[Aide] aide.conf rule ordering
Richard van den Berg
richard at vdberg.org
Tue Dec 18 10:37:52 EET 2007
Sonixxfx wrote:
> Hi,
>
> I am trying to understand how aide handles rules. I have read the
> documentation, but I still don't understand it.
>
> Can someone tell me why the ordering of the rules in aide.conf matter,
> and maybe give an example (or some ;)) to clarify it?
>
It's all in the manual in the section "Understanding AIDE rule matching":
Aide uses a deepest-match algorithm to find the tree node to search, but
a first-match algorithm inside the node.
You can think of a node in the search tree as a directory. So aide will
find the deepest directory that has rules defined for it to search for a
match, but from all rules defined on that level (inside that specific
directory) it takes the first rule that matches.
If this is unclear to you, please ask more specific questions and maybe
give an example (or some) of things you have tried but do not understand.
Sincerely,
Richard van den Berg
More information about the Aide
mailing list