[Aide] How to exclude ctime checks
Pablo Virolainen
pablo at vapaa.fi
Wed Apr 12 10:42:40 EEST 2006
On Tue, 11 Apr 2006, Richard van den Berg wrote:
> Bliss, Aaron wrote:
> > NORMAL = R+b+sha1
> >
> > DIR = p+i+n+u+g
> >
> > I'm trying for example to have NORMAL definated as not checking for
> > ctime changes; last night's scan of /boot still reported ctime changes
> >
> > /boot NORMAL
>
> I am not sure where you got your defaults, but aide.conf.5 says:
>
> R: p+i+n+u+g+s+m+c+md5
>
> So this includes c for ctime. R is a default group that is created in
> the c-code, even when it is not mentioned in the aide.conf file. It's
> better to define your custom group using base elements. Try defining
> NORMAL as:
>
> NORMAL = p+i+n+u+g+s+m+md5+b+sha1
You can remove ctime (like any other) check easily by just using '-'
operator.
/boot NORMAL-c
Pablo Virolainen
More information about the Aide
mailing list