[Aide] Problem understanding aide.conf rules and subsequent AIDE behavior
Randy Brown
Randy.Brown at noaa.gov
Fri May 5 18:51:42 EEST 2006
I recently install aide-0.11 and am currently testing it for our
application. Something that is confusing me though is how the rules are
applied and if they supercede the previous rule. For example, if I use
the rules in aide.conf:
/ p+u+g
/etc p+u+g+m+i+s
Does the first rule take precedent so that the m, i, and s, switches are
ignored for /etc? OR, if I use:
/ R+a
/etc p+u+g+s
do the m, c, and md5 (as well as others included with R) still apply to
files in /etc?
Can I use something like:
/ R+a
/etc -m-c-md5
to have it not track that data for files in /etc but still track
permissions, user, group, etc?
Any assistance in clarifying my understanding would be greatly appreciated.
Thanks,
Randy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: randy.brown.vcf
Type: text/x-vcard
Size: 332 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20060505/b974c440/randy.brown.vcf
More information about the Aide
mailing list