[Aide] Problem understanding aide.conf rules and subsequent AIDE behavior
jacob martinson
martinson.jacob at gmail.com
Fri May 5 19:01:43 EEST 2006
The matching algorithm is described in the manual -
http://www.cs.tut.fi/~rammer/aide/manual.html#config
My understanding is that the deeper rule (/etc) would take precedence
over the higher rule (/) and that the rules are not cumulative. i.e.
/etc will only get the attributes monitored that you list on the /etc
line.
On 5/5/06, Randy Brown <Randy.Brown at noaa.gov> wrote:
> I recently install aide-0.11 and am currently testing it for our
> application. Something that is confusing me though is how the rules are
> applied and if they supercede the previous rule. For example, if I use
> the rules in aide.conf:
>
> / p+u+g
> /etc p+u+g+m+i+s
>
> Does the first rule take precedent so that the m, i, and s, switches are
> ignored for /etc? OR, if I use:
>
> / R+a
> /etc p+u+g+s
>
> do the m, c, and md5 (as well as others included with R) still apply to
> files in /etc?
>
> Can I use something like:
>
> / R+a
> /etc -m-c-md5
> to have it not track that data for files in /etc but still track
> permissions, user, group, etc?
>
> Any assistance in clarifying my understanding would be greatly appreciated.
>
> Thanks,
>
> Randy
>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
>
More information about the Aide
mailing list