[Aide] Help about a difficult matching rule
Paul Dodd
paul.dodd at usb.unibe.ch
Fri May 26 13:14:21 EEST 2006
To exclude files like
/lib/klibc/events/debug.00788.module.add.1250
try
!/lib/klibc/events/debug\.\d{5}\.\w+\.add\.\d{1,5}
because:
'\.' matches only '.' ('.' matches any single character)
'\w+' matches a string at least one alphanumeric characters i.e. 'module'
I've also changed the last '\w' to a '\d' on the assumption ? that the
suffixes are only numeric, change it back if I'm wrong.
Paul
----- Original Message -----
From: "Costas Zreikas" <computer_dept at feximports.gr>
To: <aide at cs.tut.fi>
Sent: Thursday, May 25, 2006 9:12 AM
Subject: [Aide] Help about a difficult matching rule
> Hello List,
>
> Please can anyone help me on how to form a rule so to exclude files like;
>
> /lib/klibc/events/debug.00788.module.add.1250
>
>
> In my aide.conf I have the lines;
>
> =/lib/klibc/events/$ R-m-c
> !/lib/klibc/events/debug.\d{5}.\w.add.\w{1,5}
> /lib R
>
> I'm using SUSE 10.0 and I've found the regular expressions syntax from
"man
> perlrequick"
>
> Thanx
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
More information about the Aide
mailing list