[Aide] Intrusion report of directory files

Rami Lehti rammer at ipi.fi
Mon Jun 6 19:04:09 EEST 2011


You could use a rule that excludes mtime.  

/opt RULE-m

If that is not what you want, then I'm afraid you have to list all 25 directories. Unless you create a single monster regexp that includes all 25 dirs.

Rami

"oliver.k at bluewin.ch" <oliver.k at bluewin.ch> kirjoitti:

>Hi V
>
>Sorry, maybe I was not clear enough. I have approximately 25 sub directories in /opt and looking for a rule to 
>exclude that globally for /opt and not by excluding each sub directory. Otherwise it's very unhandy.
>
>Kind regards,
>
>Oliver
>
>----Ursprüngliche Nachricht----
>Von: vavarachen at gmail.com
>Datum: 06.06.2011 15:48
>An: <oliver.k at bluewin.ch>, 
>"Aide user mailinglist"<aide at cs.tut.fi>
>Betreff: Re: [Aide] Intrusion report of directory files
>
>Try "!
>/opt/SomeSoftware/tmp" without the quotes.
>
>V
>
>On Mon, Jun 6, 2011 at 3:49 AM, oliver.k at bluewin.ch <oliver.k at bluewin.
>ch> wrote:
>> Hi all
>>
>> I'm pretty new to AIDE and tried for a while to get along with the configuration.
>>
>> I have 
>made a rule like
>> this:
>>
>> RULE=p+i+n+u+g+s+m+md5
>>
>> and use this rule on the directory path /opt
>>
>> /opt RULE
>>
>> 
>My problem are some scripts
>> that write temporary files in the directory somewhere in /opt/.../... and by this 
>behavior it causes aide do report an
>> intrusion because of the mtime check. Does anyone have an idea how I can solve 
>that problem? I don't want to remove the
>> mtime check. My thoughts go to the direction of excluding the mtime check 
>for all directory files, is that possible?
>>
>>
>> Thank you for your time and help
>>
>> 
>_______________________________________________
>> Aide mailing list
>> Aide at cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>
>
>
>_______________________________________________
>Aide mailing list
>Aide at cs.tut.fi
>https://mailman.cs.tut.fi/mailman/listinfo/aide


More information about the Aide mailing list