[Aide] Rules to exclude all files except one

Shirkdog shirkdog at gmail.com
Thu Nov 19 18:11:55 EET 2015 

That was the reason for my response, pretty sure your issue has come
up before, and I have worked around it by automating that process
outside of aide.

It is something it should be able to handle, a global white-list of
some kind for the values you do not want to check.

---
Michael Shirk


On Thu, Nov 19, 2015 at 9:40 AM, Brian Mathis
<brian.mathis+aide at betteradmin.com> wrote:
> No, that doesn't work because the ! rule still matches the onefile rule, so
> it is excluded.  This can be seen when running with -V250:
>
>     "/opt/app/dir" matches rule from line #131: ^/opt/app/dir
>     /opt/app/dir match=0, tree=0x7fc395d8f780, attr=0
>     "/opt/app/dir/onefile" matches rule from line #132:
> ^/opt/app/dir/onefile
>     "/opt/app/dir/onefile" matches rule from line #131: ^/opt/app/dir
>     /opt/app/dir/onefile match=0, tree=0x7fc395d8f780, attr=0
>
> ~ Brian Mathis
> @orev
>
>
> On Thu, Nov 19, 2015 at 12:07 PM, Jobst Schmalenbach <jobst at barrett.com.au>
> wrote:
>>
>> Wouldn't it be
>>
>> !/opt/app/dir
>> /opt/app/dir/onefile    NORMAL
>>
>>
>> Jobst
>>
>> --
>> Sent from my Mobile.
>>
>>
>> On 19 November 2015 7:29:46 PM AEDT, Brian Mathis
>> <brian.mathis+aide at betteradmin.com> wrote:
>>>
>>> Thanks for the reply (glad this list isn't completely dead), but I think
>>> it's pretty clear that I said "all files/dirs in a subdirectory" and
>>> "without itemizing every file to exclude".  This indicates that a specific
>>> include/exclude is explicitly not what I'm looking for, as the list of
>>> things to exclude is not known beforehand.
>>>
>>> ~ Brian Mathis
>>> @orev
>>>
>>>
>>> On Wed, Nov 18, 2015 at 10:47 PM, Shirkdog <shirkdog at gmail.com> wrote:
>>>>
>>>> What if you do the specific include/exclude?
>>>>
>>>> /opt/app/dir2/.* NORMAL
>>>> !/opt/app/dir1
>>>> !/opt/app/dir3
>>>>
>>>>
>>>> ---
>>>> Michael Shirk
>>>>
>>>>
>>>> On Wed, Nov 18, 2015 at 12:23 PM, Brian Mathis
>>>> <brian.mathis+aide at betteradmin.com> wrote:
>>>> > I'm trying to setup some rules that exclude all files/dirs in a
>>>> > subdirectory
>>>> > except for one, without itemizing every file to exclude.
>>>> >
>>>> > Example:
>>>> >     /opt/app/dir1    --> exclude
>>>> >     /opt/app/dir2    --> include
>>>> >     /opt/app/dir3    --> exclude
>>>> >
>>>> > I'm trying something like this, but can't seem to get it working:
>>>> >     /opt/app/dir2/.*    NORMAL
>>>> >     !/opt/app/
>>>> >     /    EVERYTHING
>>>> > The ! rule always seems to override the dir2 rule.
>>>> >
>>>> > Is there any way to accomplish this with aide?
>>>> >
>>>> > ~ Brian Mathis
>>>> > @orev
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Aide mailing list
>>>> > Aide at cs.tut.fi
>>>> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>> >
>>>> _______________________________________________
>>>> Aide mailing list
>>>> Aide at cs.tut.fi
>>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>>
>>>
>>> ________________________________
>>>
>>> Aide mailing list
>>> Aide at cs.tut.fi
>>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>

More information about the Aide mailing list