[Aide] Config syntax misunderstanding

freeslkr freeslkr.wl6x at mailnull.com
Thu Apr 13 01:13:04 EEST 2006


Richard van den Berg <richard <at> vdberg.org> writes:

> freeslkr wrote:
>> Am I somehow misusing the intended rule syntax? For reference, the
>> rules of example 2 were:
>> 
>>      /etc	R
>>     =/etc/cups	L-n
> 
> The = rule is just a way to tell aide not to add the implicit .* at the 
> end of a directory and/or file name. So in this example all of /etc will 
> be added using R but only the /etc/cups directory will use L-n. I think 
> you want to add:
> 
> !/etc/cups/
> 
> to ignore all of the files in the /etc/cups/ tree.

Hmmm ... I had thought that the = rule was supposed to stop aide from
recursively adding subnodes. So, is the rule "=/etc/cups  L-n"
equivalent to "/etc/cups$  L-n"?

What about example 1 from the original post? A config file with the
single rule "/etc$  L-n" causes similar behavior. --init creates a
single line database. (After copying aide.db.new to aide.db) --check
reports that /etc (the directory itself) compares OK, but complains
that I have added all files (4191 of them) underneath /etc. I don't
understand which rule they would have matched for --check to indicate
that they should be in the database.

> It is weird that you are seeing --init behave differently that --check 
> with respect to include/exclude rules. That should definitely not be the 
> case.

Is anyone else seeing this behavior? Maybe try a test config with a
single rule for a small directory, say /bin:

    /bin$  R

For me --init produces the database:

    @@begin_db
    # This file was generated by Aide, version 0.11
    # Time of generation was 2006-04-12 16:05:14
    @@db_spec name lname attr perm uid gid size mtime ctime inode lcount md5
    /bin 0 3005 40755 0 0 2048 MTE0NDM2MTg2OQ== MTE0NDM2MTg2OQ== 106112 2 0
    @@end_db

Running --check produces the report:

    AIDE found differences between database and filesystem!!
    Start timestamp: 2006-04-12 16:06:46

    Summary:
      Total number of files:        93
      Added files:                  91
      Removed files:                0
      Changed files:                0


    ---------------------------------------------------
    Added files:
    ---------------------------------------------------

    added:/bin/tracepath
    <snip 89 similar lines>
    added:/bin/gettext

Thanks for your patience with this.
-freeslkr



More information about the Aide mailing list