[Aide] I (ignore changed filename) woes
Virolainen Pablo
pablo at cs.tut.fi
Sat Oct 29 08:46:46 EEST 2005
On Fri, 28 Oct 2005, Richard van den Berg wrote:
> Richard van den Berg wrote:
>> However, I don't like the idea of automatically ignoring 'c' when 'I' is
>> in effect. Instead I'll update the man page. We can't prevent people
>> from writing bad rules.
>
> It seems that when 'c' and 'I' are both active, aide reports based on
> the filename and not on inode. So ignoring 'c' is much better in this
> case. It's in CVS now.
One propably should print some kind of warning message, when ignoring
some flags.
One could implement this with this kind of change to commandconf.c
list* append_rxlist(char* rx,int attr,list* rxlst)
{
extern long conf_lineno; /* defined & set in conf_lex.l */
rx_rule* r=NULL;
r=(rx_rule*)malloc(sizeof(rx_rule));
r->rx=rx;
r->attr=attr;
r->conf_lineno = conf_lineno;
if ((attr&(DB_CHECKINODE|DB_CTIME)) != 0 ) {
error(20,"Rule at line %i has c and I flags enabled at the same time."
" If same inode is found, flag c is ignored\n",conf_lineno);
}
update_db_out_order(r->attr);
rxlst=list_append(rxlst,(void*)r);
return rxlst;
}
Duke NEMO / C.O.M.A
alias pablo the pallo virolainen
More information about the Aide
mailing list