[Aide] How to exclude ctime checks

Richard van den Berg richard at vdberg.org
Tue Apr 11 13:50:25 EEST 2006


Bliss, Aaron wrote:
> NORMAL = R+b+sha1
>  
> DIR = p+i+n+u+g
>
> I'm trying for example to have NORMAL definated as not checking for 
> ctime changes; last night's scan of /boot still reported ctime changes
>  
> /boot   NORMAL

I am not sure where you got your defaults, but aide.conf.5 says:

R: p+i+n+u+g+s+m+c+md5

So this includes c for ctime. R is a default group that is created in 
the c-code, even when it is not mentioned in the aide.conf file. It's 
better to define your custom group using base elements. Try defining 
NORMAL as:

NORMAL = p+i+n+u+g+s+m+md5+b+sha1

Sincerely,

Richard van den Berg


More information about the Aide mailing list