[Aide] configuration file regex problem
Vincent Danen
vdanen at linsec.ca
Sat Jan 21 21:26:07 EET 2006
Sorry, I keep spamming the list... =)
I have a problem and I can't seem to make this work. I use runit to
manage services so I have a directory layout like:
/var/service/{sshd,syslogd,etc}
inside these service directories are files like run, finish, check, etc.
They also have a subdir called supervise which contains status files and
pipes that runit uses, but I don't care about monitoring these files.
On each service restart, these files will change. I want to make sure
that the run/finish/check files aren't tampered with and some also have
a peers/ subdir for ACL controls.
In my aide.conf I have:
/var/service/.* CONF
!/var/service/.*/supervise/control
!/var/service/.*/supervise/status
!/var/service/.*/supervise/pid
!/var/service/.*/supervise/stat
and CONF is defined as:
CONF=p+i+n+u+g+s+m+sha1+rmd160
I tried to use:
!/var/service/.*/supervise/.*
and:
!/var/service/.*/supervise$
but I don't seem to get the behaviour I want. How can I make this work
properly?
Also, with the current invocation (the first illustration) I get a lot
of:
open_dir():Not a directory: /var/service/svn/log/supervise/status
open_dir():Not a directory: /var/service/svn/log/supervise/pid
For every service I have in /var/service. That's a little irritating.
Essentially, I want to monitor everything in /var/service/* *except* for
the supervise/ subdir and it's contents.
Anyone have any pointers for me?
Also, another side note... is there a reason why I can't have the input
and output database urls to be the same? I mean, I understand the
reasoning for an --update (for which I use a -B option to redefine one
of them), but for a --check is there a reason why AIDE is complaining?
On a --check we're not writing a database, so it shouldn't care. I can
illustrate this further in a follow up mail as I'm currently writing a
set of scripts to update and check AIDE using GPG.
--
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
Wasting time like it was free...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20060121/ddefaac0/attachment.bin
More information about the Aide
mailing list