[Aide] aide.conf rule ordering

Sonixxfx sonixxfx at gmail.com
Tue Dec 18 12:24:39 EET 2007


Thanks Richard.

This makes it more clear.

So if I understand it right, in the following example the first rule
is used for both /etc/init.d/ifupdown and /etc/init.d/ifupdown-clean,
and the second rule is not used at all. Am I right?


/etc/init.d/ifupdown u
/etc/init.d/ifupdown-clean u+g+p+md5


Ben



2007/12/18, Richard van den Berg <richard at vdberg.org>:
> Sonixxfx wrote:
> > Hi,
> >
> > I am trying to understand how aide handles rules. I have read the
> > documentation, but I still don't understand it.
> >
> > Can someone tell me why the ordering of the rules in aide.conf matter,
> > and maybe give an example (or some ;)) to clarify it?
> >
>
> It's all in the manual in the section "Understanding AIDE rule matching":
>
> Aide uses a deepest-match algorithm to find the tree node to search, but
> a first-match algorithm inside the node.
>
> You can think of a node in the search tree as a directory. So aide will
> find the deepest directory that has rules defined for it to search for a
> match, but from all rules defined on that level (inside that specific
> directory) it takes the first rule that matches.
>
> If this is unclear to you, please ask more specific questions and maybe
> give an example (or some) of things you have tried but do not understand.
>
> Sincerely,
>
> Richard van den Berg
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>


More information about the Aide mailing list