[Aide] Rules to exclude all files except one
Brian Mathis
brian.mathis+aide at betteradmin.com
Fri Nov 20 12:37:24 EET 2015
I noticed that the aide binary (on centos 7) is linked with libpcre, but
perlish regexes don't seem to work. A negative look-ahead assertion would
accomplish it if full pcre was actually in use:
!/opt/app/dir/(?!onedir).*
Maybe full PCREs would be nice for the next version of AIDE.
~ Brian Mathis
@orev
On Thu, Nov 19, 2015 at 8:08 PM, Hannes von Haugwitz <hannes at vonhaugwitz.com
> wrote:
> Hi,
>
> On Wed, Nov 18, 2015 at 06:23:23PM +0100, Brian Mathis wrote:
> > I'm trying to setup some rules that exclude all files/dirs in a
> > subdirectory except for one, without itemizing every file to exclude.
> >
> > Example:
> > /opt/app/dir1 --> exclude
> > /opt/app/dir2 --> include
> > /opt/app/dir3 --> exclude
> >
> > I'm trying something like this, but can't seem to get it working:
> > /opt/app/dir2/.* NORMAL
> > !/opt/app/
> > / EVERYTHING
> > The ! rule always seems to override the dir2 rule.
> >
> > Is there any way to accomplish this with aide?
>
> I'm pretty sure that this is not possible with the current version of
> AIDE.
>
> Currently I'm working on the rule handling of AIDE and I'll keep your
> use case in mind. Perhaps there is a simple solution to fix this
> issue.
>
> Best regards
>
> Hannes
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20151120/831a3177/attachment.html>
More information about the Aide
mailing list