[Aide] Config syntax misunderstanding
freeslkr
freeslkr.wl6x at mailnull.com
Thu Apr 13 01:13:04 EEST 2006
Richard van den Berg <richard <at> vdberg.org> writes:
> freeslkr wrote:
>> Am I somehow misusing the intended rule syntax? For reference, the
>> rules of example 2 were:
>>
>> /etc R
>> =/etc/cups L-n
>
> The = rule is just a way to tell aide not to add the implicit .* at the
> end of a directory and/or file name. So in this example all of /etc will
> be added using R but only the /etc/cups directory will use L-n. I think
> you want to add:
>
> !/etc/cups/
>
> to ignore all of the files in the /etc/cups/ tree.
Hmmm ... I had thought that the = rule was supposed to stop aide from
recursively adding subnodes. So, is the rule "=/etc/cups L-n"
equivalent to "/etc/cups$ L-n"?
What about example 1 from the original post? A config file with the
single rule "/etc$ L-n" causes similar behavior. --init creates a
single line database. (After copying aide.db.new to aide.db) --check
reports that /etc (the directory itself) compares OK, but complains
that I have added all files (4191 of them) underneath /etc. I don't
understand which rule they would have matched for --check to indicate
that they should be in the database.
> It is weird that you are seeing --init behave differently that --check
> with respect to include/exclude rules. That should definitely not be the
> case.
Is anyone else seeing this behavior? Maybe try a test config with a
single rule for a small directory, say /bin:
/bin$ R
For me --init produces the database:
@@begin_db
# This file was generated by Aide, version 0.11
# Time of generation was 2006-04-12 16:05:14
@@db_spec name lname attr perm uid gid size mtime ctime inode lcount md5
/bin 0 3005 40755 0 0 2048 MTE0NDM2MTg2OQ== MTE0NDM2MTg2OQ== 106112 2 0
@@end_db
Running --check produces the report:
AIDE found differences between database and filesystem!!
Start timestamp: 2006-04-12 16:06:46
Summary:
Total number of files: 93
Added files: 91
Removed files: 0
Changed files: 0
---------------------------------------------------
Added files:
---------------------------------------------------
added:/bin/tracepath
<snip 89 similar lines>
added:/bin/gettext
Thanks for your patience with this.
-freeslkr
More information about the Aide
mailing list