[Aide] Config syntax misunderstanding

freeslkr freeslkr.wl6x at mailnull.com
Wed Apr 12 02:18:01 EEST 2006


Richard van den Berg <richard <at> vdberg.org> writes:

> freeslkr wrote:
> > I'm having trouble with the syntax of some config rules, using
> > the aide v0.11 package on FC4 from the Dries repository.
> [snip]
> > Any clarification will be much appreciated.
> 
> Look in your aide.conf, you should see 2 lines that look like this:
> database=file:/etc/aide.db
> database_out=file:/etc/aide.db.new
> 
> So when you run aide --init it will create a file named 
> /etc/aide.db.new. However, when you run aide --check it will check a 
> file named /etc/aide.db. So you will need to rename the aide.db.new to 
> aide.db before you can use --check effectively.

I did do that correctly. Adding a few details to example 2 of my
original post, --init creates the database that I expect, which
contains all files in the /etc hierarchy execpt those below /etc/cups.
I have verified this by comparing the database to a listing of /etc.
(After copying aide.db.new to aide.db) --check reports that all files
existing in the database are OK, but indicates that I have added all
files (15 of them) under /etc/cups. Of course I'm expecting that it
will continue to ignore all files under /etc/cups because of the
=/etc/cups rule. It doesn't seem that this could be correct behavior.
Am I somehow misusing the intended rule syntax? For reference, the
rules of example 2 were:

     /etc	R
    =/etc/cups	L-n

Thank you for your help here and especially for all of your work on
aide, Richard. I've been using it happily for the past year.



More information about the Aide mailing list