[Aide] Help about a difficult matching rule

[Costas Zreikas]

Paul,

When I tried to escape the dots (.) like you suggested;

!/lib/klibc/events/debug\.\d{5}\.\w+\.add\.\d{1,5}

I got the following message;

***glibc detected *** malloc(): memory corruption: 0x08161060 ***
Aborted

But while the dot (.) represents a single char it wouldn't make much
difference since it's actually dots in the placeholders. Wright?
As for trying !/lib/klibc/events/debug.\d{5}.\w+.add.\d{1,5} or
!/lib/klibc/events/debug.\d{5}.[a-zA-Z].add.\d{1,5} nor
!/lib/klibc/events/debug.\d{5}.[a-zA-Z]+.add.\d{1,5} none of them worked.
The files I don't want are still in the database.

Thank you anyway.

Costas

-----Original Message-----
From: Paul Dodd [mailto:paul.dodd at usb.unibe.ch] 
Sent: Friday, May 26, 2006 1:14 PM
To: computer_dept at feximports.gr; Aide user mailinglist
Subject: Re: [Aide] Help about a difficult matching rule

To exclude files like
/lib/klibc/events/debug.00788.module.add.1250
try
!/lib/klibc/events/debug\.\d{5}\.\w+\.add\.\d{1,5}

because:
'\.' matches only '.' ('.' matches any single character) '\w+' matches a
string at least one alphanumeric characters i.e. 'module'

I've also changed the last '\w' to a '\d' on the assumption ? that the
suffixes are only numeric, change it back if I'm wrong.

Paul


----- Original Message -----
From: "Costas Zreikas" <computer_dept at feximports.gr>
To: <aide at cs.tut.fi>
Sent: Thursday, May 25, 2006 9:12 AM
Subject: [Aide] Help about a difficult matching rule


> Hello List,
>
> Please can anyone help me on how to form a rule so to exclude files like;
>
> /lib/klibc/events/debug.00788.module.add.1250
>
>
> In my aide.conf I have the lines;
>
> =/lib/klibc/events/$ R-m-c
> !/lib/klibc/events/debug.\d{5}.\w.add.\w{1,5}
> /lib R
>
> I'm using SUSE 10.0 and I've found the regular expressions syntax from
"man
> perlrequick"
>
> Thanx
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide