[Aide] manual.html, Understanding Aide rule matching

Marc Haber mh+aide at zugschlus.de
Wed Dec 7 23:14:03 EET 2005 

After quite some time, I have read the manual.html again, and have
found it lacking some information, and the man page mentions things
that are not in the manual and vice versa.

I'd like to have some things clarified, especially in the
"Understanding Aide rule matching", since, frankly, that part of the
manual creates more confusion in me than it helps me understand.

Which kind of regexp does aide use? From what I read in manual.html,
aide uses the system regexp calls and thus understands the "local
regexp dialect". Thus, a configfile that was built for a GNU system
might work differnetly or be entirely unuseable on a BSD system where
the regexp library doesn't have the GNU extensions, right? Do all
regexp libraries distinguish between simple and extended regexps, and
which one does aide use?

If aide creates a tree of the regexp rules, and thus the rules are the
nodes in the tree, why does it have three separate lists for each node
when there is only one rule per node and thus two of the lists are
always empty and the third has only one element?

>From the fact that !/proc would be placed in the root node and that
!/proc/.* would be place in the /proc node, I suspect that the tree
has not the regexps as nodes, but instead the directory tree. If so,
then the first sentence of the paragraph is wrong and misleading.

What exactly is "a deeper match"?

What exactly does happen when src/gen_list.c decides to "add a file"?
Is it added with the expression, or with the values that represent the
current status of the file to be compared later?

What exactly is the difference between /etc$ and =/etc$? I have always
gotten around without using "=" rules, but maybe that's part of my
mistake?

Does the /etc/ppp/logs rule create a single node for /etc/ppp directly
under the root node, or does it create a node for /etc under root, and
a node /etc/ppp under /etc?

I hope that I will finally understand what's going on, and then could
help in improving the documentation.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Aide mailing list