[Aide] rules questions
Mason Nakadomari
nakadoma at hawaii.edu
Fri Sep 6 19:36:38 EEST 2013
Hi any help or confirmation would be appreciated. Thank you for your time
thanks.
On Sep 5, 2013 11:15 AM, "Mason Nakadomari" <nakadoma at hawaii.edu> wrote:
>
> I've looking over the manual and I wanted to check if my understanding s
> correct. my understanding is that if I want to search individual
> directories with a less general rule like CUSTOMTEST6 but still scan
> everything else using a general rule like CUSTOMTEST1 that I would use
> something like the below.
> CUSTOMTEST5 = p+u+g+acl+selinux
> CUSTOMTEST6 = L
> CUSTOMTEST1 = p+i+u+g+m+acl+selinux+md5
> @@ifhost aid70
> =/var/log$ CUSTOMTEST6
> /var/log/.* CUSTOMTEST5
> /var/spool/.* CUSTOMTEST5
> /var/lib/mlocate$ CUSTOMTEST6
> /var/lib/mlocate/mlocate.db$ CUSTOMTEST5
> /var/lib/rpm/__db.00* CUSTOMTEST6
> /var/lib/logrotate.status$ CUSTOMTEST6
> /var/lib/readahead/early.sorted$ CUSTOMTEST6
> / CUSTOMTEST1
> !/var/tmp/.*
> !/tmp/.*
> !/sys/.*
> !/dev/.*
> !/proc/.*
> @@endif
>
> I looked at a lot of examples and this is what I came up with. Is this not
> correct. I've also been playing around with more specific and drawn out
> rules but I wanted something as simple as possible so others can edit and
> add new rules.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130906/8565e316/attachment.html
More information about the Aide
mailing list