'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mailman'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_man'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mdadm'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mlocate'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_modules'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mtab'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_munin'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_munin-nodes'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_mysql-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nagios2'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nagios3'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_network'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nfs'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nrpe'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nscd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_nslcd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ntp-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_openvpn'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_opie-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_pam_motd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_pcscd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_php-common'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_php7'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_pm-utils'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_portmap'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_postfix'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_postgresql'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_postgrey'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_privoxy'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_proftpd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_resolvconf'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_rkhunter'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_rngd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_root-dotfiles'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_rsnapshot'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_rsyslog'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_run_systemd_netif'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_run_systemd_resolve'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_runuser'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_samba'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_screen'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_slapd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_slrn'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_smartmontools'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_smokeping'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_snmpd'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_spamassassin'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_squid'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ssh-agent'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_ssh-server'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_sudo'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_svn-server'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_systemd_journal'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_systemd_sessions'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_tetex-bin'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_tiger'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_torrus'
+maybe chmod 0755 'aide/aide.conf.d/31_aide_trac'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_tt-rss'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_udev'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_util-linux'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_utmp'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_vpnc'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_webalizer'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_wpasupplicant'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_wtmp'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_x11-common'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_x11-xkb-utils'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_xdm'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_xfree86-common'
+maybe chmod 0644 'aide/aide.conf.d/31_aide_xinetd'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_dev'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_etc'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_proc_sys'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_run'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_tmp'
+maybe chmod 0644 'aide/aide.conf.d/70_aide_var'
+maybe chmod 0644 'aide/aide.conf.d/99_aide_root'
+maybe chmod 0755 'aide/aide.settings.d'
+maybe chmod 0755 'aide/aide.settings.d/10_aide_sourceslist'
+maybe chmod 0644 'aide/aide.settings.d/31_aide_apt_settings'
+maybe chmod 0644 'aide/aide.settings.d/31_aide_svn-server_settings'
+maybe chmod 0644 'aide/aide.settings.d/31_aide_trac_settings'
 maybe chmod 0644 'aliases'
 maybe chmod 0644 'aliases.db'
 maybe chmod 0755 'alternatives'
@@ -579,6 +744,7 @@ maybe chmod 0644 'cron.d/rsnapshot'
 maybe chmod 0644 'cron.d/sync'
 maybe chmod 0755 'cron.daily'
 maybe chmod 0644 'cron.daily/.placeholder'
+maybe chmod 0755 'cron.daily/aide'
 maybe chmod 0755 'cron.daily/apache2'
 maybe chmod 0755 'cron.daily/apt-compat'
 maybe chmod 0755 'cron.daily/apt-show-versions'
@@ -615,6 +781,7 @@ maybe chmod 0644 'debconf.conf'
 maybe chmod 0644 'debian_version'
 maybe chmod 0755 'default'
 maybe chmod 0644 'default/acpid'
+maybe chmod 0644 'default/aide'
 maybe chmod 0644 'default/amavis-mc'
 maybe chmod 0644 'default/amavisd-milter'
 maybe chmod 0644 'default/amavisd-snmp-subagent'
diff --git a/aide/aide.conf b/aide/aide.conf
new file mode 100644
index 000000000..137dff8a4
--- /dev/null
+++ b/aide/aide.conf
@@ -0,0 +1,184 @@
+# AIDE conf
+
+# The daily cron job depends on these paths
+database=file:/var/lib/aide/aide.db
+database_out=file:/var/lib/aide/aide.db.new
+database_new=file:/var/lib/aide/aide.db.new
+gzip_dbout=yes
+
+# Set to no to disable summarize_changes option.
+summarize_changes=yes
+
+# Set to no to disable grouping of files in report.
+grouped=yes
+
+# standard verbose level
+verbose = 6
+
+# Set to yes to print the checksums in the report in hex format
+report_base16 = no
+
+# if you want to sacrifice security for speed, remove some of these
+# checksums. Whirlpool is broken on sparc and sparc64 (see #429180,
+# #420547, #152203).
+Checksums = sha256+sha512+rmd160+haval+gost+crc32+tiger
+
+# The checksums of the databases to be printed in the report
+# Set to 'E' to disable.
+database_attrs = Checksums
+
+# check permissions, owner, group and file type
+OwnerMode = p+u+g+ftype
+
+# Check size and block count
+Size = s+b
+
+# Files that stay static
+InodeData = OwnerMode+n+i+Size+l+X
+StaticFile = m+c+Checksums
+
+# Files that stay static but are copied to a ram disk on startup
+# (causing different inode)
+RamdiskData = InodeData-i
+
+# Check everything
+Full = InodeData+StaticFile
+
+# Files that change their mtimes or ctimes but not their contents
+VarTime = InodeData+Checksums
+
+# Files that are recreated regularly but do not change their contents
+VarInode = VarTime-i
+
+# Files that change their contents during system operation
+VarFile = OwnerMode+n+l+X
+
+# Directories that change their contents during system operation
+VarDir = OwnerMode+n+i+X
+
+# Directories that are recreated regularly and change their contents
+VarDirInode = OwnerMode+n+X
+
+# Directories that change their mtimes or ctimes but not their contents
+VarDirTime = InodeData
+
+# Logs are special: they are continously written to, may be compressed
+# have their file name changed in different, mutually incompatibly ways
+# and apprear and vanish at will. Handling this is a a complex and error-
+# prone issue.
+#
+# This is best broken down in a number of small tasks:
+#
+#
+# (A)
+# While a live log is being written to, it doesn't change its mode and
+# inode and its size only increases.
+#
+# (B)
+# When a live log is rotated for the first time, it should not change
+# its mode, may change its inode, and its size decreases. The size
+# decrease may not be noticed by aide if the file had size x at the last
+# aide run, was rotated in the mean time and was written to so that it
+# had a size > x at the next aide run.
+#
+# (C)
+# When a log is compressed, this looks to aide like the uncompressed
+# file vanished (or was replaced by another file) and the compressed
+# file appeared out of the blue. There is (currently) no way to
+# associate the (gone) uncompressed file's contents with the (new)
+# compressed file's contents
+#
+# (D)
+# The actual log rotation may rename foo.{x}.bar to foo.{x+1}.bar without
+# changing the other properties of the file
+#
+# (E)
+# If only a given number of log generations is to be kept, foo.{y}.bar may
+# vanish, but usually only when no foo.{z}.bar exists for z>y.
+#
+# (F)
+# The set of files foo.{x}.bar to foo.{y}.bar is called a "log series"
+# in aide terms, with the lowest x being called the "LoSerMember" element
+# and the highest y being called the "HiSerMember" element, and the z
+# with x<z<y simple called "SerMember". The Lo and Hi members need to
+# be special cased in aide configuration.
+#
+#
+# This is an example of the normal life of a log named foo in a logrotate
+# configuration using a configuration at it is commonly used in Debian
+# (from old to new):
+#     1 logrotate deletes HiSerMember foo.{y}.gz
+#     2 logrotate rotates SerMember foo.{z-1}.gz to foo.{z}.gz for all
+#       z with 3<z<=y. This includes rotation of foo.{y-1}.gz to
+#       foo.{y}.gz and foo.2.gz to foo.3.gz
+#     3 logrotate compresses foo.1 to foo.2.gz, creating LoSerMember foo.2.gz
+#     4 logrotate rotates foo to foo.1 (a simple rename)
+#     5 logrotate creates new, empty foo
+#     6 foo daemon logs to foo - foo grows in size
+#
+# we need the following rules:
+# /var/log/foo$ Log
+# /var/log/foo$ FreqRotLog
+#    this takes care of the growing live log (step 7). The "Log" rule
+#    is appropriate for logs that are not rotated daily as rotation
+#    might be reported (if the file size has decreased since the last
+#    aide run). For daily rotated logs, the "FreqRotLog" may be more
+#    appropriate.
+# /var/log/foo\.1$ LowLog
+#    this takes care of step 5.
+# /var/log/foo\.2\.gz$ LoSerMemberLog
+#    this allows yet unknown new files to appear with a \.2\.gz extension,
+#    covering step 3.
+# /var/log/foo\.[3..y-1]\.gz$ SerMemberLog
+#    this watches the log files as they wander through the Series,
+#    changing only their file name but not their contents or metadata,
+#    covering step 2.
+#    Please note that [3..y-1] needs to be a manually crafted regexp covering
+#    all numbers between 3 and y-1.
+# /var/log/foo\.y\.gz$ HiSerMemberLog
+#    finally, the last element of the Series is allowed to vanish without
+#    being reported, covering step 1.
+#
+# Please note that these example rules need to be adapted to the logrotate
+# configuration for the log. Compression may be disabled or lead to a different
+# extension, the dateext option may be used, old logs might be held in a
+# different place, a log series does not necessarily need to be compressed etc.
+#
+# Please note that savelog rotates the live log to .0 and not to .1 as it
+# is logrotates (changeable) default.
+
+
+# Logs grow in size. Log rotation of these logs will be reported, so
+# this should only be used for logs that are not rotated daily.
+Log = OwnerMode+n+S+X
+
+# Logs that are frequently rotated
+FreqRotLog = Log-S
+
+# The first instance of a rotated log: After the log has stopped being
+# written to, but before rotation
+LowLog = Log-S
+
+# Rotated logs change their file name but retain all their other properties
+SerMemberLog  = Full+I
+
+# The first instance of a compressed, rotated log: After a LowLog was
+# compressed.
+LoSerMemberLog = SerMemberLog+ANF
+
+# The last instance of a compressed, rotated log: After this name, a log
+# will be removed
+HiSerMemberLog = SerMemberLog+ARF
+
+# Not-yet-compressed log created by logrotate's dateext option:
+# These files appear one rotation (renamed from the live log) and are gone
+# the next rotation (being compressed)
+LowDELog = SerMemberLog+ANF+ARF
+
+# Compressed log created by logrotate's dateext option: These files appear
+# once and are not touched any more.
+SerMemberDELog = Full+ANF
+
+# For daemons that log to a variable file name and have the live log
+# hardlinked to a static file name
+LinkedLog = Log-n
diff --git a/aide/aide.conf.d/10_aide_constants b/aide/aide.conf.d/10_aide_constants
new file mode 100644
index 000000000..9a5620d20
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_constants
@@ -0,0 +1,2 @@
+@@define IP4ADDRESS (25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}
+@@define IP6ADDRESS ((:(:[0-9A-Fa-f]{1,4}){1,7}|::|[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){1,6}|::|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){1,5}|::|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){1,4}|::|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){1,3}|::|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){1,2}|::|:[0-9A-Fa-f]{1,4}(::[0-9A-Fa-f]{1,4}|::|:[0-9A-Fa-f]{1,4}(::|:[0-9A-Fa-f]{1,4}))))))))|(:(:[0-9A-Fa-f]{1,4}){0,5}|[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){0,4}|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){0,3}|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4}){0,2}|:[0-9A-Fa-f]{1,4}(:(:[0-9A-Fa-f]{1,4})?|:[0-9A-Fa-f]{1,4}(:|:[0-9A-Fa-f]{1,4})))))):(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3})
diff --git a/aide/aide.conf.d/10_aide_distribution b/aide/aide.conf.d/10_aide_distribution
new file mode 100755
index 000000000..f7b09653d
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_distribution
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+if [ -e "/etc/debian_version" ]; then
+  echo "@@ifndef DEBIANVERSION"
+  echo "@@define DEBIANVERSION Debian/$(head -n 1 /etc/debian_version | sed 's/[^-\/()a-zA-Z0-9]/_/g')"
+  echo "@@endif"
+fi
+if [ -x "/usr/bin/lsb_release" ]; then
+  for parm in id description release codename; do
+    PARM="$LSB_$(echo $parm | tr 'a-z' 'A-Z')"
+    echo "@@ifndef $PARM"
+    echo "@@define $PARM $(/usr/bin/lsb_release --short --$parm | sed 's/[^-\/a-z()A-Z0-9]/_/g')"
+    echo "@@endif"
+  done
+fi
diff --git a/aide/aide.conf.d/10_aide_hostname b/aide/aide.conf.d/10_aide_hostname
new file mode 100755
index 000000000..8a2c39e07
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_hostname
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+escapere()
+{
+  sed 's/\./\\./g'
+}
+
+if [ -n "$(hostname --fqdn)" ]; then 
+  echo "@@define FQDN $(hostname --fqdn | escapere)"
+fi
+if [ -n "$(hostname)" ]; then
+  echo "@@define HOSTNAME $(hostname | escapere)"
+fi
+if [ -n "$(dnsdomainname)" ]; then
+  echo "@@define DNSDOMAINNAME $(dnsdomainname | escapere)"
+fi
+if [ -n "$(dpkg --print-architecture)" ]; then
+  echo "@@define ARCH $(dpkg --print-architecture)"
+fi
+if [ -n "$(dpkg --print-foreign-architectures)" ]; then
+  if [ "$(dpkg --print-foreign-architectures | wc -l)" -gt 1 ]; then
+    echo "@@define FOREIGN_ARCHES $(dpkg --print-foreign-architectures | tr '\n' '|' | sed 's/^/(/; s/|$/)/')"
+  else
+    echo "@@define FOREIGN_ARCHES $(dpkg --print-foreign-architectures)"
+  fi
+fi
diff --git a/aide/aide.conf.d/10_aide_prevyear b/aide/aide.conf.d/10_aide_prevyear
new file mode 100755
index 000000000..c77a8e29f
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_prevyear
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "@@define PREVYEAR4D $(date +%Y --date="last year")"
diff --git a/aide/aide.conf.d/10_aide_run b/aide/aide.conf.d/10_aide_run
new file mode 100644
index 000000000..d4d0f346e
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_run
@@ -0,0 +1,20 @@
+# Please note: always remove leading and trailing slashes in path macros
+# var/run -> run
+@@ifndef RUN
+@@define RUN run
+@@endif
+# var/lock -> run/lock
+@@ifndef RUNLOCK
+@@define RUNLOCK run/lock
+@@endif
+# lib/init/rw -> run
+@@ifndef LIBINITRW
+@@define LIBINITRW run
+@@endif
+
+
+# Please note: mind the trailing slash after transition
+# dev/\. -> run/
+@@ifndef DEVDOT
+@@define DEVDOT run/
+@@endif
diff --git a/aide/aide.conf.d/10_aide_year b/aide/aide.conf.d/10_aide_year
new file mode 100755
index 000000000..85786f5d4
--- /dev/null
+++ b/aide/aide.conf.d/10_aide_year
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "@@define YEAR4D $(date +%Y)"
diff --git a/aide/aide.conf.d/30_aide_apache2 b/aide/aide.conf.d/30_aide_apache2
new file mode 100755
index 000000000..4535e295d
--- /dev/null
+++ b/aide/aide.conf.d/30_aide_apache2
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -e /etc/apache2/mods-enabled/suexec.load ]; then
+  echo "@@define APACHE2_SUEXEC 1"
+fi
diff --git a/aide/aide.conf.d/30_aide_bind9 b/aide/aide.conf.d/30_aide_bind9
new file mode 100755
index 000000000..ca7defca1
--- /dev/null
+++ b/aide/aide.conf.d/30_aide_bind9
@@ -0,0 +1,19 @@
+#! /bin/bash
+# this script automatically sets the BINDCHROOT variable to the
+# directory that bind chroots to via configuration in
+# /etc/default/bind9. This is only going to work if your /etc/default/bind9
+# is not too modified.
+#
+# If you want to use this magic, just uncomment it.
+# You can also manually set the chroot directory in a non-executable
+# file: @@define BINDCHROOT /var/cache/bind
+
+# # Automagically extract chroot directory
+# . /etc/default/bind9
+# set $OPTIONS
+# for i in $@;do
+#   if [ "$1" == "-t" ]
+#     then echo "@@define BINDCHROOT $2"; break
+#     else shift
+#   fi
+# done
diff --git a/aide/aide.conf.d/30_inn2_vars b/aide/aide.conf.d/30_inn2_vars
new file mode 100755
index 000000000..3667a3387
--- /dev/null
+++ b/aide/aide.conf.d/30_inn2_vars
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -e /etc/news/innfeed.conf ]; then
+  echo -n "@@define INN2_INNFEED_OUTFEEDS ("
+< /etc/news/innfeed.conf \
+   sed -n '/^[[:space:]]*peer[[:space:]]/{s/^[[:space:]]*peer[[:space:]]\+\([-\.a-z0-9]\+\).*/\1/;p;}' | \
+   tr '\n' '|' |\
+   sed 's/|$/)/'
+  echo
+fi
diff --git a/aide/aide.conf.d/31_aide_acpid b/aide/aide.conf.d/31_aide_acpid
new file mode 100644
index 000000000..a59fb3840
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_acpid
@@ -0,0 +1,6 @@
+/var/log/acpid$ Log
+/var/log/acpid\.1$ LowLog
+/var/log/acpid\.2\.gz$ LoSerMemberLog
+/var/log/acpid\.3\.gz$ SerMemberLog
+/var/log/acpid\.4\.gz$ HiSerMemberLog
+/@@{RUN}/acpid\.(socket|pid)$ VarFile
diff --git a/aide/aide.conf.d/31_aide_adjtime b/aide/aide.conf.d/31_aide_adjtime
new file mode 100644
index 000000000..96b50696e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_adjtime
@@ -0,0 +1 @@
+/etc/adjtime$ VarFile
diff --git a/aide/aide.conf.d/31_aide_aide b/aide/aide.conf.d/31_aide_aide
new file mode 100644
index 000000000..15c558712
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_aide
@@ -0,0 +1,13 @@
+/var/lib/aide/aide\.db(\.new)?$ VarFile
+!/var/lib/aide/aide\.conf\.autogenerated$
+/var/lib/aide$ VarDir
+/var/log/aide/aide\.log(\.0)?$ LowLog
+/var/log/aide/aide\.log\.1\.gz$ LoSerMemberLog
+/var/log/aide/aide\.log\.[2-5]\.gz$ SerMemberLog
+/var/log/aide/aide\.log\.6\.gz$ HiSerMemberLog
+/var/log/aide$ VarDir
+!/@@{RUN}/aide$
+!/@@{RUN}/aide\.lock$
+!/@@{RUN}/aide/cron\.daily\.lock$
+!/@@{RUN}/aide/cron\.daily$
+!/@@{RUN}/aide/cron\.daily/((error|a(run|err))log|mailfile)$
diff --git a/aide/aide.conf.d/31_aide_alsa b/aide/aide.conf.d/31_aide_alsa
new file mode 100644
index 000000000..41ce24be4
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_alsa
@@ -0,0 +1 @@
+/var/lib/alsa/asound\.state$ VarFile
diff --git a/aide/aide.conf.d/31_aide_amanda-client b/aide/aide.conf.d/31_aide_amanda-client
new file mode 100644
index 000000000..2f4619536
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_amanda-client
@@ -0,0 +1,9 @@
+@@define AMANDALOG var/log/amanda
+
+/var/lib/dumpdates$ VarFile
+!/@@{AMANDALOG}/amandad/amandad\.@@{YEAR4D}[0-9]{10}\.debug$
+/@@{AMANDALOG}/(amandad|client)$ VarDir
+@@ifdef AMANDABACKUPSET
+/@@{AMANDALOG}/client/@@{AMANDABACKUPSET}$ VarDir
+@@endif
+!/@@{AMANDALOG}/client/[^/]+/(sendsize|killpgrp|sendbackup|selfcheck)\.@@{YEAR4D}[0-9]{10}\.debug$
diff --git a/aide/aide.conf.d/31_aide_amanda-server b/aide/aide.conf.d/31_aide_amanda-server
new file mode 100755
index 000000000..385430d21
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_amanda-server
@@ -0,0 +1,122 @@
+#!/bin/bash
+
+MULTILINEDLE=0
+
+skip_multiline_dle() {
+    if [ "$MULTILINEDLE" = "0" ]; then	
+        if echo "$rest" | grep -q '{'; then
+	    MULTILINEDLE=1
+        fi
+	return 1
+    elif echo "$host $dev $rest" | grep -q '}'; then
+	MULTILINEDLE=0
+    fi
+    return 0
+}
+
+if ! [ -d /etc/amanda ]; then
+  exit 0
+fi
+for configfile in $(find /etc/amanda -name amanda.conf ! -path '/etc/amanda/template.d*' | tr '
+' ' '); do
+  config="$(dirname $configfile)"
+  cd $config
+  CONF="${config##*/}"
+  AMANDA_TAPEDEV="$(amgetconf $CONF tapedev)"
+  AMANDA_TAPEDEV="${AMANDA_TAPEDEV#file:}"
+  if [ -d "$AMANDA_TAPEDEV" ]; then
+    echo "@@define AMANDA_TAPEDEV $AMANDA_TAPEDEV"
+    for slot in $(find $AMANDA_TAPEDEV -type d -regex '.*/slot[0-9]+' -printf "%P\n"); do
+      if [ -f "disklist" ]; then
+        while read host dev rest; do
+          if echo $host | grep -q '^\(#.*\)\?$'; then continue; fi
+	  dev="$(echo $dev | sed 's|/|_|g')"
+	  if ! skip_multiline_dle; then
+	      echo "!@@{AMANDA_TAPEDEV}/$slot/[0-9]{5}[-\.]$host\.$dev\.[0123]$"
+	  fi
+        done < disklist
+        MULTILINEDLE=0
+      fi
+      cat <<EOF
+@@{AMANDA_TAPEDEV}/$slot/00000[-\.]$CONF-$(printf "%03d" ${slot#slot})$ VarFile
+!@@{AMANDA_TAPEDEV}/$slot/[0-9]{5}[-\.]TAPEEND$
+@@{AMANDA_TAPEDEV}/$slot$ VarDir
+EOF
+    done
+    cat <<EOF
+@@{AMANDA_TAPEDEV}/(data|info)$ VarFile
+@@{AMANDA_TAPEDEV}$ VarDir
+EOF
+  fi
+  AMANDA_LOGDIR="$(amgetconf $CONF logdir)"
+  if [ -n "$AMANDA_LOGDIR" ]; then
+    cat <<EOF
+@@define AMANDA_LOGDIR $AMANDA_LOGDIR
+@@{AMANDA_LOGDIR}/log\.@@{YEAR4D}[0-9]{4}\.0$ LowDELog
+@@{AMANDA_LOGDIR}/oldlog/log\.@@{YEAR4D}[0-9]{4}\.0$ SerMemberDELog
+@@{AMANDA_LOGDIR}/amdump\.1$ LoSerMemberLog
+@@{AMANDA_LOGDIR}/amdump\.[2-8]$ SerMemberLog
+@@{AMANDA_LOGDIR}/amdump\.9$ HiSerMemberLog
+@@{AMANDA_LOGDIR}(/oldlog)?$ VarDir
+EOF
+  fi
+  AMANDA_INDEXDIR="$(amgetconf $CONF indexdir)"
+  if [ -n "$AMANDA_INDEXDIR" ]; then
+    echo "@@define AMANDA_INDEXDIR $AMANDA_INDEXDIR"
+    if [ -f "disklist" ]; then
+      while read host dev rest; do
+        if echo $host | grep -q '^\(#.*\)\?$'; then continue; fi
+        dev="$(echo $dev | sed 's|[/:]|_|g
+s|\"||g')"
+	if ! skip_multiline_dle; then
+            echo "!@@{AMANDA_INDEXDIR}/$host/$dev/@@{YEAR4D}[0-9]{4}_[0123]\.gz$"
+            echo "@@{AMANDA_INDEXDIR}/$host/$dev$ VarDir"
+	fi
+      done < disklist
+      MULTILINEDLE=0
+    fi
+  fi
+  AMANDA_CHANGERFILE="$(amgetconf $CONF changerfile)"
+  AMANDA_CHANGERDIR="${AMANDA_CHANGERFILE%changer}"
+  if [ -n "$AMANDA_CHANGERDIR" ]; then
+    echo "@@define AMANDA_CHANGERDIR $AMANDA_CHANGERDIR"
+    echo "@@{AMANDA_CHANGERDIR}/(changer-(access|clean|slot)|tapelist(\.yesterday)?)$ VarFile"
+    echo "@@{AMANDA_CHANGERDIR}$ VarDir"
+  fi
+  AMANDA_INFOFILE="$(amgetconf $CONF infofile)"
+  if [ -n "$AMANDA_INFOFILE" ]; then
+    echo "@@define AMANDA_INFOFILE $AMANDA_INFOFILE"
+    if [ -f "disklist" ]; then
+      while read host dev rest; do
+        if echo $host | grep -q '^\(#.*\)\?$'; then continue; fi
+        dev="$(echo $dev | sed 's|[/:]|_|g
+s|\"||g')"
+	if ! skip_multiline_dle; then
+            echo "@@{AMANDA_INFOFILE}/$host/$dev/info$ VarFile"
+            echo "@@{AMANDA_INFOFILE}/$host/$dev$ VarDir"
+        fi
+      done < disklist
+      MULTILINEDLE=0
+    fi
+  fi
+  # this is hardcoded since amgetconf refuses to deliver diskdir
+  AMANDA_HOLDING="/srv/amanda/holding"
+  if [ -n "$AMANDA_HOLDING" ]; then
+    echo "$AMANDA_HOLDING$ VarDir"
+  fi
+  echo "@@define AMANDALOG /var/log/amanda/server/$CONF"
+  cat <<EOF
+!@@{AMANDALOG}/(amcheck|amlogroll|amreport|amtrm(idx|log)|chunker|driver|dumper|planner|taper)\.@@{YEAR4D}[0-9]{10}\.debug$ 
+!@@{AMANDALOG}/(chunker|dumper)\.@@{YEAR4D}[0-9]{13}\.debug$ 
+@@{AMANDALOG}$ VarDir
+/var/log/amanda/server$ VarDir
+EOF
+done
+
+cat <<EOF
+@@define AMANDALOG /var/log/amanda/amandad
+!@@{AMANDALOG}/(amandad)\.@@{YEAR4D}[0-9]{10}\.debug$ 
+@@{AMANDALOG}$ VarDir
+/tmp/amanda$ VarDir
+EOF
+
diff --git a/aide/aide.conf.d/31_aide_amavisd-new b/aide/aide.conf.d/31_aide_amavisd-new
new file mode 100644
index 000000000..f473ac21b
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_amavisd-new
@@ -0,0 +1,9 @@
+/@@{RUN}/amavis/amavisd.lock$ VarFile
+/var/lib/amavis/tmp$ VarDir
+!/var/lib/amavis/tmp/amavis-[0-9]{8}T[0-9]{6}-[0-9]{5}$
+!/var/lib/amavis/tmp/amavis-[0-9]{8}T[0-9]{6}-[0-9]{5}/(email\.txt|parts)$
+/var/lib/amavis/db/__db.[0-9]{3} VarFile
+/var/lib/amavis/db/(cache(-expiry)?|snmp|nanny)\.db$ VarFile
+/var/lib/amavis/.spamassassin$ VarDir
+/var/lib/amavis/.spamassassin/bayes_(toks|seen)$ VarFile
+/var/lib/amavis/.spamassassin/auto-whitelist$ VarFile
diff --git a/aide/aide.conf.d/31_aide_anacron b/aide/aide.conf.d/31_aide_anacron
new file mode 100644
index 000000000..bda9df6d9
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_anacron
@@ -0,0 +1 @@
+/var/spool/anacron/cron\.(monthly|weekly|daily)$ VarFile
diff --git a/aide/aide.conf.d/31_aide_anubis b/aide/aide.conf.d/31_aide_anubis
new file mode 100644
index 000000000..43ca530d8
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_anubis
@@ -0,0 +1 @@
+/@@{RUN}/anubis\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_apache b/aide/aide.conf.d/31_aide_apache
new file mode 100644
index 000000000..281d87015
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apache
@@ -0,0 +1,6 @@
+/var/log/apache/(access|error)\.log$ Log
+/var/log/apache/(access|error)\.log\.1$ LowLog
+/var/log/apache/(access|error)\.log\.2\.gz$ LoSerMemberLog
+/var/log/apache/(access|error)\.log\.[0-9]+\.gz$ SerMemberLog
+/var/log/apache$ VarDir
+/@@{RUN}/apache\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_apache2 b/aide/aide.conf.d/31_aide_apache2
new file mode 100644
index 000000000..c79b4d8a1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apache2
@@ -0,0 +1,15 @@
+@@ifdef APACHE2_SUEXEC
+@@define APACHE2_LOGS (access|error|suexec)
+@@else
+@@define APACHE2_LOGS (access|error)
+@@endif
+/var/log/apache2/@@{APACHE2_LOGS}\.log$ Log
+/var/log/apache2/@@{APACHE2_LOGS}\.log\.1$ LowLog
+/var/log/apache2/@@{APACHE2_LOGS}\.log\.2\.gz$ LoSerMemberLog
+/var/log/apache2/@@{APACHE2_LOGS}\.log\.([3-9]|[1-4][0-9]|5[0-1])\.gz$ SerMemberLog
+/var/log/apache2/@@{APACHE2_LOGS}\.log\.52\.gz$ HiSerMemberLog
+
+/@@{RUN}/apache2\.pid$ VarFile
+/@@{RUN}/apache2/ssl_scache$ VarFile
+/var/log/apache2$ VarDir
+/@@{RUN}/apache2$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_apcupsd b/aide/aide.conf.d/31_aide_apcupsd
new file mode 100644
index 000000000..7f350bacc
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apcupsd
@@ -0,0 +1,3 @@
+/var/log/apcupsd\.events$ Log
+/@@{RUN}/apcupsd\.pid$ VarFile
+/@@{RUNLOCK}/LCK\.\.$ VarFile
diff --git a/aide/aide.conf.d/31_aide_apt b/aide/aide.conf.d/31_aide_apt
new file mode 100755
index 000000000..23a7d39d2
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+. "$UPAC_settingsd/10_aide_sourceslist"
+VARDIR="/var/lib/apt"
+LISTSDIR="$VARDIR/lists"
+CACHEDIR="/var/cache/apt"
+ARCHIVESDIR="$CACHEDIR/archives"
+SYSTEMDDIR="/var/lib/systemd/timers"
+LOGDIR="/var/log/apt"
+IGNORE_ARCHIVES=""
+IGNORE_FRQCHG=""
+APT_VERS=""
+
+if [ -x "$UPAC_confd/31_local_apt_settings" ]; then
+  . "$UPAC_confd/31_local_apt_settings"
+  echo "WARNING: usage of $UPAC_confd/31_local_apt_settings is deprecated, please use $UPAC_settingsd/31_aide_apt_settings" >&2
+elif [ -r "$UPAC_settingsd/31_aide_apt_settings" ]; then
+  # pull in configuration
+  . "$UPAC_settingsd/31_aide_apt_settings"
+fi
+
+echo '@@define TRANSLATIONS (ca|cs|da|de|de_DE|en|eo|es|eu|fi|fr|hr|hu|id|it|ja|km|ko|nb|nl|pl|pt|pt_BR|ro|ru|sk|sr|sv|uk|vi|zh|zh_CN|zh_TW)'
+
+cat $SOURCESLIST /dev/null | sed 's/ #.*$//' | while read deb uri dist comp; do
+  PROTOCOL="$(echo $uri | sed 's|\([^:]\+\).*|\1|')"
+  if [ "$PROTOCOL" = "http" ] || [ "$PROTOCOL" = "ftp" ]; then
+    HOST="$(echo $uri | sed -e 's|.*//\([^/[:space:]]\+\).*|\1|' -e 's|\.|\\\.|g')"
+    HOSTPATH="$(echo $uri | sed -e 's|.*//[^/[:space:]]\+/\?||;s|/$||;s|/|_|g;s|^\(.\+\)$|_\1|' -e 's|\.|\\\.|g')"
+    dist="${dist//\//_}"
+    if [ -n "$DEBUG" ]; then
+      echo "uri $uri"
+      echo "HOST $HOST"
+      echo "HOSTPATH $HOSTPATH"
+    fi
+    if [ "$deb" = "deb" ]; then
+      for c in $comp; do
+        echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_${c}_binary-@@{ARCH}_Packages(\.IndexDiff)?$ VarFile"
+        echo "@@ifdef FOREIGN_ARCHES"
+        echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_${c}_binary-@@{FOREIGN_ARCHES}_Packages(\.IndexDiff)?$ VarFile"
+        echo "@@endif"
+        echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_(InRelease|Release(\.gpg)?)$ VarFile"
+        echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_${c}_i18n_Translation-@@{TRANSLATIONS}(\.IndexDiff)?$ VarFile"
+      done
+      echo "!${LISTSDIR}/partial/${HOST}${HOSTPATH}_dists_${dist}_Release\.gpg\.reverify$"
+    elif [ "$deb" = "deb-src" ]; then
+      for c in $comp; do
+	echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_${c}_source_Sources(\.IndexDiff)?$ VarFile"
+       echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_(InRelease|Release(\.gpg)?)$ VarFile"
+      done
+    fi
+  else
+    : # other protocols are not supported. If you feel like they should
+    : # please give a good reason and probably a patch.
+  fi
+  echo -e "\n\n"
+done
+
+echo "${LISTSDIR}(/partial)?$ VarDir"
+echo "${LISTSDIR}/lock$ VarFile"
+echo "${VARDIR}/periodic/(download-upgradeable|update)-stamp$ VarTime"
+echo "${VARDIR}/(daily_lock|extended_states)$ VarFile"
+echo "${VARDIR}$ VarDir"
+
+echo "${SYSTEMDDIR}/stamp-apt-daily(-upgrade)?\.timer$ VarFile"
+
+echo "${LOGDIR}/(term|history)\.log$ Log"
+echo "${LOGDIR}/(term|history)\.log\.1\.gz$ LoSerMemberLog"
+echo "${LOGDIR}/(term|history)\.log\.([2-9]|1[0-1])\.gz$ SerMemberLog"
+echo "${LOGDIR}/(term|history)\.log\.12\.gz$ HiSerMemberLog"
+echo "${LOGDIR}$ VarDir"
+
+echo "/var/backups/apt\.extended_states\.0$ LowLog"
+echo "/var/backups/apt\.extended_states\.1\.gz$ LoSerMemberLog"
+echo "/var/backups/apt\.extended_states\.[2345]\.gz$ SerMemberLog"
+echo "/var/backups/apt\.extended_states\.6\.gz$ HiSerMemberLog"
+
+if [ "$IGNORE_ARCHIVES" = "yes" ]; then
+  echo "!$ARCHIVESDIR/[-a-zA-Z0-9%\.~_+]+_(@@{ARCH}|all)\.deb$"
+  echo "@@ifdef FOREIGN_ARCHES"
+  echo "!$ARCHIVESDIR/[-a-zA-Z0-9%\.~_+]+_@@{FOREIGN_ARCHES}\.deb$"
+  echo "@@endif"
+fi
+
+if [ "$IGNORE_FRQCHG" = "yes" ]; then
+  echo "$ARCHIVESDIR(/partial|/lock)?$ VarDir"
+  echo "!$CACHEDIR/(src)?pkgcache\.bin$"
+  echo "$CACHEDIR$ VarDir"
+fi
diff --git a/aide/aide.conf.d/31_aide_apt-file b/aide/aide.conf.d/31_aide_apt-file
new file mode 100755
index 000000000..88f03baf6
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt-file
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+. "$UPAC_settingsd/10_aide_sourceslist"
+
+cat $SOURCESLIST /dev/null | sed 's/ #.*$//' | while read deb uri dist comp; do
+    PROTOCOL="$(echo $uri | sed 's|\([^:]\+\).*|\1|')"
+    HOST="$(echo $uri | sed -e 's|.*//\([^/[:space:]]\+\).*|\1|' -e 's|\.|\\\.|g')"
+    HOSTPATH="$(echo $uri | sed -e 's|.*//[^/[:space:]]\+/\?||;s|/$||;s|/|_|g;s|^\(.\+\)$|_\1|' -e 's|\.|\\\.|g')"
+    if [ "$PROTOCOL" = "http" ] || [ "$PROTOCOL" = "ftp" ]; then
+        for c in $comp; do
+            echo "/var/cache/apt/apt-file/"${HOST//\./\\\.}${HOSTPATH}"_dists_"${dist//\//_}"_"${c}"_Contents-@@{ARCH}\.(gz|IndexDiff)$ VarFile"
+            echo "@@ifdef FOREIGN_ARCHES"
+            echo "/var/cache/apt/apt-file/"${HOST//\./\\\.}${HOSTPATH}"_dists_"${dist//\//_}"_"${c}"_Contents-@@{FOREIGN_ARCHES}\.(gz|IndexDiff)$ VarFile"
+            echo "@@endif"
+        done
+    fi
+done
+
+echo "/var/cache/apt/apt-file$ VarDir"
diff --git a/aide/aide.conf.d/31_aide_apt-listbugs b/aide/aide.conf.d/31_aide_apt-listbugs
new file mode 100644
index 000000000..3907de751
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt-listbugs
@@ -0,0 +1,2 @@
+!/var/cache/apt-listbugs/%2Findices%2Findex.db-(critical|grave|serious)\.gz$
+/var/cache/apt-listbugs$ VarDir
diff --git a/aide/aide.conf.d/31_aide_apt-listchanges b/aide/aide.conf.d/31_aide_apt-listchanges
new file mode 100644
index 000000000..c98c98ed7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt-listchanges
@@ -0,0 +1 @@
+/var/lib/apt/listchanges\.db$ VarFile
diff --git a/aide/aide.conf.d/31_aide_apt-show-versions b/aide/aide.conf.d/31_aide_apt-show-versions
new file mode 100644
index 000000000..3ca50d212
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt-show-versions
@@ -0,0 +1,2 @@
+/var/cache/apt-show-versions/(files|ipackages|apackages)$ VarFile
+/var/cache/apt-show-versions$ VarDir
diff --git a/aide/aide.conf.d/31_aide_apt_frqchg b/aide/aide.conf.d/31_aide_apt_frqchg
new file mode 100644
index 000000000..225905ea0
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_apt_frqchg
@@ -0,0 +1,2 @@
+# this has been replaced by the scripted rule file 31_aide_apt
+# this file can be removed
diff --git a/aide/aide.conf.d/31_aide_aptitude b/aide/aide.conf.d/31_aide_aptitude
new file mode 100644
index 000000000..922b74f16
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_aptitude
@@ -0,0 +1,13 @@
+/var/log/aptitude$ Log
+/var/log/aptitude\.1\.gz$ LoSerMemberLog
+/var/log/aptitude\.[2-5]\.gz$ SerMemberLog
+/var/log/aptitude\.6\.gz$ HiSerMemberLog
+/var/backups/aptitude\.pkgstates\.0$ LowLog
+/var/backups/aptitude\.pkgstates\.1\.gz$ LoSerMemberLog
+/var/backups/aptitude\.pkgstates\.[2345]\.gz$ SerMemberLog
+/var/backups/aptitude\.pkgstates\.6\.gz$ HiSerMemberLog
+/var/lib/aptitude/pkgstates(\.old)?$ VarFile
+/var/lib/aptitude$ VarDir
+!/@@{RUNLOCK}/aptitude$
+/root/\.(aptitude|debtags)$ VarDir
+/root/\.aptitude/config$ VarFile
diff --git a/aide/aide.conf.d/31_aide_aptitude_frqchg b/aide/aide.conf.d/31_aide_aptitude_frqchg
new file mode 100644
index 000000000..0a5569385
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_aptitude_frqchg
@@ -0,0 +1 @@
+# removed, rules are contained in 31_aide_aptitude
diff --git a/aide/aide.conf.d/31_aide_at b/aide/aide.conf.d/31_aide_at
new file mode 100644
index 000000000..ce6e0cafe
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_at
@@ -0,0 +1,2 @@
+/var/spool/cron/at(spool|jobs)$ VarDir
+/@@{RUN}/atd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_atop b/aide/aide.conf.d/31_aide_atop
new file mode 100644
index 000000000..80c2704ff
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_atop
@@ -0,0 +1,9 @@
+/var/log/atop$ VarDirInode
+!/var/log/atop/(atop_@@{YEAR4D}[[:digit:]]{4}|daily\.log)$
+/var/log/atop/dummy_(after|before)$ VarFile
+/@@{RUN}/(pacct_shadow\.d|atop)$ VarDir
+/@@{RUN}/atop/atop\.acct$ VarFile
+/@@{RUN}/atop\.pid$ VarFile
+!/@@{RUN}/pacct_shadow\.d/[0-9]{10}\.paf$
+/@@{RUN}/pacct_shadow\.d/current$ VarFile
+/@@{RUN}/pacct_source$ VarFile
diff --git a/aide/aide.conf.d/31_aide_bind9 b/aide/aide.conf.d/31_aide_bind9
new file mode 100644
index 000000000..06c2405ea
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_bind9
@@ -0,0 +1,13 @@
+@@ifdef BINDCHROOT
+@@{BINDCHROOT}/dev/log$ LowLog
+@@{BINDCHROOT}/dev VarDir
+@@endif
+@@{BINDCHROOT}/var/log/bind/queries\.log$ Log
+@@{BINDCHROOT}/var/log/bind/queries\.log\.0$ LoSerMemberLog
+@@{BINDCHROOT}/var/log/bind/queries\.log\.[1-8]$ SerMemberLog
+@@{BINDCHROOT}/var/log/bind/queries\.log\.9$ HiSerMemberLog
+@@{BINDCHROOT}/var/log/bind VarDir
+@@{BINDCHROOT}/@@{RUN}/named/(session\.key|named\.pid)$ VarFile
+@@{BINDCHROOT}/@@{RUN}/named$ VarDirInode
+@@{BINDCHROOT}/var/cache/bind$ VarDir
+@@{BINDCHROOT}/var/cache/bind/[-[:alnum:].]+$ VarFile
diff --git a/aide/aide.conf.d/31_aide_btmp b/aide/aide.conf.d/31_aide_btmp
new file mode 100644
index 000000000..ba618f6d1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_btmp
@@ -0,0 +1,2 @@
+/var/log/btmp$ Log
+/var/log/btmp\.1$ LowLog
diff --git a/aide/aide.conf.d/31_aide_cereal b/aide/aide.conf.d/31_aide_cereal
new file mode 100644
index 000000000..c81465a07
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_cereal
@@ -0,0 +1,9 @@
+# replace CEREALSESS with a regexp matching your session names
+#@@define CEREALSESS (session|session)
+@@ifdef CEREALSESS
+!/@@{RUN}/screen/S-@@{CEREALSESS}(/[0-9]+\.cereal:@@{CEREALSESS})?$
+!/var/lib/cereal/sessions/@@{CEREALSESS}/log/main(/@[0-9a-f]{24}\.s)?
+/var/lib/cereal/sessions/@@{CEREALSESS}/socket$ VarFile
+/var/lib/cereal/sessions/@@{CEREALSESS}/supervise$ VarDir
+/var/lib/cereal/sessions/@@{CEREALSESS}/supervise/(pid|stat|status)$ VarFile
+@@endif
diff --git a/aide/aide.conf.d/31_aide_checksecurity b/aide/aide.conf.d/31_aide_checksecurity
new file mode 100644
index 000000000..803665ae4
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_checksecurity
@@ -0,0 +1,6 @@
+/var/log/setuid/setuid.changes$ Log
+/var/log/setuid/setuid.changes\.1$ LoSerMemberLog
+/var/log/setuid/setuid.changes\.[2-9]$ SerMemberLog
+/var/log/setuid/setuid.changes\.10$ HiSerMemberLog
+/var/log/setuid/setuid.(today|yesterday)$ VarFile
+/var/log/setuid$ VarDir
diff --git a/aide/aide.conf.d/31_aide_clamav b/aide/aide.conf.d/31_aide_clamav
new file mode 100644
index 000000000..56ce75b49
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_clamav
@@ -0,0 +1,8 @@
+/var/log/clamav/clamav\.log$ Log
+/var/log/clamav/clamav\.log\.1$ LowLog
+/var/log/clamav/clamav\.log\.2\.gz$ LoSerMemberLog
+/var/log/clamav/clamav\.log\.([3-9]|1[0-1])\.gz$ SerMemberLog
+/var/log/clamav/clamav\.log\.12\.gz$ HiSerMemberLog
+/@@{RUN}/clamav/clamd\.(ctl|pid)$ VarFile
+/var/log/clamav$ VarDir
+/@@{RUN}/clamav$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_clamav-freshclam b/aide/aide.conf.d/31_aide_clamav-freshclam
new file mode 100644
index 000000000..33365efa3
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_clamav-freshclam
@@ -0,0 +1,10 @@
+/var/log/clamav/freshclam\.log$ Log
+/var/log/clamav/freshclam\.log\.1$ LowLog
+/var/log/clamav/freshclam\.log\.2\.gz$ LoSerMemberLog
+/var/log/clamav/freshclam\.log\.([3-9]|1[0-1])\.gz$ SerMemberLog
+/var/log/clamav/freshclam\.log\.12\.gz$ HiSerMemberLog
+/var/lib/clamav/(daily|main)\.inc$ VarDir
+/var/lib/clamav/bytecode\.cld$ VarFile
+/var/lib/clamav/daily\.inc/daily\.(info|[nmhp]db)$ VarFile
+/var/lib/clamav/mirrors.dat$ VarFile
+/@@{RUN}/clamav/freshclam\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_console-log b/aide/aide.conf.d/31_aide_console-log
new file mode 100644
index 000000000..18d641b57
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_console-log
@@ -0,0 +1,2 @@
+/@@{RUN}/console-log(/Debian-console-log)?$ VarFile
+/@@{RUN}/console-log/Debian-console-log/(8-_-_var_-_log_-_exim4_-_mainlog|9-_-_var_-_log_-_syslog_-_syslog)$ VarFile
diff --git a/aide/aide.conf.d/31_aide_cracklib-runtime b/aide/aide.conf.d/31_aide_cracklib-runtime
new file mode 100644
index 000000000..e58d1cef4
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_cracklib-runtime
@@ -0,0 +1 @@
+/var/cache/cracklib/cracklib_dict\.(hwm|pw(d|i))$ VarFile
diff --git a/aide/aide.conf.d/31_aide_cron b/aide/aide.conf.d/31_aide_cron
new file mode 100644
index 000000000..078921e3d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_cron
@@ -0,0 +1 @@
+/@@{RUN}/crond\.(pid|reboot)$ VarFile
diff --git a/aide/aide.conf.d/31_aide_cron-apt b/aide/aide.conf.d/31_aide_cron-apt
new file mode 100644
index 000000000..325a96201
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_cron-apt
@@ -0,0 +1,10 @@
+/var/lib/cron-apt/_-_etc_-_cron-apt_-_config/mailchanges/(0-update-|3-download-)[0-9a-f]{32}$ VarFile
+!/var/lib/cron-apt/lockfile$
+/var/lib/cron-apt$ VarDir
+!/tmp/cron-apt\.[a-zA-Z0-9]{6}$
+!/tmp/cron-apt\.[a-zA-Z0-9]{6}/initlog$
+/var/log/cron-apt/log$ Log
+/var/log/cron-apt/log\.1\.gz$ LoSerMemberLog
+/var/log/cron-apt/log\.[23]\.gz$ SerMemberLog
+/var/log/cron-apt/log\.4\.gz$ HiSerMemberLog
+/var/log/cron-apt$ VarDir
diff --git a/aide/aide.conf.d/31_aide_cups b/aide/aide.conf.d/31_aide_cups
new file mode 100644
index 000000000..a109923f7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_cups
@@ -0,0 +1,22 @@
+@@define CUPS_LOGS (access|error|page|cups-pdf)
+/var/log/cups/@@{CUPS_LOGS}_log$ Log
+/var/log/cups/@@{CUPS_LOGS}_log\.1\.gz$ LoSerMemberLog
+/var/log/cups/@@{CUPS_LOGS}_log\.[2-6]\.gz$ SerMemberLog
+/var/log/cups/@@{CUPS_LOGS}_log\.7\.gz$ HiSerMemberLog
+/var/log/cups$ VarDir
+
+/var/cache/cups$ VarDir
+/var/cache/cups/(job|remote)\.cache$ VarFile
+/var/cache/cups/job\.cache\.O$ VarFile
+/var/cache/cups/(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.snmp$ VarTime
+
+!/var/spool/cups/(c[0-9]{5}|d[0-9]{5}-[0-9]{3})$
+!/var/spool/cups/tmp/cups-dbus-notifier-lockfile$
+/var/spool/cups(/tmp)?$ VarDir
+
+!/@@{RUN}/cups/certs/0$
+/@@{RUN}/cups/(printcap|cups(d\.pid|\.sock))$ VarFile
+/@@{RUN}/cups(/certs)?$ VarDirInode
+
+/etc/cups$ VarDir
+/etc/cups/(printers|subscriptions)\.conf(\.O)?$ VarFile
diff --git a/aide/aide.conf.d/31_aide_dbus b/aide/aide.conf.d/31_aide_dbus
new file mode 100644
index 000000000..3f133eadc
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_dbus
@@ -0,0 +1,2 @@
+/@@{RUN}/dbus/(pid|system_bus_socket)$ VarFile
+/@@{RUN}/dbus$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_ddclient b/aide/aide.conf.d/31_aide_ddclient
new file mode 100644
index 000000000..f510dc572
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ddclient
@@ -0,0 +1,2 @@
+/var/cache/ddclient/ddclient\.cache$ VarFile
+/@@{RUN}/ddclient\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_debconf b/aide/aide.conf.d/31_aide_debconf
new file mode 100644
index 000000000..ca51af873
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_debconf
@@ -0,0 +1,2 @@
+/var/cache/debconf/(config|templates)\.dat(-old)?$ VarFile
+/var/cache/debconf$ VarDir
diff --git a/aide/aide.conf.d/31_aide_debsecan b/aide/aide.conf.d/31_aide_debsecan
new file mode 100644
index 000000000..bf46f9cef
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_debsecan
@@ -0,0 +1,2 @@
+/var/lib/debsecan/history$ VarFile
+/var/lib/debsecan$ VarDir
diff --git a/aide/aide.conf.d/31_aide_dlocate b/aide/aide.conf.d/31_aide_dlocate
new file mode 100644
index 000000000..598d3e563
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_dlocate
@@ -0,0 +1,2 @@
+/var/lib/dlocate/(dpkg-list|dlocatedb(|\.stamps|\.old))$ VarFile
+/var/lib/dlocate$ VarDir
diff --git a/aide/aide.conf.d/31_aide_dokuwiki b/aide/aide.conf.d/31_aide_dokuwiki
new file mode 100644
index 000000000..357bcea32
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_dokuwiki
@@ -0,0 +1,6 @@
+/var/lib/dokuwiki/data/cache/[0-9a-f]/[0-9a-f]{32}\.(feed|i|xhtml)$ VarFile
+/var/lib/dokuwiki/data/(changes\.log|(index|word)\.idx)$ VarFile
+/var/lib/dokuwiki/data/meta/([a-z]+\.indexed|_dokuwiki\.changes)$ VarFile
+/var/lib/dokuwiki/data/meta$ VarDir
+/var/lib/dokuwiki/data/pages/[a-z]+\.txt$ VarFile
+/var/lib/dokuwiki/data/(attic|cache|locks|pages)$ VarDir
diff --git a/aide/aide.conf.d/31_aide_dovecot b/aide/aide.conf.d/31_aide_dovecot
new file mode 100644
index 000000000..6830ca0ee
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_dovecot
@@ -0,0 +1,5 @@
+/var/lib/dovecot/ssl-parameters\.dat$ VarFile
+/var/lib/dovecot$ VarDir
+/@@{RUN}/dovecot/(auth-worker\.[0-9]{4}|master\.pid)$ VarFile
+/@@{RUN}/dovecot/login/(default|ssl-parameters\.dat)$ VarFile
+/@@{RUN}/dovecot(/login)?$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_dpkg b/aide/aide.conf.d/31_aide_dpkg
new file mode 100644
index 000000000..79e59bf11
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_dpkg
@@ -0,0 +1,14 @@
+/var/lib/dpkg/(available|status)(-old)?$ VarFile
+/var/lib/dpkg/status\.yesterday(\.[0-9]*)?(\.gz)?$ VarFile
+/var/lib/dpkg/triggers/Lock$ VarFile
+/var/lib/dpkg/(info|updates|lock)$ VarDir
+/var/lib/dpkg$ VarDir
+/var/log/(alternatives|dpkg)\.log$ Log
+/var/log/(alternatives|dpkg)\.log\.1$ LowLog
+/var/log/(alternatives|dpkg)\.log\.2\.gz$ LoSerMemberLog
+/var/log/(alternatives|dpkg)\.log\.([3-9]|1[0-1])\.gz$ SerMemberLog
+/var/log/(alternatives|dpkg)\.log\.12\.gz$ HiSerMemberLog
+/var/backups/(alternatives\.tar|dpkg\.(status|diversions|statoverride))\.0$ LowLog
+/var/backups/(alternatives\.tar|dpkg\.(status|diversions|statoverride))\.1\.gz$ LoSerMemberLog
+/var/backups/(alternatives\.tar|dpkg\.(status|diversions|statoverride))\.[2345]\.gz$ SerMemberLog
+/var/backups/(alternatives\.tar|dpkg\.(status|diversions|statoverride))\.6\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_etckeeper b/aide/aide.conf.d/31_aide_etckeeper
new file mode 100644
index 000000000..fbc3d4282
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_etckeeper
@@ -0,0 +1,2 @@
+/etc/\.git/index$ VarInode
+/etc/\.git$ VarDirTime
diff --git a/aide/aide.conf.d/31_aide_exim4 b/aide/aide.conf.d/31_aide_exim4
new file mode 100644
index 000000000..71709f0fb
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_exim4
@@ -0,0 +1,11 @@
+/var/spool/exim4/gnutls-params$ VarFile
+/var/spool/exim4/db/(wait-remote_smtp(_smarthost)?|retry|callout)$ VarFile
+!/var/spool/exim4/input/[a-zA-Z0-9]{6}-[a-zA-Z0-9]{6}-[a-zA-Z0-9]{2}-[DHJ]$
+!/var/spool/exim4/msglog/[a-zA-Z0-9]{6}-[a-zA-Z0-9]{6}-[a-zA-Z0-9]{2}$
+!/var/spool/exim4/gnutls-params$
+!/var/spool/exim4/.rnd$
+/var/spool/exim4(/(input|msglog|scan))?$ VarDir
+/var/lib/exim4/config.autogenerated$ VarFile
+/@@{RUN}/exim4/exim.pid$ VarFile
+/var/lib/exim4$ VarDir
+/@@{RUN}/exim4$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_exim4_logs b/aide/aide.conf.d/31_aide_exim4_logs
new file mode 100644
index 000000000..83d4d097b
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_exim4_logs
@@ -0,0 +1,10 @@
+# if your host frequently produces paniclog entries (this happens if
+# spam or virus scanners are in use), set
+# @@define EXIM4_LOGS (main|reject|panic)
+@@define EXIM4_LOGS (main|reject)
+/var/log/exim4/@@{EXIM4_LOGS}log$ Log
+/var/log/exim4/@@{EXIM4_LOGS}log\.1$ LowLog
+/var/log/exim4/@@{EXIM4_LOGS}log\.2\.gz$ LoSerMemberLog
+/var/log/exim4/@@{EXIM4_LOGS}log\.[3-9]\.gz$ SerMemberLog
+/var/log/exim4/@@{EXIM4_LOGS}log\.10\.gz$ HiSerMemberLog
+/var/log/exim4$ VarDir
diff --git a/aide/aide.conf.d/31_aide_fail2ban b/aide/aide.conf.d/31_aide_fail2ban
new file mode 100644
index 000000000..b29499db6
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_fail2ban
@@ -0,0 +1,7 @@
+/var/log/fail2ban\.log$ Log
+/var/log/fail2ban\.log\.1$ LowLog
+/var/log/fail2ban\.log\.2\.gz$ LoSerMemberLog
+/var/log/fail2ban\.log\.3\.gz$ SerMemberLog
+/var/log/fail2ban\.log\.4\.gz$ HiSerMemberLog
+/@@{RUN}/fail2ban/fail2ban\.(sock|pid)$ VarFile
+/@@{RUN}/fail2ban$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_fcron b/aide/aide.conf.d/31_aide_fcron
new file mode 100644
index 000000000..342e6437f
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_fcron
@@ -0,0 +1,3 @@
+/@@{RUN}/fcron\.(pid|fifo)$ VarFile
+/var/spool/fcron/systab$ VarFile
+/var/spool/fcron$ VarDir
diff --git a/aide/aide.conf.d/31_aide_findutils b/aide/aide.conf.d/31_aide_findutils
new file mode 100644
index 000000000..de9d0f112
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_findutils
@@ -0,0 +1,2 @@
+/var/cache/locate/locatedb$ VarFile
+/var/cache/locate$ VarDir
diff --git a/aide/aide.conf.d/31_aide_gnupg b/aide/aide.conf.d/31_aide_gnupg
new file mode 100644
index 000000000..e2bf90269
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_gnupg
@@ -0,0 +1 @@
+!/@@{RUN}/user/[0-9]+/gnupg(/S.(dirmngr|gpg-agent(\.(browser|extra|ssh))?))?$
diff --git a/aide/aide.conf.d/31_aide_hald b/aide/aide.conf.d/31_aide_hald
new file mode 100644
index 000000000..af350961c
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_hald
@@ -0,0 +1,2 @@
+/@@{RUN}/hald/hald\.pid$ VarFile
+/@@{RUN}/hald$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_hapsd b/aide/aide.conf.d/31_aide_hapsd
new file mode 100644
index 000000000..bf4f73f06
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_hapsd
@@ -0,0 +1 @@
+/@@{RUN}/hdapsd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_ifplugd b/aide/aide.conf.d/31_aide_ifplugd
new file mode 100644
index 000000000..dcb89cd32
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ifplugd
@@ -0,0 +1,2 @@
+@@define INTERFACES eth0
+/@@{RUN}/ifplugd\.@@{INTERFACES}\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_ifupdown b/aide/aide.conf.d/31_aide_ifupdown
new file mode 100644
index 000000000..ff2b56589
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ifupdown
@@ -0,0 +1 @@
+/@@{RUN}/network/ifstate$ VarFile
diff --git a/aide/aide.conf.d/31_aide_inetd b/aide/aide.conf.d/31_aide_inetd
new file mode 100644
index 000000000..1f8f314eb
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_inetd
@@ -0,0 +1 @@
+/@@{RUN}/inetd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_initramfs-tools b/aide/aide.conf.d/31_aide_initramfs-tools
new file mode 100644
index 000000000..0166d0ffa
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_initramfs-tools
@@ -0,0 +1 @@
+/@@{DEVDOT}initramfs$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_initscripts b/aide/aide.conf.d/31_aide_initscripts
new file mode 100644
index 000000000..7dbb2ede9
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_initscripts
@@ -0,0 +1,9 @@
+/var/lib/urandom/random-seed$ VarFile
+/var/lib/(urandom|initscripts)$ VarDir
+/var/log/dmesg$ Log
+/var/log/dmesg\.0$ LowLog
+/var/log/dmesg\.1\.gz$ LoSerMemberLog
+/var/log/dmesg\.[23]\.gz$ SerMemberLog
+/var/log/dmesg\.4\.gz$ HiSerMemberLog
+/var/log/fsck/check(root|fs)$ VarFile
+/@@{RUN}/motd$ VarFile
diff --git a/aide/aide.conf.d/31_aide_inn2 b/aide/aide.conf.d/31_aide_inn2
new file mode 100644
index 000000000..d2085e751
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_inn2
@@ -0,0 +1,25 @@
+@@define NEWSLOGS (errlog|expire\.log|news(\.crit|\.err|\.notice)?|rc\.news|sendsys\.log|unwanted\.log|inn_status\.html|innfeed\.status|expire\.(lastlowmark|list))
+@@define OLDLOGS (active|errlog|expire\.log|news(\.crit|\.err|\.notice)?|sendsys\.log|unwanted\.log)
+
+!/var/lib/news/history(\.(dir|hash|index))?$
+/var/lib/news/(active(\.old)?|newsgroups|\.news\.daily)$ VarFile
+
+!/var/spool/news/articles(/[-a-z0-9+]+)+$
+/var/spool/news/overview/group\.index$ VarFile
+!/var/spool/news/overview(/[a-z0-9])+/[-\.a-z0-9+]+\.(IDX|DAT)$
+/var/spool/news/overview(/[a-z0-9])+$ VarDir
+!/var/spool/news/articles/control/(newgroup|checkgroups|rmgroup)/[0-9]*$
+/var/spool/news/innfeed/@@{INN2_INNFEED_OUTFEEDS}\.(lock|output|input)$ VarFile
+!/var/spool/news/innfeed/innfeed-dropped\.A[0-9]{6}$
+/var/spool/news/innfeed$ VarDir
+/var/spool/news/incoming(/tmp)?$ VarDir
+
+/@@{RUN}/news/(control|(innd|innfeed|innwatch)\.pid|innwatch\.time|LOCK\.innwatch|nntpin)$ VarFile
+/@@{RUN}/news$ VarDirInode
+
+/var/log/news/path/inpaths\.[0-9]{10}$ VarFile+ANF
+/var/log/news/@@{NEWSLOGS}$ VarFile
+/var/log/news/OLD/(expire\.log\.0|unwanted\.log)$ VarFile
+/var/log/news/OLD/@@{OLDLOGS}\.1\.gz$ LoSerMemberLog
+/var/log/news/OLD/@@{OLDLOGS}\.[0-9]+\.gz$ SerMemberLog
+/var/log/news(/(path|OLD))?$ VarDir
diff --git a/aide/aide.conf.d/31_aide_ippl b/aide/aide.conf.d/31_aide_ippl
new file mode 100644
index 000000000..6a542921d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ippl
@@ -0,0 +1,2 @@
+/@@{RUN}/ippl/ippl.(pid|conf)$ VarFile
+/@@{RUN}/ippl$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_isc-dhcp-client b/aide/aide.conf.d/31_aide_isc-dhcp-client
new file mode 100644
index 000000000..c2039c2df
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_isc-dhcp-client
@@ -0,0 +1,5 @@
+# @@define ISCDHCLIENTIFACE eth0
+@@ifdef ISCDHCLIENTIFACE
+/@@{RUN}/dhclient\.@@{ISCDHCLIENTIFACE}\.pid$ VarFile
+/var/lib/dhcp/dhclient\.@@{ISCDHCLIENTIFACE}\.leases$ VarFile
+@@endif
diff --git a/aide/aide.conf.d/31_aide_isc-dhcp-server b/aide/aide.conf.d/31_aide_isc-dhcp-server
new file mode 100644
index 000000000..dfb0be0b7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_isc-dhcp-server
@@ -0,0 +1,3 @@
+/@@{RUN}/dhcpd\.pid$ VarFile
+/var/lib/dhcp/dhcpd6?.leases~?$ VarFile
+/var/lib/dhcp$ VarDir
diff --git a/aide/aide.conf.d/31_aide_kerberos b/aide/aide.conf.d/31_aide_kerberos
new file mode 100644
index 000000000..56a6f7f91
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_kerberos
@@ -0,0 +1,6 @@
+/var/tmp/krb5kdc_rcache$ VarFile
+/var/tmp/(nfs|host)_[0-9]+$ VarFile
+/tmp/krb5cc_machine_[A-Z.]+$ VarFile
+!/tmp/krb5cc_[0-9]+_[[:alnum:]]+$
+/var/lib/krb5kdc/principal$ VarFile+s+b+i
+/var/lib/krb5kdc/principal\.ok$ VarTime
diff --git a/aide/aide.conf.d/31_aide_laptop-mode-tools b/aide/aide.conf.d/31_aide_laptop-mode-tools
new file mode 100644
index 000000000..afea9d0b1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_laptop-mode-tools
@@ -0,0 +1,3 @@
+/@@{RUN}/laptop-mode-tools/(state(-brightness-command)?|enabled|start-stop-undo-actions|nolm-mountopts)$ VarFile
+/@@{RUN}/laptop-mode-tools$ VarDirInode
+/@@{RUNLOCK}/lmt-(req|invoc)\.lock$ VarInode
diff --git a/aide/aide.conf.d/31_aide_lastlog b/aide/aide.conf.d/31_aide_lastlog
new file mode 100644
index 000000000..1c62e7424
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_lastlog
@@ -0,0 +1 @@
+/var/log/lastlog$ Log
diff --git a/aide/aide.conf.d/31_aide_lib-init-rw b/aide/aide.conf.d/31_aide_lib-init-rw
new file mode 100644
index 000000000..bf4e876d1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_lib-init-rw
@@ -0,0 +1 @@
+# removed, Debian migrated to /run
diff --git a/aide/aide.conf.d/31_aide_libapache2-mod-fastcgi b/aide/aide.conf.d/31_aide_libapache2-mod-fastcgi
new file mode 100644
index 000000000..8047a4da8
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_libapache2-mod-fastcgi
@@ -0,0 +1,2 @@
+/var/lib/apache2/fcgid/sock$ VarDir
+!/var/lib/apache2/fcgid/sock/[0-9]{5}\.[0-9]$
diff --git a/aide/aide.conf.d/31_aide_libvirt-bin b/aide/aide.conf.d/31_aide_libvirt-bin
new file mode 100644
index 000000000..b4d79eedf
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_libvirt-bin
@@ -0,0 +1,9 @@
+/var/(lib|cache)/libvirt/qemu$ VarDir
+/@@{RUN}/libvirtd\.pid$ VarFile
+/@@{RUN}/libvirt/libvirt-sock(-ro)?$ VarFile
+/var/lib/libvirt/qemu/[-[:alnum:]]+\.monitor$ VarInode
+/var/lib/libvirt/qemu/(save|snapshot)$ VarDir
+/var/lib/libvirt$ VarDir
+/@@{RUNLOCK}/libvirt-guests$ VarDirInode
+/@@{RUN}/libvirt/qemu/[-[:alnum:]]+\.(pid|xml)$ VarFile
+/@@{RUN}/libvirt(/(qemu|uml-guest))?$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_lighttpd b/aide/aide.conf.d/31_aide_lighttpd
new file mode 100644
index 000000000..549ee525d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_lighttpd
@@ -0,0 +1,11 @@
+@@define LIGHTTP_LOGS (access|error)
+/var/log/lighttpd/@@{LIGHTTP_LOGS}\.log$ Log
+/var/log/lighttpd/@@{LIGHTTP_LOGS}\.log\.1$ LowLog
+/var/log/lighttpd/@@{LIGHTTP_LOGS}\.log\.2\.gz$ LoSerMemberLog
+/var/log/lighttpd/@@{LIGHTTP_LOGS}\.log\.([3-9]|10|11)\.gz$ SerMemberLog
+/var/log/lighttpd/@@{LIGHTTP_LOGS}\.log\.12\.gz$ HiSerMemberLog
+
+/@@{RUN}/lighttpd\.pid$ VarFile
+/@@{RUN}/lighttpd$ VarDirInode
+
+/tmp/php\.socket-[0-9]$ VarFile
diff --git a/aide/aide.conf.d/31_aide_logcheck b/aide/aide.conf.d/31_aide_logcheck
new file mode 100644
index 000000000..084d387ce
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_logcheck
@@ -0,0 +1,3 @@
+/var/lib/logcheck/offset\.var\.log\.(syslog|auth\.log)$ VarFile
+/var/lib/logcheck$ VarDir
+/@@{RUNLOCK}/logcheck$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_logrotate b/aide/aide.conf.d/31_aide_logrotate
new file mode 100644
index 000000000..95aef22d7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_logrotate
@@ -0,0 +1,2 @@
+/var/lib/logrotate$ VarDir
+/var/lib/logrotate/status$ VarFile
diff --git a/aide/aide.conf.d/31_aide_lvm2 b/aide/aide.conf.d/31_aide_lvm2
new file mode 100644
index 000000000..6414d15a4
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_lvm2
@@ -0,0 +1,3 @@
+/etc/lvm/cache/\.cache$ VarInode
+/etc/lvm/cache$ VarDir
+/@@{RUNLOCK}/lvm$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_mail b/aide/aide.conf.d/31_aide_mail
new file mode 100644
index 000000000..08c8821b5
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mail
@@ -0,0 +1,2 @@
+/var/mail/[a-z0-9]+$ VarFile
+/var/mail$ VarDir
diff --git a/aide/aide.conf.d/31_aide_mailman b/aide/aide.conf.d/31_aide_mailman
new file mode 100644
index 000000000..65c2dfd3e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mailman
@@ -0,0 +1,37 @@
+# maintained on q
+!/var/lib/mailman/data/(bounce-events|heldmsg-[-[:alnum:]]+)-[[:digit:]]+\.pck$
+/var/lib/mailman/data$ VarDir
+!/var/lib/mailman/archives/private/[-[:alnum:]]+/database/@@{YEAR4D}-[[:alnum:]]+-(author|subject|thread|article|date)$
+!/var/lib/mailman/archives/private/[-[:alnum:]]+/@@{YEAR4D}-[[:alnum:]]+/(author|subject|thread|date|index|[[:digit:]]{5,6})\.html$
+!/var/lib/mailman/archives/private/[-[:alnum:]]+/@@{YEAR4D}-[[:alnum:]]\.txt(\.gz)?$
+!/var/lib/mailman/archives/private/[-[:alnum:]]+/attachments/[[:digit:]]{8}/[[:digit:]]{8}/[[:alnum:]\.]+$
+
+/var/lib/mailman/lists/[-[:alnum:]]+/(config|request|pending)\.pck$ VarFile
+/var/lib/mailman/lists/[-[:alnum:]]+/(config)\.pck\.last$ VarFile
+/var/lib/mailman/lists/[-[:alnum:]]+$ VarDir
+
+/var/lib/mailman/qfiles/(in|archive|bounces|retry|out|virgin)$ VarFile
+
+/@@{RUNLOCK}/mailman/master-qrunner(\.[[:alnum:]]+\.[[:digit:]]+)?$ VarFile
+/@@{RUNLOCK}/mailman$ VarDirInode
+
+@@define LOGFILES4 (vette|error|bounce|digest)
+/var/log/mailman/@@{LOGFILES4}$ Log
+/var/log/mailman/@@{LOGFILES4}\.1$ LowLog
+/var/log/mailman/@@{LOGFILES4}\.2\.gz$ LoSerMemberLog
+/var/log/mailman/@@{LOGFILES4}\.3\.gz$ SerMemberLog
+/var/log/mailman/@@{LOGFILES4}\.4\.gz$ HiSerMemberLog
+
+@@define LOGFILES12 (subscribe|post)
+/var/log/mailman/@@{LOGFILES12}$ Log
+/var/log/mailman/@@{LOGFILES12}\.1$ LowLog
+/var/log/mailman/@@{LOGFILES12}\.2\.gz$ LoSerMemberLog
+/var/log/mailman/@@{LOGFILES12}\.([3-9]|1[0-1])\.gz$ SerMemberLog
+/var/log/mailman/@@{LOGFILES12}\.12\.gz$ HiSerMemberLog
+
+@@define LOGFILES7 (qrunner|fromusenet|locks|smtp(-failure)?)
+/var/log/mailman/@@{LOGFILES7}$ Log
+/var/log/mailman/@@{LOGFILES7}\.1$ LowLog
+/var/log/mailman/@@{LOGFILES7}\.2\.gz$ LoSerMemberLog
+/var/log/mailman/@@{LOGFILES7}\.[3-6]\.gz$ SerMemberLog
+/var/log/mailman/@@{LOGFILES7}\.7\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_man b/aide/aide.conf.d/31_aide_man
new file mode 100644
index 000000000..3f3f58818
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_man
@@ -0,0 +1,6 @@
+/var/cache/man/(cat[123456789]|local|opt|fsstnd|oldlocal|X11R6)$ VarDir
+
+@@define LANGS (ca|cs|da|de(\.UTF-8)?|en|es(\.UTF-8)?|fi|fr(\.(ISO8859-1|UTF-8))?|gl|hr|hu|id|it(\.(ISO8859-1|UTF-8))?|ja(\.UTF-8)?|jp|ko|nl|pl(\.(UTF-8|ISO8859-2))?|pt(_BR)?|ro|ru|sv|sk|sl|tr|vi|zh(_(CH|CN|TW))?)
+
+/var/cache/man(/@@{LANGS})?/(CACHEDIR\.TAG|index\.db)$ VarFile
+/var/cache/man(/@@{LANGS})?$ VarDir
diff --git a/aide/aide.conf.d/31_aide_mdadm b/aide/aide.conf.d/31_aide_mdadm
new file mode 100644
index 000000000..50e50d569
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mdadm
@@ -0,0 +1,3 @@
+/@@{RUN}/mdadm/(monitor|autorebuild)\.pid$ VarFile
+/run/mdadm/m(ap|d[0-9]+-uevent)$ VarInode
+/@@{RUN}/mdadm$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_mlocate b/aide/aide.conf.d/31_aide_mlocate
new file mode 100644
index 000000000..538aad2eb
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mlocate
@@ -0,0 +1,3 @@
+/var/lib/mlocate/mlocate\.db$ VarFile
+/var/lib/mlocate$ VarDir
+!/run/mlocate\.daily\.lock$
diff --git a/aide/aide.conf.d/31_aide_modules b/aide/aide.conf.d/31_aide_modules
new file mode 100644
index 000000000..16bec1985
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_modules
@@ -0,0 +1 @@
+/lib/modules/[-0-9\.]*/modules\.dep$ VarFile
diff --git a/aide/aide.conf.d/31_aide_mtab b/aide/aide.conf.d/31_aide_mtab
new file mode 100644
index 000000000..1a11c7bf1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mtab
@@ -0,0 +1 @@
+# removed, /etc/mtab is now a symlink
diff --git a/aide/aide.conf.d/31_aide_munin b/aide/aide.conf.d/31_aide_munin
new file mode 100644
index 000000000..8b45f2c5e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_munin
@@ -0,0 +1,25 @@
+/var/cache/munin/www/index\.html$ VarFile
+@@ifdef DNSDOMAINNAME
+@@ifdef FQDN
+/var/cache/munin/www/@@{DNSDOMAINNAME}/(index\.html|@@{FQDN}/[-_[:alnum:]]+\.(png|html))$ VarFile
+/var/lib/munin/@@{DNSDOMAINNAME}/@@{FQDN}-.*\.rrd$ VarFile
+/@@{RUN}/munin/munin-@@{DNSDOMAINNAME}-@@{FQDN}\.lock$ VarFile
+@@endif
+/var/cache/munin/www/@@{DNSDOMAINNAME}/comparison-(month|day|year|week)\.html$ VarFile
+@@endif
+!/@@{RUN}/munin/munin-(update|datafile|graph|limits|html)\.lock$
+/var/lib/munin/(limits|datafiles|munin-(update|graph)\.stats)$ VarFile
+!/var/lib/munin/munin-(update|graph)\.stats\.tmp$
+/var/lib/munin/plugin-state/(exim_mailstats(-(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5]))?|(smart-[sh]d[a-z]|munin-cupsys-pages)\.state)$ VarFile
+/var/lib/munin/plugin-state/(postfix_mailvolume|_proc_net_tcp[6]?)$ VarFile
+/var/lib/munin/datafile$ VarFile
+/var/lib/munin$ VarDir
+@@define LOGFILES (node|graph|update|html|limits)
+/var/log/munin/munin-@@{LOGFILES}\.log$ Log 
+/var/log/munin/munin-@@{LOGFILES}\.log\.1\.gz$ LoSerMemberLog
+/var/log/munin/munin-@@{LOGFILES}\.log\.[2-6]\.gz$ SerMemberLog
+/var/log/munin/munin-@@{LOGFILES}\.log\.7\.gz$ HiSerMemberLog
+/var/log/munin$ VarDir
+!/@@{RUN}/munin/munin-server-socket\.[0-9]+$
+/@@{RUN}/munin/munin-node\.pid$ VarFile
+/@@{RUN}/munin$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_munin-nodes b/aide/aide.conf.d/31_aide_munin-nodes
new file mode 100755
index 000000000..bf394e7c9
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_munin-nodes
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# generate aide exclude patterns for all nodes listed in $MUNINCONF
+
+MUNINCONF=/etc/munin/munin.conf
+
+[ -e $MUNINCONF ] || exit 0
+
+HOSTS=$(grep '^\[[[:alnum:]:.]\+\]' $MUNINCONF | tr -d '[]')
+
+escape_dots()
+{
+    echo $1 | sed 's/\./\\\./g'
+}
+
+for HOST in $HOSTS; do
+	DOMAIN=$(escape_dots ${HOST#*.})
+	DHOST=$(escape_dots $HOST)
+
+	echo "/var/cache/munin/www/$DOMAIN/(index\.html|$DHOST/[-_[:alnum:]]+\.(png|html))$ VarFile"
+	echo "/var/lib/munin/$DOMAIN/$DHOST-.*\.rrd$ VarFile"
+	echo "/@@{RUN}/munin/munin-(update|datafile|$DOMAIN-$DHOST|limits)\.lock$ VarFile"
+done
diff --git a/aide/aide.conf.d/31_aide_mysql-server b/aide/aide.conf.d/31_aide_mysql-server
new file mode 100644
index 000000000..ee95785a0
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_mysql-server
@@ -0,0 +1,8 @@
+/var/lib/mysql$ VarDir
+/var/lib/mysql/(ibdata1|ib_logfile0)$ VarFile
+/var/log/mysql$ VarDir
+/var/log/mysql/mysql-bin\.index$ VarFile
+!/var/log/mysql/mysql-bin\.[0-9]{3}$
+!/var/log/mysql/mysql-bin\.[0-9]{6}$
+/@@{RUN}/mysqld/mysqld\.(sock|pid)$ VarFile
+/@@{RUN}/mysqld$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_nagios2 b/aide/aide.conf.d/31_aide_nagios2
new file mode 100644
index 000000000..47c67af45
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nagios2
@@ -0,0 +1,10 @@
+/var/cache/nagios2/(objects\.cache|status\.dat)$ VarFile
+/var/lib/nagios2/(comments|retention)\.dat$ VarFile
+/var/lib/nagios2/rw/nagios\.cmd$ VarFile
+/var/lib/nagios2/rw$ VarDir
+/var/log/nagios2/nagios\.log$ LowLog
+/var/log/nagios2/archives/nagios-[01][0-9]-[0123][0-9]-@@{YEAR4D}-00\.log$ SerMemberDELog
+/@@{RUN}/nagios2/nagios2\.pid$ VarFile
+/var/(cache|lib|log)/nagios2$ VarDir
+/@@{RUN}/nagios2$ VarDirInode
+/var/log/nagios2/archives$ VarDir
diff --git a/aide/aide.conf.d/31_aide_nagios3 b/aide/aide.conf.d/31_aide_nagios3
new file mode 100644
index 000000000..b59ef718a
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nagios3
@@ -0,0 +1,15 @@
+!/var/lib/nagios3/spool/checkresults/[a-zA-Z0-9]{7}(\.ok)?$
+/var/lib/nagios3/spool/checkresults$ VarDir
+/var/lib/nagios3/retention\.dat$ VarFile
+/var/lib/nagios3$ VarDir
+
+/var/log/nagios3/archives/nagios-[0-9]{2}-[0-9]{2}-[0-9]{4}-[0-9]{2}\.log$ LoSerMemberLog
+/var/log/nagios3/archives$ VarDir
+/var/log/nagios3/nagios\.log$ LowLog
+/var/log/nagios3$ VarDir
+
+/var/cache/nagios3/(status\.dat|objects\.cache)$ VarFile
+/var/cache/nagios3$ VarDir
+
+/@@{RUN}/nagios3/nagios3\.pid$ VarFile
+/@@{RUN}/nagios3$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_network b/aide/aide.conf.d/31_aide_network
new file mode 100644
index 000000000..dc4b68bd2
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_network
@@ -0,0 +1 @@
+/@@{RUN}/network$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_nfs b/aide/aide.conf.d/31_aide_nfs
new file mode 100644
index 000000000..f5ef9c7b4
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nfs
@@ -0,0 +1,8 @@
+/@@{RUN}/(rpc\.statd|sm-notify)\.pid$ VarFile
+/var/lib/nfs/state$ VarFile
+/var/lib/nfs/etab$ VarInode
+/var/lib/nfs/rpc_pipefs/nfs/clnt[0-9]/(info|krb5|idmap)$ VarTime
+/var/lib/nfs/rpc_pipefs/nfs/clnt[0-9]$ VarDir
+/var/lib/nfs/rpc_pipefs/(statd|portmap|nfs|mount|lockd)$ VarDir
+/var/lib/nfs/rpc_pipefs$ VarDirInode
+/var/lib/nfs(/v4recovery)?$ VarDir
diff --git a/aide/aide.conf.d/31_aide_nrpe b/aide/aide.conf.d/31_aide_nrpe
new file mode 100644
index 000000000..0cf9ea662
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nrpe
@@ -0,0 +1,2 @@
+/@@{RUN}/nagios/nrpe\.pid$ VarFile
+/@@{RUN}/nagios$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_nscd b/aide/aide.conf.d/31_aide_nscd
new file mode 100644
index 000000000..615419e31
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nscd
@@ -0,0 +1,3 @@
+/var/cache/nscd/(passwd|group|services)$ VarFile
+/@@{RUN}/nscd/(socket|nscd\.pid)$ VarFile
+/@@{RUN}/nscd$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_nslcd b/aide/aide.conf.d/31_aide_nslcd
new file mode 100644
index 000000000..1ac99c75d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_nslcd
@@ -0,0 +1,2 @@
+/@@{RUN}/nslcd/(socket|nslcd\.pid)$ VarFile
+/@@{RUN}/nslcd$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_ntp-server b/aide/aide.conf.d/31_aide_ntp-server
new file mode 100644
index 000000000..f98785b7f
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ntp-server
@@ -0,0 +1,6 @@
+/var/lib/ntp/ntp\.drift$ VarFile
+/var/lib/ntp$ VarDir
+!/var/log/ntpstats/peerstats(\.[0-9]{8})?
+!/var/log/ntpstats/loopstats(\.[0-9]{8})?
+/var/log/ntpstats$ VarDir
+/@@{RUN}/ntpd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_openvpn b/aide/aide.conf.d/31_aide_openvpn
new file mode 100644
index 000000000..26b1ea5ad
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_openvpn
@@ -0,0 +1 @@
+/@@{RUN}/openvpn\.client\.status$ VarFile
diff --git a/aide/aide.conf.d/31_aide_opie-server b/aide/aide.conf.d/31_aide_opie-server
new file mode 100644
index 000000000..33006d652
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_opie-server
@@ -0,0 +1 @@
+/etc/opiekeys$ VarFile
diff --git a/aide/aide.conf.d/31_aide_pam_motd b/aide/aide.conf.d/31_aide_pam_motd
new file mode 100644
index 000000000..ab0722f86
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_pam_motd
@@ -0,0 +1 @@
+!/@@{RUN}/motd\.dynamic$
diff --git a/aide/aide.conf.d/31_aide_pcscd b/aide/aide.conf.d/31_aide_pcscd
new file mode 100644
index 000000000..633b818c8
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_pcscd
@@ -0,0 +1,2 @@
+/@@{RUN}/pcscd/pcscd\.(pub|comm|pid)$ VarFile
+/@@{RUN}/pcscd(/pcscd\.events)?$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_php-common b/aide/aide.conf.d/31_aide_php-common
new file mode 100644
index 000000000..829f3888c
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_php-common
@@ -0,0 +1 @@
+/var/lib/systemd/timers/stamp-phpsessionclean\.timer$ VarFile
diff --git a/aide/aide.conf.d/31_aide_php7 b/aide/aide.conf.d/31_aide_php7
new file mode 100644
index 000000000..3caddb83e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_php7
@@ -0,0 +1,3 @@
+/var/lib/php/sessions$ VarDir
+/var/lib/php/sessions/sess_[0-9a-z]{26}$ VarFile+ANF+ARF
+/var/lib/php/sessions/sess_[0-9a-z]{32}$ VarFile+ANF+ARF
diff --git a/aide/aide.conf.d/31_aide_pm-utils b/aide/aide.conf.d/31_aide_pm-utils
new file mode 100644
index 000000000..1b39f82b5
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_pm-utils
@@ -0,0 +1 @@
+/@@{RUN}/pm-utils/(pm-(suspend|powersave)(/storage)?|locks)$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_portmap b/aide/aide.conf.d/31_aide_portmap
new file mode 100644
index 000000000..d4fbebb8d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_portmap
@@ -0,0 +1,2 @@
+/@@{RUN}/portmap(\.pid|_mapping)$ VarFile
+/@@{LIBINITRW}/sendsigs\.omit\.d/portmap$ VarInode
diff --git a/aide/aide.conf.d/31_aide_postfix b/aide/aide.conf.d/31_aide_postfix
new file mode 100644
index 000000000..27e189bd2
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_postfix
@@ -0,0 +1,3 @@
+/var/lib/postfix/prng_exch$ VarFile
+/var/spool/postfix/(active|incoming|maildrop)$ VarDir
+/var/spool/postfix/public/(pickup|qmgr)$ VarTime
diff --git a/aide/aide.conf.d/31_aide_postgresql b/aide/aide.conf.d/31_aide_postgresql
new file mode 100644
index 000000000..cb081a023
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_postgresql
@@ -0,0 +1,14 @@
+/var/log/postgresql/postgresql-[0-9]\.[0-9]-main\.log$ Log
+/var/log/postgresql/postgresql-[0-9]\.[0-9]-main\.log\.1$ LowLog
+/var/log/postgresql/postgresql-[0-9]\.[0-9]-main\.log\.2\.gz$ LoSerMemberLog
+/var/log/postgresql/postgresql-[0-9]\.[0-9]-main\.log\.[3-9]\.gz$ SerMemberLog
+/var/log/postgresql/postgresql-[0-9]\.[0-9]-main\.log\.10\.gz$ HiSerMemberLog
+/var/log/postgresql$ VarDir
+
+/@@{RUN}/postgresql/[0-9]\.[0-9]-main\.pid$ VarFile
+/@@{RUN}/postgresql$ VarDirInode
+
+@@define PORT 5432
+/@@{RUN}/postgresql/\.s\.PGSQL\.@@{PORT}(\.lock)?$ VarFile
+/var/lib/postgresql/[0-9]\.[0-9]/main/pg_stat_tmp/pgstat\.stat$ VarFile
+/var/lib/postgresql/[0-9]\.[0-9]/main/pg_stat_tmp$ VarDir
diff --git a/aide/aide.conf.d/31_aide_postgrey b/aide/aide.conf.d/31_aide_postgrey
new file mode 100644
index 000000000..28592618c
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_postgrey
@@ -0,0 +1,4 @@
+/var/lib/postgrey$			VarDir
+/var/lib/postgrey/postgrey(|lock)\.db$	VarFile
+/var/lib/postgrey/log\.[0-9]{10}$	VarFile
+/var/lib/postgrey/__db\.[0-9]{3}$	VarFile
diff --git a/aide/aide.conf.d/31_aide_privoxy b/aide/aide.conf.d/31_aide_privoxy
new file mode 100644
index 000000000..a5612c286
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_privoxy
@@ -0,0 +1 @@
+/var/log/privoxy/logfile$ Log
diff --git a/aide/aide.conf.d/31_aide_proftpd b/aide/aide.conf.d/31_aide_proftpd
new file mode 100644
index 000000000..0506359c6
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_proftpd
@@ -0,0 +1,5 @@
+/var/log/proftpd/proftpd(_(access|auth|xfer))?\.log$ Log
+/@@{RUN}/proftpd/proftpd\.(delay|pid|scoreboard)$ VarFile
+/var/log/proftpd$ VarDir
+/@@{RUN}/proftpd$ VarDirInode
+
diff --git a/aide/aide.conf.d/31_aide_resolvconf b/aide/aide.conf.d/31_aide_resolvconf
new file mode 100644
index 000000000..3afa91e84
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_resolvconf
@@ -0,0 +1,5 @@
+/etc/resolv\.conf$ VarFile
+/@@{LIBINITRW}/resolvconf/interface/(wlan|eth)[0-9]+(\.(dhclient|inet))?$ VarFile
+/@@{LIBINITRW}/resolvconf/enable-updates$ VarFile
+/@@{LIBINITRW}/resolvconf/resolv\.conf$ VarFile
+/@@{LIBINITRW}/resolvconf(/interface)?$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_rkhunter b/aide/aide.conf.d/31_aide_rkhunter
new file mode 100644
index 000000000..f3a9f28cf
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_rkhunter
@@ -0,0 +1,8 @@
+/var/lib/rkhunter/db/(mirrors|rkhunter_prop_list)\.dat$ VarTime
+/var/lib/rkhunter/tmp/(group|passwd)$ VarFile
+/var/lib/rkhunter/(db|tmp)$ VarDir
+/var/log/rkhunter\.log$ Log
+/var/log/rkhunter\.log\.1$ LowLog
+/var/log/rkhunter\.log\.2\.gz$ LoSerMemberLog
+/var/log/rkhunter\.log\.3\.gz$ SerMemberLog
+/var/log/rkhunter\.log\.4\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_rngd b/aide/aide.conf.d/31_aide_rngd
new file mode 100644
index 000000000..dd5cface9
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_rngd
@@ -0,0 +1 @@
+/@@{RUN}/rngd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_root-dotfiles b/aide/aide.conf.d/31_aide_root-dotfiles
new file mode 100644
index 000000000..d49593ff7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_root-dotfiles
@@ -0,0 +1,4 @@
+#/root/\.bash_history$ VarFile
+#/root/\.lesshst$ VarFile
+#/root/\.viminfo$ VarFile
+#/root$ VarDir
diff --git a/aide/aide.conf.d/31_aide_rsnapshot b/aide/aide.conf.d/31_aide_rsnapshot
new file mode 100644
index 000000000..b72bf29a6
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_rsnapshot
@@ -0,0 +1,4 @@
+/var/log/rsnapshot\.log$ Log
+/var/log/rsnapshot\.log\.1\.gz$ LoSerMemberLog
+/var/log/rsnapshot\.log\.[2-5]\.gz$ SerMemberLog
+/var/log/rsnapshot\.log\.6\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_rsyslog b/aide/aide.conf.d/31_aide_rsyslog
new file mode 100644
index 000000000..6d003ebc5
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_rsyslog
@@ -0,0 +1,15 @@
+@@define LOGFILES7R (syslog)
+/var/log/@@{LOGFILES7R}$ Log
+/var/log/@@{LOGFILES7R}\.1$ LowLog
+/var/log/@@{LOGFILES7R}\.2\.gz$ LoSerMemberLog
+/var/log/@@{LOGFILES7R}\.[3-6]\.gz$ SerMemberLog
+/var/log/@@{LOGFILES7R}\.7\.gz$ HiSerMemberLog
+@@define LOGFILES4R (messages|debug|(cron|lpr|auth|daemon|kern|user)\.log|mail\.(log|err|warn|info))
+/var/log/@@{LOGFILES4R}$ Log
+/var/log/@@{LOGFILES4R}\.1$ LowLog
+/var/log/@@{LOGFILES4R}\.2\.gz$ LoSerMemberLog
+/var/log/@@{LOGFILES4R}\.3\.gz$ SerMemberLog
+/var/log/@@{LOGFILES4R}\.4\.gz$ HiSerMemberLog
+/var/log$ VarDir
+/@@{RUN}/rsyslogd.pid$ VarFile
+/@@{LIBINITRW}/sendsigs\.omit\.d/rsyslog$ VarInode
diff --git a/aide/aide.conf.d/31_aide_run_systemd_netif b/aide/aide.conf.d/31_aide_run_systemd_netif
new file mode 100644
index 000000000..f8e8ff82d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_run_systemd_netif
@@ -0,0 +1,3 @@
+/@@{RUN}/systemd/netif(/(links|lldp|leases))?$ VarDir
+/@@{RUN}/systemd/netif/state$ VarFile
+/@@{RUN}/systemd/netif/(links|lldp|leases)/[0-9]{1,2}$ VarFile
diff --git a/aide/aide.conf.d/31_aide_run_systemd_resolve b/aide/aide.conf.d/31_aide_run_systemd_resolve
new file mode 100644
index 000000000..9efef763f
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_run_systemd_resolve
@@ -0,0 +1,2 @@
+/@@{RUN}/systemd/resolve$ VarDir
+/@@{RUN}/systemd/resolve/resolv\.conf$ VarFile
diff --git a/aide/aide.conf.d/31_aide_runuser b/aide/aide.conf.d/31_aide_runuser
new file mode 100644
index 000000000..280b9a9f8
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_runuser
@@ -0,0 +1 @@
+!/@@{RUN}/user(/[0-9]+(/systemd(/(notify|private|transient))?)?)?$
diff --git a/aide/aide.conf.d/31_aide_samba b/aide/aide.conf.d/31_aide_samba
new file mode 100644
index 000000000..f01a20b0a
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_samba
@@ -0,0 +1,25 @@
+/etc/samba/passdb\.tdb$ VarFile
+
+/var/log/samba/log\.(smbd|nmbd)$ Log
+/var/log/samba/log\.(smbd|nmbd)\.1\.gz$ LoSerMemberLog
+/var/log/samba/log\.(smbd|nmbd)\.[2-6]\.gz$ SerMemberLog
+/var/log/samba/log\.(smbd|nmbd)\.7\.gz$ HiSerMemberLog
+
+/var/log/samba/log\.[[:alnum:]._]+$ FreqRotLog
+/var/log/samba/log\.[[:alnum:]._]+\.old$ LowLog
+
+/var/log/samba/cores/[sn]mbd$ VarDir
+
+/@@{RUN}/samba/[sn]mbd\.pid$ VarFile
+/@@{RUN}/samba/(gencache(_notrans)?|messages|sessionid|connections|brlock|locking|notify(_onelevel)?|unexpected)\.tdb$ VarFile
+!/@@{RUN}/samba/namelist\.debug$
+
+/var/cache/samba/browse\.dat$ VarFile
+
+/var/lib/samba/(wins\.dat|(group_mapping\.l|(wins|registry|ntprinters|schannel_store)\.t)db)$ VarFile
+/var/lib/samba/private/msg\.sock$ VarFile
+
+/var/(log|cache|lib)/samba$ VarDir
+/@@{RUN}/samba(/msg\.lock)?$ VarDirInode
+!/@@{RUN}/samba/msg\.lock/[0-9]+$
+
diff --git a/aide/aide.conf.d/31_aide_screen b/aide/aide.conf.d/31_aide_screen
new file mode 100644
index 000000000..f5a8ee409
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_screen
@@ -0,0 +1,5 @@
+/@@{RUN}/screen/S-[0-9a-z]+$ VarDirInode
+@@ifdef HOSTNAME
+!/@@{RUN}/screen/S-[0-9a-z]+/[0-9]{1,5}\.pts-[0-9]\.@@{HOSTNAME}$
+@@endif
+/@@{RUN}/screen$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_slapd b/aide/aide.conf.d/31_aide_slapd
new file mode 100644
index 000000000..7c6ea1b0c
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_slapd
@@ -0,0 +1,10 @@
+/var/lib/ldap/[[:alnum:]]+\.bdb$ VarTime
+/var/lib/ldap/__db\.00[1-5]+$ VarFile
+/var/lib/ldap/log\.0000000001$ VarFile
+/var/lib/ldap/alock$ VarFile
+/var/lib/ldap$ VarDir
+
+/@@{RUN}/ldapi$ VarInode
+/@@{RUN}/slapd/slapd\.args$ VarInode
+/@@{RUN}/slapd/slapd\.pid$ VarFile
+/@@{RUN}/slapd$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_slrn b/aide/aide.conf.d/31_aide_slrn
new file mode 100644
index 000000000..deb7d2e9e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_slrn
@@ -0,0 +1 @@
+/var/lib/slrn/newsgroups\.dsc$ VarFile
diff --git a/aide/aide.conf.d/31_aide_smartmontools b/aide/aide.conf.d/31_aide_smartmontools
new file mode 100644
index 000000000..0c7774132
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_smartmontools
@@ -0,0 +1,4 @@
+/@@{RUN}/smartd\.pid$ VarFile
+/var/lib/smartmontools/smartd\.[-_[:alnum:]]+\.ata\.state~?$ VarFile
+/var/lib/smartmontools/attrlog\.[-_[:alnum:]]+\.ata\.csv$ VarFile
+/var/lib/smartmontools$ VarDir
diff --git a/aide/aide.conf.d/31_aide_smokeping b/aide/aide.conf.d/31_aide_smokeping
new file mode 100755
index 000000000..26e765ceb
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_smokeping
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [ -d "/var/lib/smokeping" ]; then
+  find /var/lib/smokeping -type f -name '*.rrd' | \
+       sed 's/^\(.*\)/\1$ VarFile/'
+fi
+if [ -d "/var/www/smokeping" ]; then
+  find /var/www/smokeping -type f -name '*.png' | \
+       sed 's/^\(.*\)/\1$ VarFile/'
+  find /var/www/smokeping -type f -name '*.maxhight' | \
+       sed 's/^\(.*\)/\1$ VarFile/'
+fi
+
+cat <<EOF
+/@@{RUN}/smokeping/smokeping\.pid$ VarFile
+/@@{RUN}/smokeping$ VarDirInode
+!/tmp/speedy\.6\.21\.F$
+EOF
diff --git a/aide/aide.conf.d/31_aide_snmpd b/aide/aide.conf.d/31_aide_snmpd
new file mode 100644
index 000000000..649d11298
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_snmpd
@@ -0,0 +1,3 @@
+/var/lib/snmp/snmpd\.conf$ VarFile
+/var/lib/snmp$ VarDir
+/@@{RUN}/snmpd\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_spamassassin b/aide/aide.conf.d/31_aide_spamassassin
new file mode 100644
index 000000000..b20226742
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_spamassassin
@@ -0,0 +1,6 @@
+/var/spool/spamassassin/bayes/(bayes_(journal|toks|seen)|auto-whitelist)$ VarFile
+/var/spool/spamassassin/bayes$ VarDir
+/@@{RUN}/spamd\.pid$ VarFile
+
+# enable this if you run automatic rule updates
+# !/var/lib/spamassassin/3\.002001/updates_spamassassin_org/[0-9][0-9]_[a-z]\.cf$
diff --git a/aide/aide.conf.d/31_aide_squid b/aide/aide.conf.d/31_aide_squid
new file mode 100644
index 000000000..473a68396
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_squid
@@ -0,0 +1,4 @@
+!/var/spool/squid/[0-9A-F]{2}/[0-9A-F]{2}/[0-9A-F]{8}
+/var/spool/squid/(netdb_state|swap.state(.last-clean)?) VarFile
+/var/spool/squid/[0-9A-F]{2}(/[0-9A-F]{2})?$ VarDir
+/var/log/squid/(access|store)\.log$ Log
diff --git a/aide/aide.conf.d/31_aide_ssh-agent b/aide/aide.conf.d/31_aide_ssh-agent
new file mode 100644
index 000000000..aa0c68763
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ssh-agent
@@ -0,0 +1,2 @@
+!/tmp/ssh-[a-zA-Z0-9]{10}$
+!/tmp/ssh-[a-zA-Z0-9]{10}/agent.[0-9]{1,5}$
diff --git a/aide/aide.conf.d/31_aide_ssh-server b/aide/aide.conf.d/31_aide_ssh-server
new file mode 100644
index 000000000..9b2e8d072
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_ssh-server
@@ -0,0 +1 @@
+/@@{RUN}/sshd.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_sudo b/aide/aide.conf.d/31_aide_sudo
new file mode 100755
index 000000000..38c9abb9f
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_sudo
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+for dir in /run/sudo /var/lib/sudo; do
+  if [ -d "$dir" ]; then
+    printf "%s/ts/[a-z0-9]+$ VarFile\n" "$dir"
+    break;
+  fi
+done
+
diff --git a/aide/aide.conf.d/31_aide_svn-server b/aide/aide.conf.d/31_aide_svn-server
new file mode 100755
index 000000000..4a7a41734
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_svn-server
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+REPOSITORIES=""
+
+if [ -r "$UPAC_settingsd/31_aide_svn-server_settings" ]; then
+  # pull in configuration
+  . "$UPAC_settingsd/31_aide_svn-server_settings"
+fi
+
+for svnpath in $REPOSITORIES; do
+    [ -d $svnpath ] || exit 1
+    echo ${svnpath//\./\\\.}"db/(txn-)?current$ VarFile"
+    echo ${svnpath//\./\\\.}"db/rev(prop)?s/0/[0-9]+$ Full+ANF"
+    echo ${svnpath//\./\\\.}"(db(/(txn-protorevs|transactions|rev(prop)?s/0))?|dav/activities\.d)$ VarDir"
+done
diff --git a/aide/aide.conf.d/31_aide_systemd_journal b/aide/aide.conf.d/31_aide_systemd_journal
new file mode 100644
index 000000000..2f724a037
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_systemd_journal
@@ -0,0 +1,5 @@
+/run/systemd/journal/kernel-seqnum$ VarFile
+/run/systemd/journal/streams$ VarDir
+/run/systemd/journal/streams/[0-9]:[0-9]{4,7}$ VarFile+ANF+ARF
+!/run/log/journal/[0-9a-f]{32}$
+!/run/log/journal/[0-9a-f]{32}/system(@[0-9a-f]{32}-[0-9a-f]{16}-[0-9a-f]{16})?\.journal$
diff --git a/aide/aide.conf.d/31_aide_systemd_sessions b/aide/aide.conf.d/31_aide_systemd_sessions
new file mode 100644
index 000000000..737cc8f54
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_systemd_sessions
@@ -0,0 +1,5 @@
+/@@{RUN}/systemd/(sessions|transient|users)$ VarDir
+!/@@{RUN}/systemd/sessions/[0-9](\.ref)?
+!/@@{RUN}/systemd/transient/session-[0-9]+\.scope$
+!/@@{RUN}/systemd/users/[0-9]+$
+
diff --git a/aide/aide.conf.d/31_aide_tetex-bin b/aide/aide.conf.d/31_aide_tetex-bin
new file mode 100644
index 000000000..e907ac40c
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_tetex-bin
@@ -0,0 +1 @@
+/var/lib/texmf/ls-R(-TEXMFMAIN|-TEXMFDIST-TETEX)? VarFile
diff --git a/aide/aide.conf.d/31_aide_tiger b/aide/aide.conf.d/31_aide_tiger
new file mode 100644
index 000000000..18ff72ca1
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_tiger
@@ -0,0 +1,15 @@
+@@define TIGER_LOGS (check_(accounts|group|netrc|passwdformat|passwd|perms|rhosts|system|aliases|exports|inetd|printcap|anonftp|path|crontabs|tcpd|services|ftpusers|umask|exrc|embedded|devices)|find_files)
+/var/log/tiger/@@{TIGER_LOGS}\.out\.1$ LoSerMemberLog
+/var/log/tiger/@@{TIGER_LOGS}\.out\.[2-9]$ SerMemberLog
+/var/log/tiger/@@{TIGER_LOGS}\.out\.10$ HiSerMemberLog
+
+@@define TIGER_8LOGS (logfiles|rootkit|root|rootdir|runprocs|known)
+/var/log/tiger/check_@@{TIGER_8LOGS}\.out\.[123]$ LoSerMemberLog
+/var/log/tiger/check_@@{TIGER_8LOGS}\.out\.[4-7]$ SerMemberLog
+/var/log/tiger/check_@@{TIGER_8LOGS}\.out\.(8|9|10)$ HiSerMemberLog
+
+/var/log/tiger/check_listeningprocs\.out\.([1-9]|10)$ FreqRotLog
+
+/var/log/tiger$ VarDir
+
+/var/lib/tiger/work$ VarDir
diff --git a/aide/aide.conf.d/31_aide_torrus b/aide/aide.conf.d/31_aide_torrus
new file mode 100755
index 000000000..1b3fbbbdc
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_torrus
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+if ! [ -d /var/lib/torrus ]; then
+  exit 0
+fi
+
+find /var/lib/torrus/collector_rrd -name '*.rrd' | \
+     sed 's/^\(.*\)/\1$ VarFile/'
+
+TORRUS_TREES=""
+
+for tree in $TORRUS_TREES; do
+  cat <<EOF
+@@define TORRUS_TREE $tree
+/var/lib/torrus/db/sub/@@{TORRUS_TREE}/(config_readers|nodepcache_1|scheduler_stats)\.db$ VarFile
+/var/log/torrus/collector\.@@{TORRUS_TREE}_0\.log$ Log
+/@@{RUN}/torrus/collector\.@@{TORRUS_TREE}_0\.pid$ VarFile
+EOF
+done
+
+cat <<EOF
+!/var/cache/torrus/[0-9a-f]{32}_[0-9]{5}$
+/var/lib/torrus/db/__db\.00[1234]$ VarFile
+/var/lib/torrus/db/render_cache\.db$ VarFile
+!/var/lib/torrus/session_data/store/[0-9a-f]{32}$
+!/var/lib/torrus/session_data/lock/Apache-Session-[0-9a-f]{32}\.lock$
+/var/lib/torrus/session_data/(store|lock)$ VarDir
+!/var/log/torrus/dbenv_errlog_$(pidof collector)$
+/var/log/torrus$ VarDir
+/@@{RUN}/torrus$ VarDirInode
+EOF
diff --git a/aide/aide.conf.d/31_aide_trac b/aide/aide.conf.d/31_aide_trac
new file mode 100755
index 000000000..8873dca1d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_trac
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+REPOSITORIES=""
+
+if [ -r "$UPAC_settingsd/31_aide_trac_settings" ]; then
+  # pull in configuration
+  . "$UPAC_settingsd/31_aide_trac_settings"
+fi
+
+for tracpath in $REPOSITORIES; do
+    [ -d $tracpath ] || exit 1
+    echo ${tracpath//\./\\\.}"db/trac\.db$ VarFile"
+    echo ${tracpath//\./\\\.}"db$ VarDir"
+done
diff --git a/aide/aide.conf.d/31_aide_tt-rss b/aide/aide.conf.d/31_aide_tt-rss
new file mode 100644
index 000000000..b2059fef7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_tt-rss
@@ -0,0 +1,7 @@
+/var/lib/tt-rss/update_daemon.(stamp|lock)$ VarFile
+/var/lib/tt-rss$ VarDirTime
+
+/var/log/tt-rss\.log$ Log
+/var/log/tt-rss\.log\.1\.gz$ LoSerMemberLog
+/var/log/tt-rss\.log\.[2-6]\.gz$ SerMemberLog
+/var/log/tt-rss\.log\.7\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_udev b/aide/aide.conf.d/31_aide_udev
new file mode 100644
index 000000000..b2827db34
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_udev
@@ -0,0 +1,6 @@
+# always assume that we have udev
+# Making this any more paranoid would probably mean to implementing most
+# of udev. Please feel free to submit patches ;)
+/@@{DEVDOT}udev/queue\.bin$ RamdiskData-s
+/@@{DEVDOT}udev/ RamdiskData
+/@@{DEVDOT}udev$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_util-linux b/aide/aide.conf.d/31_aide_util-linux
new file mode 100644
index 000000000..e12f20d7a
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_util-linux
@@ -0,0 +1,2 @@
+/@@{DEVDOT}mount/utab$ VarInode
+/@@{DEVDOT}mount$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_utmp b/aide/aide.conf.d/31_aide_utmp
new file mode 100644
index 000000000..7de3e50b5
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_utmp
@@ -0,0 +1 @@
+/@@{RUN}/utmp$ VarFile
diff --git a/aide/aide.conf.d/31_aide_vpnc b/aide/aide.conf.d/31_aide_vpnc
new file mode 100644
index 000000000..2aaff427d
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_vpnc
@@ -0,0 +1 @@
+/@@{RUN}/vpnc$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_webalizer b/aide/aide.conf.d/31_aide_webalizer
new file mode 100644
index 000000000..bccd911d0
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_webalizer
@@ -0,0 +1,6 @@
+#@@define LOC_WEBSITES (www\.a\.example|www\.b\.example)
+@@ifdef LOC_WEBSITES
+@@define LOC_WEBALIZERFILES (index\.html|usage\.png|webalizer\.(hist|current)|(ctry|daily|hourly)_usage_@@{YEAR4D}(0[1-9]|1[0-2])\.png|usage_@@YEAR4D(0[1-9]|1[0-2])\.html)
+
+/var/www/@@{LOC_WEBSITES}/stats/@@{LOC_WEBALIZERFILES}$ VarFile
+@@endif
diff --git a/aide/aide.conf.d/31_aide_wpasupplicant b/aide/aide.conf.d/31_aide_wpasupplicant
new file mode 100644
index 000000000..5f308589e
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_wpasupplicant
@@ -0,0 +1,13 @@
+@@define INTERFACES wlan0
+/@@{LIBINITRW}/sendsigs\.omit\.d/wpasupplicant\.wpa_(supplicant|action)\.@@{INTERFACES}\.pid$ VarFile
+
+/@@{RUN}/wpa_action\.@@{INTERFACES}\.(pid|timestamp)$ VarFile
+/@@{RUN}/wpa_supplicant\.@@{INTERFACES}\.pid$ VarFile
+/@@{RUN}/wpa_supplicant/@@{INTERFACES}$ VarFile
+/@@{RUN}/wpa_supplicant$ VarDirInode
+
+@@define WPA_LOGS wpa_(action|supplicant)\.@@{INTERFACES}
+/var/log/@@{WPA_LOGS}\.log$ Log
+/var/log/@@{WPA_LOGS}\.log\.1\.gz$ LoSerMemberLog
+/var/log/@@{WPA_LOGS}\.log\.[2-4]\.gz$ SerMemberLog
+/var/log/@@{WPA_LOGS}\.log\.5\.gz$ HiSerMemberLog
diff --git a/aide/aide.conf.d/31_aide_wtmp b/aide/aide.conf.d/31_aide_wtmp
new file mode 100644
index 000000000..dd3af9ec7
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_wtmp
@@ -0,0 +1,2 @@
+/var/log/wtmp$ Log
+/var/log/wtmp\.1$ LowLog
diff --git a/aide/aide.conf.d/31_aide_x11-common b/aide/aide.conf.d/31_aide_x11-common
new file mode 100644
index 000000000..f6a813663
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_x11-common
@@ -0,0 +1 @@
+/tmp/\.(X11|ICE)-unix$ VarDirInode
diff --git a/aide/aide.conf.d/31_aide_x11-xkb-utils b/aide/aide.conf.d/31_aide_x11-xkb-utils
new file mode 100644
index 000000000..368b5f7bb
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_x11-xkb-utils
@@ -0,0 +1 @@
+/var/lib/xkb$ VarDirTime
diff --git a/aide/aide.conf.d/31_aide_xdm b/aide/aide.conf.d/31_aide_xdm
new file mode 100644
index 000000000..1b7f78e06
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_xdm
@@ -0,0 +1,3 @@
+!/var/lib/xdm/authdir/authfiles/A:[0-9]-[A-Za-z0-9]{6}$
+/var/lib/xdm/authdir/authfiles$ VarDir
+/@@{RUN}/xdm\.pid$ VarFile
diff --git a/aide/aide.conf.d/31_aide_xfree86-common b/aide/aide.conf.d/31_aide_xfree86-common
new file mode 100644
index 000000000..ccdd278cc
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_xfree86-common
@@ -0,0 +1 @@
+# removed, replaced by 31_aide_x11-common
diff --git a/aide/aide.conf.d/31_aide_xinetd b/aide/aide.conf.d/31_aide_xinetd
new file mode 100644
index 000000000..7381895e5
--- /dev/null
+++ b/aide/aide.conf.d/31_aide_xinetd
@@ -0,0 +1 @@
+/@@{RUN}/xinetd.pid$ VarFile
diff --git a/aide/aide.conf.d/70_aide_dev b/aide/aide.conf.d/70_aide_dev
new file mode 100644
index 000000000..07a7b7e79
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_dev
@@ -0,0 +1,4 @@
+!/dev/pts/[0-9]{1,2}$
+/dev/pts$ VarDir
+
+/dev RamdiskData
diff --git a/aide/aide.conf.d/70_aide_etc b/aide/aide.conf.d/70_aide_etc
new file mode 100644
index 000000000..7bed37f5b
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_etc
@@ -0,0 +1 @@
+/etc$ VarDir
diff --git a/aide/aide.conf.d/70_aide_proc_sys b/aide/aide.conf.d/70_aide_proc_sys
new file mode 100644
index 000000000..65ba58fd2
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_proc_sys
@@ -0,0 +1,2 @@
+!/proc
+!/sys
diff --git a/aide/aide.conf.d/70_aide_run b/aide/aide.conf.d/70_aide_run
new file mode 100644
index 000000000..0d0e1f93b
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_run
@@ -0,0 +1,7 @@
+/@@{LIBINITRW}/sendsigs\.omit\.d$ VarDirInode
+/@@{LIBINITRW}/\.ramfs$ VarFile
+/@@{LIBINITRW}$ VarDirInode
+
+/@@{RUNLOCK}/\.ramfs$ VarFile
+/@@{RUNLOCK}$ VarDirInode
+/@@{RUN}$ VarDirInode-n
diff --git a/aide/aide.conf.d/70_aide_tmp b/aide/aide.conf.d/70_aide_tmp
new file mode 100644
index 000000000..e085cbaec
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_tmp
@@ -0,0 +1 @@
+/tmp$ OwnerMode+i
diff --git a/aide/aide.conf.d/70_aide_var b/aide/aide.conf.d/70_aide_var
new file mode 100644
index 000000000..bac0ebb75
--- /dev/null
+++ b/aide/aide.conf.d/70_aide_var
@@ -0,0 +1 @@
+/var/(backups|log|tmp)$ VarDir
diff --git a/aide/aide.conf.d/99_aide_root b/aide/aide.conf.d/99_aide_root
new file mode 100644
index 000000000..9bdd6a6c3
--- /dev/null
+++ b/aide/aide.conf.d/99_aide_root
@@ -0,0 +1 @@
+/ Full
diff --git a/aide/aide.settings.d/10_aide_sourceslist b/aide/aide.settings.d/10_aide_sourceslist
new file mode 100755
index 000000000..4bb5764e8
--- /dev/null
+++ b/aide/aide.settings.d/10_aide_sourceslist
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+SOURCESLIST=""
+if [ -e "/etc/apt/sources.list" ]; then
+  SOURCESLIST="/etc/apt/sources.list"
+fi
+
+for file in /etc/apt/sources.list.d/*; do
+  if [ -e "$file" ]; then
+    SOURCESLIST="$SOURCESLIST $file"
+  fi
+done
diff --git a/aide/aide.settings.d/31_aide_apt_settings b/aide/aide.settings.d/31_aide_apt_settings
new file mode 100644
index 000000000..e104e4fea
--- /dev/null
+++ b/aide/aide.settings.d/31_aide_apt_settings
@@ -0,0 +1,2 @@
+IGNORE_ARCHIVES=""
+IGNORE_FRQCHG=""
diff --git a/aide/aide.settings.d/31_aide_svn-server_settings b/aide/aide.settings.d/31_aide_svn-server_settings
new file mode 100644
index 000000000..15275a6f1
--- /dev/null
+++ b/aide/aide.settings.d/31_aide_svn-server_settings
@@ -0,0 +1 @@
+REPOSITORIES=""
diff --git a/aide/aide.settings.d/31_aide_trac_settings b/aide/aide.settings.d/31_aide_trac_settings
new file mode 100644
index 000000000..15275a6f1
--- /dev/null
+++ b/aide/aide.settings.d/31_aide_trac_settings
@@ -0,0 +1 @@
+REPOSITORIES=""
diff --git a/cron.daily/aide b/cron.daily/aide
new file mode 100755
index 000000000..767ba61f1
--- /dev/null
+++ b/cron.daily/aide
@@ -0,0 +1,715 @@
+#!/bin/bash
+
+set -e
+set -C
+
+# trap handler
+
+FQDN="$(hostname -f)"
+if [ -z "$FQDN" ]; then
+  echo >&2 "error determining FQDN: hostname -f does not give output"
+  hostname -f >&2
+  exit 1
+fi
+
+traphandler() {
+	trap - INT ERR
+	if [ -n "${LOCKED:-}" ]; then
+	  # we have the lock, 
+	  pidof aide | xargs --no-run-if-empty kill -9
+	fi
+	onexit signal $1
+	return 0
+}
+trap ' traphandler INT; trap - INT ERR' INT
+trap ' traphandler ERR; trap - INT ERR' ERR
+
+# bail if no aide binary found
+
+if ! [ -f "/usr/bin/aide" ] && ! [ -f "/usr/sbin/aide" ]; then
+  exit 0
+fi
+
+# default variables
+
+PATH="/sbin:/usr/sbin:/bin:/usr/bin"
+LOGDIR="/var/log/aide"
+# LOGFILE: /var/log/aide/aide.log - all logs untruncated (not temp)
+LOGFILE="$LOGDIR/aide.log"
+CONFFILE="/var/lib/aide/aide.conf.autogenerated"
+PREFIX="aide"
+TMPBASE="/run/aide"
+LOCKFILE="$TMPBASE/cron.daily.lock"
+TMPDIRIN="$TMPBASE/cron.daily"
+USE_SAVELOG=""
+if command -v savelog > /dev/null; then
+  USE_SAVELOG="1"
+fi
+
+AIDEARGS="-V4"
+MAILSUBJ="Daily AIDE report for $FQDN"
+
+DATE="$(date +"%Y-%m-%d %H:%M")"
+BEGINSTAMP="$(date +"%Y-%m-%d %H:%M:%S")"
+
+# make sure $TMPBASE exists
+
+if ! [ -d "$TMPBASE" ]; then
+  mkdir -p $TMPBASE
+  chown root:root $TMPBASE
+  chmod 600 $TMPBASE
+fi
+
+# have /etc/default/aide override variables
+
+if [ -f "/etc/default/aide" ]; then
+	. "/etc/default/aide"
+fi
+
+# from here on, we're going to bail on unbound variables
+
+set -u
+
+# umask
+
+umask 077
+
+# grep aide configuration data from aide config
+
+update-aide.conf
+DATABASE="$(< "$CONFFILE" grep "^database[[:space:]]*=[[:space:]]*file:/" | head -n 1 | cut --delimiter=: --fields=2)"
+DATABASE_OUT="$(< "$CONFFILE" grep "^database_out[[:space:]]*=[[:space:]]*file:/" | head -n 1 | cut --delimiter=: --fields=2)"
+
+< "$CONFFILE" grep -qE "^grouped[[:space:]]*=[[:space:]]*(no|false)[[:space:]]*$" && GROUPED="false" || GROUPED="true"
+
+# default values
+
+CRON_DAILY_RUN="${CRON_DAILY_RUN:-yes}"
+MAILTO="${MAILTO:-root}"
+eval MAILTO="$MAILTO"
+DATABASE="${DATABASE:-/var/lib/aide/aide.db}"
+LINES="${LINES:-1000}"
+COMMAND="${COMMAND:-check}"
+COPYNEWDB="${COPYNEWDB:-no}"
+QUIETREPORTS="${QUIETREPORTS:-no}"
+SILENTREPORTS="${SILENTREPORTS:-no}"
+TRUNCATEDETAILS="${TRUNCATEDETAILS:-no}"
+FILTERUPDATES="${FILTERUPDATES:-no}"
+FILTERINSTALLATIONS="${FILTERINSTALLATIONS:-no}"
+CRONEXITHOOK="${CRONEXITHOOK:-}"
+ONEXIT=""
+
+# silent implies quiet
+if [ "$SILENTREPORTS" = "yes" ]; then
+  QUIETREPORTS="yes"
+fi
+
+# Get the database's date
+DATABASEDATE=""
+if [ -f $DATABASE ]; then
+  DATABASEDATE="$(stat -c %y $DATABASE | sed -e "s/\..*//")"
+fi
+
+# Force TRUNCATEDETAILS when filter updates/installations
+if [ "$FILTERUPDATES" = "yes" ] || [ "$FILTERINSTALLATIONS" = "yes" ] ; then
+    TRUNCATEDETAILS="yes"
+fi
+
+# functions
+
+mytempfile() {
+  NAME="$1"
+  echo "$TMPDIR/$NAME"
+  touch "$TMPDIR/$NAME"
+}
+
+frame() {
+  WIDTH=78
+  STARS="*******************************************************************************"
+  SPACES="                                                                               "
+  printf "%s\n" "${STARS:1:$WIDTH}"
+  while read line ; do
+    HALF="${SPACES:1:$((($WIDTH-${#line})/2))}"
+    LINE="$HALF$line$SPACES"
+    printf "*%s*\n" "${LINE:1:$(($WIDTH-2))}"
+  done
+  printf "%s\n" "${STARS:1:$WIDTH}"
+}
+
+onexit() {
+  if [ "$ONEXIT" = "running" ]; then
+    return 1
+  fi
+
+  ONEXIT="running"
+
+  local LOGHEAD
+  local MAILHEAD
+
+  CRONEXITHOOKPARM="$1"
+  case "$1" in
+	signal)
+		LOGHEAD="$(printf "terminated with signal %s" "$2")"
+		MAILHEAD="$(printf "The cron job was terminated with signal %s" "$2")"
+		;;
+	fatal)
+		LOGHEAD="$(printf "terminated by fatal error.")"
+		MAILHEAD="$(printf "The cron job was terminated by a fatal error.")"
+		;;
+	nolock)
+		LOGHEAD="$(printf "terminated because lock %s could not be obtained." "$LOCKFILE")"
+		MAILHEAD="$(printf "The cron job was terminated because lock %s could not be obtained." "$LOCKFILE")"
+		;;
+	cantmovetmp)
+		LOGHEAD="$(printf "terminated: Cannot move away %s." "$TMPDIRIN")"
+		MAILHEAD="$(printf "The cron job was terminated: Cannot move away %s." "$TMPDIRIN")"
+		;;
+	nohook)
+		LOGHEAD="$(printf "terminated: CRONEXITHOOK set to %s which is not executeable." "$CRONEXITHOOK")"
+		MAILHEAD="$(printf "The cron job was terminated: CRONEXITHOOK set to %s which is not executeable." "$CRONEXITHOOK")"
+		;;
+	cantcreatetmp)
+		LOGHEAD="$(printf "terminated: Cannot create temporary directory %s." "$TMPDIRIN")"
+		MAILHEAD="$(printf "The cron job was terminated: Cannot create temporary directory %s." "$TMPDIRIN")"
+		;;
+	success)
+		;;
+	*)
+		LOGHEAD="$(printf "wrong parameter (\"%s\") to onexit." "$1")"
+		MAILHEAD="$(printf "The cron job was terminated for unknown reasons, and a wrong parameter (\"%s\")was given to onexit." "$1")"
+		CRONEXITHOOKPARM="unknown"
+		;;
+  esac
+  
+  if [ -z "${TMPDIR:-}" ] || [ -z "${MAILFILE:-}" ]; then
+    # we are being called so early that we are not yet fully initialized
+    # LOGHEAD goes to syslog instead of LOGFILE since we do not know
+    # what's up with LOGFILE
+    logger -t aide-cron-daily "$LOGHEAD"
+    if [ "$SILENTREPORTS" != "yes" ]; then
+      echo "$MAILHEAD" | mail -s "premature termination - $MAILSUBJ" "$MAILTO"
+    fi
+    CRONEXITHOOKPARM="early-$CRONEXITHOOKPARM"
+  else
+    # we are being called after the cron job was properly set up.
+    # Do the full works.
+
+    if [ "$USE_SAVELOG" = "1" ] || [ "$USE_SAVELOG" = "yes" ]; then
+      savelog -t -g adm -m 640 -u root -c 7 "$LOGFILE" > /dev/null
+    else
+      LOGFILEWDATE="${LOGFILE}-$(date +%Y%m%d-%H%M%S)"
+      ln -sf $LOGFILEWDATE $LOGFILE
+      LOGFILE="${LOGFILEWDATE}"
+    fi
+
+    printf >> "$MAILFILE" \
+"This is an automated report generated by the Advanced Intrusion Detection 
+Environment on %s started at %s.\n\n" "$FQDN" "$BEGINSTAMP"
+
+    printf >> "$LOGFILE" \
+"aide run on %s started at %s.\n" "$FQDN" "$BEGINSTAMP"
+
+    if [ -n "${LOGHEAD:-}" ]; then
+      printf "$LOGHEAD\n" | frame >> "$LOGFILE"
+      printf "\n" >> "$LOGFILE"
+    fi
+    if [ -n "${MAILHEAD:-}" ]; then
+      printf "$MAILHEAD\n" | frame >> "$MAILFILE"
+      printf "\n\n" >> "$MAILFILE"
+    fi
+
+    # report about AIDE's return value
+
+    if [ -n "${ARETVAL:-}" ]; then
+      ARETEXPL=""
+      ARETERR=""
+      PREFIX="$(printf "AIDE returned with exit code %d." "$ARETVAL")"
+      case "$ARETVAL" in
+          -1)
+              PREFIX=""
+              ARETERR="the cron job was interrupted before AIDE could return an exit code.";;
+          0)
+              PREFIX="AIDE returned with a zero exit code."
+              ARETEXPL="No changes detected!";;
+          1)
+              ARETEXPL="Added entries detected!";;
+          2)
+              ARETEXPL="Removed entries detected!";;
+          3)
+              ARETEXPL="Added and removed entries detected!";;
+          4)
+              ARETEXPL="Changed entries detected!";;
+          5)
+              ARETEXPL="Added and changed entries detected!";;
+          6)
+              ARETEXPL="Removed and changed entries detected!";;
+          7)
+              ARETEXPL="Added, removed and changed entries detected!";;
+          14)
+              ARETERR="Error writing!";;
+          15)
+              ARETERR="Invalid Argument!";;
+          16)
+              ARETERR="Unimplemented function!";;
+          17)
+              ARETERR="Invalid configuration!";;
+          18)
+              ARETERR="Input/Output error!";;
+          *)
+              ARETERR="$(printf "AIDE returned an unknown non-zero exit value\nexit value is %d\n\n" "$ARETVAL")";;
+      esac
+      if [ -n "$ARETEXPL" ]; then
+        echo "$PREFIX $ARETEXPL" >> "$MAILFILE"
+        echo "$PREFIX $ARETEXPL" >> "$LOGFILE"
+      fi
+      if [ -n "$ARETERR" ]; then
+        echo "$PREFIX $ARETERR" | frame >> "$MAILFILE"
+        echo "$PREFIX $ARETERR" | frame >> "$LOGFILE"
+      fi
+      unset ARETEXPL
+      unset ARETERR
+      unset PREFIX
+    else
+      ARETEXPL="ARETVAL not initialized. cron job was aborted prematurely."
+      ARETVAL=255
+      echo $ARETEXPL | frame >> "$LOGFILE"
+      echo $ARETEXPL | frame >> "$MAILFILE"
+      unset ARETEXPL
+      printf "\n" >> "$LOGFILE"
+      printf "\n\n" >> "$MAILFILE"
+    fi
+
+    # script errors
+
+    if [ -n "${ERRORLOG:-}" ] && [ -s "$ERRORLOG" ]; then
+      printf "script errors\n" | frame >> "$MAILFILE"
+      < "$ERRORLOG" cat >> "$MAILFILE"
+      printf "End of script errors\n\n" >> "$MAILFILE"
+
+      printf "script errors\n" | frame >> "$LOGFILE"
+      < "$ERRORLOG" cat >> "$LOGFILE"
+      printf "End of script errors\n" >> "$LOGFILE"
+    fi
+
+    # aide post run information
+
+    if [ -n "${POSTRUNLOG:-}" ] && [ -s "$POSTRUNLOG" ]; then
+      printf "AIDE post run information\n" >> "$MAILFILE"
+      < "$POSTRUNLOG" cat >> "$MAILFILE"
+      printf "End of AIDE post run information\n\n" >> "$MAILFILE"
+
+      printf "AIDE post run information\n" >> "$LOGFILE"
+      < "$POSTRUNLOG" cat >> "$LOGFILE"
+      printf "End of AIDE post run information\n" >> "$LOGFILE"
+    fi
+
+    # include error log in daily report e-mail
+    
+    if [ -n "${AERRLOG:-}" ] && [ -s "$AERRLOG" ]; then
+	errorlines="$(wc -l "$AERRLOG" | awk '{ print $1 }')"
+	if [ "$LINES" -gt "0" ] && [ "${errorlines:=0}" -gt "$LINES" ]; then
+		printf "AIDE has returned many errors.\nthe error log output has been truncated in this mail\n" | \
+		    frame >> "$MAILFILE"
+		printf >> "$MAILFILE" "Error output is %d lines, truncated to %d.\n" "$errorlines" "$LINES"
+		< "$AERRLOG" head -n "$LINES" >> "$MAILFILE"
+		printf >> "$MAILFILE" "\nEnd of truncated AIDE error output. The full output can be found in %s.\n\n" "$LOGFILE"
+	else
+		printf >> "$MAILFILE" "Errors produced  (%d lines):\n" "$errorlines"
+		< "$AERRLOG" cat >> "$MAILFILE"
+		printf >> "$MAILFILE" "\nEnd of AIDE error output.\n\n"
+	fi
+	printf >> "$LOGFILE" "AIDE error output (%d lines):\n" "$errorlines"
+	< "$AERRLOG" cat >> "$LOGFILE"
+	printf >> "$LOGFILE" "End of AIDE error output\n"
+    else
+	printf >> "$MAILFILE" "AIDE produced no errors.\n\n"
+	printf >> "$LOGFILE" "AIDE produced no errors.\n"
+    fi
+
+
+    # finish log file
+    if [ -n "${ARUNLOG:-}" ] && [ -s "$ARUNLOG" ]; then
+        printf >> "$LOGFILE" "AIDE output (%d lines):\n" "$(wc -l "$ARUNLOG" | awk '{ print $1 }')"
+        < "$ARUNLOG" cat >> "$LOGFILE"
+        printf >> "$LOGFILE" "End of AIDE output.\n\n"
+    else
+        printf >> "$LOGFILE" "AIDE detected no changes.\n\n"
+    fi
+
+    if [ -n "${DBCHECKLOG:-}" ] && [ -s "$DBCHECKLOG" ]; then
+        < "$DBCHECKLOG" cat >> "$LOGFILE"
+    fi
+
+    ENDTIME="$(date +%s)"
+
+    printf >> "$LOGFILE" "End of AIDE daily cron job at %s, run time %d seconds\n"  "$(date +"%Y-%m-%d %H:%M" -d@$ENDTIME)" "$(( $ENDTIME - $BEGINTIME ))"
+
+    LOGFILE_CHECKSUM="$(sha256sum $LOGFILE)"
+
+    # include de-noised log into mail
+
+    if [ -n "${ARUNLOG:-}" ] && [ -s "$ARUNLOG" ]; then
+
+    MAIL_MODE=0
+
+    # truncate details
+    if [ "$TRUNCATEDETAILS" = "yes" ] ; then
+        case "$ARETVAL" in
+            4|5|6|7)
+                MAILTMP="$(mytempfile aidemail)"
+                < $ARUNLOG sed '/^Detailed information about changes:$/,/^The attributes of the (uncompressed) database(s):$/{/^The attributes of the (uncompressed) database(s):$/!d}' >> "$MAILTMP"
+                MAIL_MODE=1
+                ;;
+            *)
+                MAILTMP="$ARUNLOG"
+                ;;
+        esac
+
+        # Filter package upgrades/installations
+
+        # Figure out where the dpkg log file is
+        DPKGLOG="$(< /etc/dpkg/dpkg.cfg grep "^log" | head -n 1 | cut -d ' ' -f 2)"
+
+        if ( [ "$FILTERUPDATES" = "yes" ] || [ "$FILTERINSTALLATIONS" = "yes" ] ) && [ -s "$DPKGLOG" ]; then
+
+            # Create a list of files modified by system updates
+            if ( [ "$FILTERUPDATES" = "yes" ] && [ "$FILTERINSTALLATIONS" = "yes" ] ) ; then FILTER="install|upgrade"
+            elif [ "$FILTERUPDATES" = "yes" ]; then FILTER="upgrade"
+            else FILTER="install"
+            fi
+            PKG_FILE_LIST="$(mytempfile pkg_file_list)"
+            REGEX="^([^ ]+ [^ ]+) ("$FILTER") ([^ ]+) [^ ]+ [^ ]+$"
+            pkgs=
+            while read line; do
+                if [[ $line =~ $REGEX ]] && [[ "$DATABASEDATE" < ${BASH_REMATCH[1]} ]]; then
+                    if dpkg-query -L ${BASH_REMATCH[3]} > /dev/null 2>&1; then
+                        pkgs+="${BASH_REMATCH[3]} (${BASH_REMATCH[2]})\n"
+                        dpkg-query -L ${BASH_REMATCH[3]} | sed -e "/^$/d" -e "/\/\./d" >> "$PKG_FILE_LIST"
+                        if ! ls /var/lib/dpkg/info/${BASH_REMATCH[3]}.* >> "$PKG_FILE_LIST" 2>/dev/null; then
+                            ls /var/lib/dpkg/info/${BASH_REMATCH[3]%:*}.* >> "$PKG_FILE_LIST"
+                        fi
+                    fi
+                fi
+            done < "$DPKGLOG"
+
+            if [ -n "$pkgs" ]; then
+                FILTEREDMAIL=$(mytempfile filteredmail)
+                let MAIL_MODE=MAIL_MODE+2
+                ADD=0; REM=0; CHG=0
+                N_ADD=0; N_REM=0; N_CHG=0
+                declare -a NF_ADD NF_REM NF_CHG
+                NF_ADD=()
+                NF_REM=()
+                NF_CHG=()
+                REGEX="^(changed|removed|added|[fdLDBFs?!][ :l<>=bpugamcinCAXSE.+-]{16}): (.*)"
+                BACKUPIFS="$IFS"
+                IFS=""
+                while read -r line; do
+                    if [[ $line =~ $REGEX ]] ; then
+                        [ -z "$(grep -xF "${BASH_REMATCH[2]}" "$PKG_FILE_LIST")" ] && DONTFILTER_FILE=true || DONTFILTER_FILE=false
+                        case "${BASH_REMATCH[1]}" in
+                            added|[fdLDBFs?]++++++++++++++++)
+                                ((ADD++)) || true
+                                if $DONTFILTER_FILE; then
+                                    ((N_ADD++)) || true
+                                    if $GROUPED; then
+                                        NF_ADD[${#NF_ADD[*]}]="$line"
+                                    else
+                                        NF_CHG[${#NF_CHG[*]}]="$line"
+                                    fi
+                                fi
+                                ;;
+                            removed|[fdLDBFs?]----------------)
+                                ((REM++)) || true
+                                if $DONTFILTER_FILE; then
+                                    ((N_REM++)) || true
+                                    if $GROUPED; then
+                                        NF_REM[${#NF_REM[*]}]="$line"
+                                    else
+                                        NF_CHG[${#NF_CHG[*]}]="$line"
+                                    fi
+                                fi
+                                ;;
+                            changed|[fdLDBFs?!]*)
+                                ((CHG++)) || true
+                                if $DONTFILTER_FILE; then
+                                    ((N_CHG++)) || true
+                                    NF_CHG[${#NF_CHG[*]}]="$line"
+                                fi
+                                ;;
+                            *)
+                                printf >> "$FILTEREDMAIL" "error: '%s' could not be matched, mail report is incomplete (full output can be found in %s)!! Please file a bug report against the aide-common package and include this error message.\n" "${BASH_REMATCH[1]}" "$LOGFILE"
+                                ;;
+                        esac
+                    fi
+                done < "$MAILTMP"
+                IFS=$BACKUPIFS
+                let F_ADD=$ADD-$N_ADD || true
+                let F_REM=$REM-$N_REM || true
+                let F_CHG=$CHG-$N_CHG || true
+                < $MAILTMP sed -n '0,/^  Total number of entries:/{p;}' >> "$FILTEREDMAIL"
+                SEPERATOR_TEMPLATE="\n---------------------------------------------------\n%s entries (filtered: %s):\n---------------------------------------------------\n\n"
+                NUM_FILES_TEMPLATE="  %s entries:\t\t%s\t(filtered: %s)\n"
+                printf >> "$FILTEREDMAIL" "$NUM_FILES_TEMPLATE" "Added" "$N_ADD" "$F_ADD"
+                printf >> "$FILTEREDMAIL" "$NUM_FILES_TEMPLATE" "Removed" "$N_REM" "$F_REM"
+                printf >> "$FILTEREDMAIL" "$NUM_FILES_TEMPLATE" "Changed" "$N_CHG" "$F_CHG"
+                printf >> "$FILTEREDMAIL" "\nThe following package changes were detected and were filtered from this mail:\n"
+                printf >> "$FILTEREDMAIL" "$pkgs"
+                if [ "$N_ADD" -eq "0" ] && [ "$N_REM" -eq "0" ] && [ "$N_CHG" -eq "0" ] ; then
+                    printf >> "$FILTEREDMAIL" "\nAIDE detected no changes after filtering package changes.\n\n"
+                else
+                    if [ "${#NF_ADD[@]}" -gt "0" ]; then
+                        printf >> "$FILTEREDMAIL" "$SEPERATOR_TEMPLATE" "Added" "$F_ADD"
+                        for ((i=0;i<${#NF_ADD[@]};i++)); do echo "${NF_ADD[$i]}" >> "$FILTEREDMAIL"; done
+                    fi
+                    if [ "${#NF_REM[@]}" -gt "0" ]; then
+                        printf >> "$FILTEREDMAIL" "$SEPERATOR_TEMPLATE" "Removed" "$F_REM"
+                        for ((i=0;i<${#NF_REM[@]};i++)); do echo "${NF_REM[$i]}" >> "$FILTEREDMAIL"; done
+                    fi
+                    if [ "${#NF_CHG[@]}" -gt "0" ]; then
+                        if $GROUPED; then
+                            printf >> "$FILTEREDMAIL" "$SEPERATOR_TEMPLATE" "Changed" "$F_CHG"
+                        else
+                            if [ "$N_ADD" -gt "0" ] && [ "$N_REM" -gt "0" ] && [ "$N_CHG" -gt "0" ]; then
+                                HEAD="Added, removed and changed"
+                            elif [ "$N_ADD" -gt "0" ] && [ "$N_REM" -gt "0" ]; then
+                                HEAD="Added and removed"
+                            elif [ "$N_ADD" -gt "0" ] && [ "$N_CHG" -gt "0" ]; then
+                                HEAD="Added and changed"
+                            elif [ "$N_REM" -gt "0" ] && [ "$N_CHG" -gt "0" ]; then
+                                HEAD="Removed and changed"
+                            elif [ "$N_ADD" -gt "0" ]; then
+                                HEAD="Added"
+                            elif [ "$N_REM" -gt "0" ]; then
+                                HEAD="Removed"
+                            elif [ "$N_CHG" -gt "0" ]; then
+                                HEAD="Changed"
+                            fi
+                            printf >> "$FILTEREDMAIL" "$SEPERATOR_TEMPLATE" "$HEAD" "$((F_ADD+F_REM+F_CHG))"
+                        fi
+                        for ((i=0;i<${#NF_CHG[@]};i++)); do echo "${NF_CHG[$i]}" >> "$FILTEREDMAIL"; done
+                    fi
+                fi
+                printf >> "$FILTEREDMAIL" "\n---------------------------------------------------\n"
+                < $MAILTMP sed -n '/^The attributes of the (uncompressed) database(s):$/,$ {p;}' >> "$FILTEREDMAIL"
+                MAILTMP="$FILTEREDMAIL"
+            fi
+        fi
+    else
+        MAILTMP="$ARUNLOG"
+    fi
+
+      if [ -n "${NOISE:-}" ]; then
+	NOISETMP="$(mytempfile aidenoise1)"
+	NOISETMP2="$(mytempfile aidenoise2)"
+	< "$MAILTMP" sed -n '1,/^Detailed information about changes:/p' | \
+	grep '^\(changed\|removed\|added\|[fdLDBFs?!][ :l<>=bpugamcinCAXSE.+-]\{16\}\):' | \
+	grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" >> "$NOISETMP2"
+	
+	if [ -n "$NOISE" ]; then
+		< "$NOISETMP2" grep -v "^\(changed\|removed\|added\|[fdLDBFs?!][ :l<>=bpugamcinCAXSE.+-]\{16\}\): $NOISE" >> "$NOISETMP" || true
+		printf >> "$MAILFILE" "De-Noised output removes everything matching %s.\n" "$NOISE"
+	fi
+	
+	if [ -s "$NOISETMP" ]; then
+		loglines="$(< $NOISETMP wc -l | awk '{ print $1 }')"
+		if [ "$LINES" -gt "0" ] && [ "${loglines:=0}" -gt "$LINES" ]; then
+			printf "AIDE has returned long output which has been truncated in this mail\n" | \
+			  frame >> "$MAILFILE"
+			printf >> "$MAILFILE" \
+                          "De-Noised output is %d lines, truncated to %d.\n" "$loglines" "$LINES"
+			< "$NOISETMP" head -n "$LINES" >> "$MAILFILE"
+			printf >> "$MAILFILE" "\nEnd of truncated De-Noised AIDE output. The full output can be found in %s.\nsha256sum: %s\n\n" "$LOGFILE" "$LOGFILE_CHECKSUM"
+		else
+			printf >> "$MAILFILE" "De-Noised output of the daily AIDE run (%d lines):\n" "$loglines"
+			< "$NOISETMP" cat >> "$MAILFILE"
+		        printf >> "$MAILFILE" "\nEnd of De-Noised AIDE output.\n\n"
+		fi
+	else
+		printf >> "$MAILFILE" "AIDE detected no changes after removing noise.\n\n"
+	fi
+	printf >> "$MAILFILE" "============================================================================\n"
+      fi
+
+      # include non-de-noised log into mail
+
+      if [ -n "${MAILTMP:-}" ] && [ -s "$MAILTMP" ]; then
+	loglines="$(wc -l "$MAILTMP" | awk '{ print $1 }')"
+	if [ "$LINES" -gt "0" ] && [ "${loglines:=0}" -gt "$LINES" ]; then
+		printf "AIDE has returned long output which has been truncated in this mail\n" | \
+		  frame >> "$MAILFILE"
+		printf >> "$MAILFILE" \
+		  "Output is %d lines, truncated to %d.\n" "$loglines" "$LINES"
+		< "$MAILTMP" head -n "$LINES" >> "$MAILFILE"
+		printf >> "$MAILFILE" "\nEnd of truncated AIDE output. The full output can be found in %s.\nsha256sum: %s\n\n" "$LOGFILE" "$LOGFILE_CHECKSUM"
+	else
+		printf >> "$MAILFILE" "Output of the daily AIDE run (%d lines):\n" "$loglines"
+		< "$MAILTMP" cat >> "$MAILFILE"
+        if [ "$MAIL_MODE" -gt "0" ] ; then
+            case "$MAIL_MODE" in
+                1) AIDE_OUTPUT="truncated" ;;
+                2) AIDE_OUTPUT="filtered" ;;
+                3) AIDE_OUTPUT="truncated and filtered" ;;
+            esac
+            printf >> "$MAILFILE" "\nEnd of %s AIDE output.\n\nThe full output can be found in %s.\nsha256sum: %s\n\n" "$AIDE_OUTPUT" "$LOGFILE" "$LOGFILE_CHECKSUM"
+        else
+	        printf >> "$MAILFILE" "\nEnd of AIDE output.\n\n"
+        fi
+	fi
+      else
+        printf >> "$MAILFILE" "AIDE detected no changes.\n\n"
+      fi
+    else
+	printf >> "$MAILFILE" "funny, AIDE did not leave a log.\n\n"
+	printf >> "$LOGFILE" "funny, AIDE did not leave a log.\n"
+    fi
+
+    if [ -n "${DBCHECKLOG:-}" ] && [ -s "$DBCHECKLOG" ]; then
+	< "$DBCHECKLOG" cat >> "$MAILFILE"
+	printf >> "$MAILFILE" "\n"
+    fi
+
+    printf >> "$MAILFILE" "End of AIDE daily cron job at %s, run time %d seconds\n"  "$(date +"%Y-%m-%d %H:%M" -d@$ENDTIME)" "$(( $ENDTIME - $BEGINTIME ))"
+
+    # send mail if changes or errors were detected or quiet reports not requested
+    if [ "$QUIETREPORTS" != "yes" ] || [ "$ARETVAL" != "0" ] || [ $(< "$ERRORLOG" wc -l) -ne 0 ]; then
+      # do not send anything (not even error messages) if silence is requested
+      if [ "$SILENTREPORTS" != "yes" ]; then
+        < "$MAILFILE" mail -s "$MAILSUBJ" "$MAILTO"
+      fi
+    fi
+
+    # clean up temp files
+    rm -rf $TMPDIR
+  fi
+
+  if [ -n "$CRONEXITHOOK" ] && [ -x "$CRONEXITHOOK" ]; then
+    $CRONEXITHOOK $CRONEXITHOOKPARM
+  fi
+
+  # clear lock
+  if [ -n "${LOCKED:-}" ] && command -v dotlockfile >/dev/null 2>&1; then
+    dotlockfile -u "$LOCKFILE" || true
+  fi
+  unset LOCKED
+
+  return 0
+}
+
+BEGINTIME="$(date +%s)"
+
+if [ "$CRON_DAILY_RUN" != "yes" ] && ! tty -s; then
+    exit 0
+fi
+
+if command -v dotlockfile >/dev/null 2>&1; then
+	if ! dotlockfile -p -l "$LOCKFILE"; then
+		onexit nolock
+		exit 1
+	fi
+else
+  PREERRLOG="no dotlockfile binary in path, not checking for already running aide cron job\n"
+fi
+LOCKED=yes
+
+# prepare temp dir
+if [ -e "$TMPDIRIN" ]; then
+	if ! NEWNAME="$(mktemp -d $TMPBASE/cron.daily.old.XXXXXXXXXX)"; then
+	        onexit cantmovetmp
+		exit 1
+	fi
+	mv "$TMPDIRIN" "$NEWNAME"
+	unset NEWNAME
+	OLDTMPDIRFOUND="yes"
+fi
+
+if ! mkdir -p $TMPDIRIN; then
+	onexit cantcreatetmp
+	exit 1
+fi
+
+# handle the case that CRONEXITHOOK does not exist or is not executeable
+if [ -n "$CRONEXITHOOK" ]; then
+  if ! [ -x "$CRONEXITHOOK" ]; then
+    onexit nohook
+    exit 1
+  fi
+fi
+
+# we can now directly use file names inside $TMPDIR: It is only
+# writeable for us (umask 077), so we're safe against symlink attacks.
+# We use invariant file names here since our work files need to be
+# excluded from aide.
+TMPDIR="$TMPDIRIN"
+
+# now, with $TMPDIR having been created, we can use onexit.
+
+# ERRORLOG: Error messages from script. Gets written to $LOGFILE first
+ERRORLOG="$(mytempfile errorlog)"
+
+if [ -n "${PREERRORLOG:-}" ]; then
+  printf >> "$ERRORLOG" "$PREERRORLOG"
+fi
+unset PREERRORLOG
+
+# MAILFILE: Contents gets mailed. Built and handled from inside onexit()
+MAILFILE="$(mytempfile mailfile)"
+
+# aide return value
+ARETVAL=-1
+
+if [ ! -f "$DATABASE" ]; then
+	printf >> "$ERRORLOG" "Fatal error: The AIDE database '%s' does not exist!\n" "$DATABASE"
+	printf >> "$ERRORLOG" "This may mean you haven't created it or that the initialization process is still running, or it may mean that someone has removed it.\n"
+	onexit fatal
+	exit 1
+fi
+
+# code
+
+# re-assign current time to be more accurate about aide's real start time
+BEGINSTAMP="$(date +"%Y-%m-%d %H:%M:%S")"
+
+# ARUNLOG: standard output of aide run
+ARUNLOG="$(mytempfile arunlog)"
+
+# AERRLOG: standard error of aide run
+AERRLOG="$(mytempfile aerrlog)"
+
+printf "begin timestamp %s\n" "$BEGINSTAMP" >> "$ARUNLOG"
+
+aide.wrapper $AIDEARGS "--$COMMAND" >|"$ARUNLOG" 2>|"$AERRLOG" && ARETVAL="$?"
+ARETVAL="$?"
+
+# POSTRUNLOG: summary of aide execution and cron job log
+POSTRUNLOG="$(mytempfile postrunlog)"
+
+# DBCHECKLOG: Output of the database checksums
+DBCHECKLOG="$(mytempfile dbchecklog)"
+
+# NOISETMP: completely de-noised log
+# NOISETMP2: pre-filtered ARUNLOG, containing only changed, removed and added lines
+NOISETMP="$(mytempfile noisetmp)"
+NOISETMP2="$(mytempfile noisetmp2)"
+
+# find out whether we neeed to copy the new database over the old one
+
+COPYDB="0"
+if [ "$COPYNEWDB" = "ifnochange" ] && [ "$ARETVAL" = "0" ]; then
+	COPYDB="1"
+	printf >> "$POSTRUNLOG" "no significant changes detected.\n"
+fi
+
+if [ "$COPYNEWDB" = "yes" ]; then
+	COPYDB=1
+fi
+
+if [ "$COPYDB" = "1" ] && [ "$COMMAND" = "update" ]; then
+	cp -f "$DATABASE_OUT" "$DATABASE"
+	printf >> "$POSTRUNLOG" "output database %s was copied to %s as requested by cron job configuration\n" "$DATABASE_OUT" "$DATABASE"
+fi
+
+onexit success
+exit 0
+
+# end of file
diff --git a/default/aide b/default/aide
new file mode 100644
index 000000000..ca2ed6f8d
--- /dev/null
+++ b/default/aide
@@ -0,0 +1,101 @@
+# These settings are mainly for the wrapper scripts around aide,
+# such as aideinit and /etc/cron.daily/aide
+
+# Set this to no to disable daily aide runs
+#CRON_DAILY_RUN=yes
+
+# This is used as the host name in the AIDE reports that are sent out
+# via e-mail. It defaults to the output of $(hostname --fqdn), but can
+# be set to arbitrary values.
+# FQDN=
+
+# This is used as the subject for the e-mail reports.
+# If your mail system only threads by subject, you might want to add
+# some variable content here (for example $(date +%Y-%m-%d)).
+MAILSUBJ="Daily AIDE report for $FQDN"
+
+# This is the email address reports get mailed to
+# default is root
+# This variable is expanded before it is used, so you can use variables
+# here. For example, MAILTO=$FQDN-aide@domain.example will send the
+# report to host.name.example-aide@domain.example is the local FQDN is
+# host.name.example.
+MAILTO=root
+
+# Set this to yes to suppress mailings when no changes have been
+# detected during the AIDE run and no error output was given.
+#QUIETREPORTS=no
+
+# Set this to yes to suppress mailings under all circumstances
+# This option implies QUIETREPORTS=yes
+#SILENTREPORTS=no
+
+# This parameter defines which AIDE command to run from the cron script.
+# Sensible values are "update" and "check".
+# Default is "check", ensuring backwards compatibility.
+# Since "update" does not take any longer, it is recommended to use "update",
+# so that a new database is created every day. The new database needs to be
+# manually copied over the current one, though.
+COMMAND=update
+
+# This parameter defines what to do with a new database created by
+# COMMAND=update. It is ignored if COMMAND!=update.
+# no: Do not copy new database to old database. This is the default.
+# yes: Copy new database to old database. This means that changes to the
+#   file system are only reported once. Possibly dangerous.
+# ifnochange: Copy new database to old database if no changes have
+#   been reported. This is needed for ANF/ARF to work reliably.
+COPYNEWDB=no
+
+# Set this to yes to truncate the detailed changes part in the mail. The full
+# output will still be listed in the log file.
+TRUNCATEDETAILS=no
+
+# Set this to yes to suppress file changes by package and security
+# updates from appearing in the e-mail report. Filtered file changes will
+# still be listed in the log file. This option parses the /var/log/dpkg.log
+# file and implies TRUNCATEDETAILS=yes
+FILTERUPDATES=no
+
+# Set this to yes to suppress file changes by package installations
+# from appearing in the e-mail report. Filtered file changes will still
+# be listed in the log file. This option parses the /var/log/dpkg.log file and
+# implies TRUNCATEDETAILS=yes.
+FILTERINSTALLATIONS=no
+
+# This parameter defines how many lines to return per e-mail. Output longer
+# than this value will be truncated in the e-mail sent out.
+# Set value to "0" to disable this option.
+LINES=1000
+
+# This parameter gives a grep regular expression. If given, all output lines
+# that _don't_ match the regexp are listed first in the script's output. This
+# allows to easily remove noise from the AIDE report.
+NOISE=""
+
+# This parameter defines which options are given to aide in the daily
+# cron job. The default is "-V4".
+AIDEARGS=""
+
+# These parameters control update-aide.conf and give the defaults for
+# the --confdir, --confd and --settingsd options
+# UPAC_CONFDIR="/etc/aide"
+# UPAC_CONFD="$UPAC_CONFDIR/aide.conf.d"
+# UPAC_SETTINGSD="$UPAC_CONFDIR/aide.settings.d"
+
+# Set this to a command that will be executed before the cron job
+# exits. This can be used to postprocess the generated report.
+# If the command is not in /sbin:/usr/sbin:/bin:/usr/bin (see PATH
+# setting in the daily cron job), you need to give a fully qualified
+# path. The script is executed before the aide lock is released.
+# The hook is called with a single parameter meaning:
+#    signal: The cron job was terminated by a signal
+#    fatal: There was a fatal error
+#    nolock: The lock could not be obtained
+#    cantmovetmp: It was not possible to move away the temporary directory
+#    cantcreatetmp: It was not possible to create the temporary directory
+#    success: aide finished successfully and gave meaningful results
+#    unknown: onexit was called with an illegal reason (should not happen)
+# If the cron job aborted before the cron job was fully set up,
+# "early-" is prepended to the reason.
+CRONEXITHOOK=""