[Aide] Intrusion report of directory files

oliver.k at bluewin.ch oliver.k at bluewin.ch
Tue Jun 7 17:01:44 EEST 2011


Hi Rami

Thank you for your reply.

You're right that's not my goal. I was trying to create a monster regex for exactly 
that however I did not find the right solution so far. Do you have any idea?

Kind regards
Oliver

----Ursprüngliche 
Nachricht----
Von: rammer at ipi.fi
Datum: 06.06.2011 18:04
An: <oliver.k at bluewin.ch>, "Aide user mailinglist"<aide at cs.tut.
fi>, <vavarachen at gmail.com>
Betreff: Re: [Aide] Intrusion report of directory files

You could use a rule that excludes 
mtime.  

/opt RULE-m

If that is not what you want, then I'm afraid you have to list all 25 directories. Unless you 
create a single monster regexp that includes all 25 dirs.

Rami

"oliver.k at bluewin.ch" <oliver.k at bluewin.ch> kirjoitti:


>Hi V
>
>Sorry, maybe I was not clear enough. I have approximately 25 sub directories in /opt and looking for a rule 
to 
>exclude that globally for /opt and not by excluding each sub directory. Otherwise it's very unhandy.
>
>Kind 
regards,
>
>Oliver
>
>----Ursprüngliche Nachricht----
>Von: vavarachen at gmail.com
>Datum: 06.06.2011 15:48
>An: <oliver.
k at bluewin.ch>, 
>"Aide user mailinglist"<aide at cs.tut.fi>
>Betreff: Re: [Aide] Intrusion report of directory files
>

>Try "!
>/opt/SomeSoftware/tmp" without the quotes.
>
>V
>
>On Mon, Jun 6, 2011 at 3:49 AM, oliver.k at bluewin.ch <oliver.
k at bluewin.
>ch> wrote:
>> Hi all
>>
>> I'm pretty new to AIDE and tried for a while to get along with the 
configuration.
>>
>> I have 
>made a rule like
>> this:
>>
>> RULE=p+i+n+u+g+s+m+md5
>>
>> and use this rule on the 
directory path /opt
>>
>> /opt RULE
>>
>> 
>My problem are some scripts
>> that write temporary files in the directory 
somewhere in /opt/.../... and by this 
>behavior it causes aide do report an
>> intrusion because of the mtime check. 
Does anyone have an idea how I can solve 
>that problem? I don't want to remove the
>> mtime check. My thoughts go to 
the direction of excluding the mtime check 
>for all directory files, is that possible?
>>
>>
>> Thank you for your 
time and help
>>
>> 
>_______________________________________________
>> Aide mailing list
>> Aide at cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>
>
>
>_______________________________________________
>Aide 
mailing list
>Aide at cs.tut.fi
>https://mailman.cs.tut.fi/mailman/listinfo/aide





More information about the Aide mailing list