[Aide] Intrusion report of directory files
Hannes von Haugwitz
hannes at vonhaugwitz.com
Mon Jun 6 19:44:12 EEST 2011
On Mon, Jun 06, 2011 at 08:49:34AM +0000, oliver.k at bluewin.ch wrote:
> My problem are some scripts
> that write temporary files in the directory somewhere in /opt/.../... and by this behavior it causes aide do report an
> intrusion because of the mtime check. Does anyone have an idea how I can solve that problem? I don't want to remove the
> mtime check. My thoughts go to the direction of excluding the mtime check for all directory files, is that possible?
No, selection by file type is currently not supported.
There is a request on sf.net for a similar feature[0]. If this request
doesn't fit your needs please feel free to fill your own[1].
As a workaround you can use a rule like the following:
/opt/reg-ex/to/changing/directories$ RULE-m
Greetings
Hannes
[0] http://sourceforge.net/tracker/?func=detail&aid=1635601&group_id=86976&atid=581582
[1] http://sourceforge.net/tracker/?atid=581582&group_id=86976&func=browse
More information about the Aide
mailing list