[Aide] Certain directories always reported
John Horne
john.horne at plymouth.ac.uk
Fri Apr 13 19:28:30 EEST 2007
On Fri, 2007-04-13 at 16:08 +0100, John Horne wrote:
[snipped]
>
> The problem still exists though.
>
Hi,
Okay, the problem is sort of solved :-) It was to do with my aide.conf
rules. I had entries such as:
=/bin$ DIR
/bin$ NORMAL
If I understand AIDE correctly then these two pathnames are exactly the
same. Both refer to just the directory '/bin' itself; not its contents.
What I actually wanted was something like:
=/bin$ DIR
/bin/.* NORMAL
This way any changes to files within /bin are noticed, but changes to
the /bin directory itself are monitored by the DIR rule.
It also explains why previously AIDE took a few seconds to run, but now
takes about 4mins to go through all the files.
It doesn't explain why initially the mtime and ctime were being reported
as having changed though.
Testing this setup, added files are now detected while the mtime/ctime
values are (correctly) no longer reported.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 233839
More information about the Aide
mailing list