[Aide] Intrusion report of directory files

Hannes von Haugwitz hannes at vonhaugwitz.com
Mon Jun 6 19:44:12 EEST 2011


On Mon, Jun 06, 2011 at 08:49:34AM +0000, oliver.k at bluewin.ch wrote:
> My problem are some scripts 
> that write temporary files in the directory somewhere in /opt/.../... and by this behavior it causes aide do report an 
> intrusion because of the mtime check. Does anyone have an idea how I can solve that problem? I don't want to remove the 
> mtime check. My thoughts go to the direction of excluding the mtime check for all directory files, is that possible?  

No, selection by file type is currently not supported.

There is a request on sf.net for a similar feature[0]. If this request
doesn't fit your needs please feel free to fill your own[1].

As a workaround you can use a rule like the following:

/opt/reg-ex/to/changing/directories$ RULE-m

Greetings

Hannes

[0] http://sourceforge.net/tracker/?func=detail&aid=1635601&group_id=86976&atid=581582
[1] http://sourceforge.net/tracker/?atid=581582&group_id=86976&func=browse


More information about the Aide mailing list