[Aide] Intrusion report of directory files
oliver.k at bluewin.ch
oliver.k at bluewin.ch
Tue Jun 7 17:03:41 EEST 2011
Hi Hannes
Thank you for the hint with the request. Didn't know about that so far. That would exactly be what I'm
looking for, an option to create a rule by filetype.
Kind regards
Oliver
----Ursprüngliche Nachricht----
Von:
hannes at vonhaugwitz.com
Datum: 06.06.2011 18:44
An: <aide at cs.tut.fi>
Betreff: Re: [Aide] Intrusion report of directory
files
On Mon, Jun 06, 2011 at 08:49:34AM +0000, oliver.k at bluewin.ch wrote:
> My problem are some scripts
> that write
temporary files in the directory somewhere in /opt/.../... and by this behavior it causes aide do report an
>
intrusion because of the mtime check. Does anyone have an idea how I can solve that problem? I don't want to remove
the
> mtime check. My thoughts go to the direction of excluding the mtime check for all directory files, is that
possible?
No, selection by file type is currently not supported.
There is a request on sf.net for a similar feature
[0]. If this request
doesn't fit your needs please feel free to fill your own[1].
As a workaround you can use a rule
like the following:
/opt/reg-ex/to/changing/directories$ RULE-m
Greetings
Hannes
[0] http://sourceforge.net/tracker/?func=detail&aid=1635601&group_id=86976&atid=581582
[1] http://sourceforge.net/tracker/?atid=581582&group_id=86976&func=browse
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
More information about the Aide
mailing list